Funmoods Search - cannot rid

Started by Grandms, September 14, 2012, 01:43:35 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages 1 2 3
User actions

Corrine

#15
September 15, 2012, 11:59:44 PM
Hi, Grandms.

According to both the ComboFix log and AdwCleaner, there are no further signs of Funmoods.  So it looks like you need to manually change some settings.  I did some research and came up with the following:

1.  Remove Funmoods start page as home/start page:
-- IE:  Tools > Internet Options > General tab > Click Restore to Default.
--  Chrome:  Click on the Wrench icon (top of browser).  Go to Options and on the Basics tab select your default homepage setting.

2.  Remove Funmoods from browser default search:
--  IE:  Tools > Internet Options > General tab > Settings.  Select your preferred search provider and click Set as Default.
--  Chrome:  Click the wrench icon and select Options. Make sure you are on the first tab "Basics" and then look for "Search" option to select your preferred provider.

3.  Remove Funmoods from newly opened tabs in the browser
--  IE9:  To remove funmoods search from new tabs, go to Tools -> Internet options -> general -> tabs settings, and set the "when a new tab is opened, open" drop down, and choose "The new tab page".
--  IE 7 or IE8:  According to Funmoods, there is no solution other than uninstalling Funmoods.
-- Chrome:   Click on the Wrench icon and select Options.  On the Basics tab click, "Use The New Tab" Page

I suggest your best action for IE8 is to use the Microsoft Fixit to reset it to the default settings.  See Reset Internet Explorer 8 settings and select the option "To reset Internet Explorer settings automatically"

Let me know how that works and then we'll do some cleanup.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Grandms

#16
September 16, 2012, 06:26:13 PM
I have Internet Explorer and Firefox working just fine now.  Seems the only "fix" for Chrome is to use the "Use New Tab" setting.  I noticed when I checked the option to open specific page(s), both my home page and Funmoods search are listed.  No way to delete Funmoods there.  Also, I now have Google set as my search default, yet in the list of search options, "start.funmoods.com" is still listed, again with no way to delete it.  Now, I'm really wondering if the only way to get it out of Chrome is to uninstall Chrome and then re-install with no settings and no extensions---in other words, just start Chrome from scratch.  It really wouldn't matter so much except that I have come to use Chrome almost exclusively as my preferred browser.  What a "bi*ch"! 

Thank you so much for all the help you've given.  Now I'm not sure I trust FoxIt PDF reader now, since it was the FZIP file I downloaded from them that started this whole mess.  I was searching for something to open than type of file when this happened.  I really have to credit WinPatrol for things not being worse since as each alert popped up, I clicked for the item not to be allowed.  Otherwise, I'm afraid I'd have the toolbar and other unwanted things.  I did find several programs that had downloaded themselves and used Revo to unload them.  And here I thought I was careful and smart enough not to get into a mess like this!  LOL!

zep516

#17
September 16, 2012, 06:35:05 PM
Quotein other words, just start Chrome from scratch.

Not familiar with chrome, can you reset chrome to default some information in link.

http://productforums.google.com/forum/#!topic/chrome/xbmkn0Ohoh4

Joe
You're only as safe as your last update.

Grandms

#18
September 16, 2012, 06:45:23 PM
I'll read the information in the link, Joe, but I find that I lied when I said I had it gone from Firefox.  I typed a site in the address bar at the top of the page in FF rather than in the search bar, and guess what?  Up came Funmoods search with responses to my query.  Ugh!

Corrine

#19
September 16, 2012, 07:21:51 PM
Foxit Software does not have a file opener.  The only software provided is software for for reading, editing, creating, etc. PDF files.  http://www.foxitsoftware.com/ So, whatever you installed was not from Foxit, most likely some sponsor. 

When was "Free File Opener" installed on your computer?



I provided a link to this topic to a member of the security community who is in regular contact with the developer of AdwCleaner.  He may see something in the logs that I am missing.  In the meantime, please go here to run an on-line scan from ESET.

Note: It is easiest if you use Internet Explorer for this scan.  (If you use an alternate browser, it will be necessary to download the ESET Smart Installer)
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the ActiveX control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked and the Scan Archives option is ticked.
  • Click on Advanced Settings, ensure the options Scan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.
  • Click Scan
  • Wait for the scan to finish
  • Use notepad to open the logfile located at C:\Program Files\Eset\Eset Online Scanner\log.txt
  • Copy and paste that log as a reply to this topic and also include a fresh DDS log.



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Grandms

#20
September 16, 2012, 08:48:42 PM
@Joe:  I read the info re Chrome, and happy to say I was able to reset it to default settings.  This got rid of Funmoods as a search engine, and the tab no longer jumps up.  I have put back many of the extensions I had before.  Just used another Google account to sign in as User.

Corinne, I have uninstalled the Free File Opener.  I had installed it about a month ago, but I suspect it, too might not be legit.
I will run the scan with ESET.

Many thanks for the time you have put in on this problem.

Grandms

#21
September 17, 2012, 12:04:00 AM
ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=1
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=308f9af3675b6146ad8527480917bc24
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-03-29 10:34:49
# local_time=2012-03-29 06:34:49 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 16 100 6834340 268417093 0 0
# compatibility_mode=8192 67108863 100 0 0 0 0 0
# scanned=109264
# found=4
# cleaned=4
# scan_time=2951
C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Downloads\setup files\installfreefileopener_553.exe   Win32/InstallIQ application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program setup files\cnet2_alkitab_zip.exe   a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program setup files\cnet_disk-defrag-setup_exe.exe   a variant of Win32/InstallCore.D application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
C:\Program setup files\SoftonicDownloader_for_licensecrawler.exe   a variant of Win32/SoftonicDownloader.A application (cleaned by deleting - quarantined)   00000000000000000000000000000000   C
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=308f9af3675b6146ad8527480917bc24
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-16 10:00:43
# local_time=2012-09-16 06:00:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 16 100 21609207 283188360 0 0
# compatibility_mode=8192 67108863 100 0 14685349 14685349 0 0
# scanned=123314
# found=0
# cleaned=0
# scan_time=4037
esets_scanner_update returned -1 esets_gle=53251
# version=7
# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=308f9af3675b6146ad8527480917bc24
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-16 11:56:43
# local_time=2012-09-16 07:56:43 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=770 16774141 16 100 21613923 283193076 0 0
# compatibility_mode=8192 67108863 100 0 14690065 14690065 0 0
# scanned=123413
# found=2
# cleaned=0
# scan_time=6281
C:\Program setup files\KeyFinderInstaller.exe   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I
C:\Program setup files\PhotobieInstaller.exe   Win32/OpenCandy application (unable to clean)   00000000000000000000000000000000   I



DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.7.2
Run by HP_Administrator at 20:02:07 on 2012-09-16
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.3006.1984 [GMT -4:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Program Files\OpenDNS\DNSCrypt\OpenDNSInterface.exe
svchost.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\LSI SoftModem\agrsmsvc.exe
C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
C:\Program Files\Java\jre7\bin\jqs.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\system32\HPZipm12.exe
svchost.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Documents and Settings\HP_Administrator.DESKTOP\Programs\Art Plus\ePix\epix.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\DoNotTrackPlus\PropertySync.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://abcnews.go.com
uDefault_Search_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
uURLSearchHooks: H - No File
BHO: Shareaza Web Download Hook: {0eedb912-c5fa-486f-8334-57288578c627} - c:\program files\shareaza\RazaWebHook32.dll
BHO: Do Not Track Plus: {6e45f3e8-2683-4824-a6be-08108022fb36} - c:\program files\donottrackplus\ScriptHost.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: HP view: {b2847e28-5d7d-4deb-8b67-05d28bcf79f5} - c:\program files\hp\digital imaging\bin\HPDTLK02.dll
TB: avast! WebRep: {8e5e2654-ad2d-48bf-ac2d-d17f00898d06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\micros~1.lnk - c:\windows\installer\{0cd3bb5c-bbca-11d2-8c20-00c04fbbcff9}\A94AAB13.exe
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\opendn~1.lnk - c:\windows\installer\{e811d3dc-a647-4744-9ca6-bd4707d2808b}\_41100329364C94A5913B21.exe
IE: Download with &Shareaza - c:\program files\shareaza\RazaWebHook32.dll/3000
IE: E&xport to Microsoft Excel - c:\progra~1\mi1933~1\office11\EXCEL.EXE/3000
IE: {E2D4D26B-0180-43a4-B05F-462D6D54C789} - c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\iebutton\support.htm
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341943831515
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{A61EAB09-9A69-4329-B570-42C37AD13A84} : NameServer = 127.0.0.1
TCP: Interfaces\{A61EAB09-9A69-4329-B570-42C37AD13A84} : DhcpNameServer = 192.168.0.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Notify: AtiExtEvent - Ati2evxx.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\hp_administrator.desktop\application data\mozilla\firefox\profiles\lk87sgw5.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://z1.invisionfree.com/IBBS_ComputerHelp/index.php?
FF - prefs.js: network.proxy.type - 0
FF - plugin: c:\documents and settings\hp_administrator.desktop\local settings\application data\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\foxit software\foxit reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\sticky password\npSPAutofill.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 14
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
============= SERVICES / DRIVERS ===============
.
R0 EUBAKUP;EUBAKUP;c:\windows\system32\drivers\eubakup.sys [2011-12-30 50312]
R0 EUBKMON;EUBKMON;c:\windows\system32\drivers\EUBKMON.sys [2011-12-30 43784]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2011-12-28 729752]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2011-12-28 355632]
R1 EUDSKACS;EUDSKACS;c:\windows\system32\drivers\eudskacs.sys [2011-12-30 16008]
R1 EUFDDISK;EUFDDISK;c:\windows\system32\drivers\EuFdDisk.sys [2011-12-30 185864]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2011-8-11 116608]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2011-12-28 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2011-12-28 44808]
R2 DNSCrypt;OpenDNSCrypt;c:\program files\opendns\dnscrypt\OpenDNSCryptService.exe [2012-5-17 14336]
R2 EaseUS Agent;EaseUS Agent;c:\program files\easeus\todo backup\bin\Agent.exe [2012-2-1 61064]
R2 Guard Agent;Guard Agent;c:\program files\easeus\todo backup\bin\GuardAgent.exe [2012-2-1 23176]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-3-29 250568]
S3 DigiartyVirtualCDBus;Digiarty Virtual Driver;c:\windows\system32\drivers\DigiartyVirtualCDBus.sys [2012-1-6 163616]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-4-24 114144]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [2008-5-6 11520]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 Agent;VPDAgent;c:\windows\VPDAgent.exe [2012-9-11 176128]
.
=============== Created Last 30 ================
.
2012-09-15 00:30:30   98816   ----a-w-   c:\windows\sed.exe
2012-09-15 00:30:30   518144   ----a-w-   c:\windows\SWREG.exe
2012-09-15 00:30:30   256000   ----a-w-   c:\windows\PEV.exe
2012-09-15 00:30:30   208896   ----a-w-   c:\windows\MBR.exe
2012-09-11 20:39:57   176128   ----a-w-   c:\windows\VPDAgent.exe
2012-09-11 20:39:42   61440   ----a-w-   c:\windows\system32\ufvppm.dll
2012-09-11 20:02:58   --------   d-----w-   c:\program files\LSI SoftModem
2012-09-11 19:51:35   819200   ----a-w-   c:\program files\windows media player\wmsetsdk.exe
2012-09-11 19:51:35   47616   ----a-w-   c:\program files\windows media player\msoobci.dll
2012-09-11 19:51:01   --------   d-----w-   c:\windows\RegisteredPackages
2012-09-06 20:18:51   --------   d-----w-   c:\windows\Performance
2012-09-06 20:18:37   --------   d-----w-   c:\documents and settings\hp_administrator.desktop\local settings\application data\Microsoft Corporation
2012-09-06 20:17:00   --------   d-----w-   c:\program files\Microsoft Windows 7 Upgrade Advisor
2012-09-01 01:01:38   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2012-08-25 18:57:39   --------   d-----w-   c:\program files\MSXML 4.0
.
==================== Find3M  ====================
.
2012-09-14 14:35:05   45056   ----a-w-   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\uninstallui\eHelpSetup.exe
2012-09-14 14:35:04   44032   ----a-w-   c:\windows\pchealth\helpctr\vendors\cn=hewlett-packard,l=cupertino,s=ca,c=us\scripts\devcon.exe
2012-09-07 21:04:46   22856   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-09-01 01:01:15   93672   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2012-09-01 01:01:11   821736   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-09-01 01:01:11   746984   ----a-w-   c:\windows\system32\deployJava1.dll
2012-08-22 16:00:08   73416   ----a-w-   c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-22 16:00:08   696520   ----a-w-   c:\windows\system32\FlashPlayerApp.exe
2012-08-21 09:13:15   729752   ----a-w-   c:\windows\system32\drivers\aswSnx.sys
2012-08-21 09:12:33   41224   ----a-w-   c:\windows\avastSS.scr
2012-07-06 13:58:51   78336   ----a-w-   c:\windows\system32\browser.dll
2012-07-04 14:05:18   139784   ----a-w-   c:\windows\system32\drivers\rdpwd.sys
2012-07-03 13:40:15   1866112   ----a-w-   c:\windows\system32\win32k.sys
2012-07-02 17:49:33   916992   ----a-w-   c:\windows\system32\wininet.dll
2012-07-02 17:49:32   43520   ------w-   c:\windows\system32\licmgr10.dll
2012-07-02 17:49:32   1469440   ------w-   c:\windows\system32\inetcpl.cpl
2012-07-02 12:05:43   385024   ------w-   c:\windows\system32\html.iec
2012-06-25 20:04:24   1394248   ----a-w-   c:\windows\system32\msxml4.dll
2009-10-10 01:44:03   4637952   ----a-w-   c:\program files\common files\lpuninstall.exe
.
============= FINISH: 20:02:49.12 ===============

Corrine

#22
September 17, 2012, 01:10:46 AM
Hi, Grandms.

I've gone over your log again (3rd or 4th time ;) )

ESET wasn't able to remove leftovers from Magical Jelly Bean Keyfinder which does not appear to be listed in your installed files.  There also appears to be a leftover file from "Ultimate File Viewer PDF Printer", both of which we can take care of ComboFix after you confirm you no longer have/want those files.

In the meantime, let's see if MBAM finds anything else. 

  • Launch Malwarebytes' Anti-Malware then click the Update tab and "Check for Updates
  • Once the update has been installed and the program has loaded, select Quick scan
    • When the scan is complete, click OK, then Show Results to view the results.
    • Be sure that everything is checked, EXCEPT items in System Restore as shown in this sample:

    • Click Remove Selected.
    • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See the Note below)
    • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
    • Please post contents of that file in your next reply.
    ** Note **

    If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.




Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Grandms

#23
September 17, 2012, 01:42:45 AM
As is true each time I have run MBAM, both full scan and quick scan, nothing has shown up.

Malwarebytes Anti-Malware 1.65.0.1400
www.malwarebytes.org

Database version: v2012.09.17.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
HP_Administrator :: DESKTOP [administrator]

9/16/2012 9:36:22 PM
mbam-log-2012-09-16 (21-36-22).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 233568
Time elapsed: 5 minute(s),

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Corrine

#24
September 17, 2012, 02:14:52 AM
We'll get to the bottom of this somehow.  Although the logs are very long, let's see if I can pick up something else with OTL.  Download OTL to your Desktop

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Grandms

#25
September 17, 2012, 02:46:10 AM
OTL logfile created on: 9/16/2012 10:38:18 PM - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 73.10% Memory free
4.78 Gb Paging File | 4.16 Gb Available in Paging File | 87.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 459.04 Gb Total Space | 429.90 Gb Free Space | 93.65% Space Free | Partition Type: NTFS
Drive D: | 6.70 Gb Total Space | 0.41 Gb Free Space | 6.07% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/16 22:36:44 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Downloads\OTL.exe
PRC - [2012/09/11 18:34:02 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2012/09/10 21:56:27 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/08/31 21:01:13 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/08/21 05:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/05/17 10:23:36 | 000,097,048 | ---- | M] (OpenDNS) -- C:\Program Files\OpenDNS\DNSCrypt\OpenDNSInterface.exe
PRC - [2012/05/17 10:23:36 | 000,014,336 | ---- | M] () -- C:\Program Files\OpenDNS\DNSCrypt\OpenDNSCryptService.exe
PRC - [2012/05/17 10:23:18 | 000,410,126 | ---- | M] () -- C:\Program Files\OpenDNS\DNSCrypt\dnscrypt-proxy.exe
PRC - [2012/02/09 00:39:32 | 000,266,456 | ---- | M] (Abine Inc.) -- C:\Program Files\DoNotTrackPlus\PropertySync.exe
PRC - [2011/12/23 00:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe
PRC - [2011/12/23 00:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe
PRC - [2010/12/13 18:17:04 | 004,690,824 | ---- | M] (Art Plus d.o.o., Zagreb, Croatia) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Programs\Art Plus\ePix\epix.exe
PRC - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Program Files\LSI SoftModem\agrsmsvc.exe
PRC - [2008/04/14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/09/29 22:14:36 | 000,069,632 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe


========== Modules (No Company Name) ==========

MOD - [2012/09/16 14:59:49 | 001,810,432 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12091601\algo.dll
MOD - [2012/09/10 21:56:25 | 002,244,064 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/06/15 16:08:29 | 000,212,992 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\8b84bb74d7724e147a642a1d5358feb7\System.ServiceProcess.ni.dll
MOD - [2012/06/13 20:13:18 | 012,433,920 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\01abbadafaf265d9f4ac9bbb247acb98\System.Windows.Forms.ni.dll
MOD - [2012/06/13 20:13:03 | 001,592,320 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Drawing\d86f2038209a4cf0d0f5b30f6375c9b2\System.Drawing.ni.dll
MOD - [2012/05/09 16:21:20 | 000,998,400 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Management\9080c8e8e7b6dfb502c1328673d636f8\System.Management.ni.dll
MOD - [2012/05/09 16:19:29 | 000,381,440 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.IO.Log\8991f21d4b3676bf6f779110db8d4ac9\System.IO.Log.ni.dll
MOD - [2012/05/09 16:18:57 | 000,971,264 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\3d5b7368bde0f65aa15d9f46b498cc89\System.Configuration.ni.dll
MOD - [2012/05/09 14:52:27 | 005,450,752 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\3bba1b8b0b5ef0be238b011cc7a0575e\System.Xml.ni.dll
MOD - [2012/05/09 14:46:24 | 007,953,408 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\e4b5afc4da43b1c576f9322f9f2e1bfe\System.ni.dll
MOD - [2012/05/09 14:45:32 | 011,492,352 | ---- | M] () -- C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\e337c89bc9f81b69d7237aa70e935900\mscorlib.ni.dll
MOD - [2012/02/09 00:39:26 | 000,249,560 | ---- | M] () -- C:\Program Files\DoNotTrackPlus\ButtonSite.dll
MOD - [2011/12/26 12:46:08 | 000,061,440 | ---- | M] () -- C:\WINDOWS\system32\ufvppm.dll
MOD - [2011/12/23 16:15:24 | 000,023,176 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\AccountManager.dll
MOD - [2011/12/23 00:08:36 | 000,093,832 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TBFireWall.dll
MOD - [2011/12/23 00:08:36 | 000,064,648 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
MOD - [2011/12/23 00:08:30 | 000,245,896 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExImage.dll
MOD - [2011/12/23 00:08:30 | 000,114,312 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\ExchBackupSize.dll
MOD - [2011/12/23 00:08:30 | 000,069,768 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
MOD - [2011/12/23 00:08:28 | 000,051,848 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\CodeLog.dll
MOD - [2011/11/03 11:28:36 | 001,292,288 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2011/02/04 17:48:30 | 000,291,840 | ---- | M] () -- C:\WINDOWS\system32\sbe.dll
MOD - [2008/11/25 18:18:00 | 001,291,264 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\libxml2.dll
MOD - [2008/04/14 06:42:00 | 000,014,336 | ---- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/14 06:41:52 | 000,059,904 | ---- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2004/10/05 04:08:00 | 000,055,808 | ---- | M] () -- C:\Program Files\EaseUS\Todo Backup\bin\zlib1.dll


========== Services (SafeList) ==========

SRV - [2012/09/11 18:34:02 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2012/09/10 21:56:26 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/31 21:01:13 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/08/22 12:00:08 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/08/21 05:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/05/17 10:23:36 | 000,014,336 | ---- | M] () [Auto | Running] -- C:\Program Files\OpenDNS\DNSCrypt\OpenDNSCryptService.exe -- (DNSCrypt)
SRV - [2011/12/26 12:41:56 | 000,176,128 | ---- | M] (Two Pilots) [Disabled | Stopped] -- C:\WINDOWS\VPDAgent.exe -- (Agent)
SRV - [2011/12/23 00:09:56 | 000,023,176 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\GuardAgent.exe -- (Guard Agent)
SRV - [2011/12/23 00:09:46 | 000,061,064 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto | Running] -- C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe -- (EaseUS Agent)
SRV - [2009/03/27 22:10:56 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Program Files\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2004/09/29 22:14:36 | 000,069,632 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- C:\DOCUME~1\HP_ADM~1.DES\LOCALS~1\Temp\mbr.sys -- (mbr)
DRV - File not found [Kernel | System | Stopped] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\HP_ADM~1.DES\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/05/10 13:48:51 | 000,163,616 | ---- | M] (Digiarty Software, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\DigiartyVirtualCDBus.sys -- (DigiartyVirtualCDBus)
DRV - [2011/12/23 00:09:40 | 000,185,864 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\EuFdDisk.sys -- (EUFDDISK)
DRV - [2011/12/23 00:09:38 | 000,043,784 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\EUBKMON.sys -- (EUBKMON)
DRV - [2011/12/23 00:09:32 | 000,016,008 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/12/23 00:09:30 | 000,050,312 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/08/09 17:33:58 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2009/08/13 15:07:12 | 001,163,328 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008/05/06 17:06:00 | 000,011,520 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2008/02/25 12:54:56 | 000,105,088 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2005/03/15 00:54:04 | 001,032,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/03/09 17:53:00 | 000,036,352 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2005/01/19 20:21:56 | 000,012,416 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PcdrNdisuio.sys -- (PcdrNdisuio)
DRV - [2004/10/01 13:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM)
DRV - [2004/08/04 00:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139)
DRV - [2003/12/02 21:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCtA0DtAtD0EyEtB0E0EtDtD0E0AtN0D0Tzu0CtByDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1825024584
IE - HKLM\..\SearchScopes\{7A52BCA9-846A-354A-2CD6-27E0E75772DB}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = http://abcnews.go.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iesearch&locale=EN_US&c=Q305&bd=pavilion&pf=desktop
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://abcnews.go.com
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = Yandex
IE - HKCU\..\SearchScopes,DefaultScope = {7A52BCA9-846A-354A-2CD6-27E0E75772DB}
IE - HKCU\..\SearchScopes\{7A52BCA9-846A-354A-2CD6-27E0E75772DB}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://z1.invisionfree.com/IBBS_ComputerHelp/index.php?"
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://z1.invisionfree.com/IBBS_ComputerHelp/index.php?"
FF - prefs.js..extensions.enabledAddons: donottrackplus@abine.com:2.2.1.611
FF - prefs.js..extensions.enabledAddons: firefox@facebook.com:1.8.2
FF - prefs.js..extensions.enabledAddons: socialfixer@mattkruse.com:6.502
FF - prefs.js..extensions.enabledAddons: {54affe52-8223-453b-be1e-2fe2e250045c}:5.0.8.254
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1466
FF - prefs.js..extensions.enabledAddons: foxmarks@kei.com:4.1.2
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827
FF - prefs.js..extensions.enabledAddons: plugin@vfd.com:1.5
FF - prefs.js..network.proxy.type: 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\MsiExec.exe\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@stickypassword.com/Sticky Password: C:\Program Files\Sticky Password\npspAutofill.dll (Lamantine Software a.s.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/08/26 22:27:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/09/10 21:56:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/09/10 21:56:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{54affe52-8223-453b-be1e-2fe2e250045c}: C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Lamantine\Sticky Password\spAutofill [2012/07/18 11:28:00 | 000,000,000 | ---D | M]

[2011/12/29 21:39:19 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Extensions
[2012/09/11 22:26:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\extensions
[2012/09/02 21:12:51 | 000,000,000 | ---D | M] (WOT) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012/06/16 17:25:36 | 000,000,000 | ---D | M] (DoNotTrackPlus) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\extensions\donottrackplus@abine.com
[2012/09/02 21:12:50 | 000,000,000 | ---D | M] ("Xmarks") -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\extensions\foxmarks@kei.com
[2012/09/11 16:42:30 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\extensions\plugin@vfd.com
[2012/06/22 21:24:40 | 000,319,802 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\extensions\firefox@facebook.com.xpi
[2012/05/03 21:59:38 | 000,174,207 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\extensions\info@priceblink.com.xpi
[2012/03/30 21:32:34 | 000,141,229 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\extensions\socialfixer@mattkruse.com.xpi
[2012/07/24 21:44:41 | 000,741,958 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/06/11 14:32:25 | 000,007,915 | ---- | M] () (No name found) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\extensions\donottrackplus@abine.com\chrome\content\ff\view_expiry.js
[2012/09/11 21:43:07 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\searchplugins\Search.xml
[2012/09/15 19:52:35 | 000,002,112 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Mozilla\Firefox\Profiles\lk87sgw5.default\searchplugins\wot-safe-search.xml
[2012/09/10 21:56:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/07/18 11:28:00 | 000,000,000 | ---D | M] (Sticky Password Autofill Engine) -- C:\DOCUMENTS AND SETTINGS\HP_ADMINISTRATOR.DESKTOP\APPLICATION DATA\LAMANTINE\STICKY PASSWORD\SPAUTOFILL
[2012/08/26 22:27:04 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/09/10 21:56:27 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/04/24 20:41:13 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml
[2012/08/29 15:12:48 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/04/24 20:41:13 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml
[2012/04/24 20:41:13 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml
[2012/08/29 15:12:48 | 000,002,253 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml
[2012/04/24 20:41:13 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2012/09/14 20:36:29 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Shareaza Web Download Hook) - {0EEDB912-C5FA-486F-8334-57288578C627} - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O2 - BHO: (Do Not Track Plus) - {6E45F3E8-2683-4824-A6BE-08108022FB36} - C:\Program Files\DoNotTrackPlus\ScriptHost.dll (Abine)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O3 - HKCU\..\Toolbar\WebBrowser: (HP view) - {B2847E28-5D7D-4DEB-8B67-05D28BCF79F5} - c:\Program Files\HP\Digital Imaging\bin\HPDTLK02.dll (Hewlett-Packard Company)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk = C:\WINDOWS\Installer\{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}\A94AAB13.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OpenDNSCrypt.lnk = C:\WINDOWS\Installer\{E811D3DC-A647-4744-9CA6-BD4707D2808B}\_41100329364C94A5913B21.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Download with &Shareaza - C:\Program Files\Shareaza\RazaWebHook32.dll (Shareaza Development Team)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://c:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O9 - Extra 'Tools' menuitem : Connection Help - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\pchealth\helpctr\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm ()
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1341943831515 (MUWebControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A61EAB09-9A69-4329-B570-42C37AD13A84}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A61EAB09-9A69-4329-B570-42C37AD13A84}: NameServer = 127.0.0.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/26 14:08:45 | 000,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2001/07/27 20:07:38 | 000,000,000 | -HS- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/09/16 21:51:16 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Desktop\dds(1).scr
[2012/09/15 15:15:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\My Digital Editions
[2012/09/15 15:04:29 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/09/15 11:37:24 | 004,752,472 | R--- | C] (Swearware) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Desktop\ComboFix.exe
[2012/09/14 20:30:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/09/14 20:30:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/09/14 20:30:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/09/14 20:30:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/09/14 20:25:57 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/09/14 20:25:46 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/09/11 20:46:46 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\HP_Administrator.DESKTOP\Recent
[2012/09/11 16:39:57 | 000,176,128 | ---- | C] (Two Pilots) -- C:\WINDOWS\VPDAgent.exe
[2012/09/11 16:02:58 | 000,000,000 | ---D | C] -- C:\Program Files\LSI SoftModem
[2012/09/11 16:02:20 | 000,017,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\spmsg.dll
[2012/09/11 15:51:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2012/09/11 15:16:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader
[2012/09/10 21:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/09/06 17:07:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PDF24
[2012/09/06 16:18:51 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2012/09/06 16:18:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\Microsoft Corporation
[2012/09/06 16:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2012/08/31 21:01:38 | 000,143,872 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/31 21:01:37 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/31 21:01:29 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/31 21:01:29 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/31 21:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2012/08/25 14:57:39 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[6 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/16 22:28:00 | 000,001,038 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771264329-85329873-2648820128-1008UA.job
[2012/09/16 22:27:06 | 000,000,316 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/09/16 22:20:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/16 14:28:00 | 000,000,986 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-3771264329-85329873-2648820128-1008Core.job
[2012/09/16 14:01:42 | 000,002,375 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\OpenDNSCrypt.lnk
[2012/09/16 14:01:41 | 000,002,565 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Works Calendar Reminders.lnk
[2012/09/16 14:01:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/16 14:01:25 | 3152,596,992 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/14 20:36:29 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/09/14 20:22:35 | 004,752,472 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Desktop\ComboFix.exe
[2012/09/14 12:00:00 | 000,512,399 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Desktop\adwcleaner.exe
[2012/09/14 11:55:36 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\HP_Administrator.DESKTOP\Desktop\dds(1).scr
[2012/09/13 23:25:09 | 000,001,519 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\shutdown.lnk
[2012/09/11 20:47:47 | 000,013,894 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\cc_20120911_204736.reg
[2012/09/11 16:40:48 | 000,384,844 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\funmoods-speeddial.crx
[2012/09/11 16:11:41 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/11 16:05:07 | 000,598,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012/09/11 15:51:25 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2012/09/11 08:05:46 | 000,000,576 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\wklnhst.dat
[2012/09/07 19:57:21 | 000,000,972 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\The Weather Channel App.lnk
[2012/09/07 17:04:46 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/09/06 16:53:55 | 000,130,108 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Win 7 upgrade advisor.mht
[2012/09/06 16:35:07 | 000,783,188 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Upgrading from Windows XP to Windows 7.pdf
[2012/09/02 21:32:29 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Bobbie medications.wps
[2012/09/02 21:31:06 | 000,011,264 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Donald medications.wps
[2012/09/02 21:26:43 | 000,002,414 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2012/08/31 21:01:15 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2012/08/31 21:01:12 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaws.exe
[2012/08/31 21:01:12 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/08/31 21:01:12 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/08/31 21:01:12 | 000,143,872 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\javacpl.cpl
[2012/08/31 21:01:11 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012/08/31 21:01:11 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\WINDOWS\System32\deployJava1.dll
[2012/08/26 22:27:05 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/08/25 12:36:57 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/08/22 12:00:08 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/22 12:00:08 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/21 05:13:15 | 000,729,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2012/08/21 05:13:15 | 000,355,632 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/08/21 05:13:15 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/08/21 05:13:14 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/08/21 05:13:14 | 000,089,624 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/08/21 05:13:14 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/08/21 05:13:13 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/08/21 05:13:13 | 000,021,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2012/08/21 05:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/08/21 05:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/08/20 14:31:38 | 000,027,864 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\good teacher.jpg
[2012/08/19 22:32:41 | 000,005,755 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\safe_image.jpg
[2012/08/19 22:31:57 | 000,032,101 | ---- | M] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\quote_324.jpg

========== Files Created - No Company Name ==========

[2012/09/16 21:51:41 | 000,512,399 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Desktop\adwcleaner.exe
[2012/09/14 20:30:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/09/14 20:30:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/09/14 20:30:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/09/14 20:30:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/09/14 20:30:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/09/11 20:47:42 | 000,013,894 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\cc_20120911_204736.reg
[2012/09/11 16:41:32 | 000,384,844 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\funmoods-speeddial.crx
[2012/09/11 16:39:42 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\ufvppm.dll
[2012/09/11 15:50:54 | 000,001,477 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Media Center.lnk
[2012/09/06 16:53:55 | 000,130,108 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Win 7 upgrade advisor.mht
[2012/09/06 16:35:26 | 000,783,188 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Upgrading from Windows XP to Windows 7.pdf
[2012/09/06 16:17:01 | 000,001,879 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2012/08/20 14:32:08 | 000,027,864 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\good teacher.jpg
[2012/08/19 22:32:53 | 000,005,755 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\safe_image.jpg
[2012/08/19 22:32:30 | 000,032,101 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\quote_324.jpg
[2012/04/27 20:25:51 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\.recently-used.xbel
[2012/04/12 17:14:56 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012/04/09 16:54:12 | 000,548,198 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Amendment 1995.JPG
[2012/03/27 16:10:13 | 000,000,059 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\UserProducts.xml
[2012/03/27 15:33:07 | 000,122,914 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\PICT0299.jpg
[2012/03/27 15:32:15 | 000,117,066 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\PICT0297.jpg
[2012/03/27 15:31:03 | 000,118,484 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\PICT0296.jpg
[2012/03/27 15:29:58 | 000,119,826 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\PICT0295.jpg
[2012/03/27 15:28:26 | 000,130,726 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\PICT0294.jpg
[2012/03/27 15:27:25 | 000,118,035 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\PICT0292.jpg
[2012/03/07 23:20:41 | 005,860,134 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-3771264329-85329873-2648820128-1008-0.dat
[2012/03/07 23:20:40 | 000,421,910 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/03/07 18:47:46 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/02/15 15:37:53 | 003,932,214 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Asheville, NC.bmp
[2012/02/15 13:07:58 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/20 15:10:52 | 000,311,296 | ---- | C] () -- C:\WINDOWS\System32\EMRegSys.dll
[2012/01/06 22:54:37 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2011/12/31 15:34:57 | 000,000,576 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Application Data\wklnhst.dat
[2011/12/31 14:55:58 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/12/31 13:25:14 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2011/12/30 22:47:43 | 000,043,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\EUBKMON.sys
[2011/12/30 17:17:32 | 000,290,919 | ---- | C] () -- C:\WINDOWS\System32\pythoncom21.dll
[2011/12/30 17:17:32 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes21.dll
[2011/12/30 17:16:08 | 000,096,768 | ---- | C] () -- C:\WINDOWS\SlantAdj.dll
[2011/12/30 17:16:08 | 000,003,136 | ---- | C] () -- C:\WINDOWS\Ade001.bin
[2011/12/30 17:16:08 | 000,000,072 | ---- | C] () -- C:\WINDOWS\System32\epDPE.ini
[2011/12/30 17:15:15 | 000,065,793 | ---- | C] () -- C:\WINDOWS\System32\EsFw32.BIN
[2011/12/30 17:14:31 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Perfection 3170.ini
[2011/12/30 17:04:06 | 000,011,509 | ---- | C] () -- C:\WINDOWS\hpdj5700.ini
[2011/12/30 17:03:30 | 000,000,414 | ---- | C] () -- C:\WINDOWS\hpbvspst.ini
[2011/12/29 21:14:10 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/12/28 17:32:31 | 000,000,147 | ---- | C] () -- C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\fusioncache.dat
[2011/12/28 00:23:23 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2011/12/28 00:23:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2011/12/28 00:23:14 | 000,004,490 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2011/12/28 00:23:01 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2011/12/28 00:22:44 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2011/12/28 00:21:35 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2011/12/28 00:21:33 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2011/12/28 00:18:04 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2011/12/28 00:17:02 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2009/10/09 21:44:03 | 004,637,952 | ---- | C] () -- C:\Program Files\Common Files\lpuninstall.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Shareaza Downloads:Shareaza.GUID

< End of report >


OTL Extras logfile created on: 9/16/2012 10:38:18 PM - Run 1
OTL by OldTimer - Version 3.2.61.5     Folder = C:\Documents and Settings\HP_Administrator.DESKTOP\My Documents\Downloads
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.94 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 73.10% Memory free
4.78 Gb Paging File | 4.16 Gb Available in Paging File | 87.03% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 459.04 Gb Total Space | 429.90 Gb Free Space | 93.65% Space Free | Partition Type: NTFS
Drive D: | 6.70 Gb Total Space | 0.41 Gb Free Space | 6.07% Space Free | Partition Type: FAT32

Computer Name: DESKTOP | User Name: HP_Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Documents and Settings\HP_Administrator.DESKTOP\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"135:TCP" = 135:TCP:*:Enabled:DCOM(135)
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%ProgramFiles%\iTunes\iTunes.exe" = %ProgramFiles%\iTunes\iTunes.exe:*:enabled:iTunes

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe" = C:\Program Files\Updates from HP\309731\Program\Updates from HP.exe:*:Disabled:BackWeb for Pavilion -- (Hewlett-Packard)
"C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe" = C:\Program Files\EaseUS\Todo Backup\bin\Agent.exe:*:Enabled:Agent.exe -- (CHENGDU YIWO Tech Development Co., Ltd)
"C:\Program Files\Shareaza\Shareaza.exe" = C:\Program Files\Shareaza\Shareaza.exe:*:Enabled:Shareaza -- (Shareaza Development Team)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{04476FA2-0A1E-4A9F-B690-7A04FE279602}" = Greeting Cards Deluxe
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0CD3BB5C-BBCA-11D2-8C20-00C04FBBCFF9}" = Microsoft Home Publishing 2000
"{0E0131B2-CF18-40D9-A331-60A3746C1204}" = EPSON Scan
"{0F6D55D8-89AA-4C1D-BC4C-ACBBDE8BE57A}" = Serif PhotoPlus 8.0
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{29205904-A7A8-4545-0001-697935602C90}" = SimplyGoodPictures
"{2AEDC172-479F-47AE-8A48-A0524D4AED5B}_is1" = Inpaint 4.3
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3CF89CF1-3B64-4C55-8E84-F328361832A6}" = Serif PhotoPlus 8.0 Resource CD-ROM
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{467D4F46-B75D-4E9F-B710-D933D687B9BD}" = PDF Creator Pilot 4.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{6C11D561-620B-47DA-A693-4C597F3CDF40}" = EPSON Smart Panel
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.9.0
"{82A7E9C3-D3F3-4B85-9AC3-D0E011D19E50}_is1" = RedNotebook 1.3
"{85B1BEF2-2357-4C27-ABBE-15A1AE3AF78D}" = HP Deskjet 5700
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F9F3775-7E5B-4028-B5E5-DA1C042517A8}" = EPSON Photo Print
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB05F2C8-F608-403b-95E1-FD8ADFACD31E}" = Windows 7 Upgrade Advisor
"{B69CC1A5-0404-11D6-ABCB-005004C21D30}" = EPSON Copy Utility
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0C31BCC-56FB-42a7-8766-D29E1BD74C7C}" = Python 2.7.3
"{C769A271-7E1C-48F9-B331-474600DD4C06}" = Microsoft Picture It! Photo 2002
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D6BAD6AB-D3D9-46ad-B2C4-5A969006CE48}_is1" = Aiseesoft DVD Ripper 6.2.26
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{E6BB6BFE-1F0D-4D93-8627-360069111273}" = My Family Tree
"{E811D3DC-A647-4744-9CA6-BD4707D2808B}" = DNSCrypt
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F8650CB3-89F1-4AE0-81AC-917423C58DB8}" = Serif PhotoPlus Association File Formats
"{FE69B76B-66CB-4C9A-BADA-3BE4080CD7BC}" = Serif CraftArtist
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"avast" = avast! Free Antivirus
"BDlot DVD Clone Ultimate_is1" = BDlot DVD Clone Ultimate 3.1.2
"Belarc Advisor" = Belarc Advisor 8.2
"BN_DesktopReader" = NOOK for PC
"CCleaner" = CCleaner
"Do Not Track Plus Add-on_is1" = Do Not Track Plus Add-on 1.0.5289.0208
"Doro_is1" = Doro 1.71
"DVDFab 8 Qt_is1" = DVDFab 8.1.7.5 (07/04/2012) Qt
"EaseUS Todo Backup Free 4.0_is1" = EaseUS Todo Backup Free 4.0
"ESET Online Scanner" = ESET Online Scanner v3
"FileHelp Assistant" = FileHelp Assistant
"Foxit Reader_is1" = Foxit Reader
"Glary Utilities_is1" = Glary Utilities Pro 2.41.0.1358
"HTC_WModemDriver" = WModem Driver Installer
"Ideal DVD Copy_is1" = Ideal DVD Copy V4.1.2
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"IrfanView" = IrfanView (remove only)
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Standard)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.0.1400
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Mozilla Firefox 15.0.1 (x86 en-GB)" = Mozilla Firefox 15.0.1 (x86 en-GB)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Revo Uninstaller" = Revo Uninstaller 1.94
"Scribus 1.4.0" = Scribus 1.4.0
"Shareaza_is1" = Shareaza 2.5.5.0
"Silent Package Run-Time Sample" = EPSON PERF 3170Guide
"SpywareBlaster_is1" = SpywareBlaster 4.6
"Sticky Password_is1" = Sticky Password 5.0.8.254
"The Print Shop Suite 6.0" = The Print Shop® 6.0 Deluxe
"The Weather Channel App" = The Weather Channel App
"VLC media player" = VLC media player 2.0.2
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinX DVD Copy Pro_is1" = WinX DVD Copy Pro 3.4.3
"WinX DVD Ripper Platinum_is1" = WinX DVD Ripper Platinum 6.8.5
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Fotosafari ePix" = ArtPlus ePix - Wallpaper Calendar
"Google Chrome" = Google Chrome

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 4/11/2012 3:20:47 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application hpzstw10.exe, version 2.323.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x61636335.

Error - 4/11/2012 3:21:07 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1001
Description = Fault bucket -1369539603.

Error - 4/11/2012 4:35:22 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application hpdj00.exe, version 2.323.0.0, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 4/19/2012 10:54:05 PM | Computer Name = DESKTOP | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 4/19/2012 10:54:49 PM | Computer Name = DESKTOP | Source = Application Hang | ID = 1001
Description = Fault bucket 1180947459.

Error - 4/20/2012 9:40:14 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application chrome.exe, version 18.0.1025.162, faulting module
unknown, version 0.0.0.0, fault address 0x00000000.

Error - 5/5/2012 4:04:03 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application pip.exe, version 6.0.829.0, faulting module pip.exe,
version 6.0.829.0, fault address 0x0000b91a.

Error - 5/8/2012 2:04:48 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application foxit reader.exe, version 5.3.0.423, faulting
module unknown, version 0.0.0.0, fault address 0x027791ed.

Error - 5/9/2012 2:50:30 PM | Computer Name = DESKTOP | Source = .NET Runtime Optimization Service | ID = 1103
Description = .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32)
- Tried to start a service that wasn't the latest version of CLR Optimization service.
Will shutdown

Error - 5/11/2012 9:19:54 PM | Computer Name = DESKTOP | Source = Application Error | ID = 1000
Description = Faulting application , version 0.0.0.0, faulting module unknown, version
0.0.0.0, fault address 0x00000000.

[ System Events ]
Error - 9/14/2012 8:28:37 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The EaseUS Agent service terminated unexpectedly.  It has done this
2 time(s).

Error - 9/14/2012 8:31:44 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The EaseUS Agent service terminated unexpectedly.  It has done this
3 time(s).

Error - 9/14/2012 8:32:34 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The EaseUS Agent service terminated unexpectedly.  It has done this
4 time(s).

Error - 9/14/2012 8:34:32 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The EaseUS Agent service terminated unexpectedly.  It has done this
5 time(s).

Error - 9/14/2012 8:35:13 PM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The EaseUS Agent service terminated unexpectedly.  It has done this
6 time(s).

Error - 9/15/2012 11:41:47 AM | Computer Name = DESKTOP | Source = Service Control Manager | ID = 7034
Description = The EaseUS Agent service terminated unexpectedly.  It has done this
1 time(s).

Error - 9/15/2012 11:43:10 AM | Comput

Corrine

#26
September 17, 2012, 09:43:08 PM
Hi, Grandms.

My apology for the delay in responding.  I've been consulting with DonnaB who has seen a lot of Funmoods and similar foistware. 

  • Double click OTL.exe to launch the program.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code Select
:OTL
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1QzutDtDtCtA0DtAtD0EyEtB0E0EtDtD0E0AtN0D0Tzu0CtByDyDtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1825024584

  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.
Note: If necessary, OTL may re-boot your computer, or request that you do so.  If it does re-boot your computer, a log will be produced upon re-boot.   In the event OTL does not restart your computer, I would like you to shutdown/restart anyway.  Then, please test each of the three browsers and advise of the status of each.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

#27
September 18, 2012, 02:00:14 AM
Oh, oh!  Its an invasion of GW members.  Three all logged in together:  Grandms, DonnaB (aka bbbluz), nearandwest    :laughing:  Now, just where is that Ravencajun?  RC, where are you?



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Grandms

#28
September 18, 2012, 02:15:18 AM
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.

OTL by OldTimer - Version 3.2.61.5 log created on 09172012_220604



Just noticed something in the prior OTL log in two locations:
Files created - No Company name
after the date of 9/11 16:41:32   000,384,844  C:\Documents and Settings\HPAdministrator Desktop\Local Settings\Application Data\funmoods.speeddial.crx

Also:
Files Modified within 30 days
9/11  16:40:48  000,384,844    (same location given)

I will shut down and reboot now.  Since I was able to reset Chrome browser to default settings, funmoods has stopped popping up a tab when I open the browser and I can find no trace of it there.  I have since added back some extensions.  Also, I haven't really seen evidence of it in IE, but I seldom use that browser.  However, when I type in a URL in the Firefox address bar, the funmoods search page opens.  Just wanted you to be aware of this.

Grandms

#29
September 18, 2012, 02:51:25 AM
As far as I can tell, all three browsers installed are free of funmoods.  I do not see it listed in any search engines list, and the redirect I was getting on Firefox seems to be fixed. :mitch:

If not, I'll be back!!

By the way, any other cleanup that's needed, I'm ready for it tomorrow.  Just don't know how to thank you for all your help except to sing your praises to everyone else.
Print
Go Up Pages 1 2 3
User actions