Author Topic: Ad pop up and in new tab (Read 10601 times)

jklangen · « **on:** February 14, 2013, 08:13:40 AM »

I have recently been experiencing an ad pop up window in the lower right corner of my screen and also an ad appearing in a new tab both in FireFox and Chrome. I am running through the clean up instructions (have done this before for friends and myself). I am going to be out of town for a few days but wanted to get this thread started asap. Ran AdwCleaner and the log file follows. I already deleted the Coupon Companion Plugin but do not see the program Crossrider in Control Panel. I am running the Malware program recommended now. Thanks in advance for your help. You all provide an invaluable service! P.S. I added the Malware log below the AdwCleaner log

Regards - Jim Langendonk

# AdwCleaner v2.112 - Logfile created 02/14/2013 at 08:44:47
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jim Langendonk - JIMLANGENDONK
# Boot Mode : Normal
# Running from : C:\Users\Jim Langendonk\Downloads\adwcleaner0.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Coupon Companion Plugin
Folder Found : C:\Program Files (x86)\Yontoo
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Jim Langendonk\AppData\Local\Coupon Companion Plugin
Folder Found : C:\Users\Jim Langendonk\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Folder Found : C:\Users\Jim Langendonk\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Jim Langendonk\AppData\Roaming\Mozilla\Firefox\Profiles\u0vol3no.default\extensions\[email protected]
Folder Found : C:\Users\Jim Langendonk\AppData\Roaming\OpenCandy

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\InstalledBrowserExtensions
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110211181104}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110211181104}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.BHO.1
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox
Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0021804.Sandbox.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110211181104}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Jim Langendonk\AppData\Roaming\Mozilla\Firefox\Profiles\u0vol3no.default\prefs.js

Found : user_pref("extensions.crossriderapp21804.21804.Ins tallationThankYouPage", true);
Found : user_pref("extensions.crossriderapp21804.21804.Ins tallationTime", 1360076858);
Found : user_pref("extensions.crossriderapp21804.21804.Ins tallationUserSettings.searchUserConifrm ation", fal[...]
Found : user_pref("extensions.crossriderapp21804.21804.Ins tallationUserSettings.setHomepage", false);
Found : user_pref("extensions.crossriderapp21804.21804.Ins tallationUserSettings.setNewTab", false);
Found : user_pref("extensions.crossriderapp21804.21804.Ins tallationUserSettings.setSearch", false);
Found : user_pref("extensions.crossriderapp21804.21804.act ive", true);
Found : user_pref("extensions.crossriderapp21804.21804.add ressbar", "");
Found : user_pref("extensions.crossriderapp21804.21804.add ressbarenhanced", "");
Found : user_pref("extensions.crossriderapp21804.21804.bac kgroundjs", "\n\n//\n");
Found : user_pref("extensions.crossriderapp21804.21804.bac kgroundver", 30);
Found : user_pref("extensions.crossriderapp21804.21804.can _run_bg_code", true);
Found : user_pref("extensions.crossriderapp21804.21804.cer tdomaininstaller", "");
Found : user_pref("extensions.crossriderapp21804.21804.cha ngeprevious", false);
Found : user_pref("extensions.crossriderapp21804.21804.coo kie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie.InstallationTime.value", "1360076858");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_aoi.value", "1360076858");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_arbitrary_code.expiration", "Thu Feb 14 2[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_arbitrary_code.value", "%22%28function%28[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_blocklist.expiration", "Thu Feb 14 2013 0[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_blocklist.value", "%22nonexistantdomain.c[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:0[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_cf_bu1.value", "1360851368");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_country_code.expiration", "Tue Feb 19 201[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_country_code.value", "%22US%22");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_crr.value", "1360851349");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_currenttime.value", "%221360789405%22");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_hotfix20111102645.value", "%221%22");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_installer_params.expiration", "Fri Feb 01[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_installer_params.value", "%7B%22source_id[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_installtime.value", "%221359648384%22");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_parent_zoneid.value", "%2214019%22");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_pc_20120828.value", "1360077734514");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_product_id.value", "%221175%22");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie._GPL_zoneid.value", "%22139901%22");
Found : user_pref("extensions.crossriderapp21804.21804.coo kie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Found : user_pref("extensions.crossriderapp21804.21804.coo kie.dbtest.value", "1360077687943");
Found : user_pref("extensions.crossriderapp21804.21804.des cription", "Coupon Companion");
Found : user_pref("extensions.crossriderapp21804.21804.dom ain", "");
Found : user_pref("extensions.crossriderapp21804.21804.ena blesearch", false);
Found : user_pref("extensions.crossriderapp21804.21804.fbr emoteurl", "");
Found : user_pref("extensions.crossriderapp21804.21804.gro up", 0);
Found : user_pref("extensions.crossriderapp21804.21804.hom epage", "");
Found : user_pref("extensions.crossriderapp21804.21804.ifr ame", false);
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.InstallerIdentifiers.expiration ", "Fri Feb[...]
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_appVer.value", "44");
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_lastVersion.expiratio n", "Fri Fe[...]
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_lastVersion.value", "1");
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_meta.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_nextCheck.expiration", "Thu Feb [...]
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_nextCheck.value", "true");
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_queue.value", "%7B%7D");
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_remote_resources.expi ration", "F[...]
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.Resources_remote_resources.valu e", "%7B%22[...]
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Found : user_pref("extensions.crossriderapp21804.21804.int ernaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Found : user_pref("extensions.crossriderapp21804.21804.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Found : user_pref("extensions.crossriderapp21804.21804.man ifesturl", "");
Found : user_pref("extensions.crossriderapp21804.21804.nam e", "Coupon Companion Plugin");
Found : user_pref("extensions.crossriderapp21804.21804.new tab", "");
Found : user_pref("extensions.crossriderapp21804.21804.ope nsearch", "");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_1.name", "base");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_1.ver", 4);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_1000014.code", "Array.prototype.indexO[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_1000014.name", "GPL Plugin (Loader)");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_1000014.ver", 15);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_1000015.name", "GPL Background (BG)");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_1000015.ver", 32);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_13.code", "(function(a){a.selectedText[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_13.name", "CrossriderAppUtils");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_13.ver", 2);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_14.name", "CrossriderUtils");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_14.ver", 2);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_16.code", "if((typeof isBackground===\[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_16.name", "FFAppAPIWrapper");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_16.ver", 4);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_17.code", "if(typeof window!==\"undefi[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_17.name", "jQuery");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_17.ver", 3);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_21.code", "var CrossriderDebugManager=[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_21.name", "debug");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_21.ver", 3);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_22.name", "resources");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_22.ver", 2);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_28.code", "var CrossriderInitializerPl[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_28.name", "initializer");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_28.ver", 2);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_4.name", "jquery_1_7_1");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_4.ver", 3);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_47.name", "resources_background");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_47.ver", 1);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_64.name", "appApiMessage");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_64.ver", 1);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_72.code", "if(appAPI.__should_activate[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_72.name", "appApiValidation");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_72.ver", 1);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_78.name", "CrossriderInfo");
Found : user_pref("extensions.crossriderapp21804.21804.plu gins.plugin_78.ver", 2);
Found : user_pref("extensions.crossriderapp21804.21804.plu gins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu gins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Found : user_pref("extensions.crossriderapp21804.21804.plu ginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Found : user_pref("extensions.crossriderapp21804.21804.plu ginsversion", 41);
Found : user_pref("extensions.crossriderapp21804.21804.pub lisher", "215 Apps");
Found : user_pref("extensions.crossriderapp21804.21804.sea rchstatus", 0);
Found : user_pref("extensions.crossriderapp21804.21804.set newtab", false);
Found : user_pref("extensions.crossriderapp21804.21804.set tingsurl", "");
Found : user_pref("extensions.crossriderapp21804.21804.tha nkyou", "");
Found : user_pref("extensions.crossriderapp21804.21804.upd ateinterval", 360);
Found : user_pref("extensions.crossriderapp21804.21804.ver", 44);
Found : user_pref("extensions.crossriderapp21804.adsOldVal ue", -1);
Found : user_pref("extensions.crossriderapp21804.apps", "21804");
Found : user_pref("extensions.crossriderapp21804.bic", "13caae7ede61e7e4ffe163bb2aaf609f");
Found : user_pref("extensions.crossriderapp21804.cid", 21804);
Found : user_pref("extensions.crossriderapp21804.firstrun", false);
Found : user_pref("extensions.crossriderapp21804.hadappins talled", true);
Found : user_pref("extensions.crossriderapp21804.installat iondate", 1360076992);
Found : user_pref("extensions.crossriderapp21804.lastcheck", 22680725);
Found : user_pref("extensions.crossriderapp21804.lastcheck item", 22680856);
Found : user_pref("extensions.crossriderapp21804.modetype", "production");
Found : user_pref("extensions.crossriderapp21804.reportIns tall", true);

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hskxah7l.default\prefs.js

Found : user_pref("extensions.crossriderapp21804.adsOldVal ue", -1);

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Jim Langendonk\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5333 octets] - [13/11/2012 09:42:04]
AdwCleaner[R2].txt - [19327 octets] - [14/02/2013 08:44:47]
AdwCleaner[S1].txt - [5338 octets] - [13/11/2012 09:43:15]

########## EOF - C:\AdwCleaner[R2].txt - [19448 octets] ##########

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.14.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Jim Langendonk :: JIMLANGENDONK [administrator]

2/14/2013 8:05:26 AM
mbam-log-2013-02-14 (08-05-26).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 618617
Time elapsed: 1 hour(s), 42 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 6
HKCR\CLSID\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCR\TypeLib\{EF96EDE0-E1F8-4EB2-956B-D54DF35335E4} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCR\Interface\{44C0ECF5-4AC6-4E39-8091-E57070F8945A} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> Quarantined and deleted successfully.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 1
C:\Program Files (x86)\InfoAtoms\IE32\InfoAtomsClientIE.dll (PUP.InfoAtoms) -> Quarantined and deleted successfully.

(end)

SuperDave · « **Reply #1 on:** February 14, 2013, 12:50:31 PM »

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.

*********************************************
Download Combofix from any of the links below, and save it to your DESKTOP.
If your version of Windows defaults to you download folder you will need to copy it to your desktop.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

jklangen · « **Reply #2 on:** February 18, 2013, 01:56:02 PM »

Thanks for the quick reply and sorry for the slow response. I was out of town for a few days. Following are the two logs requested - Jim

# AdwCleaner v2.112 - Logfile created 02/18/2013 at 14:10:20
# Updated 10/02/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : Jim Langendonk - JIMLANGENDONK
# Boot Mode : Normal
# Running from : C:\Users\Jim Langendonk\Downloads\adwcleaner (1).exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.2 (en-US)

File : C:\Users\Jim Langendonk\AppData\Roaming\Mozilla\Firefox\Profiles\u0vol3no.default\prefs.js

[OK] File is clean.

File : C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\hskxah7l.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v24.0.1312.57

File : C:\Users\Jim Langendonk\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [5333 octets] - [13/11/2012 09:42:04]
AdwCleaner[R2].txt - [19510 octets] - [14/02/2013 08:44:47]
AdwCleaner[R3].txt - [4389 octets] - [14/02/2013 09:52:51]
AdwCleaner[R4].txt - [1411 octets] - [14/02/2013 10:01:00]
AdwCleaner[R5].txt - [1530 octets] - [18/02/2013 14:09:19]
AdwCleaner[S1].txt - [5338 octets] - [13/11/2012 09:43:15]
AdwCleaner[S2].txt - [4630 octets] - [14/02/2013 09:53:28]
AdwCleaner[S3].txt - [1471 octets] - [14/02/2013 10:03:34]
AdwCleaner[S4].txt - [1461 octets] - [18/02/2013 14:10:20]

########## EOF - C:\AdwCleaner[S4].txt - [1521 octets] ##########

ComboFix 13-02-18.02 - Jim Langendonk 02/18/2013 14:50:17.2.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.9207.6621 [GMT -6:00]
Running from: c:\users\Jim Langendonk\Downloads\ComboFix.exe
AV: Norton Internet Security *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\users\Jim Langendonk\AppData\Roaming\Microsoft\Windows\Recent\Thumbs.db
c:\users\Jim Langendonk\Documents\explorer
c:\users\Jim Langendonk\Documents\explorer\bookmark.htm
c:\users\Jim Langendonk\Documents\explorer\cookies.txt
.
.
((((((((((((((((((((((((( Files Created from 2013-01-18 to 2013-02-18 )))))))))))))))))))))))))))))))
.
.
2013-02-18 20:58 . 2013-02-18 20:58   --------   d-----w-   c:\users\HomeGroupUser$\AppData\Local\temp
2013-02-18 20:58 . 2013-02-18 20:58   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-02-18 20:58 . 2013-02-18 20:58   --------   d-----w-   c:\users\Administrator\AppData\Local\temp
2013-02-14 09:02 . 2013-01-09 01:10   996352   ----a-w-   c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 09:02 . 2013-01-08 22:01   768000   ----a-w-   c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 21:50 . 2013-01-05 05:53   5553512   ----a-w-   c:\windows\system32\ntoskrnl.exe
2013-02-13 21:50 . 2013-01-05 05:00   3967848   ----a-w-   c:\windows\SysWow64\ntkrnlpa.exe
2013-02-13 21:50 . 2013-01-05 05:00   3913064   ----a-w-   c:\windows\SysWow64\ntoskrnl.exe
2013-02-13 21:50 . 2013-01-04 03:26   3153408   ----a-w-   c:\windows\system32\win32k.sys
2013-02-13 21:50 . 2013-01-04 05:46   215040   ----a-w-   c:\windows\system32\winsrv.dll
2013-02-13 21:50 . 2013-01-04 04:51   5120   ----a-w-   c:\windows\SysWow64\wow32.dll
2013-02-13 21:50 . 2013-01-04 02:47   25600   ----a-w-   c:\windows\SysWow64\setup16.exe
2013-02-13 21:50 . 2013-01-04 02:47   7680   ----a-w-   c:\windows\SysWow64\instnm.exe
2013-02-13 21:50 . 2013-01-04 02:47   2048   ----a-w-   c:\windows\SysWow64\user.exe
2013-02-13 21:50 . 2013-01-04 02:47   14336   ----a-w-   c:\windows\SysWow64\ntvdm64.dll
2013-02-13 21:50 . 2013-01-03 06:00   1913192   ----a-w-   c:\windows\system32\drivers\tcpip.sys
2013-02-13 21:50 . 2013-01-03 06:00   288088   ----a-w-   c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-05 15:48 . 2013-02-05 15:48   --------   d-----w-   c:\program files (x86)\Free PDF to Word Doc Converter
2013-02-05 15:23 . 2013-02-05 15:23   --------   d-----w-   c:\users\Jim Langendonk\AppData\Local\Stronghold_LLC
2013-02-05 15:23 . 2013-02-10 12:51   --------   d-sh--w-   c:\windows\SysWow64\AI_RecycleBin
2013-02-05 15:23 . 2013-02-05 15:23   --------   d-----w-   c:\users\Jim Langendonk\AppData\Roaming\Strongvault
2013-02-05 15:08 . 2013-02-05 15:08   --------   d-----w-   c:\users\Jim Langendonk\AppData\Local\VisualBeeClient
2013-02-05 15:08 . 2013-02-05 15:08   --------   d-----w-   c:\users\Jim Langendonk\AppData\Local\VisualBeeExe
2013-02-05 15:08 . 2013-02-05 15:08   --------   d-----w-   c:\users\Jim Langendonk\AppData\Roaming\Free-PDF-to-Word.com
2013-02-05 15:08 . 2013-02-05 15:08   --------   d-----w-   c:\program files (x86)\Free PDF to Word Converter
2013-02-05 15:07 . 2013-02-05 15:08   --------   d-----w-   c:\programdata\VisualBee
2013-02-05 15:07 . 2013-02-05 15:07   --------   d-----w-   c:\program files (x86)\InfoAtoms
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-14 12:00 . 2012-03-29 17:36   691568   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-14 12:00 . 2011-06-06 21:58   71024   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-14 09:05 . 2010-03-06 14:56   70004024   ----a-w-   c:\windows\system32\MRT.exe
2013-02-04 18:37 . 2010-03-04 19:46   2876528   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-02-04 18:37 . 2010-05-20 00:14   42776   ----a-w-   c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-04 04:43 . 2013-02-13 21:50   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-12-16 17:11 . 2012-12-21 09:00   46080   ----a-w-   c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 09:00   367616   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00   295424   ----a-w-   c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 09:00   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2012-12-14 22:49 . 2010-06-25 22:31   24176   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-12-11 12:54 . 2012-12-11 12:54   10   ----a-w-   c:\windows\Fonts\wfonts.key
2012-12-07 13:20 . 2013-01-09 10:29   441856   ----a-w-   c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 10:29   2746368   ----a-w-   c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 10:29   308736   ----a-w-   c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 10:29   2576384   ----a-w-   c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 10:29   30720   ----a-w-   c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 10:29   43520   ----a-w-   c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 10:29   23552   ----a-w-   c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 10:29   45568   ----a-w-   c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 10:29   44544   ----a-w-   c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 10:29   20480   ----a-w-   c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 10:29   20480   ----a-w-   c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 10:29   20480   ----a-w-   c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 10:29   46592   ----a-w-   c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 10:29   40960   ----a-w-   c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 10:29   21504   ----a-w-   c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 10:29   15360   ----a-w-   c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 10:29   55296   ----a-w-   c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 10:29   51712   ----a-w-   c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 10:29   43520   ----a-w-   c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 10:29   30720   ----a-w-   c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 10:29   45568   ----a-w-   c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 10:29   44544   ----a-w-   c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 10:29   20480   ----a-w-   c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 10:29   23552   ----a-w-   c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 10:29   20480   ----a-w-   c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 10:29   46592   ----a-w-   c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 10:29   20480   ----a-w-   c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 10:29   21504   ----a-w-   c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 10:29   40960   ----a-w-   c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 10:29   15360   ----a-w-   c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 10:29   55296   ----a-w-   c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 10:29   51712   ----a-w-   c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 10:29   362496   ----a-w-   c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 10:29   243200   ----a-w-   c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 10:29   13312   ----a-w-   c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 10:29   16384   ----a-w-   c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 10:29   424448   ----a-w-   c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 10:29   1161216   ----a-w-   c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 10:29   6144   ---ha-w-   c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   4608   ---ha-w-   c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   5120   ---ha-w-   c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   4096   ---ha-w-   c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 10:29   274944   ----a-w-   c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 10:29   4608   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   4096   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3584   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   5120   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 10:29   3072   ---ha-w-   c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"BATINDICATOR"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe" [2009-05-09 2068992]
"LaunchHPOSIAPP"="c:\program files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\LaunchApp.exe" [2009-04-04 385024]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"CaddieSyncConduit"="c:\program files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe" [2012-09-14 2378648]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer5"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute   REG_MULTI_SZ     autocheck autochk *\0auto_reactivate \\?\Volume{a32f5a57-2020-11df-a2ab-806e6f6e6963}\bootwiz\asrm.bin
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R0 AFS;AFS;

R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-08 160944]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [2010-03-21 288112]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 35104]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-11 1038088]
R3 GenericMount Helper Service;GenericMount Helper Service;c:\program files (x86)\Norton Ghost\Shared\Drivers\GenericMountHelperx64.exe [2010-02-12 2227216]
R3 silabenm;Silicon Labs CP210x USB to UART Bridge Serial Port Enumerator Driver;c:\windows\system32\DRIVERS\silabenm.sys [2008-08-27 23040]
R3 silabser;Silicon Labs CP210x USB to UART Bridge Driver;c:\windows\system32\DRIVERS\silabser.sys [2008-08-27 68608]
R3 Symantec SymSnap VSS Provider;Symantec SymSnap VSS Provider;c:\windows\system32\dllhost.exe [2009-07-14 9728]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-06 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1402010.016\SYMDS64.SYS [2012-10-04 493216]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1402010.016\SYMEFA64.SYS [2012-10-04 1133216]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2011-09-02 1263200]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130208.001\BHDrvx64.sys [2013-01-16 1388120]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1402010.016\ccSetx64.sys [2012-08-20 168096]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130213.001\IDSvia64.sys [2012-10-20 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1402010.016\Ironx64.SYS [2012-09-07 224416]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1402010.016\SYMNETS.SYS [2012-09-07 432800]
S2 afcdpsrv;Acronis Nonstop Backup Service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2011-09-02 3246040]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-03-11 202752]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2012-08-23 13672]
S2 lxdd_device;lxdd_device;c:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-05-04 517632]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe [2012-12-05 143928]
S2 ReflectService;Macrium Reflect Image Mounting Service;c:\program files\Macrium\Reflect\ReflectService.exe [2010-03-17 301024]
S2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-03-18 172328]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-09-02 285280]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2009-06-12 287960]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-08-13 138912]
S3 GenericMount;Generic Mount Driver;c:\windows\system32\DRIVERS\GenericMount.sys [2010-02-12 66608]
S3 Spyder3;Datacolor Spyder3;c:\windows\system32\DRIVERS\Spyder3.sys [2007-12-12 15360]
S3 SymSnapService;SymSnapService;c:\program files (x86)\Norton Ghost\Shared\Drivers\SymSnapServicex64.exe [2009-09-22 2963960]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai   REG_MULTI_SZ     Akamai
hpdevmgmt   REG_MULTI_SZ     hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 21:28   1607120   ----a-w-   c:\program files (x86)\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 21:08]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-02-22 21:08]
.
2013-02-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2848049799-2412169250-1568041045-1001Core.job
- c:\users\Jim Langendonk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 14:31]
.
2013-02-18 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2848049799-2412169250-1568041045-1001UA.job
- c:\users\Jim Langendonk\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-22 14:31]
.
2013-02-18 c:\windows\Tasks\HP Photo Creations Messager.job
- c:\programdata\HP Photo Creations\MessageCheck.exe [2011-02-15 10:11]
.
2013-02-14 c:\windows\Tasks\HPCeeScheduleForJim Langendonk.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
2013-01-31 c:\windows\Tasks\PCDRScheduledMaintenance.job
- c:\program files\PC-Doctor for Windows\pcdrcui.exe [2009-09-18 07:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-18 01:50   755816   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-18 01:50   755816   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-18 01:50   755816   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-18 01:50   755816   ----a-w-   c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2011-01-28 358200]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = 192.168.*.*;*.local;127.0.0.1:9421;<local>
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 71.92.29.130 97.81.22.195 68.113.206.10
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Jim Langendonk\AppData\Roaming\Mozilla\Firefox\Profiles\u0vol3no.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/finance|http://www.google.com/
FF - prefs.js: keyword.URL - hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q=
FF - ExtSQL: 2013-02-05 09:07; [email protected]; c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
FF - ExtSQL: !HIDDEN! 2010-03-18 12:35; [email protected]; c:\program files (x86)\Hewlett-Packard\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: !HIDDEN! 2013-02-05 09:07; [email protected]; c:\program files (x86)\Mozilla Firefox\extensions\[email protected]
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-SMessaging - c:\users\Jim Langendonk\AppData\Local\Strongvault Online Backup\SMessaging.exe
AddRemove-SLABCOMM&10C4&EA60 - c:\program files (x86)\Silabs\MCU\DriverUninstall\DriverUninstaller.exe VCP CP210x Cardinal\SLABCOMM&10C4&EA60
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\20.2.1.22\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Environment*]
"Licence0"="04F0D21-79D8-7A25-D702-433F"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-02-18 15:00:19
ComboFix-quarantined-files.txt 2013-02-18 21:00
.
Pre-Run: 709,283,262,464 bytes free
Post-Run: 708,646,608,896 bytes free
.
- - End Of File - - 3D4B328F0F341CBD322D4952CF23B292

SuperDave · « **Reply #3 on:** February 18, 2013, 07:38:03 PM »

Please download Rooter and Save it to your desktop.

Double click it to start the tool.Vista and Windows7 run as administrator.
Click Scan.
Eventually, a Notepad file containing the report will open, also found at C:\Rooter.txt. Post that log in your next reply.

**********************************************
Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1
Link 2

* Double-click Security Check.bat
* Follow the on-screen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

jklangen · « **Reply #4 on:** February 19, 2013, 05:15:24 AM »

Thanks for the help! I still have an occasional ad pop up window in the lower right part of my screen and the same ad popping up in a new tab with Firefox only. Here are the logs requested - Jim

Rooter.exe (v1.0.2) by Eric_71
.
SeDebugPrivilege granted successfully ...
.
Windows 7 . (6.1.7601) Service Pack 1
[32_bits] - Intel64 Family 6 Model 26 Stepping 5, GenuineIntel
.
[wscsvc] (Security Center) RUNNING (state:4)
[MpsSvc] RUNNING (state:4)
Windows Firewall -> Enabled
Windows Defender -> Enabled
User Account Control (UAC) -> Enabled
.
Internet Explorer 9.0.8112.16421
Mozilla Firefox 18.0.2 (en-US)
.
C:\ [Fixed-NTFS] .. ( Total:920 Go - Free:654 Go )
D:\ [Fixed-NTFS] .. ( Total:11 Go - Free:1 Go )
E:\ [CD_Rom]
F:\ [Removable]
G:\ [Removable]
H:\ [Removable]
I:\ [Removable]
J:\ [Fixed-NTFS] .. ( Total:1397 Go - Free:1275 Go )
L:\ [Removable]
.
Scan : 06:09.02
Path : C:\Users\Jim Langendonk\Downloads\Rooter.exe
User : Jim Langendonk ( Administrator -> YES )
.
----------------------\\ Processes
.
Locked [System Process] (0)
Locked System (4)
______

? (512)
______

? (800)
______

? (752)
______

? (768)
______

? (916)
______

? (160)
______

? (144)
______

? (684)
______

? (1044)
______

? (1140)
______

? (1200)
______

? (1272)
______

? (1320)
______

? (1368)
______

? (1532)
______

? (1572)
______

? (1660)
______

? (1940)
______

? (1968)
______ C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (1436)
______

? (2116)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (2140)
______ C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (2184)
______ C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (2228)
______

? (2324)
______

? (2364)
______

? (2480)
______ c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe (2560)
______

? (2620)
______ C:\Program Files (x86)\Common Files\Motive\McciCMService.exe (2784)
______

? (2880)
______

? (2956)
______ C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe (2984)
______ C:\Program Files (x86)\Norton Ghost\Agent\VProSvc.exe (3020)
______

? (2264)
______

? (2288)
______ C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (2372)
______

? (2652)
______ C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (2708)
______

? (1680)
______

? (3204)
______

? (3424)
______

? (3832)
______ C:\Program Files (x86)\Norton Internet Security\Engine\20.2.1.22\ccSvcHst.exe (3848)
______

? (3884)
______

? (3920)
______

? (3164)
______ C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\ModLEDKey.exe (4104)
______ C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (4156)
______ C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe (4348)
______ C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\BATINDICATOR.exe (4360)
______ C:\Program Files (x86)\hp\HP Software Update\hpwuschd2.exe (4380)
______ C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (4416)
______ C:\Program Files (x86)\SkyGolf\CaddieSync Express\CaddieSyncExpress.exe (4428)
______ C:\Program Files (x86)\iTunes\iTunesHelper.exe (4452)
______

? (4608)
______

? (4632)
______ C:\Program Files (x86)\Hewlett-Packard\HP MAINSTREAM KEYBOARD\CNYHKEY.exe (5004)
______

? (3520)
______

? (4188)
______

? (1412)
______

? (2036)
______

? (5076)
______

? (4276)
______ c:\Program Files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe (5496)
______

? (5644)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4716)
______

? (2400)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4952)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6172)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6220)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6356)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6556)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6612)
______

? (5328)
______ C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (2280)
______ C:\Program Files (x86)\Common Files\Intuit\Update Service\IntuitUpdateService.exe (4272)
______ C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (6320)
______ C:\Windows\SysWOW64\svchost.exe (4936)
______

? (2532)
______ C:\Program Files (x86)\Microsoft Office\Office12\OUTLOOK.EXE (5628)
______ C:\Program Files (x86)\Mozilla Firefox\firefox.exe (3348)
______ C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE (5984)
______

? (6704)
______ C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (5800)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe (4992)
______ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_168.exe (5396)
______

? (5088)
______ C:\Windows\SysWOW64\prevhost.exe (4280)
______ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (6076)
______ C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe (6440)
______ C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (2004)
______ C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (1460)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6708)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (4340)
______ C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (5540)
______ C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (7880)
______

? (7172)
______

? (3036)
______

? (3960)
Locked audiodg.exe (7780)
______ C:\Users\Jim Langendonk\Downloads\Rooter.exe (5560)
.
----------------------\\ Device\Harddisk0\
.
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
.
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:1048576 | Length:104857600)
\Device\Harddisk0\Partition2 (Start_Offset:105906176 | Length:988255617024)
\Device\Harddisk0\Partition3 (Start_Offset:988361523200 | Length:11841568768)
.
----------------------\\ Scheduled Tasks
.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2848049799-2412169250-1568041045-1001Core.job
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2848049799-2412169250-1568041045-1001UA.job
C:\Windows\Tasks\HP Photo Creations Messager.job
C:\Windows\Tasks\HPCeeScheduleForJim Langendonk.job
C:\Windows\Tasks\PCDRScheduledMaintenance.job
C:\Windows\Tasks\SA.DAT
C:\Windows\Tasks\SCHEDLGU.TXT
.
----------------------\\ Registry
.
.
----------------------\\ Files & Folders
.
----------------------\\ Scan completed at 06:09.06
.
C:\Rooter$\Rooter_2.txt - (19/02/2013 | 06:09.06)

Results of screen317's Security Check version 0.99.58
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````[/u]
Windows Firewall Enabled!
Norton Internet Security
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````[/u]
Spyder3Elite
Norton Ghost
Malwarebytes Anti-Malware version 1.70.0.1100
Java 7 Update 7
Java version out of Date!
Adobe Flash Player 11.6.602.168
Adobe Reader 9
Adobe Reader XI
Mozilla Firefox (18.0.2)
Google Chrome 24.0.1312.52
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````[/u]
Norton ccSvcHst.exe
`````````````````System Health check`````````````````[/u]
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````[/u]

SuperDave · « **Reply #5 on:** February 19, 2013, 01:26:43 PM »

Quote

I still have an occasional ad pop up window in the lower right part of my screen and the same ad popping up in a new tab with Firefox only.

Have you configured FF to block popups?
***************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
***************************************************

Download RogueKiller on the desktop
Close all the running programs
Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

jklangen · « **Reply #6 on:** February 20, 2013, 05:44:28 AM »

I had trouble downloading Roguekiller. Norton's did not like it. Got it to work and the log follows. Also noticed the name of a program when an ad popped up in a FF tab and removed it via Control Panel. No more ads. Regards - Jim

RogueKiller V8.5.1 _x64_ [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jim Langendonk [Admin rights]
Mode : Scan -- Date : 02/19/2013 16:31:11
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 8 ¤¤¤
[TASK][SUSP PATH] VisualBeeRecovery : C:\Users\Jim Langendonk\AppData\Local\VisualBeeExe\VisualBeeRecovery.exe /s [7] -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskmgr (0) -> FOUND
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HDT721010SLA360 +++++
--- User ---
[MBR] a7a4332a454ef3d0db305fbc1a90e9e2
[BSP] 34bb051b1f651caa6a6953cdafa6e5a6 : Legit3 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 942474 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1930393600 | Size: 11293 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_02192013_02d1631.txt >>
RKreport[1]_S_02192013_02d1631.txt

SuperDave · « **Reply #7 on:** February 20, 2013, 12:19:39 PM »

Please run RogueKiller and delete those items.

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the

button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

Click on to download the ESET Smart Installer. Save it to your desktop.
Double click on the icon on your desktop.

•Check

•Click the

button.
•Accept any security warnings from your browser.

Leave the check mark next to Remove found threats.

•Check

•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push

•Push

, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the

button.
•Push

A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

jklangen · « **Reply #8 on:** February 20, 2013, 08:02:43 PM »

Here is another RogueKiller log and the ESET log. Thanks for your continued help - Jim

RogueKiller V8.5.1 _x64_ [Feb 19 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Jim Langendonk [Admin rights]
Mode : Shortcuts HJfix -- Date : 02/20/2013 15:01:05
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ File attributes restored: ¤¤¤
Desktop: Success 1 / Fail 0
Quick launch: Success 1 / Fail 0
Programs: Success 16 / Fail 0
Start menu: Success 1 / Fail 0
User folder: Success 117 / Fail 0
My documents: Success 48 / Fail 48
My favorites: Success 0 / Fail 0
My pictures: Success 168 / Fail 0
My music: Success 242 / Fail 0
My videos: Success 0 / Fail 0
Local drives: Success 122 / Fail 17
Backup: [NOT FOUND]

Drives:
[C:] \Device\HarddiskVolume2 -- 0x3 --> Restored
[D:] \Device\HarddiskVolume3 -- 0x3 --> Restored
[E:] \Device\CdRom0 -- 0x5 --> Skipped
[F:] \Device\HarddiskVolume4 -- 0x2 --> Restored
[G:] \Device\HarddiskVolume5 -- 0x2 --> Restored
[H:] \Device\HarddiskVolume6 -- 0x2 --> Restored
[I:] \Device\HarddiskVolume7 -- 0x2 --> Restored
[J:] \Device\HarddiskVolume9 -- 0x3 --> Restored
[L:] \Device\HarddiskVolume8 -- 0x2 --> Restored

Finished : << RKreport[8]_SC_02202013_02d1501.txt >>
RKreport[1]_S_02192013_02d1631.txt ; RKreport[2]_D_02192013_02d1637.txt ; RKreport[3]_S_02202013_02d1456.txt ; RKreport[4]_D_02202013_02d1458.txt ; RKreport[5]_H_02202013_02d1459.txt ;
RKreport[6]_PR_02202013_02d1459.txt ; RKreport[7]_DN_02202013_02d1459.txt ; RKreport[8]_SC_02202013_02d1501.txt

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3995ba4a1e44fc44bab3ff39b41f153b
# engine=13201
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-21 01:08:10
# local_time=2013-02-20 07:08:10 (-0600, Central Standard Time)
# country="United States"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3591 16777213 100 91 0 123915475 0 0
# compatibility_mode=5893 16776574 100 94 45531389 112952340 0 0
# scanned=371900
# found=0
# cleaned=0
# scan_time=13899

SuperDave · « **Reply #9 on:** February 21, 2013, 01:27:39 PM »

How's your computer running now? Any other issues?

jklangen · « **Reply #10 on:** February 22, 2013, 06:30:04 AM »

It's running fine although just got a pop ad in a new tab in Chrome! I will research how to turn that off in both FF and Chrome. Is the PC 'clean' as far you are concerned? Thanks for all your help - Jim

SuperDave · « **Reply #11 on:** February 22, 2013, 04:10:49 PM »

Ok. Let's do some cleanup.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.

************************************************
To set a new Restore Point.

Click Start button , click Control Panel, click System and Maintenance, and then clicking System. In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation. To turn off System Protection for a hard disk, clear the check box next to the disk, and then click OK. Reboot to Normal Mode.
Click the Start button , click Control Panel, click System and Maintenance, and then click System.
In the left pane, click System Protection. If you are prompted for an administrator password or confirmation, type the password or provide confirmation.
To turn on System Protection for a hard disk, select the check box next to the disk, and then click OK.
This will give you a new, clean Restore Point.
*****************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.

Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.

This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***************************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

Computer Hope Forum

News:

Author Topic: Ad pop up and in new tab (Read 10601 times)

jklangen

Ad pop up and in new tab

SuperDave

Re: Ad pop up and in new tab

jklangen

Re: Ad pop up and in new tab

SuperDave

Re: Ad pop up and in new tab

jklangen

Re: Ad pop up and in new tab

SuperDave

Re: Ad pop up and in new tab

jklangen

Re: Ad pop up and in new tab

SuperDave

Re: Ad pop up and in new tab

jklangen

Re: Ad pop up and in new tab

SuperDave

Re: Ad pop up and in new tab

jklangen

Re: Ad pop up and in new tab

SuperDave

Re: Ad pop up and in new tab