Please check if I'm clean.

[tpolcha]

Sometimes its slow. Recently a couple of desktop icons would not take me to my log-in page for that sight.

Thanks.

# AdwCleaner v2.109 - Logfile created 01/29/2013 at 17:36:42
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : dad - OZ
# Boot Mode : Normal
# Running from : C:\Users\dad\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Found : C:\Program Files (x86)\Common Files\spigot
Folder Found : C:\Users\dad\AppData\LocalLow\AVG Security Toolbar
Folder Found : C:\Users\dad\AppData\LocalLow\Search Settings
Folder Found : C:\Users\dad\AppData\LocalLow\ShoppingReport2

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKU\S-1-5-21-695407617-4092557604-1177317012-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\ceeosrou.default\prefs.js


Malwarebyte scan revealed nothing.

DDS1:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 1/31/2011 10:45:47 PM
System Uptime: 1/29/2013 4:47:17 PM (1 hours ago)
.
Motherboard: FOXCONN |  | 2AB1
Processor: AMD Athlon(tm) II X2 240 Processor | CPU 1 | 784/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 584 GiB total, 473.617 GiB free.
D: is FIXED (NTFS) - 12 GiB total, 1.462 GiB free.
E: is CDROM (UDF)
F: is Removable
G: is Removable
H: is Removable
I: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ROOT\LEGACY_SDHOOKDRIVER\0000
Manufacturer:
Name:
PNP Device ID: ROOT\LEGACY_SDHOOKDRIVER\0000
Service:
.
==== System Restore Points ===================
.
RP396: 11/11/2012 4:23:18 PM - Windows Update
RP397: 11/15/2012 5:05:52 AM - Windows Update
RP398: 11/15/2012 6:38:20 AM - Windows Update
RP399: 11/17/2012 12:50:46 PM - Installed HP Support Assistant
RP400: 11/17/2012 12:56:10 PM - Windows Modules Installer
RP401: 11/17/2012 12:57:17 PM - Windows Modules Installer
RP402: 11/17/2012 1:12:26 PM - Windows Update
RP403: 11/20/2012 4:32:13 PM - Windows Update
RP404: 11/24/2012 8:09:17 AM - Windows Update
RP405: 11/26/2012 5:55:30 PM - Revo Uninstaller's restore point - Revo Uninstaller 1.94
RP406: 11/26/2012 6:10:45 PM - Revo Uninstaller's restore point - Bing Desktop
RP407: 11/26/2012 6:13:44 PM - Revo Uninstaller's restore point - Bing Bar
RP408: 11/27/2012 5:27:43 PM - Windows Update
RP409: 11/27/2012 7:20:04 PM - Installed OpenOffice.org 3.4.1
RP410: 12/1/2012 5:19:11 AM - Windows Update
RP411: 12/2/2012 6:01:43 PM - Installed OpenOffice.org 3.4.1
RP412: 12/5/2012 12:16:19 AM - Windows Update
RP413: 12/8/2012 5:24:57 AM - Windows Update
RP414: 12/11/2012 4:54:13 PM - Windows Update
RP415: 12/12/2012 2:08:26 PM - Windows Update
RP416: 12/16/2012 5:12:50 AM - Windows Update
RP417: 12/17/2012 5:42:37 PM - Installed Java 7 Update 10
RP418: 12/17/2012 5:44:32 PM - Installed Java 7 Update 10 (64-bit)
RP419: 12/19/2012 4:50:48 PM - Windows Update
RP420: 12/20/2012 5:34:56 PM - Windows Update
RP421: 12/24/2012 5:19:38 AM - Windows Update
RP422: 12/27/2012 4:46:12 PM - Windows Update
RP423: 12/30/2012 5:06:57 PM - Windows Update
RP424: 1/3/2013 5:09:11 AM - Windows Update
RP425: 1/6/2013 12:56:06 PM - Windows Update
RP426: 1/9/2013 6:40:02 AM - Windows Update
RP427: 1/12/2013 8:13:33 AM - Windows Update
RP428: 1/15/2013 4:31:43 PM - Windows Update
RP429: 1/19/2013 8:22:24 AM - Windows Update
RP430: 1/22/2013 4:37:52 PM - Windows Update
RP431: 1/25/2013 5:48:15 PM - Windows Update
RP432: 1/29/2013 5:01:59 AM - Windows Update
.
==== Installed Programs ======================
.
64 Bit HP CIO Components Installer
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Adobe Shockwave Player 11.6
AMD APP SDK Runtime
AMD Fuel
AMD VISION Engine Control Center
ATI Catalyst Install Manager
ATI Problem Report Wizard
BufferChm
Catalyst Control Center - Branding
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
CinemaNow Media Manager
CyberLink DVD Suite Deluxe
D3DX10
DeviceDiscovery
DVD Menu Pack for HP MediaSmart Video
ESET Online Scanner v3
Feedback Tool
ffdshow v1.1.3572 [2010-09-13]
File Repair
Google Earth
Google Update Helper
GPBaseService2
Haali Media Splitter
Hewlett-Packard ACLM.NET v1.2.1.1
HijackThis 2.0.2
HP Advisor
HP Customer Experience Enhancements
HP Customer Participation Program 13.0
HP Deskjet & Photosmart Printer Driver Software 13.0 Rel. A
HP Deskjet 1000 J110 series Basic Device Software
HP Deskjet 1000 J110 series Help
HP Imaging Device Functions 13.0
HP MediaSmart CinemaNow 2.0
HP MediaSmart DVD
HP MediaSmart Music
HP MediaSmart Photo
HP MediaSmart SmartMenu
HP MediaSmart Video
HP MediaSmart/TouchSmart Netflix
HP Odometer
HP Photosmart Essential 3.5
HP Product Detection
HP Setup
HP Smart Web Printing 4.51
HP Solution Center 13.0
HP Support Assistant
HP Support Information
HP Update
HP Vision Hardware Diagnostics
HPPhotoGadget
HPPhotoSmartDiscLabelContent1
HPPhotosmartEssential
HPProductAssistant
HPSSupply
Hulu Desktop
HydraVision
Java 7 Update 10
Java 7 Update 10 (64-bit)
Java Auto Updater
JavaFX 2.1.1
Junk Mail filter update
Kobo
LabelPrint
LAV Filters 0.51.3
LightScribe System Software
Malwarebytes Anti-Malware version 1.70.0.1100
MarketResearch
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Baseline Security Analyzer 2.2
Microsoft PowerPoint Viewer
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
Microsoft WSE 3.0 Runtime
Movie Theme Pack for HP MediaSmart Video
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
OpenOffice.org 3.4.1
PC Tools Firewall Plus 7.0
PDF Complete Special Edition
PhotoNow!
PlayReady PC Runtime amd64
Power2Go
PowerDirector
PressReader
Rainlendar2 (remove only)
RealDownloader
Realtek High Definition Audio Driver
Recovery Manager
Recuva
Revo Uninstaller 1.94
Roxio CinemaNow 2.0
Secunia PSI (3.0.0.2004)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
SF_CDA_Software
Shop for HP Supplies
SmartWebPrinting
SolutionCenter
Sothink Video Converter
SpywareBlaster 4.6
Status
SUPERAntiSpyware
swMSM
Toolbox
TrayApp
UnloadSupport
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Visual Studio 2008 x64 Redistributables
WebReg
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live Sync
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
YTD Video Downloader 3.9
Zinio Reader 4
.
==== Event Viewer Messages From Past Week ========
.
1/29/2013 4:48:26 PM, Error: Service Control Manager [7000]  - The AODDriver4.0 service failed to start due to the following error:  The system cannot find the path specified.
1/22/2013 4:31:47 PM, Error: Service Control Manager [7000]  - The Google Update Service (gupdate) service failed to start due to the following error:  The pipe has been ended.
1/22/2013 4:31:47 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "109" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69}
.
==== End Of File ===========================


DDS2:

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457  BrowserJavaVersion: 10.5.1
Run by dad at 17:41:06 on 2013-01-29
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4863.3311 [GMT -6:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe
C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt
c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe
C:\Program Files (x86)\PDF Complete\pdfsvc.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
C:\Program Files (x86)\Secunia\PSI\sua.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\Hp\Digital Imaging\bin\HpqSRmon.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Microsoft Games\FreeCell\FreeCell.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
c:\Program Files\Microsoft Security Client\MpCmdRun.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.valp.net/
dURLSearchHooks: {A3BC75A2-1F87-4686-AA43-5347D756017C} - <orphaned>
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: HP Print Enhancer: {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: RealNetworks Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
EB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dll
uRun: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe
mRun: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
mRun: [00PCTFW] "C:\Program Files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" -s
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
mRunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF"&"inst=NzctNTM5MDI1MDk3LUZMMTArMS1UVUcrMy1MSUMrOC1ERFQrNTU0NTktTFNEKzItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFOKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRjEwTTEyQisx"&"prod=90"&"ver=10.0.1411
dRunOnce: [adaware] reg.exe delete "HKCU\Software\AppDataLow\Software\adaware" /f
dRunOnce: [adaware_XP] reg.exe delete "HKCU\Software\adaware" /f
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {1663ed61-23eb-11d2-b92f-008048fdd814} - hxxps://www.employflorida.com/controls/smsx.cab
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} - hxxps://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB
DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} - hxxp://download.bitdefender.com/resources/scanner/sources/en/scan8/oscan8.cab
DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab
DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} - hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 204.49.178.17 207.14.235.234
TCP: Interfaces\{7E8810BD-486D-4A2F-B5CC-E3E01867A006} : DHCPNameServer = 204.49.178.17 207.14.235.234
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
x64-BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe /background
x64-Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\ceeosrou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.valp.net/
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll
FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll
FF - plugin: C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\dad\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll
FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
FF - ExtSQL: !HIDDEN! 2012-01-12 14:02; [email protected]; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\System32\drivers\MpFilter.sys [2012-8-30 228768]
R1 pctgntdi;pctgntdi;C:\Windows\System32\drivers\pctgntdi64.sys [2011-5-26 334976]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-8-11 140672]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-15 204288]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-3-9 365568]
R2 CinemaNow Service;CinemaNow Service;C:\Program Files (x86)\CinemaNow\CinemaNow Media Manager\CinemaNowSvc.exe [2010-6-12 400368]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]
R2 NisDrv;Microsoft Network Inspection System;C:\Windows\System32\drivers\NisDrvWFP.sys [2012-3-20 128456]
R2 PCToolsFirewallPlus;PC Tools Firewall Plus;C:\Program Files (x86)\PC Tools Firewall Plus\FWService.exe [2011-5-26 286000]
R2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-8-15 635416]
R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-3-23 31920]
R2 Secunia Update Agent;Secunia Update Agent;C:\Program Files (x86)\Secunia\PSI\sua.exe [2012-6-27 681056]
R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-7-30 46136]
R3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
R3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;C:\Windows\System32\drivers\pctNdis-PacketFilter64.sys [2011-5-26 119688]
R3 pctNdisMP;PC Tools Driver;C:\Windows\System32\drivers\pctNdis64.sys [2011-5-26 79000]
R3 pctplfw;pctplfw;C:\Windows\System32\drivers\pctplfw64.sys [2011-5-26 179976]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-4-21 471144]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2010-8-15 38456]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-20 48488]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]
S3 pctNdis;PC Tools Firewall Intermediate Filter Service;C:\Windows\System32\drivers\pctNdis64.sys [2011-5-26 79000]
S3 PSI;PSI;C:\Windows\System32\drivers\psi_mf.sys [2011-12-16 17976]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-10-26 19456]
S3 Secunia PSI Agent;Secunia PSI Agent;C:\Program Files (x86)\Secunia\PSI\psia.exe [2012-6-27 1326176]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-10-26 57856]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-2-2 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-01-29 23:36:31   76232   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E1A3804C-8ADA-4392-9053-180DD22D9FF2}\offreg.dll
2013-01-29 22:53:15   9161176   ----a-w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{E1A3804C-8ADA-4392-9053-180DD22D9FF2}\mpengine.dll
2013-01-29 11:02:50   9161176   ------w-   C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-12 15:11:18   --------   d-----w-   C:\Users\dad\AppData\Local\Programs
2013-01-09 11:18:18   750592   ----a-w-   C:\Windows\System32\win32spl.dll
2013-01-09 11:18:18   492032   ----a-w-   C:\Windows\SysWow64\win32spl.dll
2013-01-09 11:18:06   2002432   ----a-w-   C:\Windows\System32\msxml6.dll
2013-01-09 11:18:04   1882624   ----a-w-   C:\Windows\System32\msxml3.dll
2013-01-09 11:18:02   1389568   ----a-w-   C:\Windows\SysWow64\msxml6.dll
2013-01-09 11:18:01   1236992   ----a-w-   C:\Windows\SysWow64\msxml3.dll
2013-01-09 11:16:23   424448   ----a-w-   C:\Windows\System32\KernelBase.dll
2013-01-09 11:15:38   68608   ----a-w-   C:\Windows\System32\taskhost.exe
2013-01-09 11:15:31   3149824   ----a-w-   C:\Windows\System32\win32k.sys
.
==================== Find3M  ====================
.
2013-01-09 00:01:36   74248   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 00:01:36   697864   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-17 23:45:24   108008   ----a-w-   C:\Windows\System32\WindowsAccessBridge-64.dll
2012-12-17 23:45:22   959976   ----a-w-   C:\Windows\System32\deployJava1.dll
2012-12-17 23:45:22   1081320   ----a-w-   C:\Windows\System32\npdeployJava1.dll
2012-12-17 23:43:44   95184   ----a-w-   C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-17 23:43:41   779704   ----a-w-   C:\Windows\SysWow64\deployJava1.dll
2012-12-16 17:11:22   46080   ----a-w-   C:\Windows\System32\atmlib.dll
2012-12-16 14:45:03   367616   ----a-w-   C:\Windows\System32\atmfd.dll
2012-12-16 14:13:28   295424   ----a-w-   C:\Windows\SysWow64\atmfd.dll
2012-12-16 14:13:20   34304   ----a-w-   C:\Windows\SysWow64\atmlib.dll
2012-12-14 22:49:28   24176   ----a-w-   C:\Windows\System32\drivers\mbam.sys
2012-12-07 13:20:16   441856   ----a-w-   C:\Windows\System32\Wpc.dll
2012-12-07 13:15:31   2746368   ----a-w-   C:\Windows\System32\gameux.dll
2012-12-07 12:26:17   308736   ----a-w-   C:\Windows\SysWow64\Wpc.dll
2012-12-07 12:20:43   2576384   ----a-w-   C:\Windows\SysWow64\gameux.dll
2012-12-07 11:20:04   30720   ----a-w-   C:\Windows\System32\usk.rs
2012-12-07 11:20:03   43520   ----a-w-   C:\Windows\System32\csrr.rs
2012-12-07 11:20:03   23552   ----a-w-   C:\Windows\System32\oflc.rs
2012-12-07 11:20:01   45568   ----a-w-   C:\Windows\System32\oflc-nz.rs
2012-12-07 11:20:01   44544   ----a-w-   C:\Windows\System32\pegibbfc.rs
2012-12-07 11:20:01   20480   ----a-w-   C:\Windows\System32\pegi-fi.rs
2012-12-07 11:20:00   20480   ----a-w-   C:\Windows\System32\pegi-pt.rs
2012-12-07 11:19:59   20480   ----a-w-   C:\Windows\System32\pegi.rs
2012-12-07 11:19:58   46592   ----a-w-   C:\Windows\System32\fpb.rs
2012-12-07 11:19:57   40960   ----a-w-   C:\Windows\System32\cob-au.rs
2012-12-07 11:19:57   21504   ----a-w-   C:\Windows\System32\grb.rs
2012-12-07 11:19:57   15360   ----a-w-   C:\Windows\System32\djctq.rs
2012-12-07 11:19:56   55296   ----a-w-   C:\Windows\System32\cero.rs
2012-12-07 11:19:55   51712   ----a-w-   C:\Windows\System32\esrb.rs
2012-11-30 05:45:35   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2012-11-30 05:45:35   243200   ----a-w-   C:\Windows\System32\wow64.dll
2012-11-30 05:45:35   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2012-11-30 05:45:14   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2012-11-30 05:43:12   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2012-11-30 04:54:00   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2012-11-30 04:53:59   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2012-11-30 03:23:48   338432   ----a-w-   C:\Windows\System32\conhost.exe
2012-11-30 02:44:06   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2012-11-30 02:44:04   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2012-11-30 02:44:04   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2012-11-30 02:44:03   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2012-11-30 02:38:59   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-11-22 05:44:23   800768   ----a-w-   C:\Windows\System32\usp10.dll
2012-11-22 04:45:03   626688   ----a-w-   C:\Windows\SysWow64\usp10.dll
2012-11-20 05:48:49   307200   ----a-w-   C:\Windows\System32\ncrypt.dll
2012-11-20 04:51:09   220160   ----a-w-   C:\Windows\SysWow64\ncrypt.dll
2012-11-14 06:11:44   2312704   ----a-w-   C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11   1392128   ----a-w-   C:\Windows\System32\wininet.dll
2012-11-14 06:02:49   1494528   ----a-w-   C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46   599040   ----a-w-   C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35   173056   ----a-w-   C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40   2382848   ----a-w-   C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22   1800704   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15   1427968   ----a-w-   C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37   1129472   ----a-w-   C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25   142848   ----a-w-   C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27   420864   ----a-w-   C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42   2382848   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09   2048   ----a-w-   C:\Windows\System32\tzres.dll
2012-11-09 04:42:49   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2012-11-08 17:29:12   1402312   ----a-w-   C:\Windows\SysWow64\msxml4.dll
2012-11-02 05:59:11   478208   ----a-w-   C:\Windows\System32\dpnet.dll
2012-11-02 05:11:31   376832   ----a-w-   C:\Windows\SysWow64\dpnet.dll
.
============= FINISH: 17:42:19.92 ===============


Thanks again,

Tom

[SuperDave]

Hello and welcome to Computer Hope Forum. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.
2. The fixes are specific to your problem and should only be used for this issue on this machine.
3. If you don't know or understand something, please don't hesitate to ask.
4. Please DO NOT run any other tools or scans while I am helping you.
5. It is important that you reply to this thread. Do not start a new topic.
6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.
*************************************************************************
Remove the Adware:

• Please close all open programs and internet browsers.
• Double click on adwcleaner.exe to run the tool.
  
• Click on Delete.
  
• Confirm each time with OK
  
• Your computer will be rebooted automatically. A text file will open after the restart.
• Please post the content of that logfile in your reply.
• You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.
  

*********************************************
Please download Malwarebytes Anti-Malware from here.
Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select "Perform Full Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
• When the scan is complete, click OK, then Show Results to view the results.
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Extra Note)
• Please save the log to a location you will remember.
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
• Copy and paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
*************************************************
Update Your Java (JRE)

Old versions of Java have vulnerabilities that malware can use to infect your system.

First Verify your Java Version

If there are any other version(s) installed then update now.

Get the new version (if needed)

If your version is out of date install the newest version of the Sun Java Runtime Environment.

Note: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Be sure to close ALL open web browsers before starting the installation.

Remove any old versions

1. Download JavaRa and unzip the file to your Desktop.
2. Open JavaRA.exe and choose Remove Older Versions
3. Once complete exit JavaRA.

Additional Note: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. To disable the JQS service if you don't want to use it, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and reboot your computer.
******************************************************
Download Combofix from any of the links below, and save it to your DESKTOP. 

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with  ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

• Close any open windows and double click ComboFix.exe to run it.
  
  You will see the following image:
  

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:



As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to  have this pre-installed on your machine before doing any malware  removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair  mode that will allow us to more easily help you should your computer  have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.



Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:



Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

[tpolcha]

Until JAVA security is fixed by Sun Micro, JAVA is disabled on this machine.

# AdwCleaner v2.109 - Logfile created 01/31/2013 at 10:38:58
# Updated 26/01/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : dad - OZ
# Boot Mode : Normal
# Running from : C:\Users\dad\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Folder Deleted : C:\Program Files (x86)\Common Files\spigot
Folder Deleted : C:\Users\dad\AppData\LocalLow\AVG Security Toolbar
Folder Deleted : C:\Users\dad\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\dad\AppData\LocalLow\ShoppingReport2

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\ShoppingReport2
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IGearSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\ceeosrou.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [2763 octets] - [29/01/2013 17:36:42]
AdwCleaner[S1].txt - [2594 octets] - [31/01/2013 10:38:58]

########## EOF - C:\AdwCleaner[S1].txt - [2654 octets] ##########









ComboFix 13-01-31.01 - dad 01/31/2013  11:05:39.6.2 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4863.3575 [GMT -6:00]
Running from: c:\users\dad\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
FW: PC Tools Firewall Plus *Enabled* {175D0B73-9F8F-2CA9-8BF1-62277A276DC9}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((   Files Created from 2012-12-28 to 2013-01-31  )))))))))))))))))))))))))))))))
.
.
2013-01-31 17:12 . 2013-01-31 17:12   --------   d-----w-   c:\users\Public\AppData\Local\temp
2013-01-31 17:12 . 2013-01-31 17:12   --------   d-----w-   c:\users\Default\AppData\Local\temp
2013-01-31 10:55 . 2013-01-08 05:32   9161176   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{545A005B-3D65-4C0B-8AFC-A1622887EE96}\mpengine.dll
2013-01-30 11:22 . 2013-01-08 05:32   9161176   ----a-w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-12 15:11 . 2013-01-12 15:11   --------   d-----w-   c:\users\dad\AppData\Local\Programs
2013-01-09 11:18 . 2012-11-09 05:45   750592   ----a-w-   c:\windows\system32\win32spl.dll
2013-01-09 11:18 . 2012-11-09 04:43   492032   ----a-w-   c:\windows\SysWow64\win32spl.dll
2013-01-09 11:18 . 2012-11-01 05:43   2002432   ----a-w-   c:\windows\system32\msxml6.dll
2013-01-09 11:18 . 2012-11-01 05:43   1882624   ----a-w-   c:\windows\system32\msxml3.dll
2013-01-09 11:18 . 2012-11-01 04:47   1389568   ----a-w-   c:\windows\SysWow64\msxml6.dll
2013-01-09 11:18 . 2012-11-01 04:47   1236992   ----a-w-   c:\windows\SysWow64\msxml3.dll
2013-01-09 11:16 . 2012-11-30 05:41   424448   ----a-w-   c:\windows\system32\KernelBase.dll
2013-01-09 11:15 . 2012-11-23 03:13   68608   ----a-w-   c:\windows\system32\taskhost.exe
2013-01-09 11:15 . 2012-11-23 03:26   3149824   ----a-w-   c:\windows\system32\win32k.sys
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2011-02-01 04:49   273840   ------w-   c:\windows\system32\MpSigStub.exe
2013-01-09 12:42 . 2011-02-02 15:49   67599240   ----a-w-   c:\windows\system32\MRT.exe
2013-01-09 00:01 . 2012-04-01 03:54   697864   ----a-w-   c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 00:01 . 2011-05-18 00:39   74248   ----a-w-   c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-17 23:45 . 2012-12-17 23:45   108008   ----a-w-   c:\windows\system32\WindowsAccessBridge-64.dll
2012-12-17 23:45 . 2012-12-17 23:45   308200   ----a-w-   c:\windows\system32\javaws.exe
2012-12-17 23:45 . 2012-12-17 23:45   188392   ----a-w-   c:\windows\system32\javaw.exe
2012-12-17 23:45 . 2012-12-17 23:45   188392   ----a-w-   c:\windows\system32\java.exe
2012-12-17 23:45 . 2012-01-13 22:36   1081320   ----a-w-   c:\windows\system32\npdeployJava1.dll
2012-12-17 23:45 . 2011-02-04 02:26   959976   ----a-w-   c:\windows\system32\deployJava1.dll
2012-12-17 23:43 . 2012-12-17 23:43   95184   ----a-w-   c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-17 23:43 . 2012-01-24 15:15   779704   ----a-w-   c:\windows\SysWow64\deployJava1.dll
2012-12-16 17:11 . 2012-12-20 23:35   46080   ----a-w-   c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-20 23:35   367616   ----a-w-   c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-20 23:35   295424   ----a-w-   c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-20 23:35   34304   ----a-w-   c:\windows\SysWow64\atmlib.dll
2012-12-14 22:49 . 2012-06-25 04:32   24176   ----a-w-   c:\windows\system32\drivers\mbam.sys
2012-11-30 04:45 . 2013-01-09 11:16   44032   ----a-w-   c:\windows\apppatch\acwow64.dll
2012-11-28 12:23 . 2012-11-28 12:25   972264   ------w-   c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{9CECDA2F-8A13-4A15-98EC-363F110A0880}\gapaengine.dll
2012-11-14 07:06 . 2012-12-12 20:08   17811968   ----a-w-   c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 20:08   10925568   ----a-w-   c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 20:09   2312704   ----a-w-   c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 20:09   1346048   ----a-w-   c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 20:09   1392128   ----a-w-   c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 20:09   1494528   ----a-w-   c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 20:09   237056   ----a-w-   c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 20:09   85504   ----a-w-   c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 20:09   816640   ----a-w-   c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 20:09   599040   ----a-w-   c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 20:09   173056   ----a-w-   c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 20:09   2144768   ----a-w-   c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 20:09   729088   ----a-w-   c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 20:09   96768   ----a-w-   c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 20:09   2382848   ----a-w-   c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 20:09   248320   ----a-w-   c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 20:09   1800704   ----a-w-   c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:09   1427968   ----a-w-   c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:09   1129472   ----a-w-   c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:09   142848   ----a-w-   c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:09   420864   ----a-w-   c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:09   2382848   ----a-w-   c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 20:07   2048   ----a-w-   c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 20:07   2048   ----a-w-   c:\windows\SysWow64\tzres.dll
2012-11-08 17:29 . 2012-11-08 17:29   1402312   ----a-w-   c:\windows\SysWow64\msxml4.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-11-06 5629312]
"Rainlendar2"="c:\program files (x86)\Rainlendar2\Rainlendar2.exe" [2012-07-02 2498048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2009-10-14 563736]
"00PCTFW"="c:\program files (x86)\PC Tools Firewall Plus\FirewallGUI.exe" [2011-04-07 2672600]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-10 336384]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-23 150528]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.com/ww.special-uninstallation-feedback-appf?lic=OUFWRlJFRS1WMEtNQy1FOVZVVy1FVzBWQS1VVTNYTC1GRVc5Ny1PVTZF&inst=NzctNTM5MDI1MDk3LUZMMTArMS1UVUcrMy1MSUMrOC1ERFQrNTU0NTktTFNEKzItREQxMEYrMS1TVDEwRkFQUCsxLUYxME0xMkFOKzEtRjEwTTEyQSsxLUYxME0xMkFCKzEtVTEwKzEtRjEwTTEyQVRCKzEtRjEwTTEyQisx&prod=90&ver=10.0.1411" [?]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"adaware"="reg.exe delete HKCU\Software\AppDataLow\Software\adaware" [X]
"adaware_XP"="reg.exe delete HKCU\Software\adaware" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AODDriver4.0;AODDriver4.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys

R3 MEMSWEEP2;MEMSWEEP2;c:\windows\system32\897C.tmp

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 pctNdis;PC Tools Firewall Intermediate Filter Service;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2011-12-16 17976]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 Secunia PSI Agent;Secunia PSI Agent;c:\program files (x86)\Secunia\PSI\PSIA.exe [2012-06-27 1326176]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 pctgntdi;pctgntdi;c:\windows\System32\drivers\pctgntdi64.sys [2011-01-17 334976]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2012-09-09 140672]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-06-30 204288]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-10 365568]
S2 CinemaNow Service;CinemaNow Service;c:\program files (x86)\CinemaNow\CinemaNow Media Manager\CinemanowSvc.exe [2010-06-13 400368]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2009-10-14 635416]
S2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;c:\program files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2012-03-23 31920]
S2 Secunia Update Agent;Secunia Update Agent;c:\program files (x86)\Secunia\PSI\sua.exe [2012-06-27 681056]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 PCTFW-PacketFilter;PCTools Firewall - Packet filter driver;c:\windows\system32\drivers\pctNdis-PacketFilter64.sys [2011-01-12 119688]
S3 pctNdisMP;PC Tools Driver;c:\windows\system32\DRIVERS\pctNdis64.sys [2010-07-08 79000]
S3 pctplfw;pctplfw;c:\windows\System32\drivers\pctplfw64.sys [2011-01-17 179976]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-04-22 471144]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
.
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - pctESPInject
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt   REG_MULTI_SZ      hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 00:01]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-03 16:08]
.
2013-01-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-11-03 16:08]
.
2013-01-27 c:\windows\Tasks\HPCeeScheduleFordad.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"hpsysdrv"="c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe" [2008-11-20 62768]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-18 568888]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.valp.net/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 204.49.178.17 207.14.235.234
FF - ProfilePath - c:\users\dad\AppData\Roaming\Mozilla\Firefox\Profiles\ceeosrou.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.valp.net/
FF - ExtSQL: !HIDDEN! 2012-01-12 14:02; [email protected]; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\897C.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-31  11:16:52
ComboFix-quarantined-files.txt  2013-01-31 17:16
.
Pre-Run: 508,937,261,056 bytes free
Post-Run: 508,870,828,032 bytes free
.
- - End Of File - - 192E6F1D0F78F759E38BECBD6CC48022

[SuperDave]

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

[tpolcha]

I believe I found you the right eset text document you requested:

ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK

Either way, the results said I was OK.

[SuperDave]

ok, how's your computer running now? Any other issues before we clean up?

[tpolcha]

No other issues.  You guys are great.

Thanks so much.

[SuperDave]

Ok, let's do some cleanup and we're finished here.

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.
************************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
***********************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!