SelectionLinks or some virus on laptop

**atcdav** · 2013-01-21, 02:26

ComboFix 13-01-17.04 - David's HP 01/20/2013 19:18:58.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3932.2390 [GMT -6:00]
Running from: c:\users\David's HP\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-12-21 to 2013-01-21 )))))))))))))))))))))))))))))))
.
.
2013-01-20 18:03 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0DE4C85C-7435-47C7-8A1C-459898EE83B4}\mpengine.dll
2013-01-20 14:38 . 2013-01-20 14:38 -------- d-----w- c:\windows\ERUNT
2013-01-20 14:38 . 2013-01-20 14:38 -------- d-----w- C:\JRT
2013-01-20 14:31 . 2013-01-20 14:31 -------- d-----w- C:\_OTL
2013-01-19 02:46 . 2012-08-21 19:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys
2013-01-19 02:45 . 2013-01-19 02:45 -------- d-----w- c:\program files\iPod
2013-01-19 02:45 . 2013-01-19 02:46 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2013-01-19 02:45 . 2013-01-19 02:46 -------- d-----w- c:\program files\iTunes
2013-01-19 02:45 . 2013-01-19 02:46 -------- d-----w- c:\program files (x86)\iTunes
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2013-01-19 02:42 . 2013-01-19 02:42 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2013-01-19 02:42 . 2013-01-19 02:42 -------- d-----w- c:\program files (x86)\QuickTime
2013-01-18 20:18 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-17 22:33 . 2013-01-20 14:25 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-01-17 02:33 . 2013-01-17 14:41 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2013-01-14 18:35 . 2013-01-14 18:36 -------- d-----w- c:\program files (x86)\HRBlock2012
2013-01-14 17:07 . 2013-01-14 17:07 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2013-01-13 15:27 . 2013-01-13 15:27 -------- d-----w- c:\users\David's HP\AppData\Roaming\Bullzip
2013-01-13 15:26 . 2009-07-14 01:41 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LXKPTPRC.DLL
2013-01-13 15:26 . 2013-01-13 15:26 -------- d-----w- c:\users\David's HP\AppData\Local\Programs
2013-01-13 15:25 . 2013-01-17 04:57 -------- d-----w- c:\users\David's HP\AppData\Local\Coupon Companion Plugin
2013-01-10 21:52 . 2013-01-10 22:14 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
2013-01-10 21:01 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-10 21:01 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 21:01 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-10 21:01 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 21:01 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-10 21:01 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-10 21:01 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-10 21:01 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 21:01 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-10 21:00 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 21:51 . 2013-01-03 21:51 -------- d-----w- c:\users\Guest\AppData\Roaming\Foxit Software
2013-01-03 21:45 . 2013-01-03 21:45 -------- d-----w- c:\users\Guest\AppData\Roaming\Intel
2012-12-22 16:05 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 16:05 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 16:05 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 16:05 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 23:24 . 2012-05-11 21:35 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-12 23:23 . 2011-05-21 14:32 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-10 21:08 . 2011-03-18 17:58 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 00:24 . 2012-11-30 00:25 972264 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{418F8CA5-9456-47CD-8EF4-2907E3577D00}\gapaengine.dll
2012-11-14 07:06 . 2012-12-13 20:57 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-13 20:57 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-13 20:57 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-13 20:58 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-13 20:57 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-13 20:58 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-13 20:58 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-13 20:57 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-13 20:57 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-13 20:57 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-13 20:58 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-13 20:57 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-13 20:57 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-13 20:58 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-13 20:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-13 20:58 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-13 20:57 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-13 20:58 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-13 20:57 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-13 20:58 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-13 20:58 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-13 20:58 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 20:55 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 20:55 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-13 20:54 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-13 20:54 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-25 09:12 . 2012-10-25 09:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 09:12 . 2012-10-25 09:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-23 22:56 . 2012-11-30 00:25 972192 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2012-10-23 10:17 . 2011-03-18 19:01 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 287800]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"EEventManager"="c:\progra~2\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 946352]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
c:\users\David's HP\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2011-3-18 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-05-13 36328]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2012-09-29 75928]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y62x64.sys [2010-04-07 290008]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2011-03-18 7680512]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
R3 pnetmdm;PdaNet Modem;c:\windows\system32\DRIVERS\pnetmdm64.sys [2007-03-07 17920]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-18 1255736]
R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [2009-07-14 25088]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0105;RsFx0105 Driver;c:\windows\system32\DRIVERS\RsFx0105.sys [2011-09-23 311144]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2011-09-23 431464]
S0 MDFSYSNT;MacDrive file system driver; [x]
S0 MDPMGRNT;MacDrive Partition Driver;c:\windows\system32\DRIVERS\MDPMGRNT.SYS [2010-05-05 32352]
S1 CBDisk;CBDisk;c:\windows\system32\drivers\CBDisk.sys [2010-01-13 70344]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2012-09-27 86528]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2012-08-10 197536]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 M4LIC;Mediafour M4LIC service;c:\program files (x86)\Common Files\Mediafour\M4LIC.EXE [2009-07-29 205312]
S2 MacDrive8Service;MacDrive 8 service;c:\program files\Mediafour\MacDrive 8\MacDrive8Service.exe [2010-05-04 218112]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Common Files\Intel\Privacy Icon\UNS\UNS.exe [2009-07-15 2058776]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-06-23 56344]
S3 rismcx64;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismcx64.sys [2006-12-20 79872]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-12 11:03 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 11:42]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-03-21 11:42]
.
2013-01-03 c:\windows\Tasks\HPCeeScheduleForDavid's HP.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-14 04:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\David's HP\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MacDrive 8 application"="c:\program files\Mediafour\MacDrive 8\MacDrive.exe" [2010-05-25 343040]
"Getting started with MacDrive 8"="c:\program files\Mediafour\MacDrive 8\MDGetStarted.exe" [2010-05-25 192512]
"picon"="c:\program files (x86)\Common Files\Intel\Privacy Icon\PrivacyIconClient.exe" [2009-07-15 358936]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-06-21 162584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-06-21 386840]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-06-21 417560]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-10-12 1464984]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-10-12 2075288]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 191.168.2.100
FF - ProfilePath - c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/?ilc=1
FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-tyc&p=
FF - ExtSQL: 2013-01-17 18:14; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-01-17 18:15; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - ExtSQL: 2013-01-17 18:15; {27c60876-b5c9-4335-b4f3-52b26782220c}; c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\{27c60876-b5c9-4335-b4f3-52b26782220c}.xpi
FF - ExtSQL: 2013-01-17 18:15; adblockpopups@jessehakanen.net; c:\users\David's HP\AppData\Roaming\Mozilla\Firefox\Profiles\ann9w273.default\extensions\adblockpopups@jessehakanen.net.xpi
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-MacDrive volume icons - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Coupon Printer for Windows5.0.0.1 - c:\program files (x86)\Coupons\uninstall.exe
AddRemove-SUUVCOMM&10C4&80F6 - c:\program files (x86)\Suunto\SuuntoUSB\DriverUninstaller.exe VCP CP210x Cardinal\SUUVCOMM&10C4&80F6
AddRemove-{EE202411-2C26-49E8-9784-1BC1DBF7DE96} - c:\program files (x86)\InstallShield Installation Information\{EE202411-2C26-49E8-9784-1BC1DBF7DE96}\setup.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ChromeHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-20 19:25:39
ComboFix-quarantined-files.txt 2013-01-21 01:25
.
Pre-Run: 93,352,747,008 bytes free
Post-Run: 93,047,242,752 bytes free
.
- - End Of File - - CCFA57554AC50F00D36A6AE115DDD962

**Satchfan** · 2013-01-21, 09:47

That looks OK.

Run Malwarebytes-Anti-Malware

Click here.

double-click mbam-setup.exe and follow the prompts to install the program.
at the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware. and Launch Malwarebytes' Anti-Malware, then click Finish..
if an update is found, it will download and install the latest version.
once the program has loaded, select Perform quick scan, then click Scan.
when the scan is complete, click OK, then Show Results to view the results.
be sure that everything is checked, and click Remove Selected.
when removal is completed, a log report will open in Notepad and you may be prompted to restart your computer. (see Note below)
the log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
copy and paste the contents of that report in your next reply and exit MBAM.

NOTE: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

================================================

Run ESET Online Scan

IMPORTANT Please make sure you uncheck the box next to Remove found threats. Eset will detect anything that looks even slightly suspicious, which could include legitimate program files. If you do not uncheck the box, Eset will automatically remove all suspicious files which could leave some of your software inoperable.

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.

ESET OnlineScan

1. Click the Eset online Scanner button.
2. For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on esetinstaller.exe to download the ESET Smart Installer. Save it to your desktop.
• Double click on the Eset installer icon on your desktop.
3. Check Yes, I accept the Terms of Use
4. Click the Start button.
5. Accept any security warnings from your browser.
6. Check Scan archives
7. Push the Start button.
8. ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
9. When the scan completes, push List of found threats
10. Push Export to Text file and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
Note - if ESET doesn't find any threats, no report will be created.
11. Push the back button.
12. Push Finish

If a log has been produced post it in your next reply.

Logs to include with the next post:

Mbam.txt
Eset result

Can you tell me if there are any outstanding problems and if you managed to reset your home page OK.

Satchfan

**atcdav** · 2013-01-21, 15:41

When I ran ESET, I had to return to work, so hit "switch user" to go to sign in screen as to not leave my laptop alone and logged in. When I returned the laptop was froze. I had to do a hard restart and the laptop ran scan disc, but nothing amiss. I tried ti run ESET earlier in the process and it never finished the scan which is probably why you saw the ESET errors. I would rather not try ESET again.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.21.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
David's HP :: DAVES-6930P [administrator]

1/21/2013 7:22:27 AM
mbam-log-2013-01-21 (07-22-27).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 237542
Time elapsed: 1 minute(s), 57 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

**atcdav** · 2013-01-21, 15:43

I had reset IE before your initial contact with me, it seems fine. I had uninstalled firefox, including bookmarks and personal data and then reinstalled, that seemed to fix the formatting issue of the browser. I haven't noticed any issues lately

**Satchfan** · 2013-01-21, 16:37

I would really like to see the results of an online scan to make sure that everything is as it should be.

Lets try a different one instead:

Before running it please note:

this scan MUST be performed using Internet Explorer
it can take up to an hour or longer, so please be patient
it is recommended that you disable your onboard antivirus program and antispyware programs while performing scans to eliminate software conflicts and to speed up scan time
DO NOT surf the net while your resident protection is disabled!
once the scan is finished remember to re-enable your resident antivirus protection along with whatever antispyware applications you use.

Run the scan

perform an online scan with Panda Active Scan 2.0 by clicking here
click on the Scan Your PC Now button
click on the Scan now button and follow the instructions (you may have to install an active X component)
should you be required to register, click on Register
choose the option you like most, but we recommend Free Active Scan 2.0 (requires registration)
click on Register
enter your e-mail address and create a password.
select "I do not want to receive any type of information" (unless you want to receive such information).
click on Send
confirm your registration and continue by entering your user name and password, then click on Enter
select Full Scan, then click on Scan Now.
wait for the components to be loaded and installed. Don't close this window or go to another page while it is downloading
jf the scan finds any malware it can disinfect, the “Disinfect” button will be enabled. Click on Disinfect
please ignore the offer to buy the program
click on the Export To button to export the log and save it to your desktop.

Please post the contents of the log in your next reply.

**atcdav** · 2013-01-21, 22:33

I thought I would try ESET one more time. I didnt want to both with registering for Panda. All seemed fine for close to an hour, nothing found, I walk away from laptop and when I returned it had restarted. I log in and get a message the computer recovered from unexpected shutdown., no log from scan so i assume scan did not finish. I have all timeout features disabled on laptop. I will try PAnda I guess. ESET just doesnt seem to work for me.

**Satchfan** · 2013-01-21, 22:43

Don't fret too much about which to use.

Microsoft Security Essentials is capable of picking up anything that may be left so as that is your resident antivirus, update and use that.

**atcdav** · 2013-01-22, 00:38

;***********************************************************************************************************************************************************************************
ANALYSIS: 2013-01-21 17:36:54
PROTECTIONS: 1
MALWARE: 23
SUSPECTS: 0
;***********************************************************************************************************************************************************************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================================================
Microsoft Security Essentials No Yes
;===================================================================================================================================================================================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================================================
00139060 Cookie/Casalemedia TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\4bibrd31.txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\low\z3m4oebl.txt
00145405 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@247realmedia[1].txt
00145457 Cookie/FastClick TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\oawi8k1e.txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\eztp0684.txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@com[1].txt
00167753 Cookie/Statcounter TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@statcounter[1].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\low\guest@ad.yieldmanager[2].txt
00168056 Cookie/YieldManager TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\m79t1t7x.txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\guest\appdata\roaming\microsoft\windows\cookies\low\guest@apmebf[1].txt
00168061 Cookie/Apmebf TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@apmebf[2].txt
00168090 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@serving-sys[2].txt
00168093 Cookie/Serving-sys TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@bs.serving-sys[1].txt
00168110 Cookie/Server.iad.Liveperson TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\0cxeoar7.txt
00169190 Cookie/Advertising TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\tlflzn0s.txt
00170304 Cookie/WebtrendsLive TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\tuodev29.txt
00170495 Cookie/PointRoll TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@ads.pointroll[2].txt
00170554 Cookie/Overture TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@overture[1].txt
00170556 Cookie/RealMedia TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@realmedia[1].txt
00172221 Cookie/Zedo TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\48c65l2p.txt
00194327 Cookie/Go TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@go[1].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\o0i88215.txt
00262020 Cookie/Atwola TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\4tss3ozd.txt
00286736 Cookie/Cgi-bin TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@www6.addfreestats[1].txt
00325830 Cookie/Bridgetrack TrackingCookie No 0 Yes No c:\users\david's hp\appdata\roaming\microsoft\windows\cookies\low\david's_hp@citi.bridgetrack[2].txt
;===================================================================================================================================================================================
SUSPECTS
Sent Location
;===================================================================================================================================================================================
;===================================================================================================================================================================================
VULNERABILITIES
Id Severity Description
;===================================================================================================================================================================================
;===================================================================================================================================================================================

**Satchfan** · 2013-01-22, 00:43

Good job. MSE seems to also indicate that all is clear.

Now that you’re free from malware, as long as your computer seems to be running well, please follow these simple steps to tidy up you computer and decrease the likelihood of getting infected again:

Uninstall Combofix

Follow these steps to uninstall Combofix

click START then RUN
now type Combofix /uninstall in the runbox and click OK.

Note the space between the X and the /, it needs to be there.

please follow the prompts to uninstall Combofix.
once it's finished uninstalling itself you will receive a message saying Combofix was uninstalled successfully.

===================================================

Uninstall OTL

Double-click OTL.exe
Click the CleanUp! button.
Select Yes when the Begin cleanup Process? prompt appears.
If you are prompted to reboot during the cleanup, select Yes.
The tool will delete itself once it finishes, if not delete it by yourself.

NOTE: If you receive a warning from your firewall or other security programs regarding OTL attempting to contact the internet, please allow it to do so.

You can just delete all other logs and programs we’ve used that are on your desktop. Just click on them and press Delete.

===================================================

Java

The versions you had were old and therefore vulnerable to infections

You can install the latest version of Java from here

Remember to regularly check for new versions.

===================================================

Recommended programs

You have three of the programs that I usually recommend already installed:

SpywareBlaster, which protects against bad ActiveX by immunising your PC against them. It also blocks over 11,000 bad sites and uses no resources of your computer.

Spybot - Search and Destroy and Malwarebytes.

You should scan your computer with Spybot and Malwarebytes on a regular basis, probably weekly.

===================================================

It’s important to keep programs up to date so that malware doesn't exploit any old security flaws.

FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated.

===================================================

MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

===================================================

I also recommend that you read the following:

How to prevent malware by miekiemoes

Safe computing

Satchfan

**atcdav** · 2013-01-22, 00:56

thank you for your help

Thread: SelectionLinks or some virus on laptop

Thread Tools

Display

Posting Permissions