.exe file disappering

second run posted.

ComboFix 13-08-19.02 - Homedesk 08/20/2013 2:04.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.2942.1699 [GMT -4:00]
Running from: F:\ComboFix.exe
AV: Sunbelt VIPRE *Disabled/Updated* {BE5DD172-7F42-7948-1A60-E6A720288F81}
SP: Sunbelt VIPRE *Disabled/Updated* {053C3096-5978-76C6-20D0-DDD55BAFC53C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2013-07-20 to 2013-08-20 )))))))))))))))))))))))))))))))
.
.
2013-08-20 06:18 . 2013-08-20 06:18 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-08-20 06:18 . 2013-08-20 06:18 -------- d-----w- c:\users\LogMeInRemoteUser.Homedesk-PC\AppData\Local\temp
2013-08-20 06:18 . 2013-08-20 06:18 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-08-20 06:18 . 2013-08-20 06:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-08-20 05:34 . 2013-08-20 05:40 -------- d-----w- c:\windows\system32\MRT
2013-08-20 04:58 . 2013-08-20 06:18 -------- d-----w- c:\users\Homedesk\AppData\Local\temp
2013-08-20 04:12 . 2013-08-20 04:12 477616 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-08-20 04:12 . 2013-08-20 04:12 473520 ----a-w- c:\windows\system32\deployJava1.dll
2013-08-14 05:49 . 2013-08-14 05:49 -------- d-----w- c:\program files\AnyMeeting Plug-in
2013-08-14 04:24 . 2013-08-14 04:30 -------- d-----w- C:\AdwCleaner
2013-08-13 19:42 . 2013-08-13 19:42 -------- d-----w- c:\windows\CSSync
2013-08-13 19:15 . 2013-08-13 19:15 -------- d-----w- c:\users\Homedesk\AppData\Roaming\QuickScan
2013-08-13 17:09 . 2013-08-13 17:09 -------- d-----w- c:\users\Guest\AppData\Local\Hewlett-Packard
2013-08-13 17:08 . 2013-08-13 17:08 -------- d-----w- c:\users\Guest\AppData\Roaming\RealNetworks
2013-08-12 05:10 . 2013-08-12 05:12 -------- d-----w- c:\users\Homedesk\AppData\Roaming\HpUpdate
2013-08-08 17:43 . 2013-08-08 17:43 -------- d--h--w- c:\windows\PIF
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-13 17:53 . 2008-08-17 01:33 92 ----a-w- c:\users\Homedesk\AppData\Roaming\netstat.bat
2013-06-25 14:09 . 2013-06-25 14:09 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-25 14:09 . 2011-05-31 03:00 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-16 04:50 . 2003-02-21 08:42 348160 ----a-w- c:\windows\system32\msvcr71.dll
2013-06-08 17:41 . 2008-10-31 01:57 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2013-06-08 17:41 . 2008-10-31 01:57 53064 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2013-06-08 17:41 . 2008-10-31 01:57 31560 ----a-w- c:\windows\system32\LMIport.dll
2013-06-08 17:41 . 2008-10-31 01:57 92488 ----a-w- c:\windows\system32\LMIinit.dll
2013-05-28 04:56 . 2008-10-31 01:57 86888 ----a-w- c:\windows\system32\LMIRfsClientNP.dll.000.bak
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Homedesk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Homedesk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Homedesk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Homedesk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-06-27 20:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-06-27 20:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2013-06-27 20:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-06-27 20:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-06-27 20:11 579024 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-01-21 1233920]
"PlaxoUpdate"="c:\program files\Plaxo\3.14.0.44\PlaxoHelper_en.exe" [2008-07-24 363591]
"Eraser"="c:\program files\Eraser\Eraser.exe" [2007-12-22 916240]
"CardScan AutoSync"="c:\program files\Corex\CardScan\System\CSyncCfg.exe" [2002-11-14 122955]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2013-06-27 20097696]
"Eye-Fi"="c:\program files\Eye-Fi\Helper\EyeFiHelper.exe" [2011-12-22 3961464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-01-15 4874240]
"KBD"="c:\hp\KBD\KbdStub.EXE" [2006-12-08 65536]
"OsdMaestro"="c:\program files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe" [2007-02-15 118784]
"eFax 4.3"="c:\program files\eFax Messenger 4.3\J2GDllCmd.exe" [2007-03-06 116224]
"DT HPW"="c:\program files\Portrait Displays\HP My Display\DTHtml.exe" [2007-06-29 278528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"WireLessMouse"="c:\program files\Multimedia Mouse Driver\StartAutorun.exe" [2005-11-30 94208]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-05-23 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-05-23 92704]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2010-04-04 38840]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"LogMeIn GUI"="c:\program files\LogMeIn\x86\LogMeInSystray.exe" [2008-08-11 63048]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2012-12-21 2768248]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-08-02 5417752]
"SAOB Monitor"="c:\program files\Acronis\OnlineBackupStandalone\TrueImageMonitor.exe" [2010-08-02 2536376]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-08-02 390736]
"SBAMTray"="c:\program files\Sunbelt Software\VIPRE\SBAMTray.exe" [2011-05-11 1353040]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-22 59720]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2013-05-15 152392]
"TkBellExe"="c:\program files\real\realplayer\update\realsched.exe" [2013-06-16 295512]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-09-17 254896]
.
c:\users\Homedesk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Homedesk\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-24 27776968]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
eFax 4.3.lnk - c:\program files\eFax Messenger 4.3\J2GTray.exe [2008-5-23 629248]
Intuit Data Protect.lnk - c:\program files\Common Files\Intuit\DataProtect\IntuitDataProtect.exe /Startup [2012-10-15 6153080]
QuickBooks Update Agent.lnk - c:\program files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2012-10-24 1157008]
QuickBooks_Standard_21.lnk - c:\program files\Intuit\QuickBooks 2008\QBW32.EXE -silent [2012-10-24 1179024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBAMSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SBPIMSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Acrobat Speed Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat Speed Launcher.lnk
backup=c:\windows\pss\Adobe Acrobat Speed Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma Loader.exe.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma Loader.exe.lnk
backup=c:\windows\pss\Adobe Gamma Loader.exe.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^REALTEK USB Wireless LAN Utility.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\REALTEK USB Wireless LAN Utility.lnk
backup=c:\windows\pss\REALTEK USB Wireless LAN Utility.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snapfish Media Detector.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snapfish Media Detector.lnk
backup=c:\windows\pss\Snapfish Media Detector.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Homedesk^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Oneeko.lnk]
path=c:\users\Homedesk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Oneeko.lnk
backup=c:\windows\pss\Oneeko.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2013-04-04 21:06 958576 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2007-05-11 10:06 40048 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AppleSyncNotifier]
2009-08-13 20:51 177440 ----a-w- c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
2007-04-04 01:50 1603152 ----a-w- c:\program files\Canon\MyPrinter\BJMYPRT.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CardScan AutoSync]
2002-11-14 04:59 122955 ----a-w- c:\program files\Corex\CardScan\System\CSyncCfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-02-26 22:37 135664 ----atw- c:\users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisor]
2009-08-05 15:27 1644088 ----a-w- c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OpwareSE4]
2007-02-04 16:02 79400 ----a-w- c:\program files\ScanSoft\OmniPageSE4\OpWareSE4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PlaxoSysTray]
2008-07-24 21:07 20480 ----a-w- c:\program files\Plaxo\3.14.0.44\plaxosystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2012-10-25 07:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSD TeaTimer]
2008-07-30 18:45 1829712 ------w- c:\program files\Spybot - Search & Destroy\TeaTimer.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
2006-10-25 13:03 210472 ----a-w- c:\program files\Common Files\ScanSoft Shared\SSBkgdUpdate\SSBkgdUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-03-09 09:19 148888 ----a-w- c:\program files\Java\jre6\bin\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WindowsWelcomeCenter]
2008-01-21 02:23 2153472 ----a-w- c:\windows\System32\oobefldr.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2008-01-21 02:25 202240 ----a-w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yugma]
2008-12-09 09:54 207080 ----a-w- c:\users\Homedesk\Yugma\4.1\LaunchExtractor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [2011-05-28 3987376]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2011-05-28 163232]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
bthsvcs REG_MULTI_SZ BthServ
.
Contents of the 'Scheduled Tasks' folder
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 00:08]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-03-01 00:08]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198697312-3725550950-1262520190-1000Core.job
- c:\users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-03 22:37]
.
2013-08-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3198697312-3725550950-1262520190-1000UA.job
- c:\users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe [2010-03-03 22:37]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=81&bd=Pavilion&pf=desktop
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
Trusted Zone: ebay.com
Trusted Zone: ebay.com\signin
Trusted Zone: intuit.com
Trusted Zone: paypal.com\www
TCP: DhcpNameServer = 192.168.15.1
FF - ProfilePath - c:\users\Homedesk\AppData\Roaming\Mozilla\Firefox\Profiles\br3oyj26.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: GeckoNET InkEdit: geckonet_inkedit_4_5@thecatalis.com - %profile%\extensions\geckonet_inkedit_4_5@thecatalis.com
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-08-20 02:18
Windows 6.0.6001 Service Pack 1 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Enum\DISPLAY\Default_Monitor\4&1fbdd9f8&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Enum\DISPLAY\Default_Monitor\4&1fbdd9f8&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Enum\DISPLAY\HWP26A6\4&1fbdd9f8&0&UID256\Device Parameters\MODES]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Enum\DISPLAY\HWP26A6\4&1fbdd9f8&0&UID256\Properties\{83da6326-97a6-4088-9453-a1923f573b29}]
@DACL=(02 0000)
.
[HKEY_LOCAL_MACHINE\system\ControlSet003\Enum\DISPLAY\HWP26A6\4&1fbdd9f8&0&UID256\Properties\{a8b865dd-2e3d-4094-ad97-e593a70c75d6}]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5216)
c:\users\Homedesk\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
Completion time: 2013-08-20 02:20:54
ComboFix-quarantined-files.txt 2013-08-20 06:20
ComboFix2.txt 2013-08-20 05:14
.
Pre-Run: 141,768,196,096 bytes free
Post-Run: 141,706,829,824 bytes free
.
- - End Of File - - CC9F679BD55F6402FE8F2AE3DD599D0A
03BA8F890B47C0BE359A4D5A636D214D

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Homedesk [Admin rights]
Mode : Scan -- Date : 08/20/2013 15:49:03
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3198697312-3725550950-1262520190-1000UA.job : C:\Users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3198697312-3725550950-1262520190-1000Core.job : C:\Users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3198697312-3725550950-1262520190-1000Core : C:\Users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> FOUND
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3198697312-3725550950-1262520190-1000UA : C:\Users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST336032 0AS SCSI Disk Device +++++
--- User ---
[MBR] 1b6b35e7d06033949b0dcd235292fdee
[BSP] 309fdfd200901d3359dd1e035123a213 : MBR Code unknown
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 333835 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 683694270 | Size: 9562 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[0]_S_08202013_154903.txt >>

Please run RogueKiller again and delete those items.

Please download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it



Click the "Scan" button to start scan

Note: Do not take action against any **Rootkit** entries until I have reviewed the log. Often there are false positives



On completion of the scan click save log, save it to your desktop and post in your next reply

rogue delete log

RogueKiller V8.6.6 [Aug 19 2013] by Tigzy
mail : tigzyRKgmailcom
Feedback : http://www.adlice.com/forum/
Website : http://www.adlice.com/softwares/roguekiller/
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6001 Service Pack 1) 32 bits version
Started in : Normal mode
User : Homedesk [Admin rights]
Mode : Remove -- Date : 08/20/2013 23:13:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 5 ¤¤¤
[HJ POL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ POL] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Scheduled tasks : 4 ¤¤¤
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3198697312-3725550950-1262520190-1000UA.job : C:\Users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> DELETED
[V1][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3198697312-3725550950-1262520190-1000Core.job : C:\Users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3198697312-3725550950-1262520190-1000Core : C:\Users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe - /c [7] -> DELETED
[V2][SUSP PATH] GoogleUpdateTaskUserS-1-5-21-3198697312-3725550950-1262520190-1000UA : C:\Users\Homedesk\AppData\Local\Google\Update\GoogleUpdate.exe - /ua /installsource scheduler [7][x] -> ERROR DELETING TASK

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts


127.0.0.1 localhost

version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-21 00:39:43
-----------------------------
00:39:43.584 OS Version: Windows 6.0.6001 Service Pack 1
00:39:43.584 Number of processors: 2 586 0x6B02
00:39:43.584 ComputerName: HOMEDESK-PC UserName: Homedesk
00:39:48.795 Initialize success
00:40:32.616 AVAST engine defs: 13082001
00:41:28.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
00:41:28.540 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
00:41:28.665 Disk 0 MBR read successfully
00:41:28.665 Disk 0 MBR scan
00:41:28.665 Disk 0 unknown MBR code
00:41:28.680 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 333835 MB offset 63
00:41:28.758 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9562 MB offset 683694270
00:41:28.790 Disk 0 scanning sectors +703277505
00:41:29.039 Disk 0 scanning C:\Windows\system32\drivers
00:41:54.640 Service scanning
00:42:32.124 Modules scanning
00:42:49.267 Disk 0 trace - called modules:
00:42:49.298 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
00:42:49.314 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865d0030]
00:42:49.314 3 CLASSPNP.SYS[80736745] -> nt!IofCallDriver -> [0x8608d700]
00:42:49.329 5 acpi.sys[806136a0] -> nt!IofCallDriver -> \Device\00000059[0x85c54890]
00:42:51.825 AVAST engine scan C:\Windows
00:43:00.292 AVAST engine scan C:\Windows\system32
00:50:26.216 AVAST engine scan C:\Windows\system32\drivers
00:51:18.866 AVAST engine scan C:\Users\Homedesk
01:13:53.657 Disk 0 MBR has been saved successfully to "C:\Users\Homedesk\Desktop\MBR.dat"
01:13:53.657 The log file has been saved successfully to "C:\Users\Homedesk\Desktop\aswMBR1.txt"

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-21 00:39:43
-----------------------------
00:39:43.584 OS Version: Windows 6.0.6001 Service Pack 1
00:39:43.584 Number of processors: 2 586 0x6B02
00:39:43.584 ComputerName: HOMEDESK-PC UserName: Homedesk
00:39:48.795 Initialize success
00:40:32.616 AVAST engine defs: 13082001
00:41:28.540 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
00:41:28.540 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
00:41:28.665 Disk 0 MBR read successfully
00:41:28.665 Disk 0 MBR scan
00:41:28.665 Disk 0 unknown MBR code
00:41:28.680 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 333835 MB offset 63
00:41:28.758 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9562 MB offset 683694270
00:41:28.790 Disk 0 scanning sectors +703277505
00:41:29.039 Disk 0 scanning C:\Windows\system32\drivers
00:41:54.640 Service scanning
00:42:32.124 Modules scanning
00:42:49.267 Disk 0 trace - called modules:
00:42:49.298 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
00:42:49.314 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865d0030]
00:42:49.314 3 CLASSPNP.SYS[80736745] -> nt!IofCallDriver -> [0x8608d700]
00:42:49.329 5 acpi.sys[806136a0] -> nt!IofCallDriver -> \Device\00000059[0x85c54890]
00:42:51.825 AVAST engine scan C:\Windows
00:43:00.292 AVAST engine scan C:\Windows\system32
00:50:26.216 AVAST engine scan C:\Windows\system32\drivers
00:51:18.866 AVAST engine scan C:\Users\Homedesk
01:13:53.657 Disk 0 MBR has been saved successfully to "C:\Users\Homedesk\Desktop\MBR.dat"
01:13:53.657 The log file has been saved successfully to "C:\Users\Homedesk\Desktop\aswMBR1.txt"
01:16:52.379 AVAST engine scan C:\ProgramData
01:24:28.811 Scan finished successfully
01:25:21.040 Disk 0 MBR has been saved successfully to "C:\Users\Homedesk\Desktop\MBR.dat"
01:25:21.040 The log file has been saved successfully to "C:\Users\Homedesk\Desktop\aswMBR2.txt"

We need to fix the Master Boot Record using aswMBR now.

• Double click aswMBR.exe to run it like before
  
• Once the scan finishes click FixMBR to remove the infection as illustrated below
  

• Once the scan finishes click Save log to save the log to your Desktop
  
  
  
  
• Copy and paste the contents of aswMBR.txt back here for review
  

.

aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-08-21 23:48:25
-----------------------------
23:48:25.477 OS Version: Windows 6.0.6002 Service Pack 2
23:48:25.477 Number of processors: 2 586 0x6B02
23:48:25.477 ComputerName: HOMEDESK-PC UserName: Homedesk
23:48:26.537 Initialize success
23:58:46.394 AVAST engine defs: 13082100
23:59:40.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000059
23:59:40.682 Disk 0 Vendor: ST336032 3.CH Size: 343399MB BusType: 6
23:59:40.838 Disk 0 MBR read successfully
23:59:40.838 Disk 0 MBR scan
23:59:40.869 Disk 0 unknown MBR code
23:59:40.869 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 333835 MB offset 63
23:59:40.916 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9562 MB offset 683694270
23:59:40.947 Disk 0 scanning sectors +703277505
23:59:41.150 Disk 0 scanning C:\Windows\system32\drivers
00:00:05.097 Service scanning
00:00:38.575 Modules scanning
00:00:49.167 Disk 0 trace - called modules:
00:00:49.198 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll storport.sys nvstor32.sys
00:00:49.214 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x865cda40]
00:00:49.230 3 CLASSPNP.SYS[8072f8b3] -> nt!IofCallDriver -> [0x8608d698]
00:00:49.245 5 acpi.sys[8060c6a0] -> nt!IofCallDriver -> \Device\00000059[0x85c2c8f8]
00:00:50.696 AVAST engine scan C:\Windows
00:00:58.402 AVAST engine scan C:\Windows\system32
00:10:01.777 AVAST engine scan C:\Windows\system32\drivers
00:10:38.820 AVAST engine scan C:\Users\Homedesk
00:29:32.607 AVAST engine scan C:\ProgramData
00:37:11.821 Scan finished successfully
00:39:05.312 Verifying
00:39:15.359 Disk 0 Windows 600 MBR fixed successfully
00:39:43.454 Disk 0 MBR has been saved successfully to "C:\Users\Homedesk\Desktop\MBR.dat"
00:39:43.486 The log file has been saved successfully to "C:\Users\Homedesk\Desktop\aswMBR3.txt"

I'd like to scan your machine with ESET OnlineScan

•Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan

•Click the button.
•For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)

• Click on to download the ESET Smart Installer. Save it to your desktop.
  
• Double click on the icon on your desktop.
  

•Check
•Click the button.
•Accept any security warnings from your browser.

• Leave the check mark next to Remove found threats.
  

•Check
•Push the Start button.
•ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
•When the scan completes, push
•Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
•Push the button.
•Push
A log file will be saved here: C:\Program Files\ESET\ESET Online Scanner\log.txt

C:\Users\Homedesk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-2b018eca a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Homedesk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-36e3c119 a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Homedesk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-3cf24ee2 a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Homedesk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-40e8c702 a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Homedesk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-56cbe3af a variant of Java/Exploit.CVE-2010-4452.B trojan
C:\Users\Homedesk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\21b718cc-6e7fd420 a variant of Java/TrojanDownloader.OpenStream.NCE trojan cleaned by deleting - quarantined
C:\Users\Homedesk\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\78a7dab-58b93a7a a variant of Java/Exploit.CVE-2010-4452.B trojan cleaned by deleting - quarantined

How's your computer running now? Any other issues before we clean up?

all seems to be running well..

Download this program and run it Uninstall ComboFix .It will remove ComboFix for you.

*************************************
Click Start> Computer> right click the C Drive and choose Properties> enter
Click Disk Cleanup from there.



Click OK on the Disk Cleanup Screen.
Click Yes on the Confirmation screen.



This runs the Disk Cleanup utility along with other selections if you have chosen any. (if you had a lot System Restore points, you will see a significant change in the free space in C drive)
*************************************
Go to Microsoft Windows Update and get all critical updates.

----------

I suggest using WOT - Web of Trust. WOT is a free Internet security addon for your browser. It will keep you safe from online scams, identity theft, spyware, spam, viruses and unreliable shopping sites. WOT warns you before you interact with a risky website. It's easy and it's free.

SpywareBlaster- Secure your Internet Explorer to make it harder for ActiveX programs to run on your computer. Also stop certain cookies from being added to your computer when running Mozilla based browsers like Firefox.
* Using SpywareBlaster to protect your computer from Spyware and Malware
* If you don't know what ActiveX controls are, see here

Protect yourself against spyware using the Immunize feature in Spybot - Search & Destroy. Guide: Use Spybot's Immunize Feature to prevent spyware infection in real-time. Note: To ensure you have the latest Immunizations always update Spybot - Search & Destroy before Immunizing. Spybot - Search & Destroy FAQ

Check out Keeping Yourself Safe On The Web for tips and free tools to help keep you safe in the future.

Also see Slow Computer? It may not be Malware for free cleaning/maintenance tools to help keep your computer running smoothly.
Safe Surfing!

greath thank you... you have been a lifesaver. where do I click to donate

mahalo123 wrote:

greath thank you... you have been a lifesaver.  where do I click to donate

I looked everywhere on the site and I can't find a place to donate so I would like to suggest that you do something similiar for someone else.