kbutler6il

This is a home use system.

I do not recall going to "OptimizerPro" & "Speedingup my pc" sites. Other people do use the computer with their own Windows accounts. It seems like the pop ups are intermittent. Thanks.

This was the result: ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK # version=8 # iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330) # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=1e7820577ce66043a9c8821bc0af86db # end=finished # remove_checked=true # archives_checked=false # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-07 06:31:04 # local_time=2012-12-07 12:31:04 (-0600, Central Standard Time) # country="United States" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=5893 16776573 100 94 0 106405314 0 0 # scanned=267932 # found=8 # cleaned=8 # scan_time=6001 C:\TDSSKiller_Quarantine\07.11.2012_18.07.42\mbr0000\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE C C:\TDSSKiller_Quarantine\07.11.2012_18.12.04\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE C C:\TDSSKiller_Quarantine\13.11.2012_06.24.18\tdlfs0000\tsk0000.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) F281E8D97D77A6578BF8EA9290BEF4BBE02EF3FE C C:\TDSSKiller_Quarantine\13.11.2012_06.24.18\tdlfs0000\tsk0002.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) DBDF099D4D9921EA809AB857CF1CA9776E109FD3 C C:\TDSSKiller_Quarantine\13.11.2012_06.24.18\tdlfs0000\tsk0006.dta Win32/Olmarik.AFK trojan (cleaned by deleting - quarantined) F6FE0B6B7C92FEF6CBA3DB3D1435AC00F27F7EA1 C C:\TDSSKiller_Quarantine\13.11.2012_06.24.18\tdlfs0000\tsk0007.dta Win64/Olmarik.AK trojan (cleaned by deleting - quarantined) 5F329A1069EB6A8151C2CA3E589DBF1B481B50A2 C C:\Users\Kathy\AppData\Local\Temp\Addons\{DEAAB389-3EC1-C412-26F9-76E30549917F}\codecc_extension.exe Win32/Adware.MultiPlug.A application (cleaned by deleting - quarantined) DB2069EE50C65413D8A8316AB7B15372DEA12A8B C C:\Users\Kathy\AppData\Local\Temp\Addons\{DEAAB389-3EC1-C412-26F9-76E30549917F}\OptimizerPro.exe a variant of Win32/Adware.SpeedingUpMyPC.A application (cleaned by deleting - quarantined) BA33C9F766D1D0ACEAEEDD31398D67BCEF09E7C9 C Thanks.

I go to http://www.eset.com/onlinescan/ It says An add-on for this web site failed to run. And the pop up is still present. It has no header. It's from network.adsmarket.com. The URL is h--p://www.appround.net/videoperformer/mtt/cache/video_v3-en.php?tid=10gfzR0001.N36v90rjedQ1tG1J10000 after I tried to block cookies, trying to copy the URL. What gives? I appreciate you working with me but I'm frustrated by this process. Thanks.

Maurice, AskToolbar - not found at all DownloadnSave - found in registry and deleted DownTangoLauncherToolbar - not found at all Savings Sidekick - found in registry and deleted SpecialSavings - not sure. Here is the log: Malwarebytes Anti-Malware (Trial) 1.65.1.1000 www.malwarebytes.org Database version: v2012.12.03.14 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Kevin :: BUTLERFAMILPC [administrator] Protection: Enabled 12/3/2012 5:08:09 PM mbam-log-2012-12-03 (17-08-09).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 537289 Time elapsed: 1 hour(s), 31 minute(s), 22 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end)

Yes. Here are the logs of the last two steps: # AdwCleaner v2.011 - Logfile created 12/03/2012 at 11:51:20 # Updated 02/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Kevin - BUTLERFAMILPC # Boot Mode : Normal # Running from : C:\Users\Kevin\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Found : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\c8w0fahl.default\searchplugins\Web Search.xml Folder Found : C:\Program Files (x86)\Free Offers from Freeze.com Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Babylon Folder Found : C:\ProgramData\boost_interprocess Folder Found : C:\ProgramData\InstallMate Folder Found : C:\ProgramData\Premium Folder Found : C:\Users\Kathy\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Kathy\AppData\LocalLow\DownloadnSave Folder Found : C:\Users\Kevin\AppData\LocalLow\DownloadnSave Folder Found : C:\Users\Matt\AppData\Local\Savings Sidekick Folder Found : C:\Users\Matt\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Matt\AppData\LocalLow\DownloadnSave Folder Found : C:\Users\Matt\AppData\LocalLow\DownTangoLauncherToolbar Folder Found : C:\Users\Matt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpecialSavings ***** [Registry] ***** Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\Software\Babylon Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL Key Found : HKLM\SOFTWARE\Classes\Prod.cap Key Found : HKLM\Software\Freeze.com Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_install_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B} Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055225558} Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658} Key Found : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 [HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592 -\\ Mozilla Firefox v16.0.2 (en-US) Profile name : default File : C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ohni4cvb.default\prefs.js Found : user_pref("browser.search.defaultthis.engineName", "AccuWeather Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2422939&Sea[...] Found : user_pref("browser.search.order.1", "Ask.com"); Found : user_pref("browser.search.selectedEngine", "AccuWeather Customized Web Search"); Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2422939&SearchSource=2&q=[...] Profile name : default File : C:\Users\Matt\AppData\Roaming\Mozilla\Firefox\Profiles\c8w0fahl.default\prefs.js Found : user_pref("browser.search.defaultengine", "Web Search"); Found : user_pref("browser.search.defaultenginename", "Web Search"); Found : user_pref("browser.search.order.1", "Web Search"); Found : user_pref("keyword.URL", "hxxp://search.certified-toolbar.com?si=41460&tid=592&bs=true&q="); Profile name : default File : C:\Users\Kathy\AppData\Roaming\Mozilla\Firefox\Profiles\wnbttv23.default\prefs.js [OK] File is clean. -\\ Google Chrome v23.0.1271.95 File : C:\Users\Kevin\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Matt\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.16] : homepage = "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592", Found [l.1707] : homepage = "hxxp://search.certified-toolbar.com?si=41460&home=true&tid=592", File : C:\Users\Kathy\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [5685 octets] - [03/12/2012 11:51:20] ########## EOF - C:\AdwCleaner[R1].txt - [5745 octets] ########## RogueKiller V8.3.1 [Dec 2 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Kevin [Admin rights] Mode : Scan -- Date : 12/03/2012 11:53:19 ¤¤¤ Bad processes : 3 ¤¤¤ [sUSP PATH] chrome_frame_helper.exe -- C:\Users\Kathy\AppData\Local\Google\Chrome\Application\23.0.1271.95\chrome_frame_helper.exe -> KILLED [TermProc] [sUSP PATH] SansaDispatch.exe -- C:\Users\Kevin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe -> KILLED [TermProc] [sUSP PATH] adwcleaner.exe -- C:\Users\Kevin\Desktop\adwcleaner.exe -> KILLED [TermProc] ¤¤¤ Registry Entries : 11 ¤¤¤ [RUN][sUSP PATH] HKCU\[...]\Run : SansaDispatch (C:\Users\Kevin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-4238866707-2981277748-2125797828-1001[...]\Run : SansaDispatch (C:\Users\Kevin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe) -> FOUND [RUN][sUSP PATH] HKUS\S-1-5-21-4238866707-2981277748-2125797828-1006[...]\Run : ChromeFrameHelper ("C:\Users\Kathy\AppData\Local\Google\Chrome\Application\23.0.1271.95\chrome_frame_helper.exe" --startup) -> FOUND [TASK][sUSP PATH] ArcadeWeb Update.job : C:\Users\Ian\AppData\Local\ArcadeWeb\awuper.exe -> FOUND [TASK][sUSP PATH] ArcadeWeb Update : C:\Users\Ian\AppData\Local\ArcadeWeb\awuper.exe -> FOUND [HJPOL] HKLM\[...]\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableTaskMgr (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableRegistryTools (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts 127.0.0.1 localhost ::1 localhost 198.15.104.132 www.google-analytics.com. 198.15.104.132 ad-emea.doubleclick.net. 198.15.104.132 www.statcounter.com. 72.29.93.243 www.google-analytics.com. 72.29.93.243 ad-emea.doubleclick.net. 72.29.93.243 www.statcounter.com. ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9320325AS +++++ --- User --- [MBR] 4e0289016a6b2e13b1dfbe7158dbc218 [bSP] f4da71111fb77143416f95765f639085 : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] DELL-UTIL (0xde) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 15000 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 30926848 | Size: 290143 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_12032012_02d1153.txt >> RKreport[1]_S_12032012_02d1153.txt

Sorry - here is FSS log with the correct options checked: Farbar Service Scanner Version: 09-11-2012 Ran by Kevin (administrator) on 27-11-2012 at 21:54:14 Running from "C:\Users\Kevin\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== System Restore: ============ System Restore Disabled Policy: ======================== Action Center: ============ Windows Update: ============ Windows Autoupdate Disabled Policy: ============================ Windows Defender: ============== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-11-14 13:02] - [2012-10-03 11:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\SDRSVC.dll => MD5 is legit C:\Windows\System32\vssvc.exe => MD5 is legit C:\Windows\System32\wscsvc.dll => MD5 is legit C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit C:\Windows\System32\wuaueng.dll => MD5 is legit C:\Windows\System32\qmgr.dll => MD5 is legit C:\Windows\System32\es.dll => MD5 is legit C:\Windows\System32\cryptsvc.dll => MD5 is legit C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.65.1.1000 Java 7 Java 7 Update 5 Java version out of Date! Adobe Flash Player 11.4.402.287 Flash Player out of Date! Adobe Reader 10.1.4 Adobe Reader out of Date! Mozilla Firefox 16.0.2 Firefox out of Date! Google Chrome 23.0.1271.64 Google Chrome 23.0.1271.91 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log`````````````````````` Farbar Service Scanner Version: 09-11-2012 Ran by Kevin (administrator) on 27-11-2012 at 21:52:56 Running from "C:\Users\Kevin\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal **************************************************************** Internet Services: ============ Connection Status: ============== Localhost is accessible. LAN connected. Google IP is accessible. Google.com is accessible. Yahoo IP is accessible. Yahoo.com is accessible. Windows Firewall: ============= Firewall Disabled Policy: ================== Other Services: ============== File Check: ======== C:\Windows\System32\nsisvc.dll => MD5 is legit C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit C:\Windows\System32\dhcpcore.dll => MD5 is legit C:\Windows\System32\drivers\afd.sys => MD5 is legit C:\Windows\System32\drivers\tdx.sys => MD5 is legit C:\Windows\System32\Drivers\tcpip.sys [2012-11-14 13:02] - [2012-10-03 11:56] - 1914248 ____A (Microsoft Corporation) 37608401DFDB388CAF66917F6B2D6FB0 C:\Windows\System32\dnsrslvr.dll => MD5 is legit C:\Windows\System32\mpssvc.dll => MD5 is legit C:\Windows\System32\bfe.dll => MD5 is legit C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\rpcss.dll => MD5 is legit **** End of log ****

DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.5.0 Run by Kevin at 9:14:14 on 2012-11-25 #Option Extended Search is enabled. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2935.1465 [GMT -6:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\windows\system32\svchost.exe -k RPCSS C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files\Windows Media Player\wmpnetwk.exe C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\windows\system32\taskhost.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\STService.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files\IDT\WDM\sttray64.exe C:\Users\Kevin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\iPod\bin\iPodService.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\system32\SearchFilterHost.exe C:\windows\system32\taskeng.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ mStart Page = hxxp://www.google.com mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll EB: Developer Tools: {1A6FE369-F28C-4AD9-A3E6-2BCB50807CF1} - C:\Program Files (x86)\Internet Explorer\iedvtool.dll uRun: [sansaDispatch] C:\Users\Kevin\AppData\Roaming\SanDisk\Sansa Updater\SansaDispatch.exe uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe mRun: [RoxWatchTray] "c:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe" mRun: [Desktop Disc Tool] "c:\Program Files (x86)\Roxio\OEM\Roxio Burn\RoxioBurnLauncher.exe" mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\Scheduler\Launcher.exe StartupFolder: C:\Users\Kevin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: dell.com DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab TCP: NameServer = 192.168.0.1 TCP: Interfaces\{313A29A8-35E4-429F-A0D7-044D04FDEB5B} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{313A29A8-35E4-429F-A0D7-044D04FDEB5B}\46C696E6B6 : DHCPNameServer = 192.168.0.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [igfxTray] C:\windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\windows\System32\hkcmd.exe x64-Run: [Persistence] C:\windows\System32\igfxpers.exe x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 198.15.104.132 www.google-analytics.com. Hosts: 198.15.104.132 ad-emea.doubleclick.net. Hosts: 198.15.104.132 www.statcounter.com. Hosts: 72.29.93.243 www.google-analytics.com. Hosts: 72.29.93.243 ad-emea.doubleclick.net. . Note: multiple HOSTS entries found. Please refer to Attach.txt . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ohni4cvb.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2422939&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - AccuWeather Customized Web Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2422939&SearchSource=2&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2012-10-20 07:40; {fe272bd1-5f76-4ea4-8501-a05d35d823fc}; C:\Users\Kevin\AppData\Roaming\Mozilla\Firefox\Profiles\ohni4cvb.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi . ---- FIREFOX POLICIES ---- FF - user.js: general.useragent.extra.brc - . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2011-11-18 55856] R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928] R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368] R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-11-18 13336] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-20 399432] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-20 676936] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-11-18 689472] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-11-18 2533400] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\windows\System32\drivers\CtClsFlt.sys [2011-11-18 176096] R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2011-11-18 56344] R3 Impcd;Impcd;C:\windows\System32\drivers\Impcd.sys [2011-11-18 158976] R3 IntcDAud;Intel® Display Audio;C:\windows\System32\drivers\IntcDAud.sys [2011-11-18 317440] R3 MBAMProtector;MBAMProtector;C:\windows\System32\drivers\mbam.sys [2012-11-20 25928] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-6-10 539240] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DellDigitalDelivery;Dell Digital Delivery Service;C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [2011-3-24 148360] S2 RoxWatch12;Roxio Hard Drive Watcher 12;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe [2010-11-25 219632] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-6-7 160944] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-11-4 19456] S3 RoxMediaDB12OEM;RoxMediaDB12OEM;C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe [2010-11-25 1116656] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\windows\System32\drivers\RtsUStor.sys [2011-11-18 250984] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-11-4 57856] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\windows\System32\drivers\TsUsbGD.sys [2012-11-4 30208] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-2-15 52736] S3 UsbFltr;WayTech USB Filter Driver;C:\windows\System32\drivers\UsbFltr.sys [2007-4-9 12288] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2011-11-23 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 60 ================ . 2012-11-25 04:54:40 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Mael 2012-11-25 03:21:15 -------- d-----w- C:\Program Files (x86)\HxD 2012-11-24 01:08:07 -------- d-----w- C:\Program Files (x86)\Scratch 2012-11-23 19:04:37 -------- d-----w- C:\windows\SysWow64\xlive 2012-11-23 19:04:08 -------- d-----w- C:\Program Files (x86)\Microsoft Games for Windows - LIVE 2012-11-23 18:11:17 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D321A3B-2FAA-429C-95E0-9A49B46D1B14}\offreg.dll 2012-11-23 18:10:38 -------- d-----w- C:\ProgramData\boost_interprocess 2012-11-23 14:25:47 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{9D321A3B-2FAA-429C-95E0-9A49B46D1B14}\mpengine.dll 2012-11-21 04:09:00 -------- d-----w- C:\Users\Kevin\AppData\Roaming\Malwarebytes 2012-11-21 04:08:48 -------- d-----w- C:\ProgramData\Malwarebytes 2012-11-21 04:08:47 25928 ----a-w- C:\windows\System32\drivers\mbam.sys 2012-11-21 04:08:47 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-11-19 02:38:22 -------- d-----w- C:\Program Files (x86)\FTL 2012-11-15 13:34:17 9728 ----a-w- C:\windows\System32\Wdfres.dll 2012-11-15 13:34:17 785512 ----a-w- C:\windows\System32\drivers\Wdf01000.sys 2012-11-15 13:34:17 54376 ----a-w- C:\windows\System32\drivers\WdfLdr.sys 2012-11-15 13:34:17 2560 ----a-w- C:\windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-15 13:23:32 87040 ----a-w- C:\windows\System32\drivers\WUDFPf.sys 2012-11-15 13:23:32 198656 ----a-w- C:\windows\System32\drivers\WUDFRd.sys 2012-11-15 13:23:31 84992 ----a-w- C:\windows\System32\WUDFSvc.dll 2012-11-15 13:23:31 194048 ----a-w- C:\windows\System32\WUDFPlatform.dll 2012-11-15 13:23:30 744448 ----a-w- C:\windows\System32\WUDFx.dll 2012-11-15 13:23:30 45056 ----a-w- C:\windows\System32\WUDFCoinstaller.dll 2012-11-15 13:23:30 229888 ----a-w- C:\windows\System32\WUDFHost.exe 2012-11-13 23:31:29 -------- d-----w- C:\Program Files (x86)\Steam 2012-11-08 00:08:25 -------- d-----w- C:\TDSSKiller_Quarantine 2012-11-06 13:35:40 -------- d-----w- C:\Program Files\IDT 2012-11-04 16:36:13 -------- d-----w- C:\Users\Kevin\AppData\Roaming\uTorrent 2012-11-04 16:01:04 3072 ----a-w- C:\windows\System32\drivers\en-US\tsusbflt.sys.mui 2012-11-04 16:01:03 15360 ----a-w- C:\windows\System32\RdpGroupPolicyExtension.dll 2012-11-04 16:01:03 13312 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyExtension.dll 2012-11-04 16:01:03 13312 ----a-w- C:\windows\System32\TsUsbRedirectionGroupPolicyControl.exe 2012-11-04 16:01:00 57856 ----a-w- C:\windows\System32\drivers\TsUsbFlt.sys 2012-11-04 16:01:00 30208 ----a-w- C:\windows\System32\drivers\TsUsbGD.sys 2012-11-04 16:01:00 19456 ----a-w- C:\windows\System32\drivers\rdpvideominiport.sys 2012-11-04 00:23:02 -------- d-----w- C:\Users\Kevin\AppData\Local\LogMeIn Hamachi 2012-10-27 16:37:12 -------- d-----w- C:\Program Files (x86)\Mozilla Maintenance Service 2012-10-21 18:28:47 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2012-10-21 18:28:47 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2012-10-12 04:10:10 -------- d-----w- C:\Users\Kevin\AppData\Roaming\SUPERAntiSpyware.com 2012-10-12 04:09:53 -------- d-----w- C:\ProgramData\SUPERAntiSpyware.com 2012-10-12 04:09:53 -------- d-----w- C:\Program Files\SUPERAntiSpyware 2012-10-10 10:01:46 362496 ----a-w- C:\windows\System32\wow64win.dll 2012-10-10 10:00:24 2048 ----a-w- C:\windows\SysWow64\tzres.dll 2012-10-10 09:59:52 2048 ----a-w- C:\windows\System32\tzres.dll 2012-10-10 09:59:44 172544 ----a-w- C:\windows\SysWow64\wintrust.dll 2012-10-10 09:59:43 220160 ----a-w- C:\windows\System32\wintrust.dll 2012-10-10 09:59:39 1659760 ----a-w- C:\windows\System32\drivers\ntfs.sys 2012-10-10 08:08:23 542208 ----a-w- C:\windows\SysWow64\kerberos.dll 2012-10-10 08:08:18 715776 ----a-w- C:\windows\System32\kerberos.dll 2012-10-10 08:07:35 140288 ----a-w- C:\windows\SysWow64\cryptsvc.dll 2012-10-10 08:07:35 103936 ----a-w- C:\windows\SysWow64\cryptnet.dll 2012-10-10 08:07:34 1159680 ----a-w- C:\windows\SysWow64\crypt32.dll 2012-10-10 08:06:58 184320 ----a-w- C:\windows\System32\cryptsvc.dll 2012-10-10 08:06:58 140288 ----a-w- C:\windows\System32\cryptnet.dll 2012-10-10 08:06:57 1464320 ----a-w- C:\windows\System32\crypt32.dll 2012-10-09 19:49:08 5559664 ----a-w- C:\windows\System32\ntoskrnl.exe 2012-10-09 19:49:08 3968880 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2012-10-09 19:49:08 3914096 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2012-09-29 06:48:09 -------- d-sh--w- C:\found.003 2012-09-28 03:24:51 -------- d-----w- C:\Users\Kevin\AppData\Local\Google 2012-09-26 17:04:36 -------- d-----w- C:\ProgramData\mzsavrdjtoxgqef . ==================== Find6M ==================== . 2012-10-18 18:25:58 3149824 ----a-w- C:\windows\System32\win32k.sys 2012-10-10 00:24:17 696760 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2012-10-10 00:24:16 73656 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 18:17:13 55296 ----a-w- C:\windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\windows\SysWow64\dhcpcore6.dll 2012-10-08 11:31:03 2312704 ----a-w- C:\windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\windows\System32\drivers\tcpipreg.sys 2012-09-25 22:47:43 78336 ----a-w- C:\windows\SysWow64\synceng.dll 2012-09-25 22:46:17 95744 ----a-w- C:\windows\System32\synceng.dll 2012-08-24 18:13:17 154480 ----a-w- C:\windows\System32\drivers\ksecpkg.sys 2012-08-24 18:09:34 458712 ----a-w- C:\windows\System32\drivers\cng.sys 2012-08-24 18:05:03 340992 ----a-w- C:\windows\System32\schannel.dll 2012-08-24 18:04:18 307200 ----a-w- C:\windows\System32\ncrypt.dll 2012-08-24 18:03:09 1448448 ----a-w- C:\windows\System32\lsasrv.dll 2012-08-24 16:57:40 247808 ----a-w- C:\windows\SysWow64\schannel.dll 2012-08-24 16:57:40 22016 ----a-w- C:\windows\SysWow64\secur32.dll 2012-08-24 16:57:37 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2012-08-24 16:53:35 96768 ----a-w- C:\windows\SysWow64\sspicli.dll 2012-08-23 14:13:11 243200 ----a-w- C:\windows\System32\rdpudd.dll 2012-08-23 13:47:20 46592 ----a-w- C:\windows\SysWow64\MsRdpWebAccess.dll 2012-08-23 13:46:20 16896 ----a-w- C:\windows\SysWow64\wksprtPS.dll 2012-08-23 13:20:40 54272 ----a-w- C:\windows\System32\MsRdpWebAccess.dll 2012-08-23 13:18:14 37376 ----a-w- C:\windows\SysWow64\tsgqec.dll 2012-08-23 13:17:54 18432 ----a-w- C:\windows\System32\wksprtPS.dll 2012-08-23 13:06:58 43520 ----a-w- C:\windows\System32\TsUsbGDCoInstaller.dll 2012-08-23 12:52:53 44032 ----a-w- C:\windows\System32\tsgqec.dll 2012-08-23 11:20:06 62976 ----a-w- C:\windows\System32\TSWbPrxy.exe 2012-08-23 11:15:57 269312 ----a-w- C:\windows\SysWow64\aaclient.dll 2012-08-23 11:14:09 384000 ----a-w- C:\windows\System32\wksprt.exe 2012-08-23 11:12:17 192000 ----a-w- C:\windows\SysWow64\rdpendp_winip.dll 2012-08-23 10:54:24 322560 ----a-w- C:\windows\System32\aaclient.dll 2012-08-23 10:51:14 228864 ----a-w- C:\windows\System32\rdpendp_winip.dll 2012-08-23 10:39:24 1048064 ----a-w- C:\windows\SysWow64\mstsc.exe 2012-08-23 10:22:22 1123840 ----a-w- C:\windows\System32\mstsc.exe 2012-08-23 09:51:57 3174912 ----a-w- C:\windows\System32\rdpcorets.dll 2012-08-23 08:19:01 4916224 ----a-w- C:\windows\SysWow64\mstscax.dll 2012-08-23 08:13:07 5773824 ----a-w- C:\windows\System32\mstscax.dll 2012-08-22 18:12:40 950128 ----a-w- C:\windows\System32\drivers\ndis.sys 2012-08-22 18:12:40 376688 ----a-w- C:\windows\System32\drivers\netio.sys 2012-08-22 18:12:33 288624 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2012-08-21 21:01:00 245760 ----a-w- C:\windows\System32\OxpsConverter.exe 2012-08-20 18:48:44 243200 ----a-w- C:\windows\System32\wow64.dll 2012-08-20 18:48:44 13312 ----a-w- C:\windows\System32\wow64cpu.dll 2012-08-20 18:48:43 215040 ----a-w- C:\windows\System32\winsrv.dll 2012-08-20 18:48:37 16384 ----a-w- C:\windows\System32\ntvdm64.dll 2012-08-20 18:48:35 424448 ----a-w- C:\windows\System32\KernelBase.dll 2012-08-20 18:46:22 338432 ----a-w- C:\windows\System32\conhost.exe 2012-08-20 17:40:21 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2012-08-20 17:38:44 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2012-08-20 17:38:26 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2012-08-20 17:37:19 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2012-08-20 17:37:18 274944 ----a-w- C:\windows\SysWow64\KernelBase.dll 2012-08-20 15:38:21 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2012-08-20 15:38:20 2048 ----a-w- C:\windows\SysWow64\user.exe 2012-08-20 15:33:28 6144 ---ha-w- C:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-08-20 15:33:28 4608 ---ha-w- C:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-08-20 15:33:28 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-08-20 15:33:28 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-08-14 06:54:30 71680 ----a-w- C:\windows\System32\frapsv64.dll 2012-08-14 06:54:28 65536 ----a-w- C:\windows\SysWow64\frapsvid.dll 2012-08-02 17:58:52 574464 ----a-w- C:\windows\System32\d3d10level9.dll 2012-08-02 16:57:20 490496 ----a-w- C:\windows\SysWow64\d3d10level9.dll 2012-07-08 17:17:47 627600 ----a-w- C:\windows\System32\deployJava1.dll 2012-07-08 17:10:09 772592 ----a-w- C:\windows\SysWow64\npdeployJava1.dll 2012-07-08 17:10:09 687600 ----a-w- C:\windows\SysWow64\deployJava1.dll 2012-07-06 20:07:42 552960 ----a-w- C:\windows\System32\drivers\bthport.sys 2012-07-04 22:13:27 59392 ----a-w- C:\windows\System32\browcli.dll 2012-07-04 22:13:27 136704 ----a-w- C:\windows\System32\browser.dll 2012-07-04 21:14:34 41984 ----a-w- C:\windows\SysWow64\browcli.dll 2012-07-04 20:26:03 41472 ----a-w- C:\windows\System32\drivers\RNDISMP.sys 2012-06-10 06:36:19 560184 ----a-w- C:\windows\System32\drivers\sptd.sys 2012-06-06 13:49:52 1070152 ----a-w- C:\windows\SysWow64\MSCOMCTL.OCX 2012-06-06 06:06:16 2004480 ----a-w- C:\windows\System32\msxml6.dll 2012-06-06 06:06:16 1881600 ----a-w- C:\windows\System32\msxml3.dll 2012-06-06 06:02:54 1133568 ----a-w- C:\windows\System32\cdosys.dll 2012-06-06 05:05:52 1390080 ----a-w- C:\windows\SysWow64\msxml6.dll 2012-06-06 05:05:52 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll . ============= FINISH: 9:15:51.56 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 11/22/2011 11:30:59 AM System Uptime: 11/25/2012 8:17:00 AM (1 hours ago) . Motherboard: Dell Inc. | | 024DTD Processor: Intel® Core i3 CPU M 380 @ 2.53GHz | CPU 1 | 2527/533mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 283 GiB total, 138.742 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP364: 11/22/2012 10:53:02 AM - Scheduled Checkpoint RP365: 11/23/2012 8:24:37 AM - Windows Update RP366: 11/23/2012 1:02:36 PM - Installed DirectX RP367: 11/23/2012 1:04:39 PM - Installed DirectX . ==== Hosts File Hijack ====================== . Hosts: 198.15.104.132 www.google-analytics.com. Hosts: 198.15.104.132 ad-emea.doubleclick.net. Hosts: 198.15.104.132 www.statcounter.com. Hosts: 72.29.93.243 www.google-analytics.com. Hosts: 72.29.93.243 ad-emea.doubleclick.net. Hosts: 72.29.93.243 www.statcounter.com. . ==== Installed Programs ====================== . Sansa Media Converter Accidental Damage Services Agreement Adobe After Effects CS6 Adobe AIR Adobe Download Assistant Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Help Manager Adobe Media Player Adobe Reader X (10.1.4) MUI Adobe Shockwave Player 11.6 Advanced Audio FX Engine Amazon MP3 Downloader 1.0.17 Apple Application Support Apple Mobile Device Support Apple Software Update AVS Update Manager 1.0 AVS Video Converter 8 AVS4YOU Software Navigator 1.4 Banctec Service Agreement Bonjour CANON iMAGE GATEWAY MyCamera Download Plugin CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon MOV Decoder Canon MOV Encoder Canon MovieEdit Task for ZoomBrowser EX Canon Utilities Digital Photo Professional 3.10 Canon Utilities EOS Sample Music Canon Utilities EOS Utility Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX Canon Utilities Movie Uploader for YouTube Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility COD4 Community Launcher Complete Care Business Service Agreement Consumer In-Home Service Agreement D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Digital Delivery Dell Edoc Viewer Dell Getting Started Guide Dell Home Systems Service Agreement Dell MusicStage Dell PhotoStage Dell Stage Dell Support Center Dell System Detect Dell Touchpad Dell VideoStage Dell Webcam Central Dell Wireless Driver Installation DirectX 9 Runtime Facebook Video Calling 1.2.0.159 FTL version 1.01 Google Chrome Google Update Helper Hotfix for Microsoft Visual C# 2010 Express - ENU (KB2635973) HxD Hex Editor version 1.7.7.0 IDT Audio Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® Rapid Storage Technology Internet TV for Windows Media Center iTunes Java Auto Updater Java 7 Java 7 (64-bit) Java 7 Update 5 Junk Mail filter update Logitech Harmony Remote Software 7 Malwarebytes Anti-Malware version 1.65.1.1000 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Application Error Reporting Microsoft Expression Blend 4 Microsoft Expression Blend 4 Add-in for Adobe FXG Import Microsoft Expression Blend SDK for .NET 4 Microsoft Expression Blend SDK for Silverlight 4 Microsoft Expression Blend SDK for Windows Phone 7 Microsoft Flight Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft Help Viewer 1.1 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft Silverlight 3 SDK Microsoft Silverlight 4 SDK Microsoft Silverlight Tools for Visual Studio 2010 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft SQL Server 2008 R2 Management Objects Microsoft SQL Server Compact 3.5 SP2 ENU Microsoft SQL Server Compact 3.5 SP2 x64 ENU Microsoft SQL Server System CLR Types Microsoft Visual C# 2010 Express - ENU Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Visual Studio 2010 Express Prerequisites x64 - ENU Microsoft Visual Studio 2010 Service Pack 1 Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft XNA Framework Redistributable 3.1 Microsoft XNA Framework Redistributable 4.0 Microsoft XNA Game Studio Platform Tools Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Mozilla Firefox 16.0.2 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT Redists MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Paint.NET v3.5.10 Pando Media Booster PhotoShowExpress Pinnacle Instant DVD Recorder Pinnacle Video Driver Premium Service Agreement QualxServ Service Agreement Quickset64 QuickTime RBVirtualFolder64Inst Realtek Ethernet Controller Driver Realtek USB 2.0 Card Reader Roxio Activation Module Roxio BackOnTrack Roxio Burn Roxio Creator Starter Roxio Express Labeler 3 Roxio File Backup RuneScape Launcher 1.2 Sansa Updater Scratch Scribblenauts Unlimited Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition SketchUp 8 Skype™ 5.10 Sonic CinePlayer Decoder Pack Steam SUPERAntiSpyware swMSM The Binding of Isaac The Ship TrustedID Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Ventrilo Client for Windows x64 video4fuze 0.6 Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU VLC media player 2.0.4 WCF RIA Services V1.0 SP1 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.20 (32-bit) WPF Toolkit February 2010 (Version 3.5.50211.1) . ==== Event Viewer Messages From Past Week ======== . 11/25/2012 8:19:36 AM, Error: Service Control Manager [7034] - The Dell Digital Delivery Service service terminated unexpectedly. It has done this 1 time(s). 11/21/2012 8:33:06 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 11/21/2012 8:26:52 AM, Error: volsnap [14] - The shadow copies of volume C: were aborted because of an IO failure on volume C:. 11/21/2012 7:38:39 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was 15 milliseconds. 11/21/2012 7:38:39 AM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was -1 milliseconds. 11/18/2012 7:25:45 PM, Error: Microsoft-Windows-WMPNSS-Service [14365] - Proximity detection failed due to unknown error '0x80004004'. The best proximity time detected was 19 milliseconds. . ==== End Of File ===========================

Please help me remove the corner pop ups. Thanks, Kevin attach.txt dds.txt