Timrl

After a 2 and a half hour scan... : C:\Program Files (x86)\Dell DataSafe Local Backup\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\hstart.exe a variant of Win32/HiddenStart.A application cleaned by deleting - quarantined C:\Users\Timothy_Leis\Documents\Clipper - Copy.exe probably a variant of Win32/TrojanDownloader.Agent.COVLPIJ trojan cleaned by deleting - quarantined C:\Users\Timothy_Leis\Documents\Clipper.exe probably a variant of Win32/TrojanDownloader.Agent.COVLPIJ trojan cleaned by deleting - quarantined C:\Users\Timothy_Leis\Downloads\cbsidlm-tr1_8-Auto_Clicker_by_Shocker-BP2-75742161 (1).exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined C:\Users\Timothy_Leis\Downloads\cbsidlm-tr1_8-Auto_Clicker_by_Shocker-BP2-75742161.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined C:\Users\Timothy_Leis\Downloads\cbsidlm-tr1_8-MP3_Quality_Modifier-SEO2-10922166.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined C:\Users\Timothy_Leis\Downloads\cbsidlm-tr1_8-Photo_Crop_Editor-SEO2-10536710 (1).exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined C:\Users\Timothy_Leis\Downloads\cbsidlm-tr1_8-Photo_Crop_Editor-SEO2-10536710.exe Win32/DownloadAdmin.E application cleaned by deleting - quarantined C:\Users\Timothy_Leis\Downloads\DTLite4461-0327.exe Win32/OpenCandy application cleaned by deleting - quarantined C:\Users\Timothy_Leis\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application cleaned by deleting - quarantined C:\Users\Timothy_Leis\Downloads\SoftonicDownloader_for_directx.exe a variant of Win32/SoftonicDownloader.E application cleaned by deleting - quarantined C:\Users\Timothy_Leis\Downloads\winzip160.exe Win32/OpenCandy application deleted - quarantined C:\Users\Timothy_Leis\Downloads\{XIPATCH_07-23-12.7z}_downloader_411a.exe a variant of Win32/YourFileDownloader application cleaned by deleting - quarantined

Minitoolbox : MiniToolBox by Farbar Version: 25-11-2012 Ran by Timothy_Leis (administrator) on 11-12-2012 at 20:45:20 Running from "C:\Users\Timothy_Leis\Desktop" Windows 7 Home Premium Service Pack 1 (X64) Boot Mode: Normal *************************************************************************** ========================= Flush DNS: =================================== Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========================= IE Proxy Settings: ============================== Proxy is not enabled. No Proxy Server is set. "Reset IE Proxy Settings": IE Proxy Settings were reset. ========================= FF Proxy Settings: ============================== "Reset FF Proxy Settings": Firefox Proxy settings were reset. ========================= Hosts content: ================================= 127.0.0.1 localhost ========================= IP Configuration: ================================ Intel® Centrino® Wireless-N 1030 = Wireless Network Connection (Connected) Realtek PCIe FE Family Controller = Local Area Connection (Media disconnected) Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 2 (Media disconnected) Microsoft Virtual WiFi Miniport Adapter = Wireless Network Connection 3 (Media disconnected) # ---------------------------------- # IPv4 Configuration # ---------------------------------- pushd interface ipv4 reset set global popd # End of IPv4 configuration Windows IP Configuration Host Name . . . . . . . . . . . . : Timothy_Leis-PC Primary Dns Suffix . . . . . . . : Node Type . . . . . . . . . . . . : Broadcast IP Routing Enabled. . . . . . . . : No WINS Proxy Enabled. . . . . . . . : No DNS Suffix Search List. . . . . . : gateway.2wire.net Wireless LAN adapter Wireless Network Connection 3: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter #2 Physical Address. . . . . . . . . : AC-72-89-71-FB-93 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection 2: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter Physical Address. . . . . . . . . : AC-72-89-71-FB-93 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Ethernet adapter Bluetooth Network Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network) Physical Address. . . . . . . . . : AC-72-89-71-FB-96 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Wireless LAN adapter Wireless Network Connection: Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 1030 Physical Address. . . . . . . . . : AC-72-89-71-FB-92 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Link-local IPv6 Address . . . . . : fe80::e98c:86b1:f300:e70d%12(Preferred) IPv4 Address. . . . . . . . . . . : 192.168.1.103(Preferred) Subnet Mask . . . . . . . . . . . : 255.255.255.0 Lease Obtained. . . . . . . . . . : Tuesday, December 11, 2012 8:34:20 PM Lease Expires . . . . . . . . . . : Wednesday, December 12, 2012 8:34:20 PM Default Gateway . . . . . . . . . : 192.168.1.254 DHCP Server . . . . . . . . . . . : 192.168.1.254 DHCPv6 IAID . . . . . . . . . . . : 229405321 DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-F6-EA-9F-14-FE-B5-C6-07-89 DNS Servers . . . . . . . . . . . : 192.168.1.254 NetBIOS over Tcpip. . . . . . . . : Enabled Ethernet adapter Local Area Connection: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : linksys.com Description . . . . . . . . . . . : Realtek PCIe FE Family Controller Physical Address. . . . . . . . . : 14-FE-B5-C6-07-89 DHCP Enabled. . . . . . . . . . . : Yes Autoconfiguration Enabled . . . . : Yes Tunnel adapter isatap.gateway.2wire.net: Media State . . . . . . . . . . . : Media disconnected Connection-specific DNS Suffix . : gateway.2wire.net Description . . . . . . . . . . . : Microsoft ISATAP Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes Tunnel adapter Local Area Connection* 12: Connection-specific DNS Suffix . : Description . . . . . . . . . . . : Microsoft Teredo Tunneling Adapter Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0 DHCP Enabled. . . . . . . . . . . : No Autoconfiguration Enabled . . . . : Yes IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:1cf7:1eee:9332:de29(Preferred) Link-local IPv6 Address . . . . . : fe80::1cf7:1eee:9332:de29%22(Preferred) Default Gateway . . . . . . . . . : :: NetBIOS over Tcpip. . . . . . . . : Disabled Server: home Address: 192.168.1.254 Name: google.com Addresses: 2607:f8b0:4000:800::1000 74.125.227.128 74.125.227.129 74.125.227.130 74.125.227.131 74.125.227.132 74.125.227.133 74.125.227.134 74.125.227.135 74.125.227.136 74.125.227.137 74.125.227.142 Pinging google.com [74.125.227.33] with 32 bytes of data: Reply from 74.125.227.33: bytes=32 time=20ms TTL=53 Reply from 74.125.227.33: bytes=32 time=21ms TTL=53 Ping statistics for 74.125.227.33: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 20ms, Maximum = 21ms, Average = 20ms Server: home Address: 192.168.1.254 Name: yahoo.com Addresses: 72.30.38.140 98.138.253.109 98.139.183.24 Pinging yahoo.com [72.30.38.140] with 32 bytes of data: Reply from 72.30.38.140: bytes=32 time=77ms TTL=49 Reply from 72.30.38.140: bytes=32 time=87ms TTL=49 Ping statistics for 72.30.38.140: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 77ms, Maximum = 87ms, Average = 82ms Pinging 127.0.0.1 with 32 bytes of data: Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Reply from 127.0.0.1: bytes=32 time<1ms TTL=128 Ping statistics for 127.0.0.1: Packets: Sent = 2, Received = 2, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 0ms, Average = 0ms =========================================================================== Interface List 16...ac 72 89 71 fb 93 ......Microsoft Virtual WiFi Miniport Adapter #2 15...ac 72 89 71 fb 93 ......Microsoft Virtual WiFi Miniport Adapter 14...ac 72 89 71 fb 96 ......Bluetooth Device (Personal Area Network) 12...ac 72 89 71 fb 92 ......Intel® Centrino® Wireless-N 1030 11...14 fe b5 c6 07 89 ......Realtek PCIe FE Family Controller 1...........................Software Loopback Interface 1 21...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter 22...00 00 00 00 00 00 00 e0 Microsoft Teredo Tunneling Adapter =========================================================================== IPv4 Route Table =========================================================================== Active Routes: Network Destination Netmask Gateway Interface Metric 0.0.0.0 0.0.0.0 192.168.1.254 192.168.1.103 25 127.0.0.0 255.0.0.0 On-link 127.0.0.1 306 127.0.0.1 255.255.255.255 On-link 127.0.0.1 306 127.255.255.255 255.255.255.255 On-link 127.0.0.1 306 192.168.1.0 255.255.255.0 On-link 192.168.1.103 281 192.168.1.103 255.255.255.255 On-link 192.168.1.103 281 192.168.1.255 255.255.255.255 On-link 192.168.1.103 281 224.0.0.0 240.0.0.0 On-link 127.0.0.1 306 224.0.0.0 240.0.0.0 On-link 192.168.1.103 281 255.255.255.255 255.255.255.255 On-link 127.0.0.1 306 255.255.255.255 255.255.255.255 On-link 192.168.1.103 281 =========================================================================== Persistent Routes: None IPv6 Route Table =========================================================================== Active Routes: If Metric Network Destination Gateway 22 58 ::/0 On-link 1 306 ::1/128 On-link 22 58 2001::/32 On-link 22 306 2001:0:9d38:953c:1cf7:1eee:9332:de29/128 On-link 12 281 fe80::/64 On-link 22 306 fe80::/64 On-link 22 306 fe80::1cf7:1eee:9332:de29/128 On-link 12 281 fe80::e98c:86b1:f300:e70d/128 On-link 1 306 ff00::/8 On-link 12 281 ff00::/8 On-link 22 306 ff00::/8 On-link =========================================================================== Persistent Routes: None ========================= Winsock entries ===================================== Catalog5 01 C:\Windows\SysWOW64\NLAapi.dll [52224] (Microsoft Corporation) Catalog5 02 C:\Windows\SysWOW64\napinsp.dll [52224] (Microsoft Corporation) Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 04 C:\Windows\SysWOW64\pnrpnsp.dll [65024] (Microsoft Corporation) Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [20992] (Microsoft Corporation) Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [36352] (Microsoft Corporation) Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [121704] (Apple Inc.) Catalog5 09 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog5 10 C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [145280] (Microsoft Corp.) Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [232448] (Microsoft Corporation) x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [70656] (Microsoft Corporation) x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation) x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [86016] (Microsoft Corporation) x64-Catalog5 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog5 06 C:\Windows\System32\winrnr.dll [28672] (Microsoft Corporation) x64-Catalog5 07 C:\Windows\System32\wshbth.dll [47104] (Microsoft Corporation) x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [132968] (Apple Inc.) x64-Catalog5 09 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog5 10 C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL [171392] (Microsoft Corp.) x64-Catalog9 01 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 02 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 03 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 04 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 05 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 06 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 07 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 08 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 09 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 10 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) x64-Catalog9 11 C:\Windows\System32\mswsock.dll [326144] (Microsoft Corporation) ========================= Event log errors: =============================== Application errors: ================== System errors: ============= Microsoft Office Sessions: ========================= CodeIntegrity Errors: =================================== Date: 2012-12-05 19:11:46.048 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-12-05 19:11:46.032 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-01-10 17:50:26.619 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Timothy_Leis\Downloads\SysInfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. Date: 2012-01-10 17:50:26.610 Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Users\Timothy_Leis\Downloads\SysInfo.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source. =========================== Installed Programs ============================ 7-Zip 9.20 Accidental Damage Services Agreement (Version: 2.0.0) Adobe AIR (Version: 2.6.0.19120) Adobe Flash Player 11 ActiveX (Version: 11.4.402.287) Adobe Flash Player 11 Plugin (Version: 11.4.402.287) Adobe Reader X (10.1.4) MUI (Version: 10.1.4) Adobe Shockwave Player 11.6 (Version: 11.6.1.629) Advanced Audio FX Engine (Version: 1.12.05) Apple Application Support (Version: 2.3.2) Apple Mobile Device Support (Version: 6.0.1.3) Apple Software Update (Version: 2.1.3.127) Auto Clicker by Shocker (Version: V3.0) Banctec Service Agreement (Version: 2.0.0) Blio (Version: 2.3.7140) Bonjour (Version: 3.0.0.10) CCleaner (Version: 3.25) Complete Care Business Service Agreement (Version: 2.0.0) Consumer In-Home Service Agreement (Version: 2.0.0) Coupon Companion (Version: 1.24.151.151) Cozi (Version: 1.0.6505.38692) D3DX10 (Version: 15.4.2368.0902) DAEMON Tools Lite (Version: 4.46.1.0327) Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup - Support Software (Version: 9.4.60) Dell DataSafe Local Backup (Version: 9.4.60) Dell DataSafe Online (Version: 2.1.19634) Dell Edoc Viewer (Version: 1.0.0) Dell Getting Started Guide (Version: 1.00.0000) Dell Home Systems Service Agreement (Version: 2.0.0) Dell MusicStage (Version: 1.5.201.0) Dell PhotoStage (Version: 1.5.0.65) Dell Stage (Version: 1.5.420.0) Dell Support Center (Version: 3.2.6032.102) Dell Touchpad (Version: 7.1209.101.204) Dell VideoStage (Version: 1.2.0.1712) Dell Webcam Central (Version: 2.00.44) Filzip 3.06 (Version: 3.0.6) FINAL FANTASY XI (Version: 1.010.0) FINAL FANTASY XI: Chains of Promathia (Version: 1.27.0) FINAL FANTASY XI: Rise of the Zilart (Version: 1.18.0) FINAL FANTASY XI: Treasures of Aht Urhgan (Version: 1.35.0) FINAL FANTASY XI: Wings of the Goddess (Version: 1.42.0) FINAL FANTASY XIV FINAL FANTASY XIV (Version: 1.0.0000) GameStop App (Version: 4.00) Google Chrome (Version: 23.0.1271.95) High-Definition Video Playback (Version: 7.3.10000.0.0) InboxDollars Intel PROSet Wireless Intel® Control Center (Version: 1.2.1.1007) Intel® Management Engine Components (Version: 7.0.0.1144) Intel® Processor Graphics (Version: 8.15.10.2345) Intel® PROSet/Wireless Software for Bluetooth® Technology (Version: 1.0.1.0489) Intel® PROSet/Wireless WiFi Software (Version: 14.1.2000) Intel® Turbo Boost Technology Monitor 2.0 (Version: 2.1.23.0) Intel® WiDi (Version: 2.1.38.0) Intel® Wireless Display iRip (Version: 1.2) iTunes (Version: 11.0.0.163) Java 7 Update 9 (Version: 7.0.90) Java Auto Updater (Version: 2.1.9.0) Junk Mail filter update (Version: 15.4.3502.0922) Malwarebytes Anti-Malware version 1.65.1.1000 (Version: 1.65.1.1000) Mesh Runtime (Version: 15.4.5722.2) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Extended (Version: 4.0.30319) Microsoft Application Error Reporting (Version: 12.0.6015.5000) Microsoft Office 2010 (Version: 14.0.4763.1000) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Excel MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Groove MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Office 64-bit Components 2010 (Version: 14.0.6029.1000) Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Professional Plus 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (French) 2010 (Version: 14.0.6029.1000) Microsoft Office Proof (Spanish) 2010 (Version: 14.0.6029.1000) Microsoft Office Proofing (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Office Word MUI (English) 2010 (Version: 14.0.6029.1000) Microsoft Silverlight (Version: 5.1.10411.0) Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053) Microsoft Visual C++ 2005 Redistributable - KB2467175 (Version: 8.0.51011) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319) Might and Magic® VII Minecraft 1.4.5 Mozilla Firefox 8.0 (x86 en-US) (Version: 8.0) MSVCRT (Version: 15.4.2862.0708) MSVCRT_amd64 (Version: 15.4.2862.0708) Mumble 1.2.3 (Version: 1.2.3) Need For Speed Hot Pursuit 2 Nero 10 Movie ThemePack Basic (Version: 10.2.10200.0.0) Nero Control Center 10 (Version: 10.6.12500.0.5) Nero ControlCenter 10 Help (CHM) (Version: 10.2.10800) Nero Core Components 10 (Version: 2.0.20000.9.12) Nero Update (Version: 11.0.10623.22.0) Notepad++ (Version: 5.9.6) NVIDIA 3D Vision Driver 285.62 (Version: 285.62) NVIDIA Control Panel 285.62 (Version: 285.62) NVIDIA Graphics Driver 285.62 (Version: 285.62) NVIDIA HD Audio Driver 1.2.24.0 (Version: 1.2.24.0) NVIDIA Install Application (Version: 2.1002.46.235) NVIDIA Optimus 1.5.20 (Version: 1.5.20) NVIDIA PhysX (Version: 9.11.0621) NVIDIA PhysX System Software 9.11.0621 (Version: 9.11.0621) NVIDIA Stereoscopic 3D Driver (Version: 7.17.12.8562) NVIDIA Update 1.5.20 (Version: 1.5.20) NVIDIA Update Components (Version: 1.5.20) Photo Crop Editor 2.02 PlayOnline Viewer & Tetra Master (Version: 1.18.00) PlayReady PC Runtime x86 (Version: 1.3.0) POLUtils Premium Service Agreement (Version: 2.0.0) QualxServ Service Agreement (Version: 2.0.0) Quickset64 (Version: 11.0.15) Realtek High Definition Audio Driver (Version: 6.0.1.6312) Skype Toolbars (Version: 1.0.4051) Skype™ 6.0 (Version: 6.0.126) swMSM (Version: 12.0.0.1) SyncUP (Version: 1.10.11100.8.106) SyncUP (Version: 10.2.14900) System Requirements Lab TrustedID (Version: 5.0) Ultimate Healer (Version: 2.0.3) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Ventrilo Client for Windows x64 (Version: 3.0.8.0) VLC media player 1.1.11 (Version: 1.1.11) Windows Live Communications Platform (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3502.0922) Windows Live Essentials (Version: 15.4.3555.0308) Windows Live ID Sign-in Assistant (Version: 7.250.4232.0) Windows Live Installer (Version: 15.4.3502.0922) Windows Live Language Selector (Version: 15.4.3555.0308) Windows Live Mail (Version: 15.4.3502.0922) Windows Live Mesh (Version: 15.4.3502.0922) Windows Live Mesh ActiveX Control for Remote Connections (Version: 15.4.5722.2) Windows Live Messenger (Version: 15.4.3538.0513) Windows Live MIME IFilter (Version: 15.4.3502.0922) Windows Live Movie Maker (Version: 15.4.3502.0922) Windows Live Photo Common (Version: 15.4.3502.0922) Windows Live Photo Gallery (Version: 15.4.3502.0922) Windows Live PIMT Platform (Version: 15.4.3508.1109) Windows Live Remote Client (Version: 15.4.5722.2) Windows Live Remote Client Resources (Version: 15.4.5722.2) Windows Live Remote Service (Version: 15.4.5722.2) Windows Live Remote Service Resources (Version: 15.4.5722.2) Windows Live SOXE (Version: 15.4.3502.0922) Windows Live SOXE Definitions (Version: 15.4.3502.0922) Windows Live UX Platform (Version: 15.4.3502.0922) Windows Live UX Platform Language Pack (Version: 15.4.3508.1109) Windows Live Writer (Version: 15.4.3502.0922) Windows Live Writer Resources (Version: 15.4.3502.0922) WinZip 16.5 (Version: 16.5.10096) XI-Util (Version: 0.5.4192.2421) Zinio Reader 4 (Version: 4.2.4164) ========================= Devices: ================================ ========================= Memory info: =================================== Percentage of memory in use: 28% Total physical RAM: 6038.17 MB Available physical RAM: 4313.01 MB Total Pagefile: 12074.53 MB Available Pagefile: 10176.01 MB Total Virtual: 4095.88 MB Available Virtual: 3952 MB ========================= Partitions: ===================================== 1 Drive c: (OS) (Fixed) (Total:576.54 GB) (Free:340.19 GB) NTFS ========================= Users: ======================================== User accounts for \\TIMOTHY_LEIS-PC Administrator Guest Timothy_Leis UpdatusUser ========================= Minidump Files ================================== No minidump file found **** End of log ****

JRT Log as I continue : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.0.7 (12.11.2012:3) OS: Windows 7 Home Premium x64 Ran by Timothy_Leis on Tue 12/11/2012 at 20:37:30.81 Blog: http://thisisudax.blogspot.com ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys Successfully deleted: [Registry Key] hkey_classes_root\clsid\{11111111-1111-1111-1111-110011441193} Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{11111111-1111-1111-1111-110011441193} ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\Timothy_Leis\appdata\local\coupon companion" Successfully deleted: [Folder] "C:\Program Files (x86)\coupon companion" ~~~ FireFox Successfully deleted: [Folder] C:\Users\Timothy_Leis\AppData\Roaming\mozilla\firefox\profiles\zxipgp8v.default\extensions\crossriderapp4493@crossrider.com ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on Tue 12/11/2012 at 20:43:08.32 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Here is the AdwCleaner log while I run the other steps : # AdwCleaner v2.100 - Logfile created 12/11/2012 at 20:33:02 # Updated 09/12/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Timothy_Leis - TIMOTHY_LEIS-PC # Boot Mode : Normal # Running from : C:\Users\Timothy_Leis\Desktop\AdwCleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\user.js File Deleted : C:\Users\Public\Desktop\iLivid.lnk Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\uTorrentControl2 Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\Users\Timothy_Leis\AppData\Local\Conduit Folder Deleted : C:\Users\Timothy_Leis\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Timothy_Leis\AppData\LocalLow\uTorrentControl2 Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\Babylon Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\ConduitCommon Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\CT3072253 Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03} Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\FCTB Folder Deleted : C:\Users\Timothy_Leis\AppData\Roaming\yourfiledownloader ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl2 Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\InstalledBrowserExtensions Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKCU\Software\Softonic Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.FCTB000062133Pos Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.FCTB000062133Pos.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.IEToolbar Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.IEToolbar.1 Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.JSOptionsImpl Key Deleted : HKLM\SOFTWARE\Classes\FCTB000062133.JSOptionsImpl.1 Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1 Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\FCTB000062133 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Deleted : HKLM\Software\uTorrentControl2 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{052F7505-0463-4DB4-AD95-33A906D81D8C} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A96AF925-8C00-4DCF-B18F-E5DE79DB8243} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997} Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16455 Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&babsrc=HP_ss&mntrId=b8457168000000000000ac728971fb93 --> hxxp://www.google.com -\\ Mozilla Firefox v8.0 (en-US) Profile name : default File : C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\prefs.js C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\user.js ... Deleted ! Deleted : user_pref("CT3072253..clientLogIsEnabled", false); Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Sat Jun 02 2012 02:29:11 GMT-0500 (Central Daylight[...] Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true); Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true); Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true); Deleted : user_pref("CT3072253.CTID", "CT3072253"); Deleted : user_pref("CT3072253.CurrentServerDate", "19-7-2012"); Deleted : user_pref("CT3072253.DSInstall", false); Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Fri Oct 19 2012 00:46:09 GMT-0500 (Central Daylig[...] Deleted : user_pref("CT3072253.DownloadReferralCookieData", ""); Deleted : user_pref("CT3072253.FirstServerDate", "2-6-2012"); Deleted : user_pref("CT3072253.FirstTime", true); Deleted : user_pref("CT3072253.FirstTimeFF3", true); Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true); Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3072253.HPInstall", false); Deleted : user_pref("CT3072253.HasUserGlobalKeys", true); Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false); Deleted : user_pref("CT3072253.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CT3072253.Initialize", true); Deleted : user_pref("CT3072253.InitializeCommonPrefs", true); Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3072253.InstallationId", "fftA69B.tmp.exe"); Deleted : user_pref("CT3072253.InstallationType", "XPE"); Deleted : user_pref("CT3072253.InstalledDate", "Sat Jun 02 2012 02:25:54 GMT-0500 (Central Daylight Time)"); Deleted : user_pref("CT3072253.IsAlertDBUpdated", true); Deleted : user_pref("CT3072253.IsGrouping", false); Deleted : user_pref("CT3072253.IsInitSetupIni", true); Deleted : user_pref("CT3072253.IsMulticommunity", false); Deleted : user_pref("CT3072253.IsOpenThankYouPage", true); Deleted : user_pref("CT3072253.IsOpenUninstallPage", false); Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Fri Oct 19 2012 00:46:05 GMT-0500 (Central Dayligh[...] Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Fri Oct 19 2012 00:46:09 GMT-0500 (Central Daylight Time)[...] Deleted : user_pref("CT3072253.LatestVersion", "3.13.0.6"); Deleted : user_pref("CT3072253.Locale", "en"); Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", false); Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.12.0.8"); Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search"); Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "Search the Web"); Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...] Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true); Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Fri Oct 19 2012 00:46:04 GMT-0500 (Central Dayli[...] Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3072253.SearchProtectorEnabled", false); Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Fri Oct 19 2012 00:46:05 GMT-0500 (Central Daylight [...] Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Fri Oct 19 2012 00:46:04 GMT-0500 (Central Daylight Ti[...] Deleted : user_pref("CT3072253.SettingsLastUpdate", "1350221780"); Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13"); Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Tue Oct 02 2012 03:00:53 GMT-0500 (Central Day[...] Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253"); Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3072253.UserID", "UN60344898116551841"); Deleted : user_pref("CT3072253.alertChannelId", "1463702"); Deleted : user_pref("CT3072253.autoDisableScopes", -1); Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "5553"); Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "536174204A756E20303220323031322030323A32353A35362[...] Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Fri Oct 19 2012 00:46:09 GMT-0500 (Central [...] Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3072253.initDone", true); Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true); Deleted : user_pref("CT3072253.myStuffEnabled", true); Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false); Deleted : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...] Deleted : user_pref("CT3072253.revertSettingsEnabled", false); Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3072253.testingCtid", ""); Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Fri Oct 19 2012 00:46:09 GMT-0500 (Central D[...] Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Fri Oct 19 2012 00:46:09 GMT-0500 (Central D[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"df8[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Timothy_Leis\\AppData\\Roaming\\Moz[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.12.0.8"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.freecause.com/search?fr=fr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253"); Deleted : user_pref("CommunityToolbar.globalUserId", "f193521d-6abe-4332-9fc3-777bc781bab1"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253"); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Oct 19 2012 00:46:0[...] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false); Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Oct 19 2012 00:48:15 GMT-0500 (C[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "eb3a1083-ea1c-493e-99d8-62e6066678fb"); Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Search the Web"); Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com"); Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&bab[...] Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)"); Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)"); Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)"); Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012[...] Deleted : user_pref("extensions.BabylonToolbar.admin", false); Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst"); Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en"); Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false); Deleted : user_pref("extensions.BabylonToolbar.id", "b8457168000000000000ac728971fb93"); Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15545"); Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst"); Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar"); Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon"); Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base"); Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q="); Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1"); Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1"); Deleted : user_pref("extensions.BabylonToolbar_i.babExt", ""); Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112555&tt=190712_n_mont_3012_6"); Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true); Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=19071[...] Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none"); Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss"); Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.121:14:15"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.AutoSearchEventData", "auto%20search"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ClearCacheDate", 19); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DisplayEULA", false); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.DnsCatchEventData", "dns%20catch"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.FirstLaunchShown", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.LoadLayoutDate.62133", 19); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.NewTabSearchEventData", "tab%20search"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.RemoveAllData", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.ShowRecommendedOptions", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.StateReportDate", "1350625565354"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.TopRightSearchEventData", "top%20right%20search[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeInstallSaved", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.homepage", "chrome%3A//branding/l[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.beforeinstall.search", "Google"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.customNewTab", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.helpUsImprove", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.hideOthers", false); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.processAddrBar", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.remove_search", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.restoreSearch", false); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.searchHistory", true); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.showFirstLaunchOptions", false); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tb_lang", "en"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.tool_id", "62133"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_id", "79708409"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_key", "525e68e4d164393154b2af33e8cf0b79748[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_layouts", "62133"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.user_lnames", "InboxDollars"); Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.xml_service_url", "64e3a27980eeceb34248bc3e680b[...] Deleted : user_pref("freecause771f303798854423b50fa5ede4854e26.yahooSearch", true); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=[...] Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1); -\\ Google Chrome v23.0.1271.95 File : C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.13] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&babsrc=HP_ss&mntr[...] Deleted [l.79] : icon_url = "hxxp://www.babylon.com/favicon.ico", Deleted [l.82] : keyword = "babylon.com", Deleted [l.85] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=112555&tt=190712_n_mont_3012_6[...] Deleted [l.1939] : homepage = "hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&babsrc=HP_ss&mntrId=[...] ************************* AdwCleaner[s1].txt - [23108 octets] - [11/12/2012 20:33:02] ########## EOF - C:\AdwCleaner[s1].txt - [23169 octets] ##########

I've uninstalled uTorrent, I believe that's the only program I had that was questionable, if there are others, just let me know.

Here's the logs from the last round. mbam-log-2012-12-05 (18-54-35).txt ComboFixLog.txt dds.txt attach.txt

Looking through the logs myself, that coupon companion file is the one that mysteriously showed up yesterday and the random hyperlinks on all my webpages are leading me to a site with that in the name.

Hello, for awhile I've had issues with Babylon taking over my browser but since there was no harm done(visibly) I didn't bother to try to remove it other than the occasional scan from Malwarebytes, however upon scanning this morning, I found a new friend. pup.crossfire.sa had popped up on the scan and I noticed that on my webpages now random words will become hyperlinks and lead to scam websites, knowing this wasn't right, I removed it via Malwarebytes, ran a full scan, and removed another and then restarted. My issue was fixed for... roughly five minutes before they began popping up again... upon running another Malwarebytes scan, they aren't there, but I'm still having issues so I decided it's time to ask for some help. Thanks in advance for your time, here are the files with which I've been asked to include. DDS DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16455 BrowserJavaVersion: 10.9.2 Run by Timothy_Leis at 12:04:41 on 2012-12-05 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.6038.3758 [GMT -6:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe C:\Windows\system32\nvvsvc.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\system32\taskhost.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe C:\Windows\System32\igfxtray.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\DellTPad\Apoint.exe C:\Program Files\DellTPad\ApMsgFwd.exe C:\Program Files\DellTPad\HidFind.exe C:\Program Files\DellTPad\Apntex.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Windows\System32\rundll32.exe C:\Program Files\Dell\QuickSet\quickset.exe C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe C:\Program Files (x86)\3DO\Might and Magic VII\Register\Remind32.exe C:\Program Files\NVIDIA Corporation\Display\nvtray.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Windows\system32\wbem\unsecapp.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Program Files (x86)\Intel\Bluetooth\BTPlayerCtrl.exe C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Nero\Update\NASvc.exe C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe C:\Windows\system32\sppsvc.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Users\Timothy_Leis\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Windows\servicing\TrustedInstaller.exe C:\Windows\notepad.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&babsrc=HP_ss&mntrId=b8457168000000000000ac728971fb93 uURLSearchHooks: FCToolbarURLSearchHook Class: {4219427b-0228-4356-a78b-eb7668d37d07} - C:\Program Files (x86)\InboxDollars\Helper.dll uURLSearchHooks: <No Name>: - LocalServer32 - <no file> mWinlogon: Userinit = userinit.exe, BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: InboxDollars BHO: {6FFB615D-E8CE-4ADD-8D9F-31C4BE9C26E4} - C:\Program Files (x86)\InboxDollars\Toolbar.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Skype add-on for Internet Explorer: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: InboxDollars: {47980628-3844-42AA-A0DD-E2D86BBA9600} - C:\Program Files (x86)\InboxDollars\Toolbar.dll uRun: [Google Update] "C:\Users\Timothy_Leis\AppData\Local\Google\Update\GoogleUpdate.exe" /c uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [NeroLauncher] C:\Program Files (x86)\Nero\SyncUP\NeroLauncher.exe 900 mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [Dell DataSafe Online] C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe mRun: [AccuWeatherWidget] "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\accuweather.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\AccuWeather\start.umj" --startup mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" StartupFolder: C:\Users\TIMOTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\3DO-MI~1.LNK - C:\Program Files (x86)\3DO\Might and Magic VII\Register\Remind32.exe StartupFolder: C:\Users\TIMOTH~1\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\GAMEST~1.LNK - C:\Program Files (x86)\GameStop App\Now\GameStopNow.exe uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:0 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableLUA = dword:0 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: PromptOnSecureDesktop = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab TCP: NameServer = 192.168.1.254 TCP: Interfaces\{56129704-2F79-4324-89A0-5D752DF43327} : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{67A318CE-0E0C-49A8-9B04-E361DE08CB8B} : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{67A318CE-0E0C-49A8-9B04-E361DE08CB8B}\24F696E676F60284F6473707F647 : DHCPNameServer = 10.1.0.1 66.103.80.4 66.103.64.4 TCP: Interfaces\{67A318CE-0E0C-49A8-9B04-E361DE08CB8B}\46C696E6B6 : DHCPNameServer = 192.168.0.1 TCP: Interfaces\{67A318CE-0E0C-49A8-9B04-E361DE08CB8B}\9505E465A4 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{67A318CE-0E0C-49A8-9B04-E361DE08CB8B}\E4544574541425 : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - c:\Program Files (x86)\Cozi Express\CoziProtocolHandler.dll Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll AppInit_DLLs= C:\Windows\SysWOW64\nvinit.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe x64-Run: [intelPAN] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel PAN Tray x64-Run: [bTMTrayAgent] rundll32.exe "C:\Program Files (x86)\Intel\Bluetooth\btmshell.dll",TrayApp x64-Run: [QuickSet] c:\Program Files\Dell\QuickSet\QuickSet.exe x64-Run: [intelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" x64-Run: [DellStage] "C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe" "C:\Program Files (x86)\Dell Stage\Dell Stage\start.umj" --startup x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: cozi - {5356518D-FE9C-4E08-9C1F-1E872ECD367F} - <orphaned> x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL Hosts: 71.19.150.124 forums.windower.net . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Timothy_Leis\AppData\Roaming\Mozilla\Firefox\Profiles\zxipgp8v.default\ FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon) FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112555&tt=190712_n_mont_3012_6&babsrc=HP_ss&mntrId=b8457168000000000000ac728971fb93 FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q= FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Timothy_Leis\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ---- FIREFOX POLICIES ---- FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112555&tt=190712_n_mont_3012_6 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q= FF - user.js: extensions.BabylonToolbar.id - b8457168000000000000ac728971fb93 FF - user.js: extensions.BabylonToolbar.instlDay - 15545 FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1 FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.121:14:15 FF - user.js: extensions.BabylonToolbar.prtnrId - babylon FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar.tlbrId - base FF - user.js: extensions.BabylonToolbar.instlRef - sst FF - user.js: extensions.BabylonToolbar.dfltLng - en FF - user.js: extensions.BabylonToolbar.excTlbr - false FF - user.js: extensions.BabylonToolbar.admin - false . ============= SERVICES / DRIVERS =============== . R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2012-1-10 28992] R1 nvkflt;nvkflt;C:\Windows\System32\drivers\nvkflt.sys [2012-1-10 249152] R2 AERTFilters;Andrea RT Filters Service;C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe [2011-9-5 98208] R2 Bluetooth Device Monitor;Bluetooth Device Monitor;C:\Program Files (x86)\Intel\Bluetooth\devmonsrv.exe [2010-12-14 901184] R2 Bluetooth OBEX Service;Bluetooth OBEX Service;C:\Program Files (x86)\Intel\Bluetooth\obexsrv.exe [2010-12-14 974912] R2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-9-23 641832] R2 NOBU;Dell DataSafe Online;C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe [2010-8-25 2823000] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2011-9-5 1692480] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-10-15 381248] R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\System32\drivers\TurboB.sys [2010-11-29 16120] R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-5 2656280] R3 Bluetooth Media Service;Bluetooth Media Service;C:\Program Files (x86)\Intel\Bluetooth\mediasrv.exe [2010-12-14 1298496] R3 btmaux;Intel Bluetooth Auxiliary Service;C:\Windows\System32\drivers\btmaux.sys [2010-12-14 58128] R3 btmhsf;btmhsf;C:\Windows\System32\drivers\btmhsf.sys [2011-11-15 327168] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\System32\drivers\CtClsFlt.sys [2011-9-5 176096] R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2012-12-1 283200] R3 iBtFltCoex;iBtFltCoex;C:\Windows\System32\drivers\iBtFltCoex.sys [2011-12-9 60416] R3 iwdbus;IWD Bus Enumerator;C:\Windows\System32\drivers\iwdbus.sys [2011-4-26 25496] R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2011-9-5 82432] R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2011-9-5 181760] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-5 412264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2011-9-5 158976] S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\Windows\System32\drivers\intelaud.sys [2011-4-26 34200] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2011-6-16 340240] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-5 250984] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392] S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232] S3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-3 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== File Associations =============== . FileExt: .txt: Applications\notepad++.exe="C:\Program Files (x86)\Notepad++\notepad++.exe" "%1" [userChoice] . =============== Created Last 30 ================ . 2012-12-05 04:27:04 -------- d-----w- C:\Program Files (x86)\iFoxSoft 2012-12-05 04:26:49 77824 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll 2012-12-05 04:26:49 32768 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll 2012-12-05 04:26:49 225280 ------w- C:\Program Files (x86)\Common Files\InstallShield\IScript\iscript.dll 2012-12-05 04:26:49 176128 ------w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll 2012-12-05 04:26:48 614532 ----a-w- C:\Program Files (x86)\Common Files\InstallShield\Engine\6\Intel 32\IKernel.exe 2012-12-05 04:24:16 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\Coupon Companion 2012-12-05 04:24:15 -------- d-----w- C:\Program Files (x86)\Coupon Companion 2012-12-04 23:23:16 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{80CAB305-D5F5-40A4-BEE7-F314BA3BFC00}\mpengine.dll 2012-12-02 07:28:34 -------- d-----w- C:\Program Files (x86)\EA Games 2012-12-01 11:25:04 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{72F22AF4-7340-4A37-9BA8-DC5CE1772878} 2012-12-01 10:39:02 -------- d-----w- C:\Program Files (x86)\3DO 2012-12-01 10:37:11 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-12-01 10:37:01 -------- d--h--w- C:\Windows\msdownld.tmp 2012-12-01 10:36:57 -------- d-----w- C:\Windows\SysWow64\directx 2012-12-01 10:36:52 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-12-01 10:36:52 -------- d-----w- C:\Program Files\iTunes 2012-12-01 10:36:52 -------- d-----w- C:\Program Files\iPod 2012-12-01 10:36:52 -------- d-----w- C:\Program Files (x86)\iTunes 2012-12-01 10:33:46 306688 ----a-w- C:\Windows\IsUninst.exe 2012-12-01 10:26:39 283200 ----a-w- C:\Windows\System32\drivers\dtsoftbus01.sys 2012-12-01 10:26:34 -------- d-----w- C:\Program Files (x86)\DAEMON Tools Lite 2012-11-30 05:39:01 -------- d-----w- C:\Program Files (x86)\Cossacks 2012-11-30 05:38:32 53248 ----a-w- C:\Windows\SysWow64\unrar.dll 2012-11-29 08:00:04 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-11-24 11:37:00 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{E9CACF95-3803-4577-BFB3-B4B56DFDE23B} 2012-11-20 12:45:57 -------- d-----w- C:\Program Files (x86)\AutoClickerbyShocker 2012-11-18 06:36:38 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{610D9C51-C6BC-431F-A702-F40E7E6F31B2} 2012-11-16 11:53:21 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{BE0852A4-0AEF-459F-ACDC-6ED19B0FA8FA} 2012-11-15 09:02:54 95744 ----a-w- C:\Windows\System32\synceng.dll 2012-11-15 09:02:54 78336 ----a-w- C:\Windows\SysWow64\synceng.dll 2012-11-14 15:12:20 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{0D71EBE2-B480-40FC-ACC7-23C4232E4E76} 2012-11-14 15:04:05 9728 ----a-w- C:\Windows\System32\Wdfres.dll 2012-11-14 15:04:05 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys 2012-11-14 15:04:05 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys 2012-11-14 15:04:05 2560 ----a-w- C:\Windows\System32\drivers\en-US\wdf01000.sys.mui 2012-11-14 15:02:14 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys 2012-11-14 15:02:13 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys 2012-11-14 09:00:38 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll 2012-11-14 09:00:38 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll 2012-11-14 09:00:37 744448 ----a-w- C:\Windows\System32\WUDFx.dll 2012-11-14 09:00:37 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll 2012-11-14 09:00:37 229888 ----a-w- C:\Windows\System32\WUDFHost.exe 2012-11-13 03:22:57 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\WinZip 2012-11-11 04:00:20 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{6D061935-73BD-4206-B74C-130C0ACC1BD9} 2012-11-08 14:06:52 -------- d-----w- C:\Users\Timothy_Leis\AppData\Local\{EEF3C035-2DCC-4C28-A69F-1F662C4D3B3E} . ==================== Find3M ==================== . 2012-11-29 07:59:29 821736 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-11-29 07:59:29 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-18 18:25:58 3149824 ----a-w- C:\Windows\System32\win32k.sys 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll 2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll 2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll 2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll 2012-10-09 07:02:08 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-10-09 07:02:08 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-10-08 11:31:03 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-10-08 11:23:52 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-10-08 11:22:55 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-10-08 11:18:22 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-10-08 11:17:35 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-10-08 11:13:33 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-10-08 07:56:24 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-10-08 07:48:03 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-10-08 07:47:44 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-10-08 07:44:05 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-10-08 07:43:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-10-08 07:40:56 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll 2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll 2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll 2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll 2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll 2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll 2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll 2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll 2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll 2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys 2012-09-30 01:54:26 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-09-28 16:32:56 5989776 ----a-w- C:\Windows\System32\usbaaplrc.dll 2012-09-28 16:32:56 53760 ----a-w- C:\Windows\System32\drivers\usbaapl64.sys 2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll . ============= FINISH: 12:05:08.06 =============== Attach.txt . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 11/2/2011 3:10:12 PM System Uptime: 12/5/2012 11:55:32 AM (1 hours ago) . Motherboard: Dell Inc. | | 0FRK44 Processor: Intel® Core i5-2430M CPU @ 2.40GHz | CPU | 2401/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 577 GiB total, 384.488 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP163: 11/29/2012 1:59:17 AM - Installed Java 7 Update 9 RP164: 11/29/2012 3:00:12 AM - Windows Update RP165: 12/1/2012 4:26:41 AM - Device Driver Package Install: DT Soft Ltd System devices RP166: 12/1/2012 4:37:43 AM - Installed DirectX RP167: 12/4/2012 5:22:35 PM - Windows Update RP168: 12/4/2012 10:26:56 PM - Installed Photo Crop Editor 2.02 . ==== Installed Programs ====================== . µTorrent 7-Zip 9.20 Accidental Damage Services Agreement Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) MUI Adobe Shockwave Player 11.6 Advanced Audio FX Engine Apple Application Support Apple Mobile Device Support Apple Software Update Auto Clicker by Shocker Banctec Service Agreement Blio Bonjour Complete Care Business Service Agreement Consumer In-Home Service Agreement Coupon Companion Cozi D3DX10 DAEMON Tools Lite Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Edoc Viewer Dell Getting Started Guide Dell Home Systems Service Agreement Dell MusicStage Dell PhotoStage Dell Stage Dell Support Center Dell Touchpad Dell VideoStage Dell Webcam Central Filzip 3.06 FINAL FANTASY XI FINAL FANTASY XI: Chains of Promathia FINAL FANTASY XI: Rise of the Zilart FINAL FANTASY XI: Treasures of Aht Urhgan FINAL FANTASY XI: Wings of the Goddess FINAL FANTASY XIV GameStop App Google Chrome High-Definition Video Playback InboxDollars Intel PROSet Wireless Intel® Control Center Intel® Management Engine Components Intel® Processor Graphics Intel® PROSet/Wireless Software for Bluetooth® Technology Intel® PROSet/Wireless WiFi Software Intel® Turbo Boost Technology Monitor 2.0 Intel® WiDi Intel® Wireless Display iRip iTunes Java 7 Update 9 Java Auto Updater Java 6 Update 24 (64-bit) Java 6 Update 37 Junk Mail filter update Malwarebytes Anti-Malware version 1.65.1.1000 Mesh Runtime Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Extended Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable - KB2467175 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Might and Magic® VII Minecraft 1.4.5 Mozilla Firefox 8.0 (x86 en-US) MSVCRT MSVCRT_amd64 Mumble 1.2.3 Need For Speed Hot Pursuit 2 Nero 10 Movie ThemePack Basic Nero Control Center 10 Nero ControlCenter 10 Help (CHM) Nero Core Components 10 Nero Update Notepad++ NVIDIA 3D Vision Driver 285.62 NVIDIA Control Panel 285.62 NVIDIA Graphics Driver 285.62 NVIDIA HD Audio Driver 1.2.24.0 NVIDIA Install Application NVIDIA Optimus 1.5.20 NVIDIA PhysX NVIDIA PhysX System Software 9.11.0621 NVIDIA Stereoscopic 3D Driver NVIDIA Update 1.5.20 NVIDIA Update Components Photo Crop Editor 2.02 PlayOnline Viewer & Tetra Master PlayReady PC Runtime x86 POLUtils Premium Service Agreement QualxServ Service Agreement Quickset64 Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553260) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589322) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2553488) 32-Bit Edition Shockwave Skype Toolbars Skype™ 6.0 swMSM SyncUP System Requirements Lab TrustedID Ultimate Healer Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553272) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition Ventrilo Client for Windows x64 VLC media player 1.1.11 Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX Control for Remote Connections Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinZip 16.5 XI-Util Zinio Reader 4 . ==== Event Viewer Messages From Past Week ======== . 12/5/2012 11:57:27 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SftService service. 12/1/2012 4:37:24 AM, Error: iaStor [9] - The device, \Device\Ide\iaStor0, did not respond within the timeout period. 12/1/2012 4:36:36 AM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running. 12/1/2012 4:35:36 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 12/1/2012 4:35:19 AM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. . ==== End Of File ===========================