Jump to content

trendtherapy

Honorary Members
  • Posts

    38
  • Joined

  • Last visited

Everything posted by trendtherapy

  1. After 13 consecutive searches everything seems ok...I hope it stays this way! Thanks for all your time and help! ( I hope Im not posting again tonight!)
  2. Yes it seems only with firefox..I did several searches using chrome and IE and nothing redirected..I did 2 searches of FF before getting redirected with this http://answers.nixxie.com/s.php?k=fringe%20shirt&adid=13183&ts=1001SMA_A07&subid=263328-137419-576-27681&click=1606607115-4141.4209.5072ce13.1a80&ref=http://shopguidefinds.com/index.php?search=fringe%20shirt
  3. Spoke to soon...I did a few searches and it ran ok then when using firefox searching for a song I got this redirection grrrr http://searchmany.com/search/?q=so+got+break+free+song and a redirection with gamestoreads
  4. Yay it works GREAT NOW!! Your the best! How can I prevent that? IS there a program I should be running daily to prevent adware besides my antivirus and malwarebytes?
  5. heres the log ComboFix 12-09-30.03 - jay 10/05/2012 22:24:41.4.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.8215 [GMT -4:00] Running from: c:\users\jay\Desktop\ComboFix.exe Command switches used :: c:\users\jay\Desktop\CFScript.txt AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\MyWebFace_5a c:\program files (x86)\MyWebFace_5a\bar\1.bin\5abarsvc.exe c:\program files (x86)\MyWebFace_5a\bar\1.bin\5abrmon.exe c:\program files (x86)\MyWebFace_5a\bar\1.bin\5abrstub.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\5adyn.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\5afeedmg.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\5ahttpct.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\5aidle.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\5aimpipe.exe c:\program files (x86)\MyWebFace_5a\bar\1.bin\5amlbtn.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\5amsg.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\5ascript.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\5asknlcr.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\5askplay.exe c:\program files (x86)\MyWebFace_5a\bar\1.bin\5atpinst.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\5auabtn.dll c:\program files (x86)\MyWebFace_5a\bar\1.bin\CHROME.MANIFEST c:\program files (x86)\MyWebFace_5a\bar\1.bin\chrome\5affxtbr.jar c:\program files (x86)\MyWebFace_5a\bar\1.bin\INSTALL.RDF c:\program files (x86)\MyWebFace_5a\bar\1.bin\installKeys.js c:\program files (x86)\MyWebFace_5a\bar\1.bin\LOGO.BMP c:\program files (x86)\MyWebFace_5a\bar\1.bin\T8RES.DLL c:\program files (x86)\MyWebFace_5a\bar\1.bin\ThirdPartyInstallers\SymcPCCUInstaller.exe c:\program files (x86)\MyWebFace_5a\bar\1.bin\ThirdPartyInstallers\SymcPCCUInstaller.log c:\program files (x86)\MyWebFace_5a\bar\gen1\COMMON.T8S c:\program files (x86)\MyWebFace_5a\bar\IE9Mesg\COMMON.T8S c:\program files (x86)\MyWebFace_5a\bar\Message\COMMON.T8S c:\program files (x86)\MyWebFace_5a\bar\Settings\s_pid.dat c:\programdata\7E19043568.sys c:\programdata\F4DBB0BEEE.sys c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll c:\programdata\PCDr\6032\AddOnDownloaded\0d03215e-4c16-4ea7-b7d7-805a2556effc.dll c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll c:\programdata\PCDr\6032\AddOnDownloaded\c882e61c-ecc2-4db0-9a28-7cbe8bd4876b.dll c:\users\jay\AppData\Roaming\Kernel32.exe . . ((((((((((((((((((((((((( Files Created from 2012-09-06 to 2012-10-06 ))))))))))))))))))))))))))))))) . . 2012-10-06 02:38 . 2012-10-06 02:38 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-06 02:38 . 2012-10-06 02:38 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-10-01 22:38 . 2012-10-01 22:38 -------- d-----w- c:\program files (x86)\ESET 2012-09-29 13:19 . 2012-09-29 13:18 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-29 13:19 . 2012-09-29 13:18 289768 ----a-w- c:\windows\system32\javaws.exe 2012-09-29 13:19 . 2012-09-29 13:18 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-29 13:19 . 2012-09-29 13:18 189416 ----a-w- c:\windows\system32\javaw.exe 2012-09-29 13:19 . 2012-09-29 13:18 188904 ----a-w- c:\windows\system32\java.exe 2012-09-29 13:19 . 2012-09-29 13:18 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-09-29 13:18 . 2012-09-29 13:18 -------- d-----w- c:\program files\Java 2012-09-26 20:50 . 2012-09-26 20:50 -------- d-----w- c:\users\jay\AppData\Local\SupportSoft 2012-09-26 20:49 . 2012-09-26 20:49 -------- d-----w- c:\programdata\SupportSoft 2012-09-26 20:49 . 2012-09-26 20:49 -------- d-----w- c:\program files (x86)\VERIZONDM 2012-09-26 20:49 . 2012-09-26 20:49 -------- d-----w- c:\program files (x86)\Common Files\SupportSoft 2012-09-26 20:36 . 2012-09-26 20:43 -------- d-----w- c:\users\jay\AppData\Roaming\TechWizard 2012-09-25 23:12 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\program files\iPod 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\program files\iTunes 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\program files (x86)\iTunes 2012-09-23 16:49 . 2012-09-23 16:49 1183089 ----a-w- c:\windows\unins000.exe 2012-09-09 13:15 . 2012-09-09 13:15 -------- d-----w- c:\users\jay\AppData\Roaming\Sony Corporation 2012-09-08 13:22 . 2012-09-08 13:22 -------- d-----w- c:\programdata\Sony Corporation 2012-09-08 13:20 . 2012-09-08 13:22 -------- d-----w- c:\program files (x86)\Sony . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-04 12:06 . 2010-06-20 12:52 5018 --sha-w- c:\programdata\KGyGaAvL.sys 2012-09-23 16:34 . 2010-05-16 05:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-23 16:22 . 2012-09-04 23:03 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-09-21 06:09 . 2012-05-10 07:54 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-21 06:09 . 2011-05-28 14:20 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-07 21:04 . 2011-09-26 13:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-21 17:01 . 2010-05-19 11:35 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 17:01 . 2010-05-19 11:35 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-02 12:19 . 2012-08-02 12:19 711240 ----a-w- c:\windows\is-5V36B.exe 2012-07-12 07:02 . 2010-05-16 02:24 59701280 ----a-w- c:\windows\system32\MRT.exe 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-06-27 526992] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280] "Akamai NetSession Interface"="c:\users\jay\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-07 102400] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232] "Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-01 92352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2011-05-04 136416] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2012-09-06 206120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{90120000-0030-0000-0000-0000000FF1CE}"="del" [X] "{91140000-001A-0000-0000-0000000FF1CE}"="del" [X] . c:\users\jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HD Writer AE.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2010-5-15 210264] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-16 1207312] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288] R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-11-29 591968] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-11-29 1186272] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2011-05-06 293448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-16 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408] S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-04-04 2409800] S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-08-03 352248] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-05-04 25824] S2 MyWebFace_5aService;MyWebFaceService;c:\progra~2\MYWEBF~2\bar\1.bin\5abarsvc.exe [x] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-09-06 206120] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-09-06 185640] S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-01 53224] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 162896] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-08-28 51240] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544] S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864] S3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560] S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-10-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 06:09] . 2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094007905-2170688143-2092116901-1000Core.job - c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 02:52] . 2012-10-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094007905-2170688143-2092116901-1000UA.job - c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 02:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-01 109344] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-01 2026680] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\ FF - prefs.js: browser.startup.homepage - google.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-MyWebFace_5a Browser Plugin Loader - c:\progra~2\MYWEBF~2\bar\1.bin\5abrmon.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-05 22:46:36 ComboFix-quarantined-files.txt 2012-10-06 02:46 ComboFix2.txt 2012-10-01 12:08 ComboFix3.txt 2012-09-30 13:44 . Pre-Run: 727,717,490,688 bytes free Post-Run: 727,375,257,600 bytes free . - - End Of File - - 892BA10361DDEBBC660DC9AA560C946B
  6. ok heres the log # AdwCleaner v2.003 - Logfile created 10/05/2012 at 10:39:53 # Updated 23/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : jay - RINILOVESPC # Boot Mode : Normal # Running from : C:\Users\jay\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** ***** [Registry] ***** ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [OK] Registry is clean. -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\prefs.js [OK] File is clean. -\\ Google Chrome v22.0.1229.79 File : C:\Users\jay\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [32091 octets] - [29/09/2012 10:02:22] AdwCleaner[s2].txt - [32707 octets] - [29/09/2012 11:33:23] AdwCleaner[R2].txt - [952 octets] - [05/10/2012 10:39:53] ########## EOF - C:\AdwCleaner[R2].txt - [1011 octets] ##########
  7. Cant manually delete when I do it says "Folder in use" The action cant be completed because the folder or a file in it is ioen in another program Ckise the folder or file and try again. I dont have anything open when doing this...What next?
  8. Heres a pic of what it deleted...I re-ran and no threats found
  9. I did this and it found 6 threats...i did not remove them..as the box was check to automatically do it. I exited out of the window heres the log Not sure if I should have deleted them? ESETSmartInstaller@High as CAB hook log: OnlineScanner64.ocx - registred OK OnlineScanner.ocx - registred OK
  10. Thanks heres that log ComboFix 12-09-30.01 - jay 10/01/2012 7:48.3.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.7754 [GMT -4:00] Running from: c:\users\jay\Desktop\ComboFix.exe Command switches used :: c:\users\jay\Desktop\CFScript.txt AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\users\jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files (x86)\LimeWire c:\program files (x86)\LimeWire\.NetworkShare\LimeWireWin5.6.2.exe c:\program files (x86)\LimeWire\Buy LimeWire PRO.url c:\program files (x86)\LimeWire\COPYING c:\program files (x86)\LimeWire\gnutella.net c:\program files (x86)\LimeWire\install.log c:\program files (x86)\LimeWire\language.prop c:\program files (x86)\LimeWire\lib\avg\ATL80.dll c:\program files (x86)\LimeWire\lib\avg\avgcorex.dll c:\program files (x86)\LimeWire\lib\avg\avgsdk.dll c:\program files (x86)\LimeWire\lib\avg\avgsdkcom.dll c:\program files (x86)\LimeWire\lib\avg\avgsdkupd.dll c:\program files (x86)\LimeWire\lib\avg\Microsoft.VC80.ATL.manifest c:\program files (x86)\LimeWire\lib\avg\Microsoft.VC80.CRT.manifest c:\program files (x86)\LimeWire\lib\avg\msvcr80.dll c:\program files (x86)\LimeWire\LimeWire On Startup.lnk c:\program files (x86)\LimeWire\SOURCE c:\program files (x86)\LimeWire\unpack.log c:\programdata\F4DBB0BEEE.sys c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll c:\programdata\PCDr\6032\AddOnDownloaded\0d03215e-4c16-4ea7-b7d7-805a2556effc.dll c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll c:\programdata\PCDr\6032\AddOnDownloaded\c882e61c-ecc2-4db0-9a28-7cbe8bd4876b.dll c:\users\jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk . . ((((((((((((((((((((((((( Files Created from 2012-09-01 to 2012-10-01 ))))))))))))))))))))))))))))))) . . 2012-10-01 12:01 . 2012-10-01 12:01 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-10-01 12:01 . 2012-10-01 12:01 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-29 13:19 . 2012-09-29 13:18 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-29 13:19 . 2012-09-29 13:18 289768 ----a-w- c:\windows\system32\javaws.exe 2012-09-29 13:19 . 2012-09-29 13:18 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-29 13:19 . 2012-09-29 13:18 189416 ----a-w- c:\windows\system32\javaw.exe 2012-09-29 13:19 . 2012-09-29 13:18 188904 ----a-w- c:\windows\system32\java.exe 2012-09-29 13:19 . 2012-09-29 13:18 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-09-29 13:18 . 2012-09-29 13:18 -------- d-----w- c:\program files\Java 2012-09-26 20:50 . 2012-09-26 20:50 -------- d-----w- c:\users\jay\AppData\Local\SupportSoft 2012-09-26 20:49 . 2012-09-26 20:49 -------- d-----w- c:\programdata\SupportSoft 2012-09-26 20:49 . 2012-09-26 20:49 -------- d-----w- c:\program files (x86)\VERIZONDM 2012-09-26 20:49 . 2012-09-26 20:49 -------- d-----w- c:\program files (x86)\Common Files\SupportSoft 2012-09-26 20:36 . 2012-09-26 20:43 -------- d-----w- c:\users\jay\AppData\Roaming\TechWizard 2012-09-25 23:12 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\program files\iPod 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\program files\iTunes 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\program files (x86)\iTunes 2012-09-23 16:49 . 2012-09-23 16:49 1183089 ----a-w- c:\windows\unins000.exe 2012-09-09 13:15 . 2012-09-09 13:15 -------- d-----w- c:\users\jay\AppData\Roaming\Sony Corporation 2012-09-08 13:22 . 2012-09-08 13:22 -------- d-----w- c:\programdata\Sony Corporation 2012-09-08 13:20 . 2012-09-08 13:22 -------- d-----w- c:\program files (x86)\Sony 2012-09-04 23:03 . 2012-09-23 16:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-10-01 00:27 . 2010-06-20 12:52 5018 --sha-w- c:\programdata\KGyGaAvL.sys 2012-09-23 16:34 . 2010-05-16 05:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-21 06:09 . 2012-05-10 07:54 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-21 06:09 . 2011-05-28 14:20 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-07 21:04 . 2011-09-26 13:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-21 17:01 . 2010-05-19 11:35 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 17:01 . 2010-05-19 11:35 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-02 12:19 . 2012-08-02 12:19 711240 ----a-w- c:\windows\is-5V36B.exe 2012-07-12 07:02 . 2010-05-16 02:24 59701280 ----a-w- c:\windows\system32\MRT.exe 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-06-27 526992] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280] "Akamai NetSession Interface"="c:\users\jay\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-07 102400] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232] "Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-01 92352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "MyWebFace_5a Browser Plugin Loader"="c:\progra~2\MYWEBF~2\bar\1.bin\5abrmon.exe" [2012-03-25 30096] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2011-05-04 136416] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2012-09-06 206120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{90120000-0030-0000-0000-0000000FF1CE}"="del" [X] "{91140000-001A-0000-0000-0000000FF1CE}"="del" [X] . c:\users\jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HD Writer AE.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2010-5-15 210264] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-16 1207312] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288] R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-11-29 591968] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-11-29 1186272] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144] R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544] R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864] R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2011-05-06 293448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-16 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408] S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-04-04 2409800] S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-08-03 352248] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-05-04 25824] S2 MyWebFace_5aService;MyWebFaceService;c:\progra~2\MYWEBF~2\bar\1.bin\5abarsvc.exe [2012-03-25 42528] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-09-06 206120] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-09-06 185640] S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-01 53224] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 162896] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-08-28 51240] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-10-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 06:09] . 2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094007905-2170688143-2092116901-1000Core.job - c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 02:52] . 2012-10-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094007905-2170688143-2092116901-1000UA.job - c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 02:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-01 109344] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-01 2026680] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\ FF - prefs.js: browser.startup.homepage - google.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-10-01 08:08:54 ComboFix-quarantined-files.txt 2012-10-01 12:08 ComboFix2.txt 2012-09-30 13:44 . Pre-Run: 723,623,182,336 bytes free Post-Run: 723,324,493,824 bytes free . - - End Of File - - 6F2D6D0F6D70AEC84AC0846D1EC78009
  11. ComboFix 12-09-30.01 - jay 09/30/2012 9:24.2.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9221 [GMT -4:00] Running from: c:\users\jay\Desktop\ComboFix.exe AV: BitDefender Antivirus *Disabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} FW: BitDefender Firewall *Disabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} SP: BitDefender AntiSpyware *Disabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\7E19043568.sys c:\programdata\F4DBB0BEEE.sys c:\programdata\PCDr\6032\AddOnDownloaded\06004c97-c212-44da-81de-706b46554efe.dll c:\programdata\PCDr\6032\AddOnDownloaded\0d03215e-4c16-4ea7-b7d7-805a2556effc.dll c:\programdata\PCDr\6032\AddOnDownloaded\44ddba62-3b58-480f-a775-ae7e9dd9d5df.dll c:\programdata\PCDr\6032\AddOnDownloaded\684a43a7-04d5-4797-bc20-4db8a316286c.dll c:\programdata\PCDr\6032\AddOnDownloaded\c882e61c-ecc2-4db0-9a28-7cbe8bd4876b.dll . . ((((((((((((((((((((((((( Files Created from 2012-08-28 to 2012-09-30 ))))))))))))))))))))))))))))))) . . 2012-09-30 13:36 . 2012-09-30 13:36 -------- d-----w- c:\users\Public\AppData\Local\temp 2012-09-30 13:36 . 2012-09-30 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-09-29 13:19 . 2012-09-29 13:18 916456 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-29 13:19 . 2012-09-29 13:18 289768 ----a-w- c:\windows\system32\javaws.exe 2012-09-29 13:19 . 2012-09-29 13:18 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-09-29 13:19 . 2012-09-29 13:18 189416 ----a-w- c:\windows\system32\javaw.exe 2012-09-29 13:19 . 2012-09-29 13:18 188904 ----a-w- c:\windows\system32\java.exe 2012-09-29 13:19 . 2012-09-29 13:18 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll 2012-09-29 13:18 . 2012-09-29 13:18 -------- d-----w- c:\program files\Java 2012-09-26 20:50 . 2012-09-26 20:50 -------- d-----w- c:\users\jay\AppData\Local\SupportSoft 2012-09-26 20:49 . 2012-09-26 20:49 -------- d-----w- c:\programdata\SupportSoft 2012-09-26 20:49 . 2012-09-26 20:49 -------- d-----w- c:\program files (x86)\VERIZONDM 2012-09-26 20:49 . 2012-09-26 20:49 -------- d-----w- c:\program files (x86)\Common Files\SupportSoft 2012-09-26 20:36 . 2012-09-26 20:43 -------- d-----w- c:\users\jay\AppData\Roaming\TechWizard 2012-09-25 23:12 . 2012-08-21 17:01 33240 ----a-w- c:\windows\system32\drivers\GEARAspiWDM.sys 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\program files\iPod 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\program files\iTunes 2012-09-25 23:12 . 2012-09-25 23:12 -------- d-----w- c:\program files (x86)\iTunes 2012-09-23 16:49 . 2012-09-23 16:49 1183089 ----a-w- c:\windows\unins000.exe 2012-09-21 19:46 . 2012-09-29 12:57 -------- d-----w- c:\program files (x86)\LimeWire 2012-09-09 13:15 . 2012-09-09 13:15 -------- d-----w- c:\users\jay\AppData\Roaming\Sony Corporation 2012-09-08 13:22 . 2012-09-08 13:22 -------- d-----w- c:\programdata\Sony Corporation 2012-09-08 13:20 . 2012-09-08 13:22 -------- d-----w- c:\program files (x86)\Sony 2012-09-04 23:03 . 2012-09-23 16:22 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-09-29 14:20 . 2010-06-20 12:52 5018 --sha-w- c:\programdata\KGyGaAvL.sys 2012-09-23 16:34 . 2010-05-16 05:56 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-09-21 06:09 . 2012-05-10 07:54 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2012-09-21 06:09 . 2011-05-28 14:20 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-07 21:04 . 2011-09-26 13:11 25928 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-08-21 17:01 . 2010-05-19 11:35 125872 ----a-w- c:\windows\system32\GEARAspi64.dll 2012-08-21 17:01 . 2010-05-19 11:35 106928 ----a-w- c:\windows\SysWow64\GEARAspi.dll 2012-08-02 12:19 . 2012-08-02 12:19 711240 ----a-w- c:\windows\is-5V36B.exe 2012-07-12 07:02 . 2010-05-16 02:24 59701280 ----a-w- c:\windows\system32\MRT.exe 2010-07-08 14:37 . 2010-07-08 14:37 101544 ----a-w- c:\program files\Common Files\LinkInstaller.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584] "Corel Photo Downloader"="c:\program files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" [2010-06-27 526992] "iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-08-29 59280] "ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280] "Akamai NetSession Interface"="c:\users\jay\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Dell DataSafe Online"="c:\program files (x86)\Dell DataSafe Online\DataSafeOnline.exe" [2009-11-13 1807600] "PDVDDXSrv"="c:\program files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" [2009-12-29 140520] "Dell Webcam Central"="c:\program files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2009-06-24 409744] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-07 102400] "hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "Nikon Transfer Monitor"="c:\program files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe" [2009-09-15 479232] "Standby"="c:\program files (x86)\Common Files\Corel\Standby\Standby.exe" [2010-01-07 105632] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040] "HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208] "FATrayAlert"="c:\program files (x86)\Sensible Vision\Fast Access\FATrayMon.exe" [2010-04-04 95560] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "ATICustomerCare"="c:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" [2010-05-04 311296] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" [2011-06-01 92352] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "MyWebFace_5a Browser Plugin Loader"="c:\progra~2\MYWEBF~2\bar\1.bin\5abrmon.exe" [2012-03-25 30096] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] "Memeo Backup Premium"="c:\program files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe" [2011-05-04 136416] "Seagate Dashboard"="c:\program files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe" [2011-06-01 79112] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-19 421888] "EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2010-10-12 979328] "FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-09 495616] "FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-09 856064] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2010-11-27 648032] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "VERIZONDM"="c:\program files (x86)\VERIZONDM\bin\sprtcmd.exe" [2012-09-06 206120] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce] "c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"="c:\program files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" [2011-10-13 559616] "Launcher"="c:\program files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe" [2011-08-01 165184] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "{90120000-0030-0000-0000-0000000FF1CE}"="del" [X] "{91140000-001A-0000-0000-0000000FF1CE}"="del" [X] . c:\users\jay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] LimeWire On Startup.lnk - c:\program files (x86)\LimeWire\LimeWire.exe [N/A] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HD Writer AE.lnk - c:\program files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe [2010-5-15 210264] HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336] Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-5-16 1207312] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Notification Packages REG_MULTI_SZ scecli FAPassSync Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 DockLoginService;Dock Login Service;c:\program files\Dell\DellDock\DockLogin.exe [x] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936] R2 SessionLauncher;SessionLauncher;c:\users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288] R3 avc3;avc3;c:\windows\system32\DRIVERS\avc3.sys [2010-11-29 591968] R3 avckf;avckf;c:\windows\system32\DRIVERS\avckf.sys [2010-11-29 1186272] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-06-15 172704] R3 dc3d;MS Hardware Device Detection Driver (HID);c:\windows\system32\DRIVERS\dc3d.sys [2010-04-17 27536] R3 FACAP;facap, FastAccess Video Capture;c:\windows\system32\DRIVERS\facap.sys [2008-09-25 238848] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-07 114144] R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;c:\windows\system32\Drivers\OA002Afx.sys [2007-06-08 219544] R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;c:\windows\system32\DRIVERS\OA002Ufd.sys [2008-06-03 168864] R3 OA002Vid;Creative Camera OA002 Function Driver;c:\windows\system32\DRIVERS\OA002Vid.sys [2008-08-01 306560] R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184] R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;c:\program files\dell support center\pcdsrvc_x64.pkms [2012-08-17 25584] R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-26 1124848] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 TrufosAlt;TrufosAlt;c:\windows\system32\DRIVERS\TrufosAlt.sys [2011-05-06 293448] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392] R3 Update Server;BitDefender Update Server v2;c:\program files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-16 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-07-09 55280] S1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;c:\program files\common files\bitdefender\bitdefender firewall\bdfndisf6.sys [2010-08-20 88144] S1 bdfwfpf;bdfwfpf;c:\program files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-08-20 99408] S1 Bdvedisk;Bdvedisk;c:\windows\system32\DRIVERS\bdvedisk.sys [2010-01-19 103944] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960] S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-11-26 203776] S2 EpsonCustomerParticipation;EpsonCustomerParticipation;c:\program files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-06-09 555392] S2 FAService;FAService;c:\program files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-04-04 2409800] S2 IHA_MessageCenter;IHA_MessageCenter;c:\program files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2012-08-03 352248] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432] S2 MemeoBackgroundService;MemeoBackgroundService;c:\program files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-05-04 25824] S2 MyWebFace_5aService;MyWebFaceService;c:\progra~2\MYWEBF~2\bar\1.bin\5abarsvc.exe [2012-03-25 42528] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] S2 SeagateDashboardService;Seagate Dashboard Service;c:\program files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-06-01 14088] S2 SftService;SoftThinks Agent Service;c:\program files (x86)\Dell DataSafe Local Backup\sftservice.EXE [2011-08-18 1692480] S2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);c:\program files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-09-06 206120] S2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);c:\program files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-09-06 185640] S2 Updatesrv;BitDefender Desktop Update Service;c:\program files\BitDefender\BitDefender 2011\updatesrv.exe [2011-06-01 53224] S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-11-26 8120320] S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-11-26 289792] S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-11-17 115216] S3 bdfm;bdfm;c:\windows\system32\DRIVERS\bdfm.sys [2010-05-13 162896] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2008-08-28 51240] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-06-05 216064] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040] . . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost] hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc Akamai REG_MULTI_SZ Akamai . Contents of the 'Scheduled Tasks' folder . 2012-09-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 06:09] . 2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094007905-2170688143-2092116901-1000Core.job - c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 02:52] . 2012-09-30 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2094007905-2170688143-2092116901-1000UA.job - c:\users\jay\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-16 02:52] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-10-03 8158240] "IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904] "Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 130576] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] "BitDefender Antiphishing Helper"="c:\program files\BitDefender\BitDefender 2011\ieshow.exe" [2011-06-01 109344] "BDAgent"="c:\program files\BitDefender\BitDefender 2011\bdagent.exe" [2011-06-01 2026680] . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx mStart Page = about:blank mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> uSearchAssistant = hxxp://www.google.com uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\ FF - prefs.js: browser.startup.homepage - google.com . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-MobileDocuments - c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe Wow6432Node-HKLM-Run-FAStartup - (no file) . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai] "ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_5891ae0.dll" . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\PCDSRVC{1E208CE0-FB7451FF-06020200}_0] "ImagePath"="\??\c:\program files\dell support center\pcdsrvc_x64.pkms" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-09-30 09:44:31 ComboFix-quarantined-files.txt 2012-09-30 13:44 . Pre-Run: 724,820,652,032 bytes free Post-Run: 724,746,584,064 bytes free . - - End Of File - - 4590B1C2B262704A56963AB38FFA958A
  12. After using Firefox after all these steps were properly taken I still get these redirection searches! ;( what now shall I tell I who redirects?
  13. Here it is # AdwCleaner v2.003 - Logfile created 09/29/2012 at 11:33:23 # Updated 23/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : jay - RINILOVESPC # Boot Mode : Normal # Running from : C:\Users\jay\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\Program Files (x86)\ConduitEngine Folder Deleted : C:\Program Files (x86)\uTorrentBar Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\Users\jay\AppData\Local\APN Folder Deleted : C:\Users\jay\AppData\Local\Conduit Folder Deleted : C:\Users\jay\AppData\LocalLow\Conduit Folder Deleted : C:\Users\jay\AppData\LocalLow\ConduitEngine Folder Deleted : C:\Users\jay\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\jay\AppData\LocalLow\uTorrentBar Folder Deleted : C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\Conduit Folder Deleted : C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\ConduitCommon Folder Deleted : C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\ConduitEngine Folder Deleted : C:\Users\jay\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Conduit Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar Key Deleted : HKCU\Software\Cr_Installer Key Deleted : HKCU\Software\IM Key Deleted : HKCU\Software\ImInstaller Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3061355 Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\conduitEngine Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\Software\uTorrentBar Key Deleted : HKLM\Software\Viewpoint Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6778B4A-C270-4462-892D-2675205A3CF7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2905FAA-44ED-4F40-8922-67E8BE4EFE74} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope] Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q={searchTerms} --> hxxp://www.google.com Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q={searchTerms} --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\prefs.js Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2786678.CTID", "CT2786678"); Deleted : user_pref("CT2786678.CurrentServerDate", "13-11-2010"); Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2786678.DownloadReferralCookieData", ""); Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 182); Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sat Nov 13 2010 07:16:43 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sat Nov 13 2010 07:16:43 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sat Nov 13 2010 07:16:43 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sat Nov 13 2010 07:16:43 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sat Nov 13 2010 07:16:43 GMT-0500 (Eastern St[...] Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10); Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15); Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5); Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5); Deleted : user_pref("CT2786678.FirstServerDate", "13-11-2010"); Deleted : user_pref("CT2786678.FirstTime", true); Deleted : user_pref("CT2786678.FirstTimeFF3", true); Deleted : user_pref("CT2786678.FirstTimeSettingsDone", true); Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false); Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2786678.Initialize", true); Deleted : user_pref("CT2786678.InitializeCommonPrefs", true); Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 1); Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2786678.InstalledDate", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Standard Time)"); Deleted : user_pref("CT2786678.IsGrouping", false); Deleted : user_pref("CT2786678.IsMulticommunity", false); Deleted : user_pref("CT2786678.IsOpenThankYouPage", false); Deleted : user_pref("CT2786678.IsOpenUninstallPage", false); Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Standar[...] Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2786678.LastLogin_2.7.2.0", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("CT2786678.LatestVersion", "2.7.2.0"); Deleted : user_pref("CT2786678.Locale", "en"); Deleted : user_pref("CT2786678.LoginCache", 4); Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2786678.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...] Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true); Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Stand[...] Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2786678.SettingsCheckIntervalMin", 120); Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Nov 13 2010 00:16:41 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT2786678.SettingsLastUpdate", "1289603912"); Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sat Nov 13 2010 00:16:41 GMT-0500 (Eastern Sta[...] Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578"); Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Deleted : user_pref("CT2786678.UserID", "UN84770513513478381"); Deleted : user_pref("CT2786678.ValidationData_Toolbar", 0); Deleted : user_pref("CT2786678.WeatherNetwork", ""); Deleted : user_pref("CT2786678.WeatherPollDate", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Standard Time)"); Deleted : user_pref("CT2786678.WeatherUnit", "C"); Deleted : user_pref("CT2786678.alertChannelId", "1178763"); Deleted : user_pref("CT2786678.clientLogIsEnabled", true); Deleted : user_pref("CT2786678.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Deleted : user_pref("CT2786678.myStuffEnabled", true); Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2786678.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Deleted : user_pref("CT3061355..clientLogIsEnabled", false); Deleted : user_pref("CT3061355..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT3061355..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT3061355.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT3061355.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT3061355.BrowserCompStateIsOpen_129559837146690083", true); Deleted : user_pref("CT3061355.CTID", "CT3061355"); Deleted : user_pref("CT3061355.CommunitiesChangesLastCheckTime", "0"); Deleted : user_pref("CT3061355.CurrentServerDate", "22-6-2012"); Deleted : user_pref("CT3061355.DSInstall", false); Deleted : user_pref("CT3061355.DialogsAlignMode", "LTR"); Deleted : user_pref("CT3061355.DialogsGetterLastCheckTime", "Thu Jun 21 2012 07:35:06 GMT-0400 (Eastern Daylig[...] Deleted : user_pref("CT3061355.DownloadReferralCookieData", ""); Deleted : user_pref("CT3061355.EnableClickToSearchBox", false); Deleted : user_pref("CT3061355.EnableSearchHistory", true); Deleted : user_pref("CT3061355.EnableSearchSuggest", false); Deleted : user_pref("CT3061355.FirstServerDate", "29-3-2012"); Deleted : user_pref("CT3061355.FirstTime", true); Deleted : user_pref("CT3061355.FirstTimeFF3", true); Deleted : user_pref("CT3061355.FixPageNotFoundErrors", false); Deleted : user_pref("CT3061355.GroupingInvalidateCache", false); Deleted : user_pref("CT3061355.GroupingLastCheckTime", "0"); Deleted : user_pref("CT3061355.GroupingLastServerUpdateTime", "0"); Deleted : user_pref("CT3061355.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT3061355.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT3061355.HPInstall", false); Deleted : user_pref("CT3061355.HasUserGlobalKeys", true); Deleted : user_pref("CT3061355.HomePageProtectorEnabled", false); Deleted : user_pref("CT3061355.HomepageBeforeUnload", "hxxp://mystart.smilebox.com?a=6R8oir99M1"); Deleted : user_pref("CT3061355.Initialize", true); Deleted : user_pref("CT3061355.InitializeCommonPrefs", true); Deleted : user_pref("CT3061355.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT3061355.InstallationId", "ConduitNSISIntegration"); Deleted : user_pref("CT3061355.InstallationType", "ConduitXPEIntegration"); Deleted : user_pref("CT3061355.InstalledDate", "Thu Mar 29 2012 09:22:44 GMT-0400 (Eastern Daylight Time)"); Deleted : user_pref("CT3061355.InvalidateCache", false); Deleted : user_pref("CT3061355.IsAlertDBUpdated", true); Deleted : user_pref("CT3061355.IsGrouping", false); Deleted : user_pref("CT3061355.IsInitSetupIni", true); Deleted : user_pref("CT3061355.IsMulticommunity", false); Deleted : user_pref("CT3061355.IsOpenThankYouPage", false); Deleted : user_pref("CT3061355.IsOpenUninstallPage", true); Deleted : user_pref("CT3061355.LanguagePackLastCheckTime", "Fri Jun 22 2012 07:35:09 GMT-0400 (Eastern Dayligh[...] Deleted : user_pref("CT3061355.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT3061355.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT3061355.LastLogin_3.10.0.1", "Fri Mar 30 2012 09:22:47 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT3061355.LastLogin_3.12.2.3", "Wed May 23 2012 10:00:49 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT3061355.LastLogin_3.13.0.6", "Fri Jun 22 2012 08:17:56 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT3061355.LatestVersion", "3.13.0.6"); Deleted : user_pref("CT3061355.Locale", "en"); Deleted : user_pref("CT3061355.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT3061355.MCDetectTooltipShow", false); Deleted : user_pref("CT3061355.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT3061355.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT3061355.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT3061355.OriginalFirstVersion", "3.10.0.1"); Deleted : user_pref("CT3061355.RadioIsPodcast", false); Deleted : user_pref("CT3061355.RadioLastCheckTime", "0"); Deleted : user_pref("CT3061355.RadioLastUpdateIPServer", "0"); Deleted : user_pref("CT3061355.RadioLastUpdateServer", "0"); Deleted : user_pref("CT3061355.RadioMediaID", "9962"); Deleted : user_pref("CT3061355.RadioMediaType", "Media Player"); Deleted : user_pref("CT3061355.RadioMenuSelectedID", "EBRadioMenu_CT30613559962"); Deleted : user_pref("CT3061355.RadioShrinked", "shrinked"); Deleted : user_pref("CT3061355.RadioShrinkedFromSetup", true); Deleted : user_pref("CT3061355.RadioStationName", "California%20Rock"); Deleted : user_pref("CT3061355.RadioStationURL", "hxxp://feedlive.net/california.asx"); Deleted : user_pref("CT3061355.SHRINK_TOOLBAR", 0); Deleted : user_pref("CT3061355.SearchBackToDefaultEngine", false); Deleted : user_pref("CT3061355.SearchBoxWidth", 173); Deleted : user_pref("CT3061355.SearchCaption", "SmileBox EN Customized Web Search"); Deleted : user_pref("CT3061355.SearchEngineBeforeUnload", "MyStart Search"); Deleted : user_pref("CT3061355.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT3061355.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT306[...] Deleted : user_pref("CT3061355.SearchInNewTabEnabled", true); Deleted : user_pref("CT3061355.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT3061355.SearchInNewTabLastCheckTime", "Fri Jun 22 2012 07:35:09 GMT-0400 (Eastern Dayli[...] Deleted : user_pref("CT3061355.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT3061355.SearchProtectorEnabled", false); Deleted : user_pref("CT3061355.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT3061355.SendProtectorDataViaLogin", true); Deleted : user_pref("CT3061355.ServiceMapLastCheckTime", "Fri Jun 22 2012 07:35:09 GMT-0400 (Eastern Daylight [...] Deleted : user_pref("CT3061355.SettingsLastCheckTime", "Thu Jun 21 2012 07:06:23 GMT-0400 (Eastern Daylight Ti[...] Deleted : user_pref("CT3061355.SettingsLastUpdate", "1340129166"); Deleted : user_pref("CT3061355.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3061355&SearchSource=13"); Deleted : user_pref("CT3061355.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT3061355.ThirdPartyComponentsLastCheck", "Thu Mar 29 2012 09:22:43 GMT-0400 (Eastern Day[...] Deleted : user_pref("CT3061355.ThirdPartyComponentsLastUpdate", "1312887586"); Deleted : user_pref("CT3061355.ToolbarShrinkedFromSetup", true); Deleted : user_pref("CT3061355.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3061355"); Deleted : user_pref("CT3061355.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT3061355.Uninstall", true); Deleted : user_pref("CT3061355.UserID", "UN12837089960057946"); Deleted : user_pref("CT3061355.WeatherNetwork", ""); Deleted : user_pref("CT3061355.WeatherPollDate", "Fri Mar 30 2012 09:22:49 GMT-0400 (Eastern Daylight Time)"); Deleted : user_pref("CT3061355.WeatherUnit", "F"); Deleted : user_pref("CT3061355.alertChannelId", "1452883"); Deleted : user_pref("CT3061355.approveUntrustedApps", false); Deleted : user_pref("CT3061355.autoDisableScopes", -1); Deleted : user_pref("CT3061355.components.1000048", false); Deleted : user_pref("CT3061355.components.1000080", true); Deleted : user_pref("CT3061355.components.1000082", false); Deleted : user_pref("CT3061355.components.1000234", false); Deleted : user_pref("CT3061355.components.129559837144483414", false); Deleted : user_pref("CT3061355.components.129559837145157132", false); Deleted : user_pref("CT3061355.components.129559837145821085", false); Deleted : user_pref("CT3061355.components.129559837146690083", false); Deleted : user_pref("CT3061355.components.129563116616869089", false); Deleted : user_pref("CT3061355.components.129563117235174082", false); Deleted : user_pref("CT3061355.components.129822471277004329", false); Deleted : user_pref("CT3061355.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT3061355.globalFirstTimeInfoLastCheckTime", "Thu Mar 29 2012 09:22:44 GMT-0400 (Eastern [...] Deleted : user_pref("CT3061355.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT3061355.initDone", true); Deleted : user_pref("CT3061355.isAppTrackingManagerOn", true); Deleted : user_pref("CT3061355.isFirstRadioInstallation", false); Deleted : user_pref("CT3061355.isSearchProtectorNotifyChanges", false); Deleted : user_pref("CT3061355.myStuffEnabled", true); Deleted : user_pref("CT3061355.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT3061355.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT3061355.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT3061355.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT3061355.navigateToUrlOnSearch", false); Deleted : user_pref("CT3061355.revertSettingsEnabled", false); Deleted : user_pref("CT3061355.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT3061355.searchProtectorEnableByLogin", true); Deleted : user_pref("CT3061355.testingCtid", ""); Deleted : user_pref("CT3061355.toolbarAppMetaDataLastCheckTime", "Thu Jun 21 2012 07:35:08 GMT-0400 (Eastern D[...] Deleted : user_pref("CT3061355.toolbarContextMenuLastCheckTime", "Thu Mar 29 2012 09:22:44 GMT-0400 (Eastern D[...] Deleted : user_pref("CT3061355.usageEnabled", false); Deleted : user_pref("CT3061355.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3061355/CT3061355[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1452883/1448538/US", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3061355", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3061355",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?curre[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...] Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\jay\\AppData\\Roaming\\Mozilla\\Fir[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://aolsearch.aol.com/aol/search?invo[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,ConduitEngine,CT3061355"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT3061355"); Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3061355"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 09 2011 17:40:26 GMT-04[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 28 2011 07:29:16 GMT-0400 (Easte[...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 07:29:08 GMT-0400 (Eastern D[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "fdab1117-bf25-4e68-9f80-ed1acefd8ec2"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Mar 30 2012 09:34:18 GMT-0400 (Eas[...] Deleted : user_pref("CommunityToolbar.globalUserId", "2e5775c7-ae1b-4c82-8d49-9a55ab93e432"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jun 21 2012 08:16:2[...] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false); Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Mar 29 2012 09:22:53 GMT-040[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 22 2012 08:16:24 GMT-0400 (E[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "16c535c3-1a74-48b2-a83a-0d327007088b"); Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.smilebox.com?a=6R8oir99M1"); Deleted : user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search"); Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun May 01 2011 18:56:32 GMT-0400 (Eastern Dayl[...] Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine"); Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 26 2011 20:52:23 GMT-0400 (Eastern Da[...] Deleted : user_pref("ConduitEngine.FirstServerDate", "04/10/2011 00"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Apr 09 2011 17:40:28 GMT-0400 (Eastern Daylight Time)"[...] Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jun 27 2011 18:00:02 GMT-0400 (Eastern Day[...] Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 28 2011 17:37:15 GMT-0400 (Eastern Daylight Ti[...] Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 28 2011 17:37:15 GMT-0400 (Eastern Dayligh[...] Deleted : user_pref("ConduitEngine.UserID", "UN19104013597260266"); Deleted : user_pref("ConduitEngine.componentAlertEnabled", false); Deleted : user_pref("ConduitEngine.engineLocale", "en-US"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 28 2011 07:29:08 GMT-0400 (Easte[...] Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 28 2011 16:58:35 GMT-0400 (East[...] Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Deleted : user_pref("browser.search.defaultengine", "Ask.com"); Deleted : user_pref("browser.search.defaultenginename", "Ask.com"); Deleted : user_pref("browser.search.order.1", "Ask.com"); Deleted : user_pref("browser.search.selectedEngine", "Web Search"); Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&[...] -\\ Google Chrome v22.0.1229.79 File : C:\Users\jay\AppData\Local\Google\Chrome\User Data\Default\Preferences Deleted [l.34] : homepage = "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=hp", ************************* AdwCleaner[R1].txt - [32091 octets] - [29/09/2012 10:02:22] AdwCleaner[s2].txt - [32598 octets] - [29/09/2012 11:33:23] ########## EOF - C:\AdwCleaner[s2].txt - [32659 octets] ##########
  14. Heres the aswMBR Log aswMBR version 0.9.9.1665 Copyright© 2011 AVAST Software Run date: 2012-09-29 09:57:13 ----------------------------- 09:57:13.091 OS Version: Windows x64 6.1.7601 Service Pack 1 09:57:13.091 Number of processors: 8 586 0x1A05 09:57:13.091 ComputerName: RINILOVESPC UserName: jay 09:57:16.117 Initialize success 09:57:39.045 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 09:57:39.045 Disk 0 Vendor: Intel___ 1.0. Size: 953875MB BusType: 8 09:57:39.076 Disk 0 MBR read successfully 09:57:39.076 Disk 0 MBR scan 09:57:39.076 Disk 0 Windows VISTA default MBR code 09:57:39.108 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63 09:57:39.108 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 9642 MB offset 81920 09:57:39.123 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 944192 MB offset 19828736 09:57:39.186 Disk 0 scanning C:\Windows\system32\drivers 09:57:46.705 Service scanning 09:58:01.306 Modules scanning 09:58:01.306 Disk 0 trace - called modules: 09:58:01.322 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 09:58:01.338 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800ae6f790] 09:58:01.338 3 CLASSPNP.SYS[fffff88001bae43f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800abbe050] 09:58:01.338 Scan finished successfully 10:00:39.881 Disk 0 MBR has been saved successfully to "C:\Users\jay\Desktop\MBR.dat" 10:00:39.912 The log file has been saved successfully to "C:\Users\jay\Desktop\aswMBR.txt" AdW Cleaner Log # AdwCleaner v2.003 - Logfile created 09/29/2012 at 10:02:22 # Updated 23/09/2012 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : jay - RINILOVESPC # Boot Mode : Normal # Running from : C:\Users\jay\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** Folder Found : C:\Program Files (x86)\Conduit Folder Found : C:\Program Files (x86)\ConduitEngine Folder Found : C:\Program Files (x86)\uTorrentBar Folder Found : C:\ProgramData\Ask Folder Found : C:\Users\jay\AppData\Local\APN Folder Found : C:\Users\jay\AppData\Local\Conduit Folder Found : C:\Users\jay\AppData\LocalLow\Conduit Folder Found : C:\Users\jay\AppData\LocalLow\ConduitEngine Folder Found : C:\Users\jay\AppData\LocalLow\PriceGong Folder Found : C:\Users\jay\AppData\LocalLow\uTorrentBar Folder Found : C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\Conduit Folder Found : C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\ConduitCommon Folder Found : C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\ConduitEngine Folder Found : C:\Users\jay\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Conduit Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Software\conduitEngine Key Found : HKCU\Software\AppDataLow\Software\Crossrider Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\SmartBar Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar Key Found : HKCU\Software\Cr_Installer Key Found : HKCU\Software\IM Key Found : HKCU\Software\ImInstaller Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F8D96645-337C-419B-8792-B6C126145811} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3} Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1 Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1 Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3061355 Key Found : HKLM\SOFTWARE\Classes\TypeLib\{03119103-0854-469D-807A-171568457991} Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\conduitEngine Key Found : HKLM\Software\conduitEngine Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\Software\uTorrentBar Key Found : HKLM\Software\Viewpoint Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{13119113-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{33119133-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F8D96645-337C-419B-8792-B6C126145811} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B6778B4A-C270-4462-892D-2675205A3CF7} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C2905FAA-44ED-4F40-8922-67E8BE4EFE74} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Key Found : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Found : HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0} Key Found : HKU\S-1-5-21-2094007905-2170688143-2092116901-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Found : HKU\S-1-5-21-2094007905-2170688143-2092116901-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Found : HKU\S-1-5-21-2094007905-2170688143-2092116901-1000\Software\Microsoft\Internet Explorer\SearchScopes\{4F11ACBB-393F-4c86-A214-FF3D0D155CC3} Key Found : HKU\S-1-5-21-2094007905-2170688143-2092116901-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A} Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q={searchTerms} [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q={searchTerms} -\\ Mozilla Firefox v15.0.1 (en-US) Profile name : default File : C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\prefs.js Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2786678.CTID", "CT2786678"); Found : user_pref("CT2786678.CurrentServerDate", "13-11-2010"); Found : user_pref("CT2786678.DialogsAlignMode", "LTR"); Found : user_pref("CT2786678.DownloadReferralCookieData", ""); Found : user_pref("CT2786678.EMailNotifierPollDate", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Standard Ti[...] Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 182); Found : user_pref("CT2786678.FeedPollDate129301619375443753", "Sat Nov 13 2010 07:16:43 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedPollDate129301619375443759", "Sat Nov 13 2010 07:16:43 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedPollDate129301619375444699", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedPollDate129301619375444705", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedPollDate129301619375444711", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedPollDate129301619375444717", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedPollDate129301619375444723", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedPollDate129301619375444729", "Sat Nov 13 2010 07:16:42 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedPollDate129301619375444735", "Sat Nov 13 2010 07:16:43 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedPollDate129301619375444741", "Sat Nov 13 2010 07:16:43 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedPollDate129301619375444747", "Sat Nov 13 2010 07:16:43 GMT-0500 (Eastern St[...] Found : user_pref("CT2786678.FeedTTL129301619375444699", 10); Found : user_pref("CT2786678.FeedTTL129301619375444723", 15); Found : user_pref("CT2786678.FeedTTL129301619375444735", 5); Found : user_pref("CT2786678.FeedTTL129301619375444747", 5); Found : user_pref("CT2786678.FirstServerDate", "13-11-2010"); Found : user_pref("CT2786678.FirstTime", true); Found : user_pref("CT2786678.FirstTimeFF3", true); Found : user_pref("CT2786678.FirstTimeSettingsDone", true); Found : user_pref("CT2786678.FixPageNotFoundErrors", false); Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440); Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2786678.Initialize", true); Found : user_pref("CT2786678.InitializeCommonPrefs", true); Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 1); Found : user_pref("CT2786678.InstallationType", "UnknownIntegration"); Found : user_pref("CT2786678.InstalledDate", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Standard Time)"); Found : user_pref("CT2786678.IsGrouping", false); Found : user_pref("CT2786678.IsMulticommunity", false); Found : user_pref("CT2786678.IsOpenThankYouPage", false); Found : user_pref("CT2786678.IsOpenUninstallPage", false); Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Standar[...] Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2786678.LastLogin_2.7.2.0", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Standard Time)"[...] Found : user_pref("CT2786678.LatestVersion", "2.7.2.0"); Found : user_pref("CT2786678.Locale", "en"); Found : user_pref("CT2786678.LoginCache", 4); Found : user_pref("CT2786678.MCDetectTooltipHeight", "83"); Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2786678.MCDetectTooltipWidth", "295"); Found : user_pref("CT2786678.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...] Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true); Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...] Found : user_pref("CT2786678.SearchInNewTabEnabled", true); Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Stand[...] Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2786678.SettingsCheckIntervalMin", 120); Found : user_pref("CT2786678.SettingsLastCheckTime", "Sat Nov 13 2010 00:16:41 GMT-0500 (Eastern Standard Ti[...] Found : user_pref("CT2786678.SettingsLastUpdate", "1289603912"); Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sat Nov 13 2010 00:16:41 GMT-0500 (Eastern Sta[...] Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578"); Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...] Found : user_pref("CT2786678.UserID", "UN84770513513478381"); Found : user_pref("CT2786678.ValidationData_Toolbar", 0); Found : user_pref("CT2786678.WeatherNetwork", ""); Found : user_pref("CT2786678.WeatherPollDate", "Sat Nov 13 2010 00:16:42 GMT-0500 (Eastern Standard Time)"); Found : user_pref("CT2786678.WeatherUnit", "C"); Found : user_pref("CT2786678.alertChannelId", "1178763"); Found : user_pref("CT2786678.clientLogIsEnabled", true); Found : user_pref("CT2786678.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...] Found : user_pref("CT2786678.myStuffEnabled", true); Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400); Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2786678.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...] Found : user_pref("CT3061355..clientLogIsEnabled", false); Found : user_pref("CT3061355..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT3061355..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT3061355.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT3061355.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT3061355.BrowserCompStateIsOpen_129559837146690083", true); Found : user_pref("CT3061355.CTID", "CT3061355"); Found : user_pref("CT3061355.CommunitiesChangesLastCheckTime", "0"); Found : user_pref("CT3061355.CurrentServerDate", "22-6-2012"); Found : user_pref("CT3061355.DSInstall", false); Found : user_pref("CT3061355.DialogsAlignMode", "LTR"); Found : user_pref("CT3061355.DialogsGetterLastCheckTime", "Thu Jun 21 2012 07:35:06 GMT-0400 (Eastern Daylig[...] Found : user_pref("CT3061355.DownloadReferralCookieData", ""); Found : user_pref("CT3061355.EnableClickToSearchBox", false); Found : user_pref("CT3061355.EnableSearchHistory", true); Found : user_pref("CT3061355.EnableSearchSuggest", false); Found : user_pref("CT3061355.FirstServerDate", "29-3-2012"); Found : user_pref("CT3061355.FirstTime", true); Found : user_pref("CT3061355.FirstTimeFF3", true); Found : user_pref("CT3061355.FixPageNotFoundErrors", false); Found : user_pref("CT3061355.GroupingInvalidateCache", false); Found : user_pref("CT3061355.GroupingLastCheckTime", "0"); Found : user_pref("CT3061355.GroupingLastServerUpdateTime", "0"); Found : user_pref("CT3061355.GroupingServerCheckInterval", 1440); Found : user_pref("CT3061355.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT3061355.HPInstall", false); Found : user_pref("CT3061355.HasUserGlobalKeys", true); Found : user_pref("CT3061355.HomePageProtectorEnabled", false); Found : user_pref("CT3061355.HomepageBeforeUnload", "hxxp://mystart.smilebox.com?a=6R8oir99M1"); Found : user_pref("CT3061355.Initialize", true); Found : user_pref("CT3061355.InitializeCommonPrefs", true); Found : user_pref("CT3061355.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT3061355.InstallationId", "ConduitNSISIntegration"); Found : user_pref("CT3061355.InstallationType", "ConduitXPEIntegration"); Found : user_pref("CT3061355.InstalledDate", "Thu Mar 29 2012 09:22:44 GMT-0400 (Eastern Daylight Time)"); Found : user_pref("CT3061355.InvalidateCache", false); Found : user_pref("CT3061355.IsAlertDBUpdated", true); Found : user_pref("CT3061355.IsGrouping", false); Found : user_pref("CT3061355.IsInitSetupIni", true); Found : user_pref("CT3061355.IsMulticommunity", false); Found : user_pref("CT3061355.IsOpenThankYouPage", false); Found : user_pref("CT3061355.IsOpenUninstallPage", true); Found : user_pref("CT3061355.LanguagePackLastCheckTime", "Fri Jun 22 2012 07:35:09 GMT-0400 (Eastern Dayligh[...] Found : user_pref("CT3061355.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT3061355.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT3061355.LastLogin_3.10.0.1", "Fri Mar 30 2012 09:22:47 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT3061355.LastLogin_3.12.2.3", "Wed May 23 2012 10:00:49 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT3061355.LastLogin_3.13.0.6", "Fri Jun 22 2012 08:17:56 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT3061355.LatestVersion", "3.13.0.6"); Found : user_pref("CT3061355.Locale", "en"); Found : user_pref("CT3061355.MCDetectTooltipHeight", "83"); Found : user_pref("CT3061355.MCDetectTooltipShow", false); Found : user_pref("CT3061355.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT3061355.MCDetectTooltipWidth", "295"); Found : user_pref("CT3061355.MyStuffEnabledAtInstallation", true); Found : user_pref("CT3061355.OriginalFirstVersion", "3.10.0.1"); Found : user_pref("CT3061355.RadioIsPodcast", false); Found : user_pref("CT3061355.RadioLastCheckTime", "0"); Found : user_pref("CT3061355.RadioLastUpdateIPServer", "0"); Found : user_pref("CT3061355.RadioLastUpdateServer", "0"); Found : user_pref("CT3061355.RadioMediaID", "9962"); Found : user_pref("CT3061355.RadioMediaType", "Media Player"); Found : user_pref("CT3061355.RadioMenuSelectedID", "EBRadioMenu_CT30613559962"); Found : user_pref("CT3061355.RadioShrinked", "shrinked"); Found : user_pref("CT3061355.RadioShrinkedFromSetup", true); Found : user_pref("CT3061355.RadioStationName", "California%20Rock"); Found : user_pref("CT3061355.RadioStationURL", "hxxp://feedlive.net/california.asx"); Found : user_pref("CT3061355.SHRINK_TOOLBAR", 0); Found : user_pref("CT3061355.SearchBackToDefaultEngine", false); Found : user_pref("CT3061355.SearchBoxWidth", 173); Found : user_pref("CT3061355.SearchCaption", "SmileBox EN Customized Web Search"); Found : user_pref("CT3061355.SearchEngineBeforeUnload", "MyStart Search"); Found : user_pref("CT3061355.SearchFromAddressBarIsInit", true); Found : user_pref("CT3061355.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT306[...] Found : user_pref("CT3061355.SearchInNewTabEnabled", true); Found : user_pref("CT3061355.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT3061355.SearchInNewTabLastCheckTime", "Fri Jun 22 2012 07:35:09 GMT-0400 (Eastern Dayli[...] Found : user_pref("CT3061355.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT3061355.SearchProtectorEnabled", false); Found : user_pref("CT3061355.SearchProtectorToolbarDisabled", false); Found : user_pref("CT3061355.SendProtectorDataViaLogin", true); Found : user_pref("CT3061355.ServiceMapLastCheckTime", "Fri Jun 22 2012 07:35:09 GMT-0400 (Eastern Daylight [...] Found : user_pref("CT3061355.SettingsLastCheckTime", "Thu Jun 21 2012 07:06:23 GMT-0400 (Eastern Daylight Ti[...] Found : user_pref("CT3061355.SettingsLastUpdate", "1340129166"); Found : user_pref("CT3061355.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3061355&SearchSource=13"); Found : user_pref("CT3061355.ThirdPartyComponentsInterval", 504); Found : user_pref("CT3061355.ThirdPartyComponentsLastCheck", "Thu Mar 29 2012 09:22:43 GMT-0400 (Eastern Day[...] Found : user_pref("CT3061355.ThirdPartyComponentsLastUpdate", "1312887586"); Found : user_pref("CT3061355.ToolbarShrinkedFromSetup", true); Found : user_pref("CT3061355.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3061355"); Found : user_pref("CT3061355.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT3061355.Uninstall", true); Found : user_pref("CT3061355.UserID", "UN12837089960057946"); Found : user_pref("CT3061355.WeatherNetwork", ""); Found : user_pref("CT3061355.WeatherPollDate", "Fri Mar 30 2012 09:22:49 GMT-0400 (Eastern Daylight Time)"); Found : user_pref("CT3061355.WeatherUnit", "F"); Found : user_pref("CT3061355.alertChannelId", "1452883"); Found : user_pref("CT3061355.approveUntrustedApps", false); Found : user_pref("CT3061355.autoDisableScopes", -1); Found : user_pref("CT3061355.components.1000048", false); Found : user_pref("CT3061355.components.1000080", true); Found : user_pref("CT3061355.components.1000082", false); Found : user_pref("CT3061355.components.1000234", false); Found : user_pref("CT3061355.components.129559837144483414", false); Found : user_pref("CT3061355.components.129559837145157132", false); Found : user_pref("CT3061355.components.129559837145821085", false); Found : user_pref("CT3061355.components.129559837146690083", false); Found : user_pref("CT3061355.components.129563116616869089", false); Found : user_pref("CT3061355.components.129563117235174082", false); Found : user_pref("CT3061355.components.129822471277004329", false); Found : user_pref("CT3061355.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT3061355.globalFirstTimeInfoLastCheckTime", "Thu Mar 29 2012 09:22:44 GMT-0400 (Eastern [...] Found : user_pref("CT3061355.homepageProtectorEnableByLogin", true); Found : user_pref("CT3061355.initDone", true); Found : user_pref("CT3061355.isAppTrackingManagerOn", true); Found : user_pref("CT3061355.isFirstRadioInstallation", false); Found : user_pref("CT3061355.isSearchProtectorNotifyChanges", false); Found : user_pref("CT3061355.myStuffEnabled", true); Found : user_pref("CT3061355.myStuffPublihserMinWidth", 400); Found : user_pref("CT3061355.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT3061355.myStuffServiceIntervalMM", 1440); Found : user_pref("CT3061355.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT3061355.navigateToUrlOnSearch", false); Found : user_pref("CT3061355.revertSettingsEnabled", false); Found : user_pref("CT3061355.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT3061355.searchProtectorEnableByLogin", true); Found : user_pref("CT3061355.testingCtid", ""); Found : user_pref("CT3061355.toolbarAppMetaDataLastCheckTime", "Thu Jun 21 2012 07:35:08 GMT-0400 (Eastern D[...] Found : user_pref("CT3061355.toolbarContextMenuLastCheckTime", "Thu Mar 29 2012 09:22:44 GMT-0400 (Eastern D[...] Found : user_pref("CT3061355.usageEnabled", false); Found : user_pref("CT3061355.usagesFlag", 2); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3061355/CT3061355[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1452883/1448538/US", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3061355", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3061355",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?curre[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"21b[...] Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Found : user_pref("CommunityToolbar.IsEngineShown", true); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\jay\\AppData\\Roaming\\Mozilla\\Fir[...] Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6"); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://aolsearch.aol.com/aol/search?invo[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,ConduitEngine,CT3061355"); Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT3061355"); Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3061355"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Apr 09 2011 17:40:26 GMT-04[...] Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 28 2011 07:29:16 GMT-0400 (Easte[...] Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 28 2011 07:29:08 GMT-0400 (Eastern D[...] Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "fdab1117-bf25-4e68-9f80-ed1acefd8ec2"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Mar 30 2012 09:34:18 GMT-0400 (Eas[...] Found : user_pref("CommunityToolbar.globalUserId", "2e5775c7-ae1b-4c82-8d49-9a55ab93e432"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Jun 21 2012 08:16:2[...] Found : user_pref("CommunityToolbar.notifications.alertEnabled", false); Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Mar 29 2012 09:22:53 GMT-040[...] Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.notifications.locale", "en"); Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jun 22 2012 08:16:24 GMT-0400 (E[...] Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.notifications.userId", "16c535c3-1a74-48b2-a83a-0d327007088b"); Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://mystart.smilebox.com?a=6R8oir99M1"); Found : user_pref("CommunityToolbar.originalSearchEngine", "MyStart Search"); Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sun May 01 2011 18:56:32 GMT-0400 (Eastern Dayl[...] Found : user_pref("ConduitEngine.CTID", "ConduitEngine"); Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Jun 26 2011 20:52:23 GMT-0400 (Eastern Da[...] Found : user_pref("ConduitEngine.FirstServerDate", "04/10/2011 00"); Found : user_pref("ConduitEngine.FirstTime", true); Found : user_pref("ConduitEngine.FirstTimeFF3", true); Found : user_pref("ConduitEngine.HasUserGlobalKeys", true); Found : user_pref("ConduitEngine.Initialize", true); Found : user_pref("ConduitEngine.InitializeCommonPrefs", true); Found : user_pref("ConduitEngine.InstalledDate", "Sat Apr 09 2011 17:40:28 GMT-0400 (Eastern Daylight Time)"[...] Found : user_pref("ConduitEngine.IsMulticommunity", false); Found : user_pref("ConduitEngine.IsOpenThankYouPage", false); Found : user_pref("ConduitEngine.IsOpenUninstallPage", true); Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Mon Jun 27 2011 18:00:02 GMT-0400 (Eastern Day[...] Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 28 2011 17:37:15 GMT-0400 (Eastern Daylight Ti[...] Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 28 2011 17:37:15 GMT-0400 (Eastern Dayligh[...] Found : user_pref("ConduitEngine.UserID", "UN19104013597260266"); Found : user_pref("ConduitEngine.componentAlertEnabled", false); Found : user_pref("ConduitEngine.engineLocale", "en-US"); Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 28 2011 07:29:08 GMT-0400 (Easte[...] Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 28 2011 16:58:35 GMT-0400 (East[...] Found : user_pref("ConduitEngine.initDone", true); Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Found : user_pref("browser.search.defaultengine", "Ask.com"); Found : user_pref("browser.search.defaultenginename", "Ask.com"); Found : user_pref("browser.search.order.1", "Ask.com"); Found : user_pref("browser.search.selectedEngine", "Web Search"); Found : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&[...] -\\ Google Chrome v22.0.1229.79 File : C:\Users\jay\AppData\Local\Google\Chrome\User Data\Default\Preferences Found [l.34] : homepage = "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=hp", ************************* AdwCleaner[R1].txt - [31978 octets] - [29/09/2012 10:02:22] ########## EOF - C:\AdwCleaner[R1].txt - [32039 octets] ########## New DDS Log . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 Run by jay at 10:09:21 on 2012-09-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9147 [GMT -4:00] . AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskhost.exe C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Logitech\SetPoint\LBTWiz.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe C:\Windows\SysWOW64\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abarsvc.exe C:\Windows\System32\svchost.exe -k HPZ12 C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Windows\System32\svchost.exe -k HPZ12 c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Users\jay\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Users\jay\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abrmon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\system32\DllHost.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\Corel Paint Shop Pro Photo.exe C:\Windows\splwow64.exe C:\Program Files (x86)\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\MediaCataloger.exe C:\Windows\system32\taskeng.exe C:\Program Files\Dell Support Center\uaclauncher.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\REGSVR32.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www22.verizon.com/Foryourhome/MyAccount/Unprotected/UserManagement/Login/Login.aspx uSearch Bar = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q={searchTerms} mStart Page = about:blank uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> uSearchAssistant = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Corel Photo Downloader] "c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [Akamai NetSession Interface] "C:\Users\jay\AppData\Local\Akamai\netsession_win.exe" uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [Google Update] "C:\Users\jay\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe mRun: [standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [MyWebFace_5a Browser Plugin Loader] C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abrmon.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [FAStartup] mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe dRunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H dRunOnce: [{91140000-001A-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H StartupFolder: C:\Users\jay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\jay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2639FAF4-5B1E-466B-9A6F-D6D3291E6B85} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli FAPassSync BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll BHO-X64: FAIESSO Helper Object - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File TB-X64: Bitdefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll TB-X64: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun-x64: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe mRun-x64: [standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [MyWebFace_5a Browser Plugin Loader] C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abrmon.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun-x64: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun-x64: [FAStartup] mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun-x64: [VERIZONDM] "C:\Program Files (x86)\VERIZONDM\bin\sprtcmd.exe" /P VERIZONDM mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\jay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144] R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-8-20 99408] R1 Bdvedisk;Bdvedisk;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392] R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-4-4 2409800] R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-5-24 352248] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-26 399432] R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-5-4 25824] R2 MyWebFace_5aService;MyWebFaceService;C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abarsvc.exe [2012-3-24 42528] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-11 1692480] R2 sprtsvc_verizondm;SupportSoft Sprocket Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\sprtsvc.exe [2012-9-6 206120] R2 tgsrvc_verizondm;SupportSoft Repair Service (verizondm);C:\Program Files (x86)\VERIZONDM\bin\tgsrvc.exe [2012-9-6 185640] R2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2011-6-1 53224] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 bdfm;bdfm;C:\Windows\system32\DRIVERS\bdfm.sys --> C:\Windows\system32\DRIVERS\bdfm.sys [?] R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-26 676936] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-10 250288] S3 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?] S3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?] S3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 114144] S3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?] S3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?] S3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TrufosAlt;TrufosAlt;C:\Windows\system32\DRIVERS\TrufosAlt.sys --> C:\Windows\system32\DRIVERS\TrufosAlt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-29 13:19:08 916456 ----a-w- C:\Windows\System32\deployJava1.dll 2012-09-29 13:19:08 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll 2012-09-29 13:19:01 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll 2012-09-26 20:50:04 -------- d-----w- C:\Users\jay\AppData\Local\SupportSoft 2012-09-26 20:49:51 -------- d-----w- C:\Program Files (x86)\VERIZONDM 2012-09-26 20:49:49 -------- d-----w- C:\Program Files (x86)\Common Files\SupportSoft 2012-09-26 20:36:53 -------- d-----w- C:\Users\jay\AppData\Roaming\TechWizard 2012-09-25 23:12:21 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-09-25 23:12:04 -------- d-----w- C:\Program Files\iPod 2012-09-25 23:12:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-25 23:12:03 -------- d-----w- C:\Program Files\iTunes 2012-09-25 23:12:03 -------- d-----w- C:\Program Files (x86)\iTunes 2012-09-23 16:49:24 1183089 ----a-w- C:\Windows\unins000.exe 2012-09-23 16:31:56 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2012-09-21 19:46:24 -------- d-----w- C:\Program Files (x86)\LimeWire 2012-09-08 13:22:13 -------- d-----w- C:\ProgramData\Sony Corporation 2012-09-08 13:20:40 -------- d-----w- C:\Program Files (x86)\Sony 2012-09-06 20:05:08 8 --sh--r- C:\ProgramData\7E19043568.sys 2012-09-04 23:03:55 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll . ==================== Find3M ==================== . 2012-09-29 13:36:05 5018 --sha-w- C:\ProgramData\KGyGaAvL.sys 2012-09-23 16:34:56 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-21 06:09:08 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 06:09:08 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-15 14:56:42 8 --sh--r- C:\ProgramData\F4DBB0BEEE.sys 2012-08-02 12:19:59 711240 ----a-w- C:\Windows\is-5V36B.exe 2010-07-08 14:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe . ============= FINISH: 10:12:19.66 ===============
  15. oK I UPDATED jAVA AND RAN MBAM AND IT REMOVED 1 FILE HERES THE LOG FOR THAT. Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.09.29.01 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 jay :: RINILOVESPC [administrator] 9/29/2012 9:20:12 AM mbam-log-2012-09-29 (09-20-12).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 219343 Time elapsed: 1 minute(s), 5 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\jay\Desktop\Setup.exe (PUP.Bundle.Installer.OI) -> Quarantined and deleted successfully. (end)
  16. Ok I will remove requested immediately but that doesn't help the issue with me being unable to remove the other programs as advised or update the java in the steps you mentioned. How should I go about this?
  17. Maniac thanks for your response..when trying to remove conduit-nothing happens when I press unistall Also utorrent toolbar give me an error message when trying to unistall it says could not open install.log file I also use limewire for music so would it be fine if I kept that this problem was before I had that. I also downloaded the JavaRa but I dont see the options listed in your steps..I open the program and see "Update Java Runtime" Remove JRE" "Update JavaRa Definitions" "Additional Tasks"....I didnt do any other steps as Im not sure if I should proceed
  18. Great thanks heres the logs . DDS (Ver_2011-08-26.01) - NTFSAMD64 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_27 Run by jay at 11:52:05 on 2012-09-26 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12279.9375 [GMT -4:00] . AV: BitDefender Antivirus *Enabled/Updated* {50909708-FF80-02AF-F814-B28405891E92} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: BitDefender AntiSpyware *Enabled/Updated* {EBF176EC-D9BA-0D21-C2A4-89F67E0E542F} FW: BitDefender Firewall *Enabled* {68AB162D-B5EF-03F7-D34B-1BB1FB5A59E9} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Program Files\BitDefender\BitDefender 2011\vsserv.exe C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Windows\system32\taskhost.exe C:\Program Files\BitDefender\BitDefender 2011\bdagent.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\SysWOW64\svchost.exe -k Akamai C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\BitDefender\BitDefender 2011\pchooklaunch64.exe C:\Program Files\BitDefender\BitDefender 2011\Antispam32\pchooklaunch32.exe C:\Windows\SysWOW64\bgsvcgen.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abarsvc.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Dell DataSafe Local Backup\TOASTER.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\COMPONENTS\SCHEDULER\STSERVICE.EXE C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpd.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k HPService C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe C:\Users\jay\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe C:\Users\jay\AppData\Local\Akamai\netsession_win.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe C:\Program Files\Logitech\SetPoint\SetPoint.exe C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayAlert.exe C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files (x86)\MyWebFace_5a\bar\1.bin\5abrmon.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackup.exe C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSTE08.exe C:\Program Files (x86)\HP\Digital Imaging\bin\hpqbam08.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\system32\DllHost.exe C:\Windows\system32\svchost.exe -k SDRSVC C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe C:\Windows\splwow64.exe C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\REGSVR32.exe C:\Windows\SysWOW64\cmd.exe C:\Windows\system32\conhost.exe C:\Windows\SysWOW64\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = about:blank uSearch Bar = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q={searchTerms} mStart Page = about:blank uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local> uSearchAssistant = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q={searchTerms} uSearchURL,(Default) = hxxp://www.google.com/search?q=%s mURLSearchHooks: H - No File BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: FAIESSOHelper Class: {a2f122da-055f-4df7-8f24-7354dbdba85b} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll BHO: Office Document Cache Handler: {b4f3a835-0e21-4959-ba22-42b3008e02ff} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File TB: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File TB: Bitdefender Toolbar: {381ffde8-2394-4f90-b10d-fc6124a40f8c} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll TB: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File {555d4d79-4bd2-4094-a395-cfc534424a05} uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun uRun: [Corel Photo Downloader] "c:\Program Files (x86)\Common Files\Corel\Corel PhotoDownloader\Corel Photo Downloader.exe" -startup uRun: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe uRun: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe uRun: [Akamai NetSession Interface] "C:\Users\jay\AppData\Local\Akamai\netsession_win.exe" uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe uRun: [Google Update] "C:\Users\jay\AppData\Local\Google\Update\GoogleUpdate.exe" /c mRun: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe mRun: [standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [MyWebFace_5a Browser Plugin Loader] C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abrmon.exe mRun: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui mRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun: [FAStartup] mRun: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe dRunOnce: [{90120000-0030-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H dRunOnce: [{91140000-001A-0000-0000-0000000FF1CE}] C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H StartupFolder: C:\Users\jay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\DELLDO~1.LNK - C:\Program Files (x86)\Dell\DellDock\DellDock.exe StartupFolder: C:\Users\jay\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\LIMEWI~1.LNK - C:\Program Files (x86)\LimeWire\LimeWire.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HDWRIT~1.LNK - C:\Program Files (x86)\Common Files\Panasonic\HD Writer AutoStart\HDWriterAutoStart.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\HPDIGI~1.LNK - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\LOGITE~1.LNK - C:\Program Files\Logitech\SetPoint\SetPoint.exe mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5) mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MIF5BA~1\Office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MIF5BA~1\Office12\REFIEBAR.DLL DPF: {233C1507-6A77-46A4-9443-F871F945D258} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {A7EA8AD2-287F-11D3-B120-006008C39542} - hxxp://offers.e-centives.com/cif/download/bin/actxcab.cab DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab TCP: DhcpNameServer = 192.168.1.1 TCP: Interfaces\{2639FAF4-5B1E-466B-9A6F-D6D3291E6B85} : DhcpNameServer = 192.168.1.1 Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll LSA: Notification Packages = scecli FAPassSync BHO-X64: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File BHO-X64: 0x1 - No File BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO-X64: AcroIEHelperStub - No File BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO-X64: FAIESSOHelper Class: {A2F122DA-055F-4df7-8F24-7354DBDBA85B} - C:\Program Files (x86)\Sensible Vision\Fast Access\FAIESSO.dll BHO-X64: FAIESSO Helper Object - No File BHO-X64: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL BHO-X64: URLRedirectionBHO - No File BHO-X64: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB-X64: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No File TB-X64: {30F9B915-B755-4826-820B-08FBA6BD249D} - No File TB-X64: Bitdefender Toolbar: {381FFDE8-2394-4F90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2011\Antispam32\IEToolbar.dll TB-X64: Snap.Do: {ae07101b-46d4-4a98-af68-0333ea26e113} - mscoree.dll TB-X64: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File EB-X64: {555D4D79-4BD2-4094-A395-CFC534424A05} - No File mRun-x64: [Dell DataSafe Online] "C:\Program Files (x86)\Dell DataSafe Online\DataSafeOnline.exe" /m mRun-x64: [PDVDDXSrv] "C:\Program Files (x86)\CyberLink\PowerDVD DX\PDVDDXSrv.exe" mRun-x64: [Dell Webcam Central] "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2 mRun-x64: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun-x64: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe mRun-x64: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun-x64: [Nikon Transfer Monitor] C:\Program Files (x86)\Common Files\Nikon\Monitor\NkMonitor.exe mRun-x64: [standby] "c:\Program Files (x86)\Common Files\Corel\Standby\Standby.exe" -START mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" mRun-x64: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe mRun-x64: [FATrayAlert] C:\Program Files (x86)\Sensible Vision\Fast Access\FATrayMon.exe mRun-x64: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun-x64: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun-x64: [ATICustomerCare] "C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe" mRun-x64: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2011\Antispam32\ieshow.exe" mRun-x64: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun-x64: [MyWebFace_5a Browser Plugin Loader] C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abrmon.exe mRun-x64: [bCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices mRun-x64: [Memeo Backup Premium] C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoLauncher2.exe --silent --no_ui mRun-x64: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_ui mRun-x64: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun-x64: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe" mRun-x64: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" mRun-x64: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" mRun-x64: [FAStartup] mRun-x64: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe mRun-x64: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun-x64: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRunOnce-x64: ["C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe"] "C:\Program Files (x86)\Dell DataSafe Local Backup\Components\DSUpdate\DSUpdate.exe" mRunOnce-x64: [Launcher] C:\Program Files (x86)\Dell DataSafe Local Backup\Components\scheduler\Launcher.exe SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\jay\AppData\Roaming\Mozilla\Firefox\Profiles\f2elq8u5.default\ FF - prefs.js: browser.search.selectedEngine - Web Search FF - prefs.js: browser.startup.homepage - google.com FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=98480214-7e61-484e-ac56-507389acfbdd&searchtype=ds&q= FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol500.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\jay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\system32\Drivers\PxHlpa64.sys --> C:\Windows\system32\Drivers\PxHlpa64.sys [?] R1 Bdfndisf;BitDefender Firewall NDIS 6 Filter Driver;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfndisf6.sys [2010-8-20 88144] R1 bdfwfpf;bdfwfpf;C:\Program Files\Common Files\BitDefender\BitDefender Firewall\bdfwfpf.sys [2010-8-20 99408] R1 Bdvedisk;Bdvedisk;C:\Windows\system32\DRIVERS\bdvedisk.sys --> C:\Windows\system32\DRIVERS\bdvedisk.sys [?] R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-7-27 63960] R2 Akamai;Akamai NetSession Interface;C:\Windows\System32\svchost.exe -k Akamai [2009-7-13 20992] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe --> C:\Windows\system32\atiesrxx.exe [?] R2 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392] R2 FAService;FAService;C:\Program Files (x86)\Sensible Vision\Fast Access\FAService.exe [2010-4-4 2409800] R2 IHA_MessageCenter;IHA_MessageCenter;C:\Program Files (x86)\Verizon\IHA_MessageCenter\Bin\Verizon_IHAMessageCenter.exe [2011-5-24 290832] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-26 399432] R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackupPro\MemeoBackgroundService.exe [2011-5-4 25824] R2 MyWebFace_5aService;MyWebFaceService;C:\PROGRA~2\MYWEBF~2\bar\1.bin\5abarsvc.exe [2012-3-24 42528] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176] R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2011-6-1 14088] R2 SftService;SoftThinks Agent Service;C:\Program Files (x86)\Dell DataSafe Local Backup\SftService.exe [2010-5-11 1692480] R2 Updatesrv;BitDefender Desktop Update Service;C:\Program Files\BitDefender\BitDefender 2011\updatesrv.exe [2011-6-1 53224] R3 amdkmdag;amdkmdag;C:\Windows\system32\DRIVERS\atikmdag.sys --> C:\Windows\system32\DRIVERS\atikmdag.sys [?] R3 amdkmdap;amdkmdap;C:\Windows\system32\DRIVERS\atikmpag.sys --> C:\Windows\system32\DRIVERS\atikmpag.sys [?] R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys --> C:\Windows\system32\drivers\AtihdW76.sys [?] R3 bdfm;bdfm;C:\Windows\system32\DRIVERS\bdfm.sys --> C:\Windows\system32\DRIVERS\bdfm.sys [?] R3 btusbflt;Bluetooth USB Filter;C:\Windows\system32\drivers\btusbflt.sys --> C:\Windows\system32\drivers\btusbflt.sys [?] R3 CtClsFlt;Creative Camera Class Upper Filter Driver;C:\Windows\system32\DRIVERS\CtClsFlt.sys --> C:\Windows\system32\DRIVERS\CtClsFlt.sys [?] R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?] R3 OA002Afx;Provides a software interface to control audio effects of OA002 camera.;\??\C:\Windows\system32\Drivers\OA002Afx.sys --> C:\Windows\system32\Drivers\OA002Afx.sys [?] R3 OA002Ufd;Creative Camera OA002 Upper Filter Driver;C:\Windows\system32\DRIVERS\OA002Ufd.sys --> C:\Windows\system32\DRIVERS\OA002Ufd.sys [?] R3 OA002Vid;Creative Camera OA002 Function Driver;C:\Windows\system32\DRIVERS\OA002Vid.sys --> C:\Windows\system32\DRIVERS\OA002Vid.sys [?] R3 PCDSRVC{1E208CE0-FB7451FF-06020200}_0;PCDSRVC{1E208CE0-FB7451FF-06020200}_0 - PCDR Kernel Mode Service Helper Driver;C:\Program Files\Dell Support Center\pcdsrvc_x64.pkms [2012-8-17 25584] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 DockLoginService;Dock Login Service;C:\Program Files\Dell\DellDock\DockLogin.exe --> C:\Program Files\Dell\DellDock\DockLogin.exe [?] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-26 676936] S2 SessionLauncher;SessionLauncher;c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe --> c:\Users\ADMINI~1\AppData\Local\Temp\DX9\SessionLauncher.exe [?] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-5-10 250288] S3 avc3;avc3;C:\Windows\system32\DRIVERS\avc3.sys --> C:\Windows\system32\DRIVERS\avc3.sys [?] S3 avckf;avckf;C:\Windows\system32\DRIVERS\avckf.sys --> C:\Windows\system32\DRIVERS\avckf.sys [?] S3 FACAP;facap, FastAccess Video Capture;C:\Windows\system32\DRIVERS\facap.sys --> C:\Windows\system32\DRIVERS\facap.sys [?] S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-15 114144] S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184] S3 RoxMediaDB10;RoxMediaDB10;C:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCom\RoxMediaDB10.exe [2009-6-26 1124848] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 TrufosAlt;TrufosAlt;C:\Windows\system32\DRIVERS\TrufosAlt.sys --> C:\Windows\system32\DRIVERS\TrufosAlt.sys [?] S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?] S3 Update Server;BitDefender Update Server v2;C:\Program Files\Common Files\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-11-30 467248] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys --> C:\Windows\system32\Drivers\usbaapl64.sys [?] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?] . =============== Created Last 30 ================ . 2012-09-26 11:52:25 711240 ----a-w- C:\Windows\isRS-000.tmp 2012-09-25 23:12:21 33240 ----a-w- C:\Windows\System32\drivers\GEARAspiWDM.sys 2012-09-25 23:12:04 -------- d-----w- C:\Program Files\iPod 2012-09-25 23:12:03 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2012-09-25 23:12:03 -------- d-----w- C:\Program Files\iTunes 2012-09-25 23:12:03 -------- d-----w- C:\Program Files (x86)\iTunes 2012-09-25 21:42:23 715038 ----a-w- C:\Windows\unins001.exe 2012-09-23 16:49:24 1183089 ----a-w- C:\Windows\unins000.exe 2012-09-23 16:36:36 -------- d-----w- C:\Users\jay\AppData\Roaming\LimeWire 2012-09-23 16:31:56 476904 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll 2012-09-21 19:46:24 -------- d-----w- C:\Program Files (x86)\LimeWire 2012-09-08 13:22:13 -------- d-----w- C:\ProgramData\Sony Corporation 2012-09-08 13:20:40 -------- d-----w- C:\Program Files (x86)\Sony 2012-09-06 20:05:08 8 --sh--r- C:\ProgramData\7E19043568.sys 2012-09-04 23:03:55 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll . ==================== Find3M ==================== . 2012-09-26 00:36:55 5018 --sha-w- C:\ProgramData\KGyGaAvL.sys 2012-09-23 16:34:56 472808 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-09-21 06:09:08 73136 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2012-09-21 06:09:08 696240 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2012-09-07 21:04:46 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys 2012-08-21 17:01:20 125872 ----a-w- C:\Windows\System32\GEARAspi64.dll 2012-08-21 17:01:20 106928 ----a-w- C:\Windows\SysWow64\GEARAspi.dll 2012-08-15 14:56:42 8 --sh--r- C:\ProgramData\F4DBB0BEEE.sys 2012-08-02 12:19:59 711240 ----a-w- C:\Windows\is-5V36B.exe 2010-07-08 14:37:14 101544 ----a-w- C:\Program Files\Common Files\LinkInstaller.exe . ============= FINISH: 11:54:58.23 =============== ATTACH.TXT DDS (Ver_2011-08-26.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 5/15/2010 6:41:06 PM System Uptime: 9/26/2012 7:53:47 AM (4 hours ago) . Motherboard: DELL Inc. | | 0X501H Processor: Intel® Core i7 CPU 920 @ 2.67GHz | CPU 1 | 1574/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 922 GiB total, 672.232 GiB free. D: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: facap, FastAccess Video Capture Device ID: ROOT\IMAGE\0000 Manufacturer: Sensible Vision Name: facap, FastAccess Video Capture PNP Device ID: ROOT\IMAGE\0000 Service: FACAP . Class GUID: {6bdd1fc6-810f-11d0-bec7-08002be2092f} Description: Photosmart C7200 series Device ID: ROOT\IMAGE\0001 Manufacturer: HP Name: Photosmart C7200 series PNP Device ID: ROOT\IMAGE\0001 Service: StillCam . Class GUID: {4d36e971-e325-11ce-bfc1-08002be10318} Description: Photosmart C7200 series Device ID: ROOT\MULTIFUNCTION\0000 Manufacturer: HP Name: Photosmart C7200 series PNP Device ID: ROOT\MULTIFUNCTION\0000 Service: . ==== System Restore Points =================== . RP254: 9/16/2012 1:57:58 AM - Scheduled Checkpoint RP255: 9/23/2012 12:21:43 PM - Removed Java 7 Update 7 RP256: 9/23/2012 12:22:10 PM - Installed Java 7 Update 7 RP257: 9/23/2012 12:26:44 PM - Installed Java 6 Update 27 RP258: 9/23/2012 12:27:25 PM - Removed Java 6 Update 27 RP259: 9/23/2012 12:27:56 PM - Installed Java 6 Update 27 RP260: 9/23/2012 12:30:13 PM - Removed Java 7 Update 7 RP261: 9/23/2012 12:30:46 PM - Removed Java 6 Update 17 (64-bit) RP262: 9/23/2012 12:31:26 PM - Removed Java 6 Update 31 RP263: 9/23/2012 12:32:12 PM - Removed Java 6 Update 27 RP264: 9/23/2012 12:34:46 PM - Installed Java 6 Update 27 RP265: 9/23/2012 8:57:02 PM - Windows Backup . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Adobe AIR Adobe Community Help Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Media Player Adobe Reader X (10.1.4) Advanced Audio FX Engine AIO_Scan Akamai NetSession Interface Akamai NetSession Interface Service Apple Application Support Apple Software Update ArcSoft Panorama Maker 5 ATI Catalyst Control Center ATI Catalyst Registration Avery Template Banctec Service Agreement BufferChm C7200 C7200_Help Castle Link Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center Graphics Previews Common Catalyst Control Center Graphics Previews Vista Catalyst Control Center HydraVision Full Catalyst Control Center InstallProxy ccc-core-static CCC Help English CleanUp! Conduit Engine Cone Layout v2.0 Contents Copy Corel PaintShop Photo Pro X3 Coupon Printer for Windows D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Dell DataSafe Local Backup Dell DataSafe Local Backup - Support Software Dell DataSafe Online Dell Driver Download Manager Dell Getting Started Guide Dell Webcam Central Destinations DeviceDiscovery DeviceIO DirectXInstallService DocProc EMC 10 Content Epson Connect Epson Download Navigator Epson Event Manager Epson FAX Utility Epson PC-FAX Driver EPSON Scan EpsonNet Print erLT Fax File Uploader Google Chrome GoToAssist 8.0.0.514 HD Writer AE 1.5 Hewlett-Packard ACLM.NET v1.1.0.0 HP Product Detection HP Update HPDiagnosticAlert HPPhotoGadget HPPhotoSmartDiscLabel_PaperLabel HPPhotoSmartDiscLabel_PrintOnDisc HPPhotoSmartDiscLabelContent1 hpphotosmartdisclabelplugin HPPhotosmartEssential ICA IHA_MessageCenter IPM_PSP_Pro Java Auto Updater Java 6 Update 27 Junk Mail filter update LimeWire 4 ConnectFix 1.0 LimeWire 5.6.2 (remove only) Live! Cam Avatar Creator Logitech SetPoint LPEConnectFix 1.0 Malwarebytes Anti-Malware version 1.65.0.1400 Memeo Backup Premium Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2007 Microsoft Office Access Setup Metadata MUI (English) 2007 Microsoft Office Enterprise 2007 Microsoft Office Excel MUI (English) 2007 Microsoft Office File Validation Add-In Microsoft Office Groove MUI (English) 2007 Microsoft Office Groove Setup Metadata MUI (English) 2007 Microsoft Office InfoPath MUI (English) 2007 Microsoft Office OneNote MUI (English) 2007 Microsoft Office Outlook 2010 Microsoft Office Outlook MUI (English) 2007 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2007 Microsoft Office Proof (English) 2007 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2007 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2007 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2007 Microsoft Office Proofing (English) 2010 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Publisher MUI (English) 2007 Microsoft Office Shared MUI (English) 2007 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2007 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2007 Microsoft Outlook 2010 Microsoft Silverlight Microsoft SOAP Toolkit 3.0 Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 Microsoft_VC80_ATL_x86 Microsoft_VC80_CRT_x86 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFCLOC_x86 Microsoft_VC90_ATL_x86 Microsoft_VC90_CRT_x86 Microsoft_VC90_MFC_x86 MLE Mozilla Firefox 15.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP3 Parser Nikon Message Center Nikon Transfer Octoshape add-in for Adobe Flash Player PCLinq3 PDF Settings CS5 PeaZip 4.3 Picture Control Utility Pinnacle Studio 14 PMB PowerDVD DX PS_AIO_02_ProductContext PS_AIO_02_Software PS_AIO_02_Software_Min PSPH10Pro PSPPContent PSPPRO_DCRAW PureHD QuickTime Realtek High Definition Audio Driver Roxio Activation Module Roxio BackOnTrack Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy CD and DVD Burning Roxio Express Labeler 3 Roxio Update Manager SanDisk Cruzer v1.0 Scan Seagate Dashboard Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition Security Update for Microsoft SharePoint Workspace 2010 (KB2566445) Setup Share Skins Skype™ 4.2 Sonic CinePlayer Decoder Pack Sony Image Data Suite Status swMSM The Lord of the Rings FREE Trial Toolbox TrayApp UnloadSupport Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 Help for Common Features (KB963673) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition Update for Microsoft Office Access 2007 Help (KB963663) Update for Microsoft Office Excel 2007 Help (KB963678) Update for Microsoft Office Infopath 2007 Help (KB963662) Update for Microsoft Office OneNote 2007 Help (KB963670) Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition Update for Microsoft Office Outlook 2007 Help (KB963677) Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition Update for Microsoft Office Powerpoint 2007 Help (KB963669) Update for Microsoft Office Publisher 2007 Help (KB963667) Update for Microsoft Office Script Editor Help (KB963671) Update for Microsoft Office Word 2007 Help (KB963665) Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition uTorrentBar Toolbar ViewNX Viewpoint Media Player VIO WebReg Windows Live Communications Platform Windows Live Essentials Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Encoder 9 Series Windows Media Player Firefox Plugin Yahoo! Detect . ==== Event Viewer Messages From Past Week ======== . 9/26/2012 7:55:56 AM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: RxFilter 9/26/2012 7:55:39 AM, Error: Service Control Manager [7000] - The SessionLauncher service failed to start due to the following error: The system cannot find the file specified. 9/26/2012 7:55:02 AM, Error: Service Control Manager [7000] - The Dock Login Service service failed to start due to the following error: The system cannot find the file specified. 9/25/2012 7:11:19 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running. 9/25/2012 7:10:19 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/25/2012 7:10:07 PM, Error: Service Control Manager [7031] - The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service. 9/23/2012 8:40:36 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting. 9/23/2012 8:34:29 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x0000007f (0x0000000000000008, 0x0000000080050033, 0x00000000000006f8, 0xfffff800035bae23). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 092312-31371-01. 9/23/2012 8:34:27 PM, Error: Service Control Manager [7022] - The BitDefender Virus Shield service hung on starting. 9/23/2012 12:43:48 PM, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Installer service, but this action failed with the following error: An instance of the service is already running. 9/23/2012 12:41:48 PM, Error: Service Control Manager [7031] - The Windows Installer service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. . ==== End Of File ===========================
  19. Ugh I dont know why this is happening but when I search for things it redirects to unrelated pages. I ran malware but it says no malicious threats found. What next?
  20. i cleared the data and steps you said above and it seems to be good. Everything looked normal in all the settings and even the homepage was still set at google rather then some weird other site. Hopefully its taken care of. Thanks so much for your help!!
  21. its just happening in Chrome. I use FF and no problem I just tried several searches in IE and it worked ok.
  22. ok thanks did all that and its been working fine for me. My husband uses google chrome and have a redirect virus and when he does a Google search and clicks on a link, he sometimes gets redirected to unrelated sites. It was doing that before when we were infected with the virus. Does that mean I still have it? What shall I do now?
  23. Thanks for your help in getting out this nasty rootkit virus! My system is cured because of you

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.