historybuff77 Posted April 22, 2013 ID:672652 Share Posted April 22, 2013 Hello,I downloaded a free trial software from softtonic and it included something called MixDJ. I didn't know what it was but launched it and it created a next webrower toolbar and made a search.conduit website my new home page. I uninstalled the MixDJ program but the toolbar remained. On Chrome I removed it from extensions, but search.conduit still appears as my home page. It was doing the same this on Firefox. I've run a fun malwarebytes scan and it turned up nothing.Here are my logs. Thank you for your help..UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 8Boot Device: \Device\HarddiskVolume2Install Date: 2012-12-29 11:43:44 PMSystem Uptime: 2013-04-21 11:38:53 AM (11 hours ago).Motherboard: Hewlett-Packard | | 1849Processor: AMD A10-4600M APU with Radeon HD Graphics | Socket FT1 | 2300/100mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 673 GiB total, 538.741 GiB free.D: is FIXED (NTFS) - 25 GiB total, 2.967 GiB free.E: is CDROM ().==== Disabled Device Manager Items =============.==== System Restore Points ===================.RP22: 2013-04-03 11:06:27 PM - Windows Modules InstallerRP23: 2013-04-10 5:46:39 PM - Windows UpdateRP24: 2013-04-16 10:45:38 AM - Windows UpdateRP25: 2013-04-21 11:28:08 AM - Removed QuarkXPress..==== Installed Programs ======================.4 Elements II7 Wonders IIAdobe Shockwave Player 11.6Aloha TriPeaksAMD Accelerated Video TranscodingAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD FuelAMD Quick StreamAMD VISION Engine Control CenterApple Application SupportApple Mobile Device SupportApple Software UpdateBejeweled 3BonjourBuild-a-lot 4 - Power SourceCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanerChuzzle DeluxeCradle of Rome 2Crazy Chicken SoccerCyberLink LabelPrintCyberLink Media Suite 10CyberLink PhotoDirectorCyberLink Power2Go 8CyberLink PowerDirector 10CyberLink PowerDVDCyberLink YouCamD3DX10Energy StarFarm FrenzyFinal Drive FuryFlatOut 2Foxit ReaderGalerie de photos Windows LiveGoogle ChromeGoogle Toolbar for Internet ExplorerGoogle Update HelperGovernor of Poker 2 Premium EditionHewlett-Packard ACLM.NET v1.2.0.0Hoyle Card GamesHP 3D DriveGuardHP Connected Music (Meridian - installer)HP CoolSenseHP Customer Experience EnhancementsHP DocumentationHP GamesHP MyRoomHP Postscript ConverterHP Quick LaunchHP Recovery ManagerHP Registration ServiceHP Software FrameworkHP Support AssistantHP Utility CenterHP Wireless Button DriverIDT AudioiTunesJewel Match 3John Deere Drive GreenKaspersky Anti-Virus 2013Letters from Nowhere 2Luxor EvolvedMachete Lite 3.8Mahjongg Dimensions Deluxe: Tiles in TimeMalwarebytes Anti-Malware version 1.75.0.1300Memeo AutoSyncMemeo Instant BackupMicrosoft Application Error ReportingMicrosoft OfficeMicrosoft Office 2007 Service Pack 3 (SP3)Microsoft Office Excel MUI (English) 2007Microsoft Office Home and Student 2007Microsoft Office Office 64-bit Components 2007Microsoft Office OneNote MUI (English) 2007Microsoft Office PowerPoint MUI (English) 2007Microsoft Office Proof (English) 2007Microsoft Office Proof (French) 2007Microsoft Office Proof (Spanish) 2007Microsoft Office Proofing (English) 2007Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)Microsoft Office Shared 64-bit MUI (English) 2007Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007Microsoft Office Shared MUI (English) 2007Microsoft Office Shared Setup Metadata MUI (English) 2007Microsoft Office Word MUI (English) 2007Microsoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2008 Redistributable - x64 9.0.21022Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319Mozilla Firefox 20.0 (x86 en-US)Mozilla Maintenance ServiceMSVCRTNorton Identity SafePeggle NightsPenguins!Polar BowlerPolar GolferQuickTimeRalink Bluetooth Stack64Ralink RT3290 802.11bgn Wi-Fi AdapterRealtek Ethernet Controller DriverRealtek PCIE Card ReaderRoads of Rome 3Seagate DashboardSearch Protect by conduitSecurity Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596792) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2596871) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2597969) 32-Bit EditionSecurity Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit EditionSecurity Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit EditionSecurity Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition Speed Test AnalysisswMSMSynaptics Pointing Device DriverThe Treasures of Mystery Island: The Ghost ShipTouchFreezeTrinklit SupremeUpdate for 2007 Microsoft Office System (KB967642)Update for Microsoft Office 2007 Help for Common Features (KB963673)Update for Microsoft Office 2007 suites (KB2596620) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596660) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2596848) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2687493) 32-Bit EditionUpdate for Microsoft Office 2007 suites (KB2767916) 32-Bit EditionUpdate for Microsoft Office Excel 2007 Help (KB963678)Update for Microsoft Office OneNote 2007 Help (KB963670)Update for Microsoft Office Powerpoint 2007 Help (KB963669)Update for Microsoft Office Script Editor Help (KB963671)Update for Microsoft Office Word 2007 Help (KB963665)Update Installer for WildTangent Games AppVLC media player 2.0.5WildTangent GamesWildTangent Games AppWindows LiveWindows Live Communications PlatformWindows Live EssentialsWindows Live InstallerWindows Live Language SelectorWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesZuma's Revenge.==== Event Viewer Messages From Past Week ========.2013-04-21 11:40:07 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {7022A3B3-D004-4F52-AF11-E9E987FEE25F} and APPID {ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D} to the user Laptop-pc\User SID (S-1-5-21-3731889160-3860413392-410561627-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.2013-04-19 5:03:55 PM, Error: cdrom [15] - The device, \Device\CdRom0, is not ready for access yet..==== End Of File ===========================DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16537Run by User at 22:48:17 on 2013-04-21Microsoft Windows 8 6.2.9200.0.1252.2.1033.18.7650.5205 [GMT -4:00].AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}.============== Running Processes ===============.C:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Program Files\IDT\WDM\STacSV64.exeC:\Windows\system32\Hpservice.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Windows\system32\svchost.exe -k apphostC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exeC:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exeC:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exeC:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler64.exeC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\system32\SearchIndexer.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeC:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exeC:\Windows\System32\dwm.exeC:\Windows\system32\atieclxx.exeC:\Program Files\Synaptics\SynTP\SynTPEnh.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\taskhostex.exeC:\Windows\Explorer.EXEC:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe\LiveComm.exeC:\Windows\System32\RuntimeBroker.exeC:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXEC:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exeC:\Program Files\IDT\WDM\sttray64.exeC:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exeC:\Windows\system32\wbem\unsecapp.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exeC:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exeC:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\wmi64.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uStart Page = hxxp://search.conduit.com/?ctid=CT3287823&octid=CT3287823&SearchSource=61&CUI=UN29734059351284316&UM=2&UP=SPA5937323-AD3E-4253-9C99-F0971140BA5DmStart Page = about:blankmWinlogon: Userinit = userinit.exe,BHO: Speed Test Analysis: {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dllBHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dllBHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllBHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllBHO: Norton Identity Protection: {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\coieplg.dllBHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dllBHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllTB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllTB: Norton Identity Safe Toolbar: {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\coieplg.dlluRun: [searchProtect] C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [btTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"mRun: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /RmRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"mRun: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exemRun: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeymRun: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_uimRun: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silentmRun: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uimRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe"mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"mRun: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exemPolicies-Explorer: NoDriveTypeAutoRun = dword:28IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllIE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeIE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dllIE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dllTCP: NameServer = 192.168.0.1TCP: Interfaces\{0327BF37-553C-4D09-8230-9F5D50667E24} : DHCPNameServer = 64.71.255.204 64.71.255.198TCP: Interfaces\{53677ED1-0FBD-40FF-9C76-3CAB33DE80AE} : DHCPNameServer = 192.168.0.1mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-mStart Page = about:blankx64-BHO: Content Blocker Plugin: {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dllx64-BHO: Virtual Keyboard Plugin: {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllx64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-BHO: URL Advisor Plugin: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dllx64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dllx64-Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exex64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exex64-mPolicies-Explorer: NoDriveTypeAutoRun = dword:28x64-IE: {0C4CC089-D306-440D-9772-464E226F6539} - {0BA14598-4178-4CE5-B1F1-B5C6408A3F2E} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllx64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll.================= FIREFOX ===================.FF - ProfilePath - C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default\FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287823&CUI=UN21880024042243823&UM=2&SearchSource=3&q={searchTerms}FF - prefs.js: browser.search.selectedEngine - MixiDJ V9 Customized Web SearchFF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3287823&octid=CT3287823&SearchSource=61&CUI=UN21880024042243823&UM=2&UP=SPA5937323-AD3E-4253-9C99-F0971140BA5DFF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287823&SearchSource=2&CUI=UN21880024042243823&UM=2&q=FF - plugin: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dllFF - plugin: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\plugins\np-mswmp.dllFF - plugin: C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\plugins\npConduitFirefoxPlugin.dllFF - plugin: C:\windows\SysWOW64\Adobe\Director\np32dsw.dllFF - ExtSQL: 2013-03-12 15:21; speedtestanalysis@SpeedAnalysis.com; C:\Users\User\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.comFF - ExtSQL: 2013-03-27 14:30; content_blocker@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.comFF - ExtSQL: 2013-03-27 14:30; url_advisor@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.comFF - ExtSQL: 2013-03-27 14:30; virtual_keyboard@kaspersky.com; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.comFF - ExtSQL: 2013-04-01 13:47; {F04D2D30-776C-4d02-8627-8E4385ECA58D}; C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgnFF - ExtSQL: 2013-04-21 12:20; {c8d3d585-9468-4853-8d02-a4b7adfbb1d7}; C:\Users\User\AppData\Roaming\Mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}FF - ExtSQL: !HIDDEN! 2013-03-12 15:21; speedtestanalysis@SpeedAnalysis.com; C:\Users\User\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com.============= SERVICES / DRIVERS ===============.R0 amd_sata;amd_sata;C:\Windows\System32\Drivers\amd_sata.sys [2012-7-24 79528]R0 amd_xata;amd_xata;C:\Windows\System32\Drivers\amd_xata.sys [2012-7-24 26280]R1 ccSet_NST;Norton Identity Safe Settings Manager;C:\Windows\System32\Drivers\NSTx64\7DD03030.013\ccsetx64.sys [2013-4-16 168096]R1 CLVirtualDrive;CLVirtualDrive;C:\Windows\System32\Drivers\CLVirtualDrive.sys [2012-11-21 92536]R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\Drivers\klim6.sys [2012-8-2 28504]R1 klwfp;klwfp;C:\Windows\System32\Drivers\klwfp.sys [2012-8-3 50088]R1 kneps;kneps;C:\Windows\System32\Drivers\kneps.sys [2012-8-13 178008]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-8-9 239616]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-8-8 361984]R2 APXACC;AppEx Networks Accelerator LWF;C:\Windows\System32\Drivers\appexDrv.sys [2012-11-21 199008]R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe [2012-8-17 356376]R2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [2013-4-11 93984]R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-8-10 85504]R2 hpsrv;HP Service;C:\Windows\System32\hpservice.exe [2012-8-10 29600]R2 HPWMISVC;HPWMISVC;C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2012-7-9 35232]R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-11-21 2451456]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-14 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-14 701512]R2 MemeoBackgroundService;MemeoBackgroundService;C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe [2011-5-4 25824]R2 NCO;Norton Identity Safe;C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccsvchst.exe [2013-4-16 144520]R2 SeagateDashboardService;Seagate Dashboard Service;C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe [2012-10-15 14752]R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\Drivers\AtihdW86.sys [2012-7-18 98472]R3 BtAudioBusSrv;IVT Bluetooth Audio Bus Service;C:\Windows\System32\Drivers\BtAudioBus.sys [2012-6-15 23136]R3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;C:\Windows\System32\Drivers\BtL2caScoIf.sys [2012-7-19 56904]R3 BthLEEnum;Bluetooth Low Energy Driver;C:\Windows\System32\Drivers\BthLEEnum.sys [2012-7-25 202752]R3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;C:\Windows\System32\Drivers\IvtUrbBtFlt.sys [2012-8-9 48736]R3 klkbdflt;Kaspersky Lab KLKBDFLT;C:\Windows\System32\Drivers\klkbdflt.sys [2012-10-25 29016]R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\Drivers\klmouflt.sys [2012-10-25 29528]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\Drivers\mbam.sys [2013-4-14 25928]R3 netr28x;Ralink 802.11n Extensible Wireless Driver;C:\Windows\System32\Drivers\netr28x.sys [2012-11-21 1958984]R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\Windows\System32\Drivers\RtsP2Stor.sys [2012-11-21 269968]R3 rtbth;RTBTH Bluetooth Device Driver;C:\Windows\System32\Drivers\rtbth.sys [2012-8-9 695392]R3 RTL8168;Realtek 8168 NT Driver;C:\Windows\System32\Drivers\Rt630x64.sys [2012-11-21 690832]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\Drivers\usbfilter.sys [2012-11-21 57000]R3 WirelessButtonDriver;HP Wireless Button Driver Service;C:\Windows\System32\Drivers\WirelessButtonDriver64.sys [2012-8-3 20288]S0 klelam;klelam;C:\Windows\System32\Drivers\klelam.sys [2012-7-27 29616]S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]S3 iaStorA;iaStorA;C:\Windows\System32\Drivers\iaStorA.sys [2012-7-31 645952]S3 SmbDrv;SmbDrv;C:\Windows\System32\Drivers\Smb_driver_AMDASF.sys [2012-11-21 41272]S3 SmbDrvI;SmbDrvI;C:\Windows\System32\Drivers\Smb_driver_Intel.sys [2012-11-21 43832]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]S3 WUDFWpdMtp;WUDFWpdMtp;C:\Windows\System32\Drivers\WUDFRd.sys [2012-7-25 198656].=============== Created Last 30 ================.2013-04-21 16:21:58 -------- d-----w- C:\Program Files (x86)\Conduit2013-04-21 16:21:55 -------- d-----w- C:\Users\User\AppData\Local\Conduit2013-04-21 16:21:43 -------- d-----w- C:\Users\User\AppData\Local\CRE2013-04-21 16:21:09 -------- d-----w- C:\Program Files (x86)\SearchProtect2013-04-21 16:20:59 -------- d-----w- C:\Users\User\AppData\Roaming\SearchProtect2013-04-18 20:25:22 193200 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10199.bin2013-04-16 12:22:48 168096 ----a-w- C:\Windows\System32\drivers\NSTx64\7DD03030.013\ccsetx64.sys2013-04-16 12:22:45 -------- d-----w- C:\Windows\System32\drivers\NSTx64\7DD03030.0132013-04-16 02:02:58 1149952 ----a-w- C:\Windows\System32\winmde.dll2013-04-14 19:54:43 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys2013-04-14 19:54:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware2013-04-11 15:12:06 3958784 ----a-w- C:\Windows\System32\jscript9.dll2013-04-11 15:12:02 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-04-11 15:12:01 2240512 ----a-w- C:\Windows\System32\wininet.dll2013-04-11 13:44:59 6991592 ----a-w- C:\Windows\System32\ntoskrnl.exe2013-04-11 00:17:05 4041728 ----a-w- C:\Windows\System32\win32k.sys2013-04-10 23:09:37 1011200 ----a-w- C:\Windows\System32\reseteng.dll2013-04-10 23:09:36 375808 ----a-w- C:\Windows\SysWow64\ReAgent.dll2013-04-09 04:41:49 -------- d-----w- C:\Program Files\iPod2013-04-09 04:41:48 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692013-04-09 04:41:48 -------- d-----w- C:\Program Files\iTunes2013-04-09 04:41:48 -------- d-----w- C:\Program Files (x86)\iTunes2013-04-09 04:37:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin7.dll2013-04-09 04:37:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin6.dll2013-04-09 04:37:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin5.dll2013-04-09 04:37:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin4.dll2013-04-09 04:37:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin3.dll2013-04-09 04:37:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin2.dll2013-04-09 04:37:39 159744 ----a-w- C:\Program Files\Internet Explorer\Plugins\npqtplugin.dll2013-03-31 18:06:51 -------- d-----w- C:\Users\User\AppData\Roaming\Malwarebytes2013-03-31 18:06:45 -------- d-----w- C:\ProgramData\Malwarebytes2013-03-27 17:04:21 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{AE54DA79-B569-4A64-9A34-1CE8B70BE98A}\mpengine.dll2013-03-27 16:59:32 64856 ----a-w- C:\Windows\System32\klfphc.dll2013-03-27 16:57:53 -------- d-----w- C:\ProgramData\Kaspersky Lab2013-03-27 16:57:53 -------- d-----w- C:\Program Files (x86)\Kaspersky Lab2013-03-27 16:57:34 89944 ----a-w- C:\Windows\System32\drivers\klflt.sys2013-03-27 16:40:17 273840 ------w- C:\Windows\System32\MpSigStub.exe2013-03-27 16:34:15 -------- d-----w- C:\Windows\System32\drivers\NSTx642013-03-27 16:34:15 -------- d-----w- C:\Program Files (x86)\Norton Identity Safe.==================== Find3M ====================.2013-04-11 14:22:56 421200 ----a-w- C:\Windows\SysWow64\msvcp100.dll2013-04-02 22:08:01 78176 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2013-04-02 22:08:01 692576 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2013-03-27 18:30:11 50088 ----a-w- C:\Windows\System32\drivers\klwfp.sys2013-03-27 18:30:11 29016 ----a-w- C:\Windows\System32\drivers\klkbdflt.sys2013-03-12 19:28:21 1409 ----a-w- C:\Windows\QTFont.for2013-03-02 10:57:48 337128 ----a-w- C:\Windows\System32\drivers\USBXHCI.SYS2013-03-02 10:57:46 77544 ----a-w- C:\Windows\System32\drivers\storahci.sys2013-03-02 10:57:46 332520 ----a-w- C:\Windows\System32\drivers\storport.sys2013-03-02 10:57:46 283880 ----a-w- C:\Windows\System32\drivers\spaceport.sys2013-03-02 10:45:20 148712 ----a-w- C:\Windows\System32\drivers\tpm.sys2013-03-02 10:45:19 194792 ----a-w- C:\Windows\System32\drivers\sdbus.sys2013-03-02 10:45:10 125160 ----a-w- C:\Windows\System32\drivers\dumpsd.sys2013-03-02 10:39:39 495336 ----a-w- C:\Windows\System32\drivers\vhdmp.sys2013-03-02 10:39:38 69864 ----a-w- C:\Windows\System32\drivers\pdc.sys2013-03-02 10:39:32 327912 ----a-w- C:\Windows\System32\drivers\Classpnp.sys2013-03-02 09:59:37 2231528 ----a-w- C:\Windows\System32\drivers\tcpip.sys2013-03-02 09:59:36 411880 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS2013-03-02 08:24:08 34304 ----a-w- C:\Windows\SysWow64\wuapp.exe2013-03-02 08:23:43 83968 ----a-w- C:\Windows\SysWow64\wudriver.dll2013-03-02 08:23:43 125952 ----a-w- C:\Windows\SysWow64\wuwebv.dll2013-03-02 08:23:30 893952 ----a-w- C:\Windows\SysWow64\winmde.dll2013-03-02 08:23:30 1338880 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll2013-03-02 08:23:28 601088 ----a-w- C:\Windows\SysWow64\Windows.Globalization.dll2013-03-02 08:23:28 504320 ----a-w- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll2013-03-02 08:23:19 8857088 ----a-w- C:\Windows\SysWow64\twinui.dll2013-03-02 08:23:19 246784 ----a-w- C:\Windows\SysWow64\ubpm.dll2013-03-02 08:23:04 356352 ----a-w- C:\Windows\SysWow64\SettingSync.dll2013-03-02 08:23:04 100864 ----a-w- C:\Windows\SysWow64\SettingSyncInfo.dll2013-03-02 08:22:36 357888 ----a-w- C:\Windows\SysWow64\netcfgx.dll2013-03-02 08:22:32 5091840 ----a-w- C:\Windows\SysWow64\mstscax.dll2013-03-02 08:22:18 361984 ----a-w- C:\Windows\SysWow64\MFMediaEngine.dll2013-03-02 08:22:17 850944 ----a-w- C:\Windows\SysWow64\mfasfsrcsnk.dll2013-03-02 08:21:56 550912 ----a-w- C:\Windows\SysWow64\drvstore.dll2013-03-02 08:21:52 36352 ----a-w- C:\Windows\SysWow64\DevDispItemProvider.dll2013-03-02 08:21:40 309760 ----a-w- C:\Windows\SysWow64\BCP47Langs.dll2013-03-02 08:21:39 2033664 ----a-w- C:\Windows\SysWow64\authui.dll2013-03-02 08:21:32 145408 ----a-w- C:\Windows\SysWow64\powercfg.cpl2013-03-02 02:44:59 448512 ----a-w- C:\Windows\System32\SettingSync.dll2013-03-02 02:44:59 128512 ----a-w- C:\Windows\System32\SettingSyncInfo.dll2013-03-02 02:44:41 455168 ----a-w- C:\Windows\System32\netcfgx.dll2013-03-02 02:44:41 117248 ----a-w- C:\Windows\System32\NdisImPlatform.dll2013-03-02 02:44:38 5978624 ----a-w- C:\Windows\System32\mstscax.dll2013-03-02 02:44:30 468992 ----a-w- C:\Windows\System32\MFMediaEngine.dll2013-03-02 02:44:29 1048576 ----a-w- C:\Windows\System32\mfasfsrcsnk.dll2013-03-02 02:44:08 703488 ----a-w- C:\Windows\System32\drvstore.dll2013-03-02 02:44:07 150016 ----a-w- C:\Windows\System32\discan.dll2013-03-02 02:44:05 49152 ----a-w- C:\Windows\System32\DevDispItemProvider.dll2013-03-02 02:43:59 1933312 ----a-w- C:\Windows\System32\wbem\cimwin32.dll2013-03-02 02:43:56 389120 ----a-w- C:\Windows\System32\BCP47Langs.dll2013-03-02 02:43:55 2302464 ----a-w- C:\Windows\System32\authui.dll2013-03-02 02:43:51 2146304 ----a-w- C:\Windows\System32\actxprxy.dll2013-03-02 02:43:50 156160 ----a-w- C:\Windows\System32\powercfg.cpl2013-03-02 02:15:53 26112 ----a-w- C:\Windows\System32\drivers\mouhid.sys2013-03-01 04:56:33 156672 ----a-w- C:\Windows\System32\drivers\rfcomm.sys2013-03-01 04:56:18 30720 ----a-w- C:\Windows\System32\drivers\monitor.sys2013-03-01 04:55:37 1175040 ----a-w- C:\Windows\System32\drivers\bthport.sys2013-02-21 10:30:16 1766912 ----a-w- C:\Windows\SysWow64\wininet.dll2013-02-21 10:29:37 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll2013-02-21 10:29:37 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll2013-02-21 10:15:00 915968 ----a-w- C:\Windows\System32\uxtheme.dll2013-02-21 10:14:05 136704 ----a-w- C:\Windows\System32\iesysprep.dll2013-02-19 09:53:00 534528 ----a-w- C:\Windows\SysWow64\uxtheme.dll2013-02-15 07:58:59 39936 ----a-w- C:\Windows\apppatch\apppatch64\acspecfc.dll2013-02-15 06:35:40 444416 ----a-w- C:\Windows\apppatch\AcSpecfc.dll2013-02-12 01:30:04 44032 ----a-w- C:\Windows\SysWow64\UXInit.dll2013-02-12 00:56:19 53760 ----a-w- C:\Windows\System32\UXInit.dll2013-02-12 00:17:50 20992 ----a-w- C:\Windows\System32\drivers\usb8023.sys2013-02-07 01:33:01 754176 ----a-w- C:\Windows\SysWow64\actxprxy.dll2013-02-05 22:31:11 622080 ----a-w- C:\Windows\System32\drivers\srv2.sys2013-02-05 22:29:09 370688 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys2013-02-05 22:28:48 247808 ----a-w- C:\Windows\System32\drivers\srvnet.sys2013-02-05 22:28:36 215552 ----a-w- C:\Windows\System32\drivers\mrxsmb20.sys2013-02-02 11:19:44 496872 ----a-w- C:\Windows\System32\drivers\usbhub.sys2013-02-02 11:19:44 446184 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS2013-02-02 11:19:33 61672 ----a-w- C:\Windows\System32\drivers\crashdmp.sys2013-02-02 10:54:54 1933544 ----a-w- C:\Windows\System32\drivers\ntfs.sys2013-02-02 10:28:54 993512 ----a-w- C:\Windows\System32\drivers\ndis.sys2013-02-02 09:42:07 2207232 ----a-w- C:\Windows\SysWow64\PrintConfig.dll2013-02-02 08:40:58 375808 ----a-w- C:\Windows\SysWow64\wbem\WmiPrvSE.exe2013-02-02 08:40:55 80896 ----a-w- C:\Windows\SysWow64\tasklist.exe2013-02-02 08:40:55 79360 ----a-w- C:\Windows\SysWow64\taskkill.exe2013-02-02 08:40:36 155136 ----a-w- C:\Windows\SysWow64\XpsRasterService.dll2013-02-02 08:40:35 370688 ----a-w- C:\Windows\SysWow64\WWanAPI.dll2013-02-02 08:40:27 131072 ----a-w- C:\Windows\SysWow64\wbem\WmiDcPrv.dll2013-02-02 08:40:26 410624 ----a-w- C:\Windows\SysWow64\wlroamextension.dll2013-02-02 08:40:22 197632 ----a-w- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll2013-02-02 08:40:22 10792448 ----a-w- C:\Windows\SysWow64\Windows.UI.Xaml.dll2013-02-02 08:39:59 325632 ----a-w- C:\Windows\SysWow64\schannel.dll2013-02-02 08:39:47 18432 ----a-w- C:\Windows\SysWow64\npmproxy.dll2013-02-02 08:39:34 55296 ----a-w- C:\Windows\SysWow64\nlaapi.dll2013-02-02 08:39:34 15872 ----a-w- C:\Windows\SysWow64\nlmproxy.dll2013-02-02 08:39:34 12288 ----a-w- C:\Windows\SysWow64\nlmsprep.dll2013-02-02 08:39:33 115712 ----a-w- C:\Windows\SysWow64\netprofm.dll2013-02-02 08:39:15 157696 ----a-w- C:\Windows\SysWow64\mbsmsapi.dll2013-02-02 08:38:54 567808 ----a-w- C:\Windows\SysWow64\duser.dll2013-02-02 08:24:19 107520 ----a-w- C:\Windows\System32\taskkill.exe2013-02-02 08:24:19 102400 ----a-w- C:\Windows\System32\tasklist.exe2013-02-02 08:23:44 228352 ----a-w- C:\Windows\System32\XpsRasterService.dll2013-02-02 08:23:43 475136 ----a-w- C:\Windows\System32\WWanAPI.dll.============= FINISH: 22:49:05.46 =============== Link to post Share on other sites More sharing options...
Staff gringo_pr Posted April 22, 2013 Staff ID:672653 Share Posted April 22, 2013 Hello historybuff77 I would like to welcome you to the Malware Removal section of the forum.Around here they call me Gringo and I will be glad to help you with your malware problems.Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!Please do not run any tools unless instructed to do so.We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.[*]Please do not attach logs or use code boxes, just copy and paste the text.Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.[*]Please read every post completely before doing anything.Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.[*]Please provide feedback about your experience as we go.A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.-Security Check-Download Security Check by screen317 from here.Save it to your Desktop.Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.A Notepad document should open automatically called checkup.txt; please post the contents of that document.-AdwCleaner-Please download AdwCleaner by Xplode onto your desktop.Close all open programs and internet browsers.Double click on AdwCleaner.exe to run the tool.Click on Delete.Confirm each time with Ok.Your computer will be rebooted automatically. A text file will open after the restart.Please post the content of that logfile with your next answer.You can find the logfile at C:\AdwCleaner[s1].txt as well.--RogueKiller-- Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit Quit all programs that you may have started. Please disconnect any USB or external drives from the computer before you run this scan! For Vista or Windows 7, right-click and select "Run as Administrator to start"For Windows XP, double-click to start. Wait until Prescan has finished ... Then Click on "Scan" button Wait until the Status box shows "Scan Finished"click on "delete" Wait until the Status box shows "Deleting Finished" Click on "Report" and copy/paste the content of the Notepad into your next reply.The log should be found in RKreport[1].txt on your DesktopExit/Close RogueKiller+Gringo Link to post Share on other sites More sharing options...
historybuff77 Posted April 22, 2013 Author ID:672663 Share Posted April 22, 2013 Hi Gringo,Thanks for your help. Here you go: Results of screen317's Security Check version 0.99.62 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Kaspersky Anti-Virus Windows Defender Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Mozilla Firefox (20.0) Google Chrome 26.0.1410.43 Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Kaspersky Lab Kaspersky Anti-Virus 2013 avp.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: % ````````````````````End of Log`````````````````````` # AdwCleaner v2.201 - Logfile created 04/21/2013 at 23:08:54# Updated 21/04/2013 by Xplode# Operating system : Windows 8 (64 bits)# User : User - LAPTOP-PC# Boot Mode : Normal# Running from : C:\Users\User\Desktop\adwcleaner (1).exe# Option [search]***** [services] *****Found : CltMngSvc***** [Files / Folders] *****File Found : C:\ENDFolder Found : C:\Program Files (x86)\ConduitFolder Found : C:\Program Files (x86)\SearchProtect***** [Registry] *****Key Found : HKCU\Software\AppDataLow\Software\ConduitKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\SearchProtectKey Found : HKCU\Software\SoftonicKey Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287823Key Found : HKLM\Software\ConduitKey Found : HKLM\Software\SearchProtectKey Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtectValue Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchprotect]Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]***** [internet Browsers] *****-\\ Internet Explorer v10.0.9200.16537[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com/?ctid=CT3287823&octid=CT3287823&SearchSource=61&CUI=UN29734059351284316&UM=2&UP=SPA5937323-AD3E-4253-9C99-F0971140BA5D-\\ Mozilla Firefox v20.0 (en-US)-\\ Google Chrome v26.0.1410.64*************************AdwCleaner[R1].txt - [1424 octets] - [31/03/2013 15:57:11]AdwCleaner[R2].txt - [771 octets] - [01/04/2013 11:57:50]AdwCleaner[R3].txt - [830 octets] - [01/04/2013 13:44:01]AdwCleaner[R4].txt - [986 octets] - [09/04/2013 23:34:07]AdwCleaner[R5].txt - [1833 octets] - [21/04/2013 23:08:54]AdwCleaner[s1].txt - [1350 octets] - [31/03/2013 15:58:13]AdwCleaner[s2].txt - [889 octets] - [01/04/2013 13:45:05]AdwCleaner[s3].txt - [1045 octets] - [09/04/2013 23:34:28]########## EOF - C:\AdwCleaner[R5].txt - [2072 octets] ##########RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzymail : tigzyRK<at>gmail<dot>comFeedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/Website : http://tigzy.geekstogo.com/roguekiller.phpBlog : http://tigzyrk.blogspot.com/Operating System : Windows 8 (6.2.9200 ) 64 bits versionStarted in : Normal modeUser : User [Admin rights]Mode : Scan -- Date : 04/21/2013 23:14:45| ARK || FAK || MBR |¤¤¤ Bad processes : 1 ¤¤¤[sUSP PATH] cltmng.exe -- C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe [7] -> KILLED [TermProc]¤¤¤ Registry Entries : 2 ¤¤¤[RUN][sUSP PATH] HKCU\[...]\Run : SearchProtect (C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND[RUN][sUSP PATH] HKUS\S-1-5-21-3731889160-3860413392-410561627-1002[...]\Run : SearchProtect (C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe) [7] -> FOUND¤¤¤ Particular Files / Folders: ¤¤¤¤¤¤ Driver : [NOT LOADED] ¤¤¤¤¤¤ HOSTS File: ¤¤¤--> C:\Windows\system32\drivers\etc\hosts127.0.0.1 localhost¤¤¤ MBR Check: ¤¤¤+++++ PhysicalDrive0: TOSHIBA MQ01ABD075 SATA Disk Device +++++--- User ---[MBR] 9c9b2669875350b52edfd94c450c6197[bSP] 1f18f6bde0f1cc21fbbaaa1891dbc946 : Empty MBR CodePartition table:0 - [XXXXXX] UNKNOWN (0xee) [VISIBLE] Offset (sectors): 1 | Size: 715404 MoUser = LL1 ... OK!User = LL2 ... OK!Finished : << RKreport[1]_S_04212013_02d2314.txt >>RKreport[1]_S_04212013_02d2314.txt Link to post Share on other sites More sharing options...
Staff gringo_pr Posted April 22, 2013 Staff ID:672664 Share Posted April 22, 2013 Hello historybuff77 I Would like you to do the following.Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.Run Combofix:You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<Combofix may need to reboot your computer more than once to do its job this is normal.You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.Link 1Link 2Link 3 1. Close any open browsers or any other programs that are open.2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.Double click on combofix.exe & follow the prompts. When finished, it will produce a report for you. Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stallNote 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer"information and logs"In your next post I need the followingLog from Combofixlet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
historybuff77 Posted April 22, 2013 Author ID:672838 Share Posted April 22, 2013 Hi Gringo. Two things. I think I tried ComboFix for a previous infection that was treated through this forum and it didn't work on Windows 8. Also, when I tried downloading the file it showed up as a suspected malicious file.Thanks! Link to post Share on other sites More sharing options...
Staff gringo_pr Posted April 22, 2013 Staff ID:672898 Share Posted April 22, 2013 Hello historybuff77 Lets get a deeper look into the system and lets see if something shows up.Download and run OTLDownload OTL by Old Timer and save it to your Desktop.Double click on OTL.exe to run it.Under Output, ensure that Minimal Output is selected.Under Extra Registry section, select Use SafeList.Click the Scan All Users checkbox.Click on Run Scan at the top left hand corner.When done, two Notepad files will open.OTL.txt <-- Will be opened and the that I need posted back hereExtra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later[*]Please post the contents of OTL.txt in your next reply.Gringo Link to post Share on other sites More sharing options...
historybuff77 Posted April 22, 2013 Author ID:672910 Share Posted April 22, 2013 Here you go:OTL logfile created on: 2013-04-22 7:32:16 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16540)Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd7.47 Gb Total Physical Memory | 5.49 Gb Available Physical Memory | 73.43% Memory free14.97 Gb Paging File | 12.48 Gb Available in Paging File | 83.34% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 672.80 Gb Total Space | 538.16 Gb Free Space | 79.99% Space Free | Partition Type: NTFSDrive D: | 25.07 Gb Total Space | 2.97 Gb Free Space | 11.84% Space Free | Partition Type: NTFSComputer Name: LAPTOP-PC | User Name: User | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Processes (SafeList) ==========PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)PRC - C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)PRC - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)PRC - C:\Program Files (x86)\Google\Update\1.3.21.135\GoogleCrashHandler.exe (Google Inc.)PRC - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccsvchst.exe (Symantec Corporation)PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exe (Memeo)PRC - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\klwtblfs.exe (Kaspersky Lab ZAO)PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)PRC - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink)PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)PRC - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe (CyberLink)PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)PRC - C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)PRC - C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe ()PRC - C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exe (Axentra Corporation)========== Modules (No Company Name) ==========MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\4e0b80cd44dbb1d3b283aea5496da8e9\Microsoft.VisualBasic.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\d9b1eab5c18e51eaf4acc4894df0f223\System.ServiceProcess.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\514763136e7ea4730f5fb8120b6bbb30\System.Web.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\e2f7dbe3bf08df200a4cdcf2e0eb82fa\System.Runtime.Remoting.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\8ba1dc2333b77df45f48b901493087a6\Accessibility.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\644cb8dc7b37a1eec15f542da9846d0c\System.Data.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll ()MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll ()MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()MOD - C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.SeagateSharePlusPlugin.dll ()MOD - C:\Program Files (x86)\Seagate\Seagate Dashboard\Memeo.Progress.dll ()MOD - C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.VideoTutorialsPlugin.dll ()MOD - C:\Program Files (x86)\Seagate\Seagate Dashboard\Plugins\Memeo.Dashboard.TroubleshootingPlugin.dll ()MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll ()MOD - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll ()MOD - C:\Windows\SysWOW64\BsExtendFunc.dll ()MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()MOD - C:\Windows\SysWOW64\BsProfileFunc.dll ()MOD - C:\Windows\SysWOW64\BsTrace.dll ()MOD - C:\Windows\SysWOW64\SCChangeMonitor.dll ()MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll ()MOD - C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll ()MOD - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\wincfi39.dll ()MOD - C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.UI.dll ()MOD - C:\Program Files (x86)\Memeo\AutoBackup\Memeo.Client.DriveDetection.dll ()MOD - C:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exe ()MOD - C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libxml2.dll ()MOD - C:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\libupnp.dll ()MOD - C:\Program Files (x86)\Memeo\AutoBackup\sqlite3.dll ()========== Services (SafeList) ==========SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation)SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)SRV - (AVP) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)SRV - (NCO) -- C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exe (Symantec Corporation)SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation)SRV - (SeagateDashboardService) -- C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exe (Memeo)SRV - (HP Support Assistant Service) -- C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe (Hewlett-Packard Company)SRV - (BlueSoleilCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe (IVT Corporation)SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)SRV - (BsHelpCS) -- C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exe (IVT Corporation)SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.)SRV - (MemeoBackgroundService) -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe (Memeo)SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)========== Driver Services (SafeList) ==========DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation)DRV:64bit: - (KLIF) -- C:\Windows\SysNative\Drivers\klif.sys (Kaspersky Lab)DRV:64bit: - (klwfp) -- C:\Windows\SysNative\Drivers\klwfp.sys (Kaspersky Lab ZAO)DRV:64bit: - (klkbdflt) -- C:\Windows\SysNative\Drivers\klkbdflt.sys (Kaspersky Lab)DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation)DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation)DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation)DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation)DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation)DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation)DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation)DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation)DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation)DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation)DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation)DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.)DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation)DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation)DRV:64bit: - (ccSet_NST) -- C:\Windows\SysNative\Drivers\NSTx64\7DD03030.013\ccsetx64.sys (Symantec Corporation)DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation)DRV:64bit: - (klmouflt) -- C:\Windows\SysNative\Drivers\klmouflt.sys (Kaspersky Lab)DRV:64bit: - (Dot4Scan) -- C:\Windows\SysNative\Drivers\Dot4Scan.sys (Microsoft Corporation)DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation)DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation)DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation)DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation)DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation)DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation)DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation)DRV:64bit: - (SynTP) -- C:\Windows\SysNative\Drivers\SynTP.sys (Synaptics Incorporated)DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\Drivers\Smb_driver_Intel.sys (Synaptics Incorporated)DRV:64bit: - (SmbDrv) -- C:\Windows\SysNative\Drivers\Smb_driver_AMDASF.sys (Synaptics Incorporated)DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)DRV:64bit: - (kneps) -- C:\Windows\SysNative\Drivers\kneps.sys (Kaspersky Lab)DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\Drivers\Accelerometer.sys (Hewlett-Packard Company)DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\Drivers\hpdskflt.sys (Hewlett-Packard Company)DRV:64bit: - (rtbth) -- C:\Windows\SysNative\Drivers\rtbth.sys (Ralink Technology, Corp.)DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.)DRV:64bit: - (netr28x) -- C:\Windows\SysNative\Drivers\netr28x.sys (Ralink Technology, Corp.)DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.)DRV:64bit: - (btUrbFilterDrv) -- C:\Windows\SysNative\Drivers\IvtUrbBtFlt.sys (Ralink Corporation)DRV:64bit: - (WirelessButtonDriver) -- C:\Windows\SysNative\Drivers\WirelessButtonDriver64.sys (Hewlett-Packard Development Company, L.P.)DRV:64bit: - (KLIM6) -- C:\Windows\SysNative\Drivers\klim6.sys (Kaspersky Lab ZAO)DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\Drivers\iaStorA.sys (Intel Corporation)DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek )DRV:64bit: - (klelam) -- C:\Windows\SysNative\Drivers\klelam.sys (Kaspersky Lab)DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation)DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation)DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation)DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation)DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation)DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.)DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.)DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation)DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation)DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company)DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation)DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation)DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.)DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI)DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices)DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices)DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation)DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation)DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation)DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation)DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation)DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation)DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation)DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation)DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation)DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation)DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation)DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation)DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation)DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation)DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation)DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation)DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation)DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation)DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation)DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation)DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation)DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation)DRV:64bit: - (BthLEEnum) -- C:\Windows\SysNative\Drivers\BthLEEnum.sys (Microsoft Corporation)DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation)DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation)DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation)DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\Drivers\amd_sata.sys (Advanced Micro Devices)DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\Drivers\amd_xata.sys (Advanced Micro Devices)DRV:64bit: - (STHDA) -- C:\Windows\SysNative\Drivers\stwrt64.sys (IDT, Inc.)DRV:64bit: - (BthL2caScoIfSrv) -- C:\Windows\SysNative\Drivers\BtL2caScoIf.sys (Ralink Corporation)DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\Drivers\AtihdW86.sys (Advanced Micro Devices)DRV:64bit: - (RSP2STOR) -- C:\Windows\SysNative\Drivers\RtsP2Stor.sys (Realtek Semiconductor Corp.)DRV:64bit: - (CLVirtualDrive) -- C:\Windows\SysNative\Drivers\CLVirtualDrive.sys (CyberLink)DRV:64bit: - (APXACC) -- C:\Windows\SysNative\Drivers\appexDrv.sys (AppEx Networks Corporation)DRV:64bit: - (kl1) -- C:\Windows\SysNative\Drivers\kl1.sys (Kaspersky Lab ZAO)DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\Drivers\usbfilter.sys (Advanced Micro Devices)DRV:64bit: - (BtAudioBusSrv) -- C:\Windows\SysNative\Drivers\BtAudioBus.sys (IVT Corporation)DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation)========== Standard Registry (SafeList) ==================== Internet Explorer ==========IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSIE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}IE:64bit: - HKLM\..\SearchScopes\{ECD5D19E-F577-4A6F-9DF0-BC36C80A769F}: "URL" = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmIE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blankIE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSIE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}IE - HKLM\..\SearchScopes\{ECD5D19E-F577-4A6F-9DF0-BC36C80A769F}: "URL" = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4IE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT3287823&octid=CT3287823&SearchSource=61&CUI=UN29734059351284316&UM=2&UP=SPA5937323-AD3E-4253-9C99-F0971140BA5DIE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=HPNTDFJSIE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_en-GBCA516IE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDFIE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = http://rover.ebay.com/rover/1/706-156705-11896-0/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}IE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\..\SearchScopes\{ECD5D19E-F577-4A6F-9DF0-BC36C80A769F}: "URL" = http://www.amazon.ca/s/ref=azs_osd_ieaca?ie=UTF-8&tag=hp-ca2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}IE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0========== FireFox ==========FF - prefs.js..CT3287823.browser.search.defaultthis.engineName: "true"FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V9 Customized Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287823&CUI=UN21880024042243823&UM=2&SearchSource=3&q={searchTerms}"FF - prefs.js..browser.search.selectedEngine: "MixiDJ V9 Customized Web Search"FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3287823&octid=CT3287823&SearchSource=61&CUI=UN21880024042243823&UM=2&UP=SPA5937323-AD3E-4253-9C99-F0971140BA5D"FF - prefs.js..extensions.enabledAddons: %7Bc8d3d585-9468-4853-8d02-a4b7adfbb1d7%7D:10.15.2.23FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287823&SearchSource=2&CUI=UN21880024042243823&UM=2&q="FF - user.js - File not foundFF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not foundFF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\speedtestanalysis@SpeedAnalysis.com: C:\Users\User\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com [2013-03-12 15:21:02 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F04D2D30-776C-4d02-8627-8E4385ECA58D}: C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2013.3.0.26\coFFPlgn\ [2013-04-01 13:47:13 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013-03-27 14:30:12 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013-03-27 14:30:13 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013-03-27 14:30:12 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013-04-21 12:21:13 | 000,000,000 | ---D | M]FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\pluginsFF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\speedtestanalysis@SpeedAnalysis.com: C:\Users\User\AppData\Roaming\Mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com [2013-03-12 15:21:02 | 000,000,000 | ---D | M][2013-03-12 15:21:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions[2013-03-12 15:21:02 | 000,000,000 | ---D | M] (Speed Test Analysis) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\speedtestanalysis@SpeedAnalysis.com[2013-04-21 12:20:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions[2013-04-21 12:20:59 | 000,000,000 | ---D | M] (MixiDJ V9) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}[2013-04-21 12:20:59 | 000,000,995 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ei4gauue.default\searchplugins\conduit.xml[2013-04-02 11:25:45 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions[2013-03-26 22:18:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll[2013-03-26 22:17:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml[2013-03-26 22:17:52 | 000,002,086 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\twitter.xml========== Chrome ==========CHR - default_search_provider: Google (Enabled)CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}CHR - homepage: https://www.google.ca/CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dllCHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewerCHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dllCHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dllCHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dllCHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dllCHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllCHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dllCHR - plugin: Shockwave for Director (Enabled) = C:\windows\SysWOW64\Adobe\Director\np32dsw.dllCHR - Extension: Google Docs = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\CHR - Extension: Google Drive = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\CHR - Extension: YouTube = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\CHR - Extension: Google Search = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\CHR - Extension: Kaspersky URL Advisor = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj\13.0.1.4190_0\CHR - Extension: Content Blocker = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\hghkgaeecgjhjkannahfamoehjmkjail\13.0.1.4190_0\CHR - Extension: Virtual Keyboard = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh\13.0.1.4190_0\CHR - Extension: Gmail = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\O1 HOSTS File: ([2013-04-01 11:53:59 | 000,000,841 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hostsO1 - Hosts: 127.0.0.1 localhostO2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)O2 - BHO: (Speed Test Analysis) - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dll (SpeedAnalysis.com)O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)O2 - BHO: (Norton Identity Protection) - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\coieplg.dll (Symantec Corporation)O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)O2 - BHO: (HP Network Check Helper) - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll (Hewlett-Packard)O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O3 - HKLM\..\Toolbar: (Norton Identity Safe Toolbar) - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\coieplg.dll (Symantec Corporation)O3:64bit: - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)O4:64bit: - HKLM..\Run: [sysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe (Kaspersky Lab ZAO)O4 - HKLM..\Run: [btTray] C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe (IVT Corporation)O4 - HKLM..\Run: [CLVirtualDrive] C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe (CyberLink Corp.)O4 - HKLM..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe (Hewlett-Packard Development Company, L.P.)O4 - HKLM..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe (Memeo Inc.)O4 - HKLM..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe (Memeo Inc.)O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)O4 - HKLM..\Run: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe ()O4 - HKLM..\Run: [searchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)O4 - HKLM..\Run: [startCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)O4 - HKU\S-1-5-21-3731889160-3860413392-410561627-1002..\Run: [searchProtect] C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3O9:64bit: - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)O9:64bit: - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)O9 - Extra Button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)O9 - Extra Button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe (Hewlett-Packard)O9 - Extra Button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)O1364bit: - gopher Prefix: missingO13 - gopher Prefix: missingO17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0327BF37-553C-4D09-8230-9F5D50667E24}: DhcpNameServer = 64.71.255.204 64.71.255.198O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{53677ED1-0FBD-40FF-9C76-3CAB33DE80AE}: DhcpNameServer = 192.168.0.1O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)O30 - LSA: Security Packages - (livessp) - File not foundO32 - HKLM CDRom: AutoRun - 1O34 - HKLM BootExecute: (autocheck autochk *)O35:64bit: - HKLM\..comfile [open] -- "%1" %*O35:64bit: - HKLM\..exefile [open] -- "%1" %*O35 - HKLM\..comfile [open] -- "%1" %*O35 - HKLM\..exefile [open] -- "%1" %*O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*O37 - HKLM\...com [@ = comfile] -- "%1" %*O37 - HKLM\...exe [@ = exefile] -- "%1" %*O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)========== Files/Folders - Created Within 30 Days ==========[2013-04-22 19:30:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe[2013-04-21 23:09:58 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK_Quarantine[2013-04-21 22:45:14 | 000,688,992 | R--- | C] (Swearware) -- C:\Users\User\Desktop\dds.com[2013-04-21 22:44:33 | 000,688,992 | ---- | C] (Swearware) -- C:\Users\User\Desktop\dds.scr[2013-04-21 12:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit[2013-04-21 12:21:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Conduit[2013-04-21 12:21:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\CRE[2013-04-21 12:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect[2013-04-21 12:20:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SearchProtect[2013-04-16 08:22:48 | 000,168,096 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\NSTx64\7DD03030.013\ccsetx64.sys[2013-04-16 08:22:45 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64\7DD03030.013[2013-04-15 22:03:10 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll[2013-04-15 22:03:07 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll[2013-04-15 22:03:06 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll[2013-04-15 22:03:05 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll[2013-04-15 22:03:03 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll[2013-04-15 22:03:02 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll[2013-04-15 22:03:02 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll[2013-04-15 22:03:01 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll[2013-04-15 22:03:01 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll[2013-04-15 22:03:01 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll[2013-04-15 22:03:01 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys[2013-04-15 22:03:00 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll[2013-04-15 22:02:58 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll[2013-04-15 22:02:57 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll[2013-04-15 22:02:56 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll[2013-04-15 22:02:56 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll[2013-04-15 22:02:55 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll[2013-04-15 22:02:53 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll[2013-04-15 22:02:53 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll[2013-04-15 22:02:53 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS[2013-04-15 22:02:53 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll[2013-04-15 22:02:53 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys[2013-04-15 22:02:53 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll[2013-04-15 22:02:53 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll[2013-04-15 22:02:52 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll[2013-04-15 22:02:52 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll[2013-04-15 22:02:52 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll[2013-04-15 22:02:52 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll[2013-04-15 22:02:52 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll[2013-04-15 22:02:51 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll[2013-04-15 22:02:51 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll[2013-04-15 22:02:51 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll[2013-04-15 22:02:51 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll[2013-04-15 22:02:51 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll[2013-04-15 22:02:49 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll[2013-04-15 22:02:48 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll[2013-04-15 22:02:48 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll[2013-04-15 22:02:48 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS[2013-04-15 22:02:48 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys[2013-04-15 22:02:48 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys[2013-04-15 22:02:48 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll[2013-04-15 22:02:48 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys[2013-04-15 22:02:48 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys[2013-04-15 22:02:48 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll[2013-04-15 22:02:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe[2013-04-15 22:02:48 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe[2013-04-15 22:02:48 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll[2013-04-15 22:02:47 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys[2013-04-15 22:02:47 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys[2013-04-15 22:02:46 | 000,240,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\fsquirt.exe[2013-04-15 22:02:46 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl[2013-04-15 22:02:46 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl[2013-04-15 22:02:45 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll[2013-04-15 22:02:45 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll[2013-04-15 22:02:45 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll[2013-04-15 22:02:45 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll[2013-04-15 22:02:45 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll[2013-04-15 22:02:45 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll[2013-04-15 22:02:45 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll[2013-04-15 22:02:45 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll[2013-04-15 22:02:45 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe[2013-04-15 22:02:45 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL[2013-04-15 22:02:45 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll[2013-04-15 22:02:45 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe[2013-04-15 22:02:45 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll[2013-04-15 22:02:45 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe[2013-04-14 15:54:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware[2013-04-14 15:54:43 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013-04-14 15:54:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware[2013-04-11 11:12:06 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll[2013-04-11 11:11:58 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll[2013-04-11 11:11:57 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll[2013-04-11 11:11:57 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll[2013-04-11 11:11:54 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll[2013-04-11 11:11:52 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe[2013-04-11 11:11:51 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll[2013-04-11 11:11:51 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll[2013-04-11 11:11:51 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll[2013-04-11 11:11:51 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll[2013-04-11 09:44:59 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe[2013-04-10 19:09:37 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll[2013-04-10 19:09:36 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll[2013-04-09 00:42:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes[2013-04-09 00:41:49 | 000,000,000 | ---D | C] -- C:\Program Files\iPod[2013-04-09 00:41:48 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes[2013-04-09 00:41:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes[2013-04-09 00:41:48 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69[2013-04-09 00:37:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime[2013-04-09 00:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime[2013-04-03 22:39:49 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\backups[2013-04-03 15:12:24 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe[2013-04-02 11:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome[2013-04-02 11:25:57 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Mozilla[2013-04-02 11:25:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla[2013-04-02 11:25:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service[2013-04-02 11:25:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox[2013-04-02 11:23:32 | 021,041,840 | ---- | C] (Mozilla) -- C:\Users\User\Desktop\Firefox Setup 20.0.exe[2013-04-02 11:15:53 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\RK Reports[2013-03-31 14:06:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes[2013-03-31 14:06:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes[2013-03-28 21:57:21 | 000,000,000 | ---D | C] -- C:\Windows\Minidump[2013-03-27 12:59:32 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll[2013-03-27 12:57:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab[2013-03-27 12:57:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab[2013-03-27 12:57:34 | 000,612,696 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys[2013-03-27 12:57:34 | 000,089,944 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys[2013-03-27 12:34:15 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\NSTx64[2013-03-27 12:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Identity Safe[2013-03-27 12:34:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton Identity Safe[2013-03-25 12:03:24 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\For Laura D========== Files - Modified Within 30 Days ==========[2013-04-22 19:30:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe[2013-04-22 19:23:33 | 000,000,821 | ---- | M] () -- C:\Windows\SysWow64\bscs.ini[2013-04-22 19:20:50 | 000,004,524 | ---- | M] () -- C:\Windows\SysWow64\LOCALSERVICE.INI[2013-04-22 19:20:45 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job[2013-04-22 19:20:17 | 000,000,043 | ---- | M] () -- C:\Windows\SysWow64\LOCALDEVICE.INI[2013-04-22 19:20:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat[2013-04-22 17:18:00 | 000,000,914 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job[2013-04-22 14:33:22 | 000,562,522 | ---- | M] () -- C:\Users\User\Desktop\1963Exhibit.jpg[2013-04-22 14:29:43 | 001,853,752 | ---- | M] () -- C:\Users\User\Desktop\photo.JPG[2013-04-21 23:05:00 | 000,791,040 | ---- | M] () -- C:\Users\User\Desktop\RogueKillerX64.exe[2013-04-21 23:04:38 | 000,615,935 | ---- | M] () -- C:\Users\User\Desktop\adwcleaner (1).exe[2013-04-21 23:03:47 | 000,890,815 | ---- | M] () -- C:\Users\User\Desktop\SecurityCheck (1).exe[2013-04-21 22:45:17 | 000,688,992 | R--- | M] (Swearware) -- C:\Users\User\Desktop\dds.com[2013-04-21 22:44:38 | 000,688,992 | ---- | M] (Swearware) -- C:\Users\User\Desktop\dds.scr[2013-04-21 12:22:05 | 000,000,009 | ---- | M] () -- C:\END[2013-04-21 12:19:52 | 916,684,477 | ---- | M] () -- C:\Users\User\Desktop\qxp93_win[1].zip[2013-04-21 11:46:34 | 001,994,298 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI[2013-04-21 11:46:34 | 000,877,348 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat[2013-04-21 11:46:34 | 000,788,176 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat[2013-04-21 11:46:34 | 000,191,806 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat[2013-04-21 11:46:34 | 000,162,458 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat[2013-04-21 11:39:32 | 000,331,224 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013-04-21 11:39:14 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys[2013-04-21 11:39:09 | 2122,530,815 | -HS- | M] () -- C:\hiberfil.sys[2013-04-17 10:48:08 | 000,000,348 | ---- | M] () -- C:\Windows\tasks\HPCeeScheduleForUser.job[2013-04-15 09:28:09 | 000,907,769 | ---- | M] () -- C:\Users\User\Desktop\lucillebluth.png[2013-04-14 15:54:50 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013-04-11 22:18:17 | 000,002,183 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013-04-11 10:22:56 | 000,421,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll[2013-04-09 00:42:24 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk[2013-04-09 00:37:33 | 000,001,845 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk[2013-04-09 00:37:16 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn[2013-04-04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys[2013-04-03 23:19:35 | 000,001,424 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2013-04-03 15:12:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\User\Desktop\HijackThis.exe[2013-04-03 09:22:47 | 000,659,968 | ---- | M] () -- C:\Users\User\Desktop\MicrosoftFixit50195.msi[2013-04-02 18:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe[2013-04-02 18:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl[2013-04-02 11:38:49 | 000,002,279 | ---- | M] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2013-04-02 11:25:47 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk[2013-04-02 11:23:55 | 021,041,840 | ---- | M] (Mozilla) -- C:\Users\User\Desktop\Firefox Setup 20.0.exe[2013-04-01 20:38:07 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\NSTx64\7DD03030.013\isolate.ini[2013-03-31 15:53:01 | 012,894,739 | ---- | M] () -- C:\Users\User\Desktop\mbar-1.01.0.1022.zip[2013-03-31 15:48:17 | 000,890,798 | ---- | M] () -- C:\Users\User\Desktop\SecurityCheck.exe[2013-03-31 13:23:28 | 000,507,825 | ---- | M] () -- C:\Users\User\Documents\Tutorial 6 Discussion Questions.pdf[2013-03-27 14:30:11 | 000,612,696 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys[2013-03-27 14:30:11 | 000,050,088 | ---- | M] (Kaspersky Lab ZAO) -- C:\Windows\SysNative\drivers\klwfp.sys[2013-03-27 14:30:11 | 000,029,016 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klkbdflt.sys[2013-03-27 12:59:33 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk========== Files Created - No Company Name ==========[2013-04-22 14:33:22 | 000,562,522 | ---- | C] () -- C:\Users\User\Desktop\1963Exhibit.jpg[2013-04-22 14:29:33 | 001,853,752 | ---- | C] () -- C:\Users\User\Desktop\photo.JPG[2013-04-21 23:04:59 | 000,791,040 | ---- | C] () -- C:\Users\User\Desktop\RogueKillerX64.exe[2013-04-21 23:04:34 | 000,615,935 | ---- | C] () -- C:\Users\User\Desktop\adwcleaner (1).exe[2013-04-21 23:03:38 | 000,890,815 | ---- | C] () -- C:\Users\User\Desktop\SecurityCheck (1).exe[2013-04-21 12:20:19 | 000,000,009 | ---- | C] () -- C:\END[2013-04-21 11:47:33 | 916,684,477 | ---- | C] () -- C:\Users\User\Desktop\qxp93_win[1].zip[2013-04-16 08:22:45 | 000,007,611 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD03030.013\ccsetx64.cat[2013-04-16 08:22:45 | 000,000,853 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD03030.013\ccsetx64.inf[2013-04-16 08:22:45 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\NSTx64\7DD03030.013\isolate.ini[2013-04-15 22:02:44 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml[2013-04-15 09:28:09 | 000,907,769 | ---- | C] () -- C:\Users\User\Desktop\lucillebluth.png[2013-04-14 21:29:16 | 000,000,348 | ---- | C] () -- C:\Windows\tasks\HPCeeScheduleForUser.job[2013-04-14 15:54:50 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk[2013-04-14 15:46:00 | 000,331,224 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT[2013-04-09 00:42:24 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk[2013-04-09 00:37:33 | 000,001,845 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk[2013-04-03 23:19:35 | 000,001,430 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk[2013-04-03 23:19:35 | 000,001,424 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk[2013-04-03 09:22:46 | 000,659,968 | ---- | C] () -- C:\Users\User\Desktop\MicrosoftFixit50195.msi[2013-04-02 11:30:18 | 000,002,279 | ---- | C] () -- C:\Users\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk[2013-04-02 11:30:18 | 000,002,183 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk[2013-04-02 11:25:47 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk[2013-04-02 11:25:47 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk[2013-03-31 15:52:56 | 012,894,739 | ---- | C] () -- C:\Users\User\Desktop\mbar-1.01.0.1022.zip[2013-03-31 15:48:08 | 000,890,798 | ---- | C] () -- C:\Users\User\Desktop\SecurityCheck.exe[2013-03-31 13:23:27 | 000,507,825 | ---- | C] () -- C:\Users\User\Documents\Tutorial 6 Discussion Questions.pdf[2013-03-27 13:59:47 | 000,001,288 | ---- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013.lnk[2013-03-27 12:59:57 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\Kaspersky Anti-Virus 2013.lnk[2013-03-13 22:32:31 | 000,000,017 | ---- | C] () -- C:\Users\User\AppData\Local\resmon.resmoncfg[2013-03-02 17:31:11 | 000,000,054 | ---- | C] () -- C:\Windows\Composer.INI[2013-01-03 21:37:38 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll[2012-11-21 00:34:40 | 000,004,524 | ---- | C] () -- C:\Windows\SysWow64\LOCALSERVICE.INI[2012-11-21 00:34:40 | 000,000,043 | ---- | C] () -- C:\Windows\SysWow64\LOCALDEVICE.INI[2012-08-25 14:51:07 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin[2012-08-10 21:45:30 | 000,000,821 | ---- | C] () -- C:\Windows\SysWow64\bscs.ini[2012-08-09 02:10:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat[2012-08-09 02:10:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat[2012-08-03 18:40:09 | 000,916,510 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI[2012-07-27 18:50:34 | 000,333,312 | ---- | C] () -- C:\Windows\SysWow64\BsExtendFunc.dll[2012-07-26 04:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat[2012-07-26 04:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT[2012-07-26 03:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat[2012-07-25 21:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll[2012-07-25 16:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin[2012-07-25 16:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll[2012-07-25 16:22:54 | 000,982,240 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin[2012-07-25 16:22:54 | 000,439,308 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin[2012-07-25 16:22:54 | 000,092,356 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin[2012-07-10 22:04:10 | 000,062,976 | ---- | C] () -- C:\Windows\SysWow64\BsProfileFunc.dll[2012-07-10 21:59:40 | 000,019,456 | ---- | C] () -- C:\Windows\SysWow64\BsTrace.dll[2012-07-10 21:26:44 | 000,090,208 | ---- | C] () -- C:\Windows\SysWow64\BSSkypeAgent.dll[2012-07-10 21:26:44 | 000,086,108 | ---- | C] () -- C:\Windows\SysWow64\BSVoIPComm.dll[2012-07-10 21:26:44 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\BsVistaCommon.dll[2012-07-10 21:26:44 | 000,049,664 | ---- | C] () -- C:\Windows\SysWow64\BSWMPPlugin.dll[2012-07-10 21:26:44 | 000,011,264 | ---- | C] () -- C:\Windows\SysWow64\SCChangeMonitor.dll[2012-06-13 12:45:02 | 000,008,704 | ---- | C] () -- C:\Windows\SysWow64\SROF.dll[2012-06-05 01:31:00 | 000,000,417 | ---- | C] () -- C:\Windows\SysWow64\RaoBLE.ini[2012-06-02 10:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat[2012-05-10 20:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll[2011-09-13 10:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat========== ZeroAccess Check ==========[2012-08-25 15:09:55 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32][HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32][HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64"" = C:\Windows\SysNative\shell32.dll -- [2013-03-01 22:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]"" = %SystemRoot%\system32\shell32.dll -- [2013-03-02 04:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Apartment[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012-07-25 23:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]"" = %systemroot%\system32\wbem\fastprox.dll -- [2012-07-25 23:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Free[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012-07-25 23:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation)"ThreadingModel" = Both[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]< End of report > Link to post Share on other sites More sharing options...
historybuff77 Posted April 22, 2013 Author ID:672911 Share Posted April 22, 2013 And the other:OTL Extras logfile created on: 2013-04-22 7:32:16 PM - Run 1OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Desktop64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstationInternet Explorer (Version = 9.10.9200.16540)Locale: 00001009 | Country: Canada | Language: ENC | Date Format: yyyy-MM-dd7.47 Gb Total Physical Memory | 5.49 Gb Available Physical Memory | 73.43% Memory free14.97 Gb Paging File | 12.48 Gb Available in Paging File | 83.34% Paging File freePaging file location(s): ?:\pagefile.sys [binary data]%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)Drive C: | 672.80 Gb Total Space | 538.16 Gb Free Space | 79.99% Space Free | Partition Type: NTFSDrive D: | 25.07 Gb Total Space | 2.97 Gb Free Space | 11.84% Space Free | Partition Type: NTFSComputer Name: LAPTOP-PC | User Name: User | Logged in as Administrator.Boot Mode: Normal | Scan Mode: All users | Include 64bit ScansCompany Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days========== Extra Registry (SafeList) ==================== File Associations ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation).url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>].cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation).html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)========== Shell Spawning ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]batfile [open] -- "%1" %*cmdfile [open] -- "%1" %*comfile [open] -- "%1" %*cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)exefile [open] -- "%1" %*helpfile [open] -- Reg Error: Key error.htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)piffile [open] -- "%1" %*regfile [merge] -- Reg Error: Key error.scrfile [config] -- "%1"scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %lscrfile [open] -- "%1" /Stxtfile [edit] -- Reg Error: Key error.Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Folder [explore] -- Reg Error: Value error.Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.========== Security Center Settings ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]"cval" = 164bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]"VistaSp1" = CE 37 E6 AF FF 6A CD 01 [binary data]"AntiVirusOverride" = 0"AntiSpywareOverride" = 0"FirewallOverride" = 064bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]"DisableMonitoring" = 1[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]========== Firewall Settings ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]"EnableFirewall" = 1"DisableNotifications" = 0[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]"EnableFirewall" = 1"DisableNotifications" = 0========== Authorized Applications List ==================== Vista Active Open Ports Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{55FDCDA6-8A8D-4279-AB44-47ED514419D0}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{AEEC24FD-9AF9-4EA8-BC1E-CEE9158EB29F}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ==========[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]"{050095B0-95B1-4F64-B8A8-9166D6FD3B0F}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{0A01AE66-F0BE-463B-9FF6-7CBB16D1FD76}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | "{0AE85121-D5B4-49FC-9B25-5847489BE778}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{1522A2BD-FC43-4EBA-995C-8CD052230375}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | "{173E009D-107A-4A86-B8B8-9260F031045F}" = dir=in | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{184A15BC-D2E3-4ACF-99C0-A6883B67F6EE}" = dir=in | name=skype | "{191487FE-D290-4C6D-BE29-896BB8402A76}" = dir=out | name=windows_ie_ac_001 | "{197F6DDB-087F-4609-8565-3D73AACFBE5F}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | "{1C3A0ECE-5B79-4E42-9742-D59B38FAE0A2}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{1D1CA0AD-8F9F-4CF6-AF0C-BDA2449C3D2F}" = dir=in | name=print experience | "{1DE62FC5-AFA8-4E05-A290-693077FE8EF3}" = dir=in | name=ebay | "{2A025A9E-DC7E-4645-A1C2-194BE4E7D960}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | "{2E633D72-17DE-4F8A-8FCE-5828301718A0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{385B613A-B54F-4BD2-8271-E38DF0E2BA76}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | "{39E1514F-83CB-4845-AA9A-EB6BD494E0E7}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | "{3F921D53-93B0-4694-A5A6-85F28410EB9C}" = protocol=17 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe | "{46F6ECC1-6398-41AF-8B4F-D3D979AF8B3E}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink corporation\ralink bluetooth stack\bluesoleilcs.exe | "{55F8BCDD-48C6-47E1-9E6B-6D50122923A6}" = dir=out | name=microsoft solitaire collection | "{60560A85-C141-47EA-87A6-B29B3F54B30F}" = dir=out | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{659ED486-1639-49D1-9693-F05E54BD7AF3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{67379F6C-FD79-4DAF-AC4A-29D0E94CA8C5}" = dir=out | name=getting started with windows 8 | "{693DEDD8-7B54-4904-B787-6CD5D06DDCE1}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | "{6DBD83D1-5D78-4513-9B73-1AFB7147FB62}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | "{741F4A7A-D6F0-4FD0-82D7-5ED0B04AD00D}" = dir=out | name=microsoft mahjong | "{76F77B70-C3FC-443A-BBD2-317E21AAAB45}" = dir=out | name=@{microsoft.microsoftskydrive_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.microsoftskydrive/resources/shortproductname} | "{77AE9FFF-4EF8-4DAE-AB20-D9351B052F7F}" = dir=in | name=kindle | "{79C81208-3084-409E-9EB6-3D60E558D609}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{84286311-7645-421C-9D90-137B8F465CAF}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | "{847D5B62-101C-464E-8831-C3E7844DA776}" = dir=in | name=@{microsoft.windowsphotos_16.4.4204.712_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsphotos/photo/residappname} | "{852C4426-8B44-4C69-86D0-8FE3C30B18B9}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | "{88D52F1C-9181-4555-A90C-252EB5A35D8B}" = dir=out | name=ebay | "{8F9BE69F-ADC8-45D2-80EE-F4E82A14DED8}" = dir=out | name=hp connected photo powered by snapfish | "{9BC539F4-9232-450E-BD02-01F883F197A5}" = protocol=6 | dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe | "{A089C02E-394A-443A-9266-F081E0A951A5}" = dir=out | name=norton studio | "{A366950C-F03F-4FDE-A668-585DDAE51E1D}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe | "{AF977333-1A18-463B-A99A-5B2D3028C1F8}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{B2CE3989-93AA-4A37-ABE9-2C646F81191B}" = dir=out | name=skype | "{B4768D35-7A30-47F5-A670-09A820E2DD7E}" = dir=out | name=netflix | "{BB0C6C25-9AB5-4307-A4BD-1DF39A8CBEE2}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | "{C142E764-C093-4DDF-AE09-D79AD8890654}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe | "{C39BFC1D-5361-407E-A45D-9CBC8A63B43F}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector10\pdr10.exe | "{CEBBCB61-E20E-4D6B-AD7E-8AFF00AD39A1}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe | "{D1ED3A1E-F015-41EA-B2E4-450E3D1993F6}" = dir=out | name=print experience | "{D306F9E8-4746-4952-B079-B9E31D6CC7B5}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | "{D6C86523-01A4-481E-8421-966534749700}" = dir=out | name=hp+ | "{DAFC3D02-3E55-4633-B3FD-E2472E890262}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | "{DD2EB370-245C-4E95-A4DB-CCB640C34504}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | "{E578975C-4D3C-4F1C-B70C-5922180D084F}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | "{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | "{E89D7035-2CCB-4CF4-85A9-A1EA68E10687}" = dir=out | name=kindle | "{E9A5D866-466E-4261-89FB-45163AD98C6A}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{EBAF5A53-14EB-402A-AFCC-9E36D59E4651}" = dir=out | name=@{microsoft.bing_1.2.0.137_x64__8wekyb3d8bbwe?ms-resource://microsoft.bing/resources/app_name} | "{EEBA5997-3AC8-4E90-98A0-9254A54331EB}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | "{F07D05F0-9831-42F2-8189-3751ED799346}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | "{F0E4D61B-3A4A-47CD-95DF-B2A8CF134862}" = dir=out | name=hp registration | "{FECA595C-5DBD-4A4E-80A7-4D21F24AFE44}" = dir=in | app=c:\program files (x86)\seagate\seagate dashboard\hipservagent\hipservagent.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ==========64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector"{08F2724F-3B6A-91BD-E63F-1B9F8463D097}" = AMD Accelerated Video Transcoding"{0FA995CC-C849-4755-B14B-5404CC75DC24}" = Energy Star"{14D155F8-40FC-F843-30C6-8776BF5CEBAA}" = AMD Fuel"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime"{58BC91D0-42E7-125D-F9B6-F2F5C0CDB096}" = Ralink Bluetooth Stack64"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161"{6E14E6D6-3175-4E1A-B934-CAB5A86367CD}" = HP Postscript Converter"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting"{A257DDD7-AFD4-ABEA-0F67-9C3930091B19}" = ccc-utility64"{D01E0B82-7D6E-F9AC-9A7D-C6076264F419}" = AMD Catalyst Install Manager"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319"{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}" = HP Registration Service"{E9EED4AE-682B-4501-9574-D09A21717599}_is1" = AMD Quick Stream"{F244D07D-1876-4CDD-914D-214E15A8D327}" = HP 3D DriveGuard"CCleaner" = CCleaner"SynTPDeinstKey" = Synaptics Pointing Device Driver"VLC media player" = VLC media player 2.0.5[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements"{097CB5A1-D19E-F62A-6400-91DBF8D97B17}" = CCC Help Turkish"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer"{0C57987A-A03A-4B95-A309-D23F78F406CA}" = HP Utility Center"{0DCCD5F4-29E7-4AA0-8C1D-F8E1503B91F4}" = Catalyst Control Center - Branding"{0EF2A1AF-6F24-FD4B-3140-3656CC9A6BEC}" = CCC Help Italian"{11230C68-9248-D3B8-A0C5-0461D8C0691E}" = CCC Help Dutch"{16B7BDA1-B967-4D2D-8B27-E12727C28350}" = HP CoolSense"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker"{1AC082E0-049D-4C5C-9ECF-9473AD5A949D}" = HP Documentation"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148"{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer"{29A6A747-07ED-DB5E-AD38-5F66B06E8888}" = CCC Help Russian"{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8"{2BE3A1BC-D155-1D32-9080-685C54689C34}" = CCC Help Korean"{2F413B34-8C18-328C-E68C-0332AB527CFF}" = CCC Help Czech"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer"{3D062C86-0CCA-8F10-A575-3564BD50372C}" = Catalyst Control Center Graphics Previews Common"{3E2D81D1-5FEE-6E90-2E0C-B8C15F05237A}" = CCC Help Norwegian"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support"{47B3FDA1-E7F2-D3C3-0970-B9916C5530F3}" = AMD VISION Engine Control Center"{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live"{4ED7050C-9332-4FB2-AB07-E94F25A53D39}" = HP Quick Launch"{528AB81B-D65A-4AB0-A2B6-82B51A087D01}" = HP Recovery Manager"{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack"{5CBA9A98-4CAE-92DC-4662-A77268EE1D04}" = CCC Help English"{5F1C0CF4-49C6-B096-0F72-AA2C319BBEE0}" = CCC Help German"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources"{650AA9FB-CA49-A284-8E13-F3732CC20D9A}" = Catalyst Control Center Localization All"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker"{6DF0DAF1-BED0-F5BB-B96E-10AA15DF65E7}" = CCC Help Swedish"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.2.0.0"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-hp" = WildTangent Games App"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable"{73AD6CBA-D50D-F30C-E579-14389FF41D1D}" = Catalyst Control Center InstallProxy"{75B7F766-7998-44d8-A202-F1EC76A121BA}" = Memeo AutoSync"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update"{7AF962CF-7018-C589-8439-EA7C9F2FA200}" = CCC Help Danish"{7BB80D45-4024-2E0C-FC0D-45A319CD3F99}" = CCC Help Thai"{835B275B-F29B-464B-BD4B-097FD55FAB0A}" = HP Software Framework"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT3290 802.11bgn Wi-Fi Adapter"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker"{941DE69D-6CEE-4171-8F1F-3D7E352AA498}" = HP Wireless Button Driver"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office"{95A762D1-99E7-F428-99B3-E3CC636C48D9}" = CCC Help Hungarian"{96DAE3D0-5008-F1FC-186D-0B364071C98C}" = CCC Help French"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17"{9B42457E-3781-7293-5643-C722BA43397E}" = CCC Help Greek"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161"{9C35EDE5-4B0F-45E7-A438-314BA889948E}" = HP MyRoom"{9C9744E5-2BB7-4042-BD1C-8A339480A08C}" = TouchFreeze"{9E2BCF78-EDAD-A8BC-123D-10E0D9234753}" = CCC Help Chinese Traditional"{9FEDC691-A307-D525-7D71-EDB97240CFF3}" = CCC Help Chinese Standard"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer"{AB1F1677-926B-894A-A890-56A3FCD9794B}" = CCC Help Finnish"{ACC5984D-6859-874C-B939-058DED2692FA}" = CCC Help Portuguese"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime"{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10"{B8019B54-F9BE-490A-9619-6D06F18F129F}" = HP Support Assistant"{C1594429-8296-4652-BF54-9DBE4932A44C}" = Realtek PCIE Card Reader"{C3A11907-930D-41AC-A135-CC3B12F92011}" = Seagate Dashboard"{C458E818-0B4F-C961-AFDF-29F172EE5A1B}" = CCC Help Spanish"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10"{E175B925-538F-6D69-A9C9-4D0699648752}" = CCC Help Japanese"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio"{E46BF405-4ADF-36F4-A0EA-EF4CDF1A21E6}" = CCC Help Polish"{F05CE84D-4C4C-4EA7-840B-BAB0C72B60E2}" = Machete Lite 3.8"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022"Adobe Shockwave Player" = Adobe Shockwave Player 11.6"Foxit Reader_is1" = Foxit Reader"Google Chrome" = Google Chrome"HOMESTUDENTR" = Microsoft Office Home and Student 2007"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam"InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}" = CyberLink Media Suite 10"InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}" = CyberLink Power2Go 8"InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}" = CyberLink PhotoDirector"InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}" = CyberLink PowerDirector 10"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD"InstallWIX_{560985FB-4B76-4121-9189-7A2CDC7886D6}" = Kaspersky Anti-Virus 2013"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.75.0.1300"Mozilla Firefox 20.0 (x86 en-US)" = Mozilla Firefox 20.0 (x86 en-US)"MozillaMaintenanceService" = Mozilla Maintenance Service"NST" = Norton Identity Safe"SearchProtect" = Search Protect by conduit"Speed Test Analysis" = Speed Test Analysis"StartHPConnectedMusic" = HP Connected Music (Meridian - installer)"WildTangent hp Master Uninstall" = HP Games"WildTangent wildgames Master Uninstall" = WildTangent Games"WinLiveSuite" = Windows Live Essentials"WTA-10b065a3-0440-455e-acd1-f012702b6303" = Crazy Chicken Soccer"WTA-1d8a611e-f5bf-4a1a-8c7e-c9b5de7e0cf8" = Letters from Nowhere 2"WTA-265b5af6-9a2b-47ae-b299-eac4b72a5203" = Bejeweled 3"WTA-2798fa44-35c5-4b44-b78e-6e094c2a2631" = Zuma's Revenge"WTA-27cf4df1-84c2-408e-9e55-82f29abfdd00" = Polar Bowler"WTA-326a5f5f-653f-49fa-b9e2-6cb144b74704" = Roads of Rome 3"WTA-32c2b46a-b9ae-4564-a40f-ed32bc409819" = 7 Wonders II"WTA-3565a268-2bb9-4976-91f6-0d57ff237d07" = FlatOut 2"WTA-529b80d3-5221-46e6-84c6-2f497e5c2c33" = Luxor Evolved"WTA-657d3f13-9f44-4c83-ae66-87a3ef709d92" = Final Drive Fury"WTA-685edaff-7172-47da-bd98-d1c96b8971d9" = Jewel Match 3"WTA-79d0fa23-978e-48f9-83fd-8662c887d07a" = Chuzzle Deluxe"WTA-9290cc9e-60c6-4de3-94d2-daeb2280e02f" = John Deere Drive Green"WTA-afa4f8ec-d8c6-4af7-9d8f-de15336eb227" = Trinklit Supreme"WTA-b0c2be9b-ba00-44d0-b282-96229e931afe" = The Treasures of Mystery Island: The Ghost Ship"WTA-b0e27fcf-8b24-429e-8433-507cc7d28ee2" = Aloha TriPeaks"WTA-beb8302b-0624-469a-a995-679a9bb17ef6" = Build-a-lot 4 - Power Source"WTA-c987238a-35bf-4b3f-864e-364f136acd50" = Cradle of Rome 2"WTA-cddbd586-8086-4b46-9f0d-86166f088bb5" = Penguins!"WTA-d551f653-77e1-44b4-b387-f5f872d3c80e" = Farm Frenzy"WTA-dbeab373-7889-4d43-9551-a7b568662c34" = Mahjongg Dimensions Deluxe: Tiles in Time"WTA-dd426649-2172-42c7-bbeb-2f3e0da25a1e" = Governor of Poker 2 Premium Edition"WTA-e21096ad-7f6b-4f24-a8e8-f1e4d4f498f6" = Hoyle Card Games"WTA-e279fad3-a89c-4727-af87-de32b54539d6" = 4 Elements II"WTA-ee6252db-b583-42e2-b1f3-7aa5083cea6e" = Peggle Nights"WTA-ff1acb51-2d0f-4455-ba10-678179df88b1" = Polar Golfer========== Last 20 Event Log Errors ==========[ Application Events ]Error - 2013-04-15 9:51:50 AM | Computer Name = Laptop-pc | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 15647Error - 2013-04-16 10:48:55 AM | Computer Name = Laptop-pc | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 2013-04-16 10:48:55 AM | Computer Name = Laptop-pc | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 15538Error - 2013-04-16 10:48:55 AM | Computer Name = Laptop-pc | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 15538Error - 2013-04-16 11:10:44 AM | Computer Name = Laptop-pc | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 2013-04-16 11:10:44 AM | Computer Name = Laptop-pc | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 1323638Error - 2013-04-16 11:10:44 AM | Computer Name = Laptop-pc | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 1323638Error - 2013-04-16 1:55:37 PM | Computer Name = Laptop-pc | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: Continuously busy for more than a secondError - 2013-04-16 1:55:37 PM | Computer Name = Laptop-pc | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledEvent 15585Error - 2013-04-16 1:55:37 PM | Computer Name = Laptop-pc | Source = Bonjour Service | ID = 100Description = Task Scheduling Error: m->NextScheduledSPRetry 15585[ System Events ]Error - 2013-04-05 3:38:09 PM | Computer Name = Laptop-pc | Source = Microsoft-Windows-Kernel-Boot | ID = 29Description = Error - 2013-04-05 3:38:40 PM | Computer Name = Laptop-pc | Source = EventLog | ID = 6008Description = The previous system shutdown at 3:32:31 PM on ?2013-?04-?05 was unexpected.Error - 2013-04-05 3:38:55 PM | Computer Name = LAPTOP-PC | Source = BugCheck | ID = 1001Description = Error - 2013-04-05 11:07:47 PM | Computer Name = Laptop-pc | Source = EventLog | ID = 6008Description = The previous system shutdown at 5:38:40 PM on ?2013-?04-?05 was unexpected.Error - 2013-04-07 10:48:52 AM | Computer Name = Laptop-pc | Source = EventLog | ID = 6008Description = The previous system shutdown at 4:27:15 PM on ?2013-?04-?06 was unexpected.Error - 2013-04-07 10:49:30 AM | Computer Name = Laptop-pc | Source = DCOM | ID = 10016Description = Error - 2013-04-08 10:34:38 PM | Computer Name = Laptop-pc | Source = EventLog | ID = 6008Description = The previous system shutdown at 12:02:26 PM on ?2013-?04-?08 was unexpected.Error - 2013-04-09 12:39:23 AM | Computer Name = Laptop-pc | Source = Service Control Manager | ID = 7031Description = The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Error - 2013-04-09 12:39:37 AM | Computer Name = Laptop-pc | Source = Service Control Manager | ID = 7031Description = The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.Error - 2013-04-09 12:40:37 AM | Computer Name = Laptop-pc | Source = Service Control Manager | ID = 7032Description = The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: %%1056< End of report >Thank you! Link to post Share on other sites More sharing options...
Staff gringo_pr Posted April 23, 2013 Staff ID:672954 Share Posted April 23, 2013 Hello historybuff77 I would like you to run this custom script for me now and when it is complete please give me the report and a status update for the computer.Run OTL ScriptDouble-click OTL.exe to start the program.Copy and Paste the following code into the text box.:OTLPRC - C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)PRC - C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)SRV - (CltMngSvc) -- C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe (Conduit)IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPNTDF <http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF>IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPNTDF <http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF>IE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.condui...99-F0971140BA5D <http://search.conduit.com/?ctid=CT3287823&octid=CT3287823&SearchSource=61&CUI=UN29734059351284316&UM=2&UP=SPA5937323-AD3E-4253-9C99-F0971140BA5D>IE - HKU\S-1-5-21-3731889160-3860413392-410561627-1002\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = http://ca.search.yah...psg&type=HPNTDF <http://ca.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF>FF - prefs.js..browser.search.defaultthis.engineName: "MixiDJ V9 Customized Web Search"FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287823&CUI=UN21880024042243823&UM=2&SearchSource=3&q={searchTerms}"FF - prefs.js..browser.search.selectedEngine: "MixiDJ V9 Customized Web Search"FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3287823&octid=CT3287823&SearchSource=61&CUI=UN21880024042243823&UM=2&UP=SPA5937323-AD3E-4253-9C99-F0971140BA5D"FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287823&SearchSource=2&CUI=UN21880024042243823&UM=2&q="[2013-04-21 12:20:59 | 000,000,000 | ---D | M] (MixiDJ V9) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}[2013-04-21 12:20:59 | 000,000,995 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ei4gauue.default\searchplugins\conduit.xmlO4 - HKLM..\Run: [SearchProtectAll] C:\Program Files (x86)\SearchProtect\bin\cltmng.exe (Conduit)O4 - HKU\S-1-5-21-3731889160-3860413392-410561627-1002..\Run: [SearchProtect] C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe (Conduit)[2013-04-21 12:21:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit[2013-04-21 12:21:55 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\Conduit[2013-04-21 12:21:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\CRE[2013-04-21 12:21:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SearchProtect[2013-04-21 12:20:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\SearchProtect:Filesipconfig /flushdns /c:Commands[PURITY][emptyjava][EMPTYFLASH][reboot]Then click the Run Fix button at the top.Click .OTL may ask to reboot the machine. Please do so if asked. The report should appear in Notepad after the reboot.Copy and Paste that report in your next reply.Note** if the report does not popup after the computer reboots you can find it here in this folder - C:\_OTL\MovedFilesIt will be named - mmddyyyy_hhmmss.log Where mmddyyyy_hhmmss - are numbers representing the date and time the fix was run.Let me know How things are doingGringo Link to post Share on other sites More sharing options...
historybuff77 Posted April 23, 2013 Author ID:672976 Share Posted April 23, 2013 Hi Gringo,Search Conduit still appears as my Chrome launch page.Here's the log:========== OTL ==========Process cltmng.exe killed successfully!No active process named Program Files was found!Service CltMngSvc stopped successfully!Service CltMngSvc deleted successfully!C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe moved successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.HKU\S-1-5-21-3731889160-3860413392-410561627-1002\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!Registry key HKEY_USERS\S-1-5-21-3731889160-3860413392-410561627-1002\Software\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}\ not found.Prefs.js: "MixiDJ V9 Customized Web Search" removed from browser.search.defaultthis.engineNamePrefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287823&CUI=UN21880024042243823&UM=2&SearchSource=3&q={searchTerms}" removed from browser.search.defaulturlPrefs.js: "MixiDJ V9 Customized Web Search" removed from browser.search.selectedEnginePrefs.js: "http://search.conduit.com/?ctid=CT3287823&octid=CT3287823&SearchSource=61&CUI=UN21880024042243823&UM=2&UP=SPA5937323-AD3E-4253-9C99-F0971140BA5D" removed from browser.startup.homepagePrefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3287823&SearchSource=2&CUI=UN21880024042243823&UM=2&q=" removed from keyword.URLC:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\Plugins folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\modules folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\META-INF folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\lib folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\defaults\preferences folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\defaults folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\sl folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\lib\jquery.alerts\images folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\lib\jquery.alerts folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\lib folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\core folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\WEATHER\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\WEATHER\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\WEATHER folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\TWITTER\resources folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\TWITTER\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\TWITTER\img folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\TWITTER folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\SEARCH\view\style folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\SEARCH\view\script folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\SEARCH\view folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\SEARCH\resources folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\SEARCH\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\SEARCH\Css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\SEARCH folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\RADIO_PLAYER folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\PRICE_GONG\images folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\PRICE_GONG\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\PRICE_GONG folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\Optimizer\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\Optimizer folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\NOTIFICATION\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\NOTIFICATION\images folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\NOTIFICATION\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\NOTIFICATION folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\MULTI_RSS\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\MULTI_RSS\img folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\MULTI_RSS\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\MULTI_RSS folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\HIGHLIGHTER folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\wa folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\menu\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\menu\img folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\menu\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\menu folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\gf\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\gf\img folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\gf\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\gf folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\gadgetFrame folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\dlg\ftd\images folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\dlg\ftd folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui\dlg folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ui folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\sp\spsd\images folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\sp\spsd folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\sp\spbd\images folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\sp\spbd folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\sp\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\sp folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\options\js\resources folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\options\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\options\images folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\options\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\options folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\msd folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\api folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ac\res folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ac\img folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ac\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\ac folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\aboutBox\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\aboutBox\images folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al\aboutBox folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb\al folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\tb folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\logic\uninstall\dialog\js folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\logic\uninstall\dialog\images folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\logic\uninstall\dialog\css folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\logic\uninstall\dialog folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\logic\uninstall folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content\logic folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823\content folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome\CT3287823 folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7}\chrome folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\ei4gauue.default\extensions\{c8d3d585-9468-4853-8d02-a4b7adfbb1d7} folder moved successfully.C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\ei4gauue.default\searchplugins\conduit.xml moved successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll deleted successfully.C:\Program Files (x86)\SearchProtect\bin\cltmng.exe moved successfully.Registry value HKEY_USERS\S-1-5-21-3731889160-3860413392-410561627-1002\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.C:\Users\User\AppData\Roaming\SearchProtect\bin\cltmng.exe moved successfully.C:\Program Files (x86)\Conduit\Community Alerts folder moved successfully.C:\Program Files (x86)\Conduit folder moved successfully.C:\Users\User\AppData\Local\Conduit folder moved successfully.C:\Users\User\AppData\Local\CRE folder moved successfully.C:\Program Files (x86)\SearchProtect\ffprotect folder moved successfully.C:\Program Files (x86)\SearchProtect\Dialogs\spsd\images folder moved successfully.C:\Program Files (x86)\SearchProtect\Dialogs\spsd folder moved successfully.C:\Program Files (x86)\SearchProtect\Dialogs\spbd\images folder moved successfully.C:\Program Files (x86)\SearchProtect\Dialogs\spbd folder moved successfully.C:\Program Files (x86)\SearchProtect\Dialogs\lib folder moved successfully.C:\Program Files (x86)\SearchProtect\Dialogs folder moved successfully.C:\Program Files (x86)\SearchProtect\bin folder moved successfully.C:\Program Files (x86)\SearchProtect folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd\images folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd\images folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\ffprotect\Dialogs folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\ffprotect folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\Dialogs\spsd\images folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\Dialogs\spsd folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\Dialogs\spbd\images folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\Dialogs\spbd folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\Dialogs\lib folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\Dialogs folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect\bin folder moved successfully.C:\Users\User\AppData\Roaming\SearchProtect folder moved successfully.========== FILES ==========< ipconfig /flushdns /c >Windows IP ConfigurationSuccessfully flushed the DNS Resolver Cache.C:\Users\User\Desktop\cmd.bat deleted successfully.C:\Users\User\Desktop\cmd.txt deleted successfully.========== COMMANDS ==========[EMPTYJAVA]User: All UsersUser: DefaultUser: Default UserUser: PublicUser: UserTotal Java Files Cleaned = 0.00 mb[EMPTYFLASH]User: All UsersUser: DefaultUser: Default UserUser: PublicUser: User->Flash cache emptied: 506 bytesTotal Flash Files Cleaned = 0.00 mbOTL by OldTimer - Version 3.2.69.0 log created on 04222013_220727 Link to post Share on other sites More sharing options...
Staff gringo_pr Posted April 23, 2013 Staff ID:672992 Share Posted April 23, 2013 Hello historybuff77 We need to reset Chrome back to defaults to completely clear out what is going on.We can keep the bookmarks by exporting them - Export BookmarksThen I need you to go Google Sync and sign into your accountscroll down untill you see the "Stop and Clear" button and click on buttonAt the prompt click on "Ok"Now we need to uninstall chrome I want you to uninstall Chrome and if asked about user data or settings then remove this alsorestart the computer and reinstall chrome, You can download The latest version from here - Google ChromeAfter you have Chrome reinstalled please check things out and let me know how it is doing.Gringo Link to post Share on other sites More sharing options...
historybuff77 Posted April 23, 2013 Author ID:673089 Share Posted April 23, 2013 Hi Gringo,After uninstalling Google now comes up as my homepage. I think Firefox is also back to normal. Thanks!Is there anything else I should do?Thanks again! Link to post Share on other sites More sharing options...
Staff gringo_pr Posted April 23, 2013 Staff ID:673171 Share Posted April 23, 2013 HelloThese logs are looking allot better. But we still have some work to do.Please print out these instructions, or copy them to a Notepad file. It will make it easier for you to follow the instructions and complete all of the necessary steps..Clean Out Temp FilesThis small application you may want to keep and use once a week to keep the computer clean.Download CCleaner from here http://www.ccleaner.com/Run the installer to install the application.When it gives you the option to install Yahoo toolbar uncheck the box next to it.Run CCleaner. default settings are fineClick Run Cleaner.Close CCleaner.Run MalwarebytesPlease download Malwarebytes' Anti-Malware to your desktop.Double-click mbam-setup.exe and follow the prompts to install the program.At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware[*] then click Finish.[*]If an update is found, it will download and install the latest version.[*]Once the program has loaded, select Perform quick scan, then click Scan.[*]When the scan is complete, click OK, then Show Results to view the results.[*]Be sure that everything is Checked (ticked) except items in the C:\System Volume Information folder and click on Remove Selected.[*]When completed, a log will open in Notepad. please copy and paste the log into your next reply If you accidently close it, the log file is saved here and will be named like this:C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txtNote: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.Click OK to either and let MBAM proceed with the disinfection process.If asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.Download HijackThis Go Here to download HijackThis program Save HijackThis to your desktop. Right Click on Hijackthis and select "Run as Admin" (XP users just need to double click to run) Click on "Do A system scan and save a logfile" (if you do not see "Do A system scan and save a logfile" then click on main menu) copy and paste hijackthis report into the topic"information and logs"In your next post I need the followingLog From MBAMreport from Hijackthislet me know of any problems you may have hadHow is the computer doing now?Gringo Link to post Share on other sites More sharing options...
historybuff77 Posted April 24, 2013 Author ID:673534 Share Posted April 24, 2013 Hi Gringo,The MBAM log turned up clean. The Hijackthis log is below. Thanks for your help. The computer is running smoothly again.Logfile of Trend Micro HijackThis v2.0.4Scan saved at 1:25:42 PM, on 2013-04-24Platform: Unknown Windows (WinNT 6.02.1008)MSIE: Internet Explorer v10.0 (10.00.9200.16537)Boot mode: NormalRunning processes:C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exeC:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exeC:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeC:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exeC:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exeC:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exeC:\Program Files (x86)\Memeo\AutoBackup\InstantBackup.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoDashboard.exeC:\Program Files (x86)\Seagate\Seagate Dashboard\HipServAgent\HipServAgent.exeC:\Users\User\Desktop\HijackThis.exeR1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://g.msn.com/HPCON13/4R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blankR0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htmR0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = F2 - REG:system.ini: UserInit=userinit.exe,O2 - BHO: Speed Test Analysis - {310D38FE-EB4C-467C-8781-B7C2AEB7847D} - C:\Program Files (x86)\Speed Test Analysis\ScriptHost.dllO2 - BHO: ContentBlockerBrowserHelperObject - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dllO2 - BHO: VirtualKeyboardBrowserHelperObject - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllO2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO2 - BHO: Norton Identity Protection - {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\coIEPlg.dllO2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dllO2 - BHO: HP Network Check Helper - {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dllO3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dllO3 - Toolbar: Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\coIEPlg.dllO4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [btTray] "C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe"O4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /RO4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeO4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeyO4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_uiO4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silentO4 - HKLM\..\Run: [seagate Dashboard] C:\Program Files (x86)\Seagate\Seagate Dashboard\MemeoLauncher.exe --silent --no_uiO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\runner_avp.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000O9 - Extra button: Virtual Keyboard - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dllO9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllO9 - Extra button: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-103 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll,-102 - {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exeO9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllO9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dllO9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLLO9 - Extra button: URLs check - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dllO11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphicsO23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeO23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeO23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exeO23 - Service: BlueSoleilCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exeO23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exeO23 - Service: BsHelpCS - IVT Corporation - C:\Program Files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BsHelpCS.exeO23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)O23 - Service: GamesAppService - WildTangent, Inc. - C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exeO23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exeO23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exeO23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeO23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exeO23 - Service: @oem22.inf,%hpservice_desc%;HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)O23 - Service: HPWMISVC - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exeO23 - Service: IconMan_R - Realsil Microelectronics Inc. - C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exeO23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exeO23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exeO23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeO23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeO23 - Service: MemeoBackgroundService - Memeo - C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exeO23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exeO23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)O23 - Service: Norton Identity Safe (NCO) - Symantec Corporation - C:\Program Files (x86)\Norton Identity Safe\Engine\2013.3.3.19\ccSvcHst.exeO23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: Seagate Dashboard Service (SeagateDashboardService) - Memeo - C:\Program Files (x86)\Seagate\Seagate Dashboard\SeagateDashboardService.exeO23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exeO23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)--End of file - 12689 bytes Link to post Share on other sites More sharing options...
Staff gringo_pr Posted April 24, 2013 Staff ID:673538 Share Posted April 24, 2013 GreetingsThese logs are looking very good, we are almost done!!! Just one more scan to go.:Remove unneeded start-up entries:This part of the fix is purely optionalThese are programs that start up when you turn on your computer but don't need to be, any of these programs you can click on their icons (or start from the control panel) and start the program when you need it. By stopping these programs you will boot up faster and your computer will work faster. Run HijackThis (rightclick and run as admin) Click on the Scan button Put a check beside all of the items listed below (if present):O4 - HKLM\..\Run: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunO4 - HKLM\..\Run: [CLVirtualDrive] "C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe" /RO4 - HKLM\..\Run: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"O4 - HKLM\..\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exeO4 - HKLM\..\Run: [HP CoolSense] C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe -byrunkeyO4 - HKLM\..\Run: [Memeo Instant Backup] C:\Program Files (x86)\Memeo\AutoBackup\MemeoLauncher2.exe --silent --no_uiO4 - HKLM\..\Run: [Memeo AutoSync] C:\Program Files (x86)\Memeo\AutoSync\MemeoLauncher2.exe --silentO4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottimeO4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"[*] Close all open windows and browsers/email, etc...[*] Click on the "Fix Checked" button[*] When completed, close the application.NOTE**You can research each of those lines >here< and see if you want to keep them or notjust copy the name between the brackets and paste into the search spaceO4 - HKLM\..\Run: [IntelliPoint]Eset Online Scanner**Note** You will need to use Internet explorer for this scan - Vista and win 7 right click on IE shortcut and run as adminGo Eset web page to run an online scanner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scanclick on the Run ESET Online Scanner buttonTick the box next to YES, I accept the Terms of Use.Click Start[*]When asked, allow the add/on to be installedClick Start[*]Make sure that the option Remove found threats is unticked[*]Click on Advanced Settings, ensure the optionsScan for potentially unwanted applications, Scan for potentially unsafe applications, and Enable Anti-Stealth Technology are ticked.[*]Click Scan[*]wait for the virus definitions to be downloaded[*]Wait for the scan to finishWhen the scan is completeIf no threats were foundput a checkmark in "Uninstall application on close"close programreport to me that nothing was foundIf threats were foundclick on "list of threats found"click on "export to text file" and save it as ESET SCAN and save to the desktopClick on backput a checkmark in "Uninstall application on close"click on finishclose programcopy and paste the report hereGringo Link to post Share on other sites More sharing options...
historybuff77 Posted April 26, 2013 Author ID:674031 Share Posted April 26, 2013 Thanks Gringo! I couldn't run the last scan because my Internet Explorer is not working and hasn't worked for over a month. I tried reinstalling it but it didn't work.One other question. I have the free Malwarebytes and I have almost a year left on my Norton 360 subscription. Can I run both of these programs and do you suggest that I do? When I was reinstalling Norton, Malwarebytes came up as a conflict.Thanks again. Link to post Share on other sites More sharing options...
Staff gringo_pr Posted April 26, 2013 Staff ID:674033 Share Posted April 26, 2013 Hello historybuff77free MBAM and norton should work together just finetry this for IE and tell me more about the problemMake sure you are running IE as admin - http://www.ehow.com/how_5101965_run-internet-explorer-administrator.htmlTry resetting IE - go here and scroll down and click on show all and click on the fix-it button - http://windows.microsoft.com/en-US/windows-vista/Reset-Internet-Explorer-8-settingsIf that does not work then try this oneF-Secure Online ScanYou can use either Internet Explorer or Mozilla FireFox for this scan.Note: If you are using Windows Vista, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.Please go HERE to run an online scan from F-SecureClick on Start scanningThis will open a new windowIn Interner ExplorerIt will require an activex control, please install itClick AcceptIn FirefoxIt will require an Add-on to be installed, please install itOrder to install the Add-on Firefox needs to be restarted, please do so[*]Click Full System Scan[*]It will now download the scanner this may take a while please be patient[*]It will then start scanning wait for the scan to finish[*]Click Automatic cleaning (recommended)[*]Wait for it finish the cleaning process[*]Click show report[*]This will open up a window with the results of the scan copy and paste those results as a reply to this topicGringo Link to post Share on other sites More sharing options...
historybuff77 Posted April 29, 2013 Author ID:674762 Share Posted April 29, 2013 Hi Gringo,The first option did not work. The second scan found nothing but didn't produce any results I could post. Internet Explorer still doesn't work. I've stopped using it and use Chrome and Mozilla. The only time this is a problem is if another program tries to open up an IE window.Thanks! Link to post Share on other sites More sharing options...
Staff gringo_pr Posted April 29, 2013 Staff ID:674763 Share Posted April 29, 2013 Hello historybuff77 I would like you to go to this page - Troubleshooting and Internet Explorer’s (No Add-ons) ModeStep 1 is going to show you how to run IE without any add/ons, If by running IE this way the problem goes away Then we can go to step 2Step 2 will show you how to find the add/on that is causing the problem and then how to remove itGringo Link to post Share on other sites More sharing options...
historybuff77 Posted May 1, 2013 Author ID:675438 Share Posted May 1, 2013 Hi Gringo,That link describes an older version of the Windows operating system. Do you have any idea where I would look for system tools in Windows 8? I did a search for them but nothing came up.Thank you! Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 1, 2013 Staff ID:675443 Share Posted May 1, 2013 try thishttp://blog.twinbytes.ca/2012/12/12/run-ie10-add-ons-windows-8/ Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 3, 2013 Staff ID:675879 Share Posted May 3, 2013 GreetingsI have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our toolsGringo Link to post Share on other sites More sharing options...
Staff gringo_pr Posted May 7, 2013 Staff ID:676908 Share Posted May 7, 2013 Hello 48 Hour bumpIt has been more than 48 hours since my last post.do you still need help with this?do you need more time?are you having problems following my instructions?if after 48hrs you have not replied to this thread then it will have to be closed!Gringo Link to post Share on other sites More sharing options...
LDTate Posted May 10, 2013 ID:678007 Share Posted May 10, 2013 Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread. Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts