New Problem Scan

dmbaker · December 15, 2012

Hello,

I hope I'm posting this correctly, I looked around to make sure and decided this one was the best match for my questions. Before I go into that though, I'd just like to say that I'm definitely not an expert, in fact I'm probably not much better than a beginner in reality but I do like to try to learn how/what is going on with my systems and fix them myself. That being said, I absolutely LOVE Advanced SystemCare products. I've been using them for a few years now and although I still have questions, I have been very happy with all the products. I was thrilled when the anti-virus was included and especially for the price. I was already using the paid version prior because I thought the price was extremely affordable for getting the extra tools. So, thank you very much (to whomever contributes in any capacity)! I really appreciate it.

As I said, I still have questions and since I bought the license for 3 computers I had always been too afraid to run the full scan cleaner for high priority results. I know it says to be careful and we should check the files before opting to delete. The thing is, even if I go check it out I still don't know if it would be safe to delete. Anyway, I have an older computer I had given to my son and didn't care too much about it so I let it clean all the high priority files it found and nothing bad happened.

Still, I'm too afraid to run it on my own. I use both of my laptops pretty much daily and I not only do not want to have to re-install everything since it would take a lot of time, I've never had to do it and don't even know if I could get it all back. So, I thought I would start with posting my diagnostic results to see if there is anything someone might see that would help me clean my system or anything else I don't see that is a problem. I can tell you that I bought this little laptop off of Ebay and its an older one but I like it so much more than my new Lenovo. One of the problems is that the seller left some files on it that I had to get rid of but I keep finding other places where there are old files. If I didn't already have so much valuable stuff of my own on here I would just try to do somehow clean the whole thing before using it but I'm beyond that now. The seller had a folder called "Windows.old" which I saved to my back up drive and deleted however, when I tried deleting it I did get some pop ups that were warnings so to be safe I chose not to delete those files. I don't see them anymore so I'm not sure if they were system files that remained with the OS or if they were deleted anyway which is why I'm trying to be careful.

The last week or so I've been getting error messages that my memory is low but I didn't think I had that much on it so I'm looking to clean it up a bit. I'm using a 16GB and an 8GB flash drive to use as storage but I'd really like to try figuring out what the deal is and what's really safe to get rid of.

Sorry, I had such a long post. I'm running Win7 Ultimate SP1 on an HP6910p laptop. Here is my report:

Advanced SystemCare Diagnose Report v1.0

Date: 2012/12/14 17:08:09

----------------------------------

01 - Operating System

----------------------------------

0101 - Operating System : Windows 7 Ultimate 32-bit (6.1, Build 7601) Service Pack 1 (7601.win7sp1_gdr.120830-0333)

0102 - Language : English (Regional Setting: English)

0103 - BIOS : KBC Version 68.36

0104 - Processor : Intel® Core2 Duo CPU T7300 @ 2.00GHz (2 CPUs), ~2.0GHz

0105 - Memory : 4096MB RAM

0106 - Available OS Memory : 3064MB RAM

0107 - Page File : 2543MB used, 3581MB available

0108 - Windows Dir : C:\Windows

0109 - DirectX Version : DirectX 11

0110 - DX Setup Parameters : Not found

0111 - User DPI Setting : Using System DPI

0112 - System DPI Setting : 96 DPI (100 percent)

0113 - DWM DPI Scaling : Disabled

0114 - DxDiag Version : 6.01.7601.17514

----------------------------------

02 - Processor

----------------------------------

0201 - Caption : Intel® Core2 Duo CPU T7300 @ 2.00GHz x2 ~2001MHz

0202 - Current Clock Speed : 2001MHz

----------------------------------

03 - Video Adapter

----------------------------------

0301 - Card Name : Mobile Intel® 965 Express Chipset Family

0302 - Manufacturer : Intel Corporation

0303 - Chip Type : Mobile Intel® 965 Express Chipset Family

0304 - DAC Type : Internal

0305 - Device Key : Enum\PCI\VEN_8086&DEV_2A02&SUBSYS_30BE103C&REV_0C

0306 - Display Memory : 358 MB

0307 - RAM Adapter : 384.00 MB

0308 - Current Mode : 1280 x 800 (32 bit) (60Hz)

0309 - Monitor Name : Generic PnP Monitor

0310 - Driver Name : igdumdx32.dll,igd10umd32.dll

0311 - Driver Version : 8.14.0010.1930

0312 - Driver Language : English

0313 - DDI Version : 10

0314 - Driver Model : WDDM 1.1

0315 - Driver Beta : False

0316 - Driver Debug : False

0317 - Driver Date : 9/23/2009 18:14:54

0318 - Driver Size : 536576

0319 - VDD : n/a

0320 - Mini VDD : n/a

0321 - Mini VDD Date : n/a

0322 - Mini VDD Size : 0

0323 - Device Identifier : {D7B78E66-6942-11CF-0674-B410ADC2C535}

0324 - Vendor ID : 0x8086

0325 - Device ID : 0x2A02

0326 - SubSys ID : 0x30BE103C

0327 - Revision ID : 0x000C

0328 - Driver Strong Name : oem1.inf:Intel.Mfg:i965GM0:8.15.10.1930:pci\ven_8086&dev_2a02

0329 - Rank Of Driver : 00EC2001

0330 - Video Accel : ModeMPEG2_A ModeMPEG2_C ModeWMV9_B ModeVC1_B

0331 - Deinterlace Caps : {BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YUY2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(UYVY,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(YV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(NV12,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC1,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC2,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC3,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

{BF752EF6-8CC4-457A-BE1B-08BD1CAEEE9F}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,1) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_EdgeFiltering

{335AA36E-7884-43A4-9C91-7F87FAF3E37E}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend DeinterlaceTech_BOBVerticalStretch

{5A54A0C9-C7EC-4BD9-8EDE-F3C75DC4393B}: Format(In/Out)=(IMC4,YUY2) Frames(Prev/Fwd/Back)=(0,0,0) Caps=VideoProcess_YUV2RGB VideoProcess_StretchX VideoProcess_StretchY VideoProcess_AlphaBlend

0332 - D3D9 Overlay : Not Supported

0333 - DXVA-HD : Not Supported

0334 - DDraw Status : Enabled

0335 - D3D Status : Enabled

0336 - AGP Status : Enabled

0337 - Notes : No problems found.

0338 - OpenGL : 6.1.7600.16385 (win7_rtm.090713-1255)

----------------------------------

04 - Memory

----------------------------------

0401 - Total Memory : 2.99 GB

0402 - Free Memory : 1.53 GB

0403 - Total Pagefile : 5.98 GB

0404 - Free Pagefile : 3.49 GB

0405 - Bank Label : N/A

0406 - Speed : 667 MHz

0407 - Total Width : 64 Bits

0408 - Capacity : 2.00 GB

0405 - Bank Label : N/A

0406 - Speed : 667 MHz

0407 - Total Width : 64 Bits

0408 - Capacity : 2.00 GB

----------------------------------

05 - Network

----------------------------------

0501 - Description : Intel® Wireless WiFi Link 4965AG

0502 - Driver Date : 3-26-2009

0503 - Driver Version : 12.4.1.4

----------------------------------

06 - Motherboard

----------------------------------

0601 - Product : 30BE

0602 - Manufacturer : Hewlett-Packard

----------------------------------

07 - Sound Device

----------------------------------

0701 - Description : Speakers (SoundMAX Integrated Digital HD Audio)

0702 - Default Sound Playback : True

0703 - Default Voice Playback : True

0704 - Hardware ID : HDAUDIO\FUNC_01&VEN_11D4&DEV_1981&SUBSYS_103C30BE&REV_1002

0705 - Manufacturer ID : 1

0706 - Product ID : 100

0707 - Type : WDM

0708 - Driver Name : ADIHdAud.sys

0709 - Driver Version : 6.10.0001.5240

0710 - Driver attributes : Final Retail

0711 - Date and Size : 4/24/2008 16:26:28

0713 - Driver Provider : AnalogDevices

0714 - Min/Max Sample Rate : 4314154, 4314154

0715 - Static/Strm HW Mix Bufs : 4314154, 4314154

0716 - Static/Strm HW 3D Bufs : 4314154, 4314154

0717 - HW Memory : 4314162

0718 - Voice Management : False

0719 - EAX 2.0 Listen/Src : False, False

0720 - I3DL2 Listen/Src : False, False

0721 - Notes : No problems found.

----------------------------------

08 - Hard Disk

----------------------------------

0801 - Model : FUJITSU MHY2080BH ATA Device

0802 - Media Type : Fixed hard disk media

0803 - Size : 74.53 GB

0801 - Model : Ricoh SD Disk Device

0802 - Media Type : Removable Media

0803 - Size : 3.68 GB

0801 - Model : Kingston DT 101 G2 USB Device

0802 - Media Type : Removable Media

0803 - Size : 14.90 GB

0801 - Model : SanDisk Cruzer Fit USB Device

0802 - Media Type : Removable Media

0803 - Size : 7.45 GB

0805 - Driver Date : 6-21-2006

0806 - Driver Version : 6.1.7600.16385

0807 - Caption : C:\

0808 - Capacity : 74.53 GB

0809 - Free Space : 5.20 GB

0810 - Drive Type : 3-Fixed

0811 - File System : NTFS

----------------------------------

09 - Process

----------------------------------

0901 - 0000 Idle 0 0 0

0901 - 0004 System 0 0 0

0901 - 0108 smss.exe 0 0 0 normal C:\Windows\system32

0901 - 0180 csrss.exe 0 0 0 normal C:\Windows\system32

0901 - 01a8 wininit.exe 0 0 0 high C:\Windows\system32

0901 - 01b4 csrss.exe 1 174 80 normal C:\Windows\system32

0901 - 01e4 services.exe 0 0 0 normal C:\Windows\system32

0901 - 01fc lsass.exe 0 0 0 normal C:\Windows\system32

0901 - 0204 lsm.exe 0 0 0 normal C:\Windows\system32

0901 - 0240 winlogon.exe 1 6 0 high C:\Windows\system32

0901 - 029c svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 02d4 ascsvc.exe 0 0 0 high C:\Program Files\IObit\Advanced SystemCare Ultimate

0901 - 02fc ascavsvc.exe 0 0 0 normal C:\Program Files\IObit\Advanced SystemCare Ultimate

0901 - 0398 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 03e4 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 0428 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 0458 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 04d0 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 04f4 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 052c Hpservice.exe 0 0 0 normal C:\Windows\system32

0901 - 0574 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 05d8 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 0658 spoolsv.exe 0 0 0 normal C:\Windows\System32

0901 - 067c svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 06d0 eEBSVC.exe 0 0 0 normal C:\Program Files\Common Files\EPSON\EBAPI

0901 - 0774 armsvc.exe 0 0 0 normal C:\Program Files\Common Files\Adobe\ARM\1.0

0901 - 0788 AEADISRV.EXE 0 0 0 normal C:\Windows\system32

0901 - 07a0 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 07ec ApplicationUpdater.exe 0 0 0 normal C:\Program Files\Application Updater

0901 - 0114 mDNSResponder.exe 0 0 0 normal C:\Program Files\Bonjour

0901 - 01b8 UACProxy.exe 0 0 0 normal C:\ProgramData\OfficeGuardianV2

0901 - 01f8 DefaultTabSearch.exe 0 0 0 normal C:\Program Files\DefaultTab

0901 - 04a4 DTUpdate.exe 0 0 0 normal C:\Users\admin\AppData\Roaming\DefaultTab\DefaultTab

0901 - 0288 E_S40ST7.EXE 0 0 0 normal C:\ProgramData\EPSON\EPW!3 SSRP

0901 - 082c E_S50ST7.EXE 0 0 0 normal C:\Program Files\Common Files\EPSON\EPW!3 SSRP

0901 - 087c E_S40RP7.EXE 0 0 0 normal C:\ProgramData\EPSON\EPW!3 SSRP

0901 - 08a8 E_S50RP7.EXE 0 0 0 normal C:\Program Files\Common Files\EPSON\EPW!3 SSRP

0901 - 08d8 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 09e4 taskhost.exe 1 28 24 normal C:\Windows\system32

0901 - 0a24 Dwm.exe 1 20 2 high C:\Windows\system32

0901 - 0a3c Explorer.EXE 1 796 592 normal C:\Windows

0901 - 0ad8 taskeng.exe 1 9 3 normal C:\Windows\system32

0901 - 0b40 Monitor.exe 1 213 38 below normal C:\Program Files\IObit\Advanced SystemCare Ultimate

0901 - 0b68 ibsvc.exe 0 0 0 normal C:\ProgramData\IBUpdaterService

0901 - 0b88 inetinfo.exe 0 0 0 normal C:\Windows\system32\inetsrv

0901 - 0ba4 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 0be8 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 0c10 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 0c4c SMSvcHost.exe 0 0 0 normal C:\Windows\Microsoft.NET\Framework\v4.0.30319

0901 - 0cc4 PenCommService.exe 0 0 0 normal C:\Program Files\Common Files\Livescribe\PenComm

0901 - 0ce4 locator.exe 0 0 0 normal C:\Windows\system32

0901 - 0d0c tcpsvcs.exe 0 0 0 normal C:\Windows\System32

0901 - 0d40 snmp.exe 0 0 0 normal C:\Windows\System32

0901 - 0d68 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 0e3c vds.exe 0 0 0 normal C:\Windows\System32

0901 - 0e84 svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 0ec0 WLIDSVC.EXE 0 0 0 normal C:\Program Files\Common Files\Microsoft Shared\Windows Live

0901 - 0f10 WmiApSrv.exe 0 0 0 normal C:\Windows\system32\wbem

0901 - 0f44 xaudio.exe 0 0 0 normal C:\Windows\system32\DRIVERS

0901 - 0f60 WLIDSvcM.exe 0 0 0 normal C:\Program Files\Common Files\Microsoft Shared\Windows Live

0901 - 0f6c YahooAUService.exe 0 0 0 normal C:\Program Files\Yahoo!\SoftwareUpdate

0901 - 0638 wmiprvse.exe 0 0 0 normal C:\Windows\system32\wbem

0901 - 0934 DllHost.exe 0 0 0 normal C:\Windows\system32

0901 - 10d4 alg.exe 0 0 0 normal C:\Windows\System32

0901 - 1148 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 1254 svchost.exe 0 0 0 normal C:\Windows\System32

0901 - 129c svchost.exe 0 0 0 normal C:\Windows\system32

0901 - 137c WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 141c OverlayCache.exe 1 15 6 normal C:\Program Files\SOS Online Backup

0901 - 1434 hkcmd.exe 1 9 16 normal C:\Windows\System32

0901 - 1464 EZPronounce.exe 1 35 23 normal C:\Program Files\EZPronounce

0901 - 1498 GrooveMonitor.exe 1 9 4 normal C:\Program Files\Microsoft Office\Office12

0901 - 14c8 igfxsrvc.exe 1 9 2 normal C:\Windows\system32

0901 - 1514 SearchSettings.exe 1 20 17 normal C:\Program Files\Common Files\Spigot\Search Settings

0901 - 1538 smax4pnp.exe 1 14 9 normal C:\Program Files\Analog Devices\Core

0901 - 1594 ipoint.exe 1 16 46 normal C:\Program Files\Microsoft IntelliPoint

0901 - 164c QLBCtrl.exe 1 13 14 normal C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons

0901 - 1710 GoogleToolbarNotifier.exe 1 12 13 normal C:\Program Files\Google\GoogleToolbarNotifier

0901 - 1730 SacReminder.exe 1 89 47 normal C:\ProgramData\OfficeGuardianV2\reminder

0901 - 1768 ASCTray.exe 1 102 48 normal C:\Program Files\IObit\Advanced SystemCare Ultimate

0901 - 1784 hpMonitor.exe 1 39 13 normal C:\Program Files\Hewlett-Packard\HP Mouse Suite

0901 - 1794 hpwjd.exe 1 12 8 normal C:\ProgramData\HP Mouse Suite Config

0901 - 17b4 hpwmsd.exe 1 12 8 normal C:\ProgramData\HP Mouse Suite Config

0901 - 17c0 translateclient.exe 1 392 250 normal C:\Program Files\Translate Client

0901 - 17ec ONENOTEM.EXE 1 18 6 normal C:\Program Files\Microsoft Office\Office12

0901 - 1330 dpupdchk.exe 1 9 1 normal C:\Program Files\Microsoft IntelliPoint

0901 - 1334 VolCtrl.exe 1 9 6 normal C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons

0901 - 157c SearchIndexer.exe 0 0 0 normal C:\Windows\system32

0901 - 161c hpqWmiEx.exe 0 0 0 normal C:\Program Files\Hewlett-Packard\Shared

0901 - 1860 DllHost.exe 0 0 0 normal C:\Windows\system32

0901 - 1c58 browsermngr.exe 0 0 0 normal C:\ProgramData\Browser Manager\2.2.580.185\{16cdff19-861d-48e3-a751-d99a27784753}

0901 - 1c98 schtasks.exe 0 0 0 normal C:\Windows\system32

0901 - 1ca8 conhost.exe 0 0 0 normal C:\Windows\system32

0901 - 1cb8 browsermngr.exe 1 21 11 normal C:\ProgramData\Browser Manager\2.2.580.185\{16cdff19-861d-48e3-a751-d99a27784753}

0901 - 1ed8 InputPersonalization.exe 1 9 5 below normal C:\Program Files\Common Files\Microsoft Shared\Ink

0901 - 0cb0 wuauclt.exe 1 12 6 normal C:\Windows\system32

0901 - 16e8 svchost.exe 0 0 0 below normal C:\Windows\system32

0901 - 10e8 ASC.exe 1 2890 212 normal C:\Program Files\IObit\Advanced SystemCare Ultimate

0901 - 1060 firefox.exe 1 516 67 normal C:\Program Files\Mozilla Firefox

0901 - 0d50 plugin-container.exe 1 9 22 normal C:\Program Files\Mozilla Firefox

0901 - 0984 FlashPlayerPlugin_11_5_502_135.exe 1 9 8 normal C:\Windows\system32\Macromed\Flash

0901 - 1dcc FlashPlayerPlugin_11_5_502_135.exe 1 28 173 normal C:\Windows\system32\Macromed\Flash

0901 - 0998 hpqToaster.exe 1 10 6 normal C:\Program Files\Hewlett-Packard\Shared

0901 - 1d30 hpCaslNotification.exe 1 44 23 normal C:\Program Files\Hewlett-Packard\Shared

0901 - 0914 TrustedInstaller.exe 0 0 0 normal C:\Windows\servicing

0901 - 1bd4 iexplore.exe 1 494 156 normal C:\Program Files\Internet Explorer

0901 - 13f8 iexplore.exe 1 36 37 normal C:\Program Files\Internet Explorer

0901 - 02ec AppleMobileDeviceService.exe 0 0 0 normal C:\Program Files\Common Files\Apple\Mobile Device Support

0901 - 1d50 iPodService.exe 0 0 0 normal C:\Program Files\iPod\bin

0901 - 1f94 iTunesHelper.exe 1 9 9 normal C:\Program Files\iTunes

0901 - 1090 ApplePhotoStreams.exe 1 9 1 normal C:\Program Files\Common Files\Apple\Internet Services

0901 - 0bc4 WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 0da0 WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 15a8 WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 0ecc WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 1f44 WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 1354 WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 1d28 WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 0c68 WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 109c WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 0b60 WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 13c8 WUDFHost.exe 0 0 0 normal C:\Windows\System32

0901 - 14e0 iexplore.exe 1 49 57 normal C:\Program Files\Internet Explorer

0901 - 0508 FlashUtil32_11_5_502_135_ActiveX.exe 1 10 2 normal C:\Windows\system32\Macromed\Flash

0901 - 1724 iexplore.exe 1 51 52 normal C:\Program Files\Internet Explorer

0901 - 0aa4 SmartDefrag.exe 1 854 156 normal C:\Program Files\IObit\Smart Defrag 2

0901 - 1718 NOTEPAD.EXE 1 23 20 normal C:\Windows\system32

0901 - 1f64 taskeng.exe 0 0 0 below normal C:\Windows\system32

0901 - 18f8 SearchProtocolHost.exe 0 0 0 idle C:\Windows\system32

0901 - 1a44 SearchFilterHost.exe 0 0 0 idle C:\Windows\system32

0901 - 1a80 Sus10_SysExplorer.exe 1 102 48 normal C:\Program Files\IObit\Advanced SystemCare Ultimate

0901 - 1878 wmiprvse.exe 0 0 0 normal C:\Windows\system32\wbem

0901 - 0cc0 audiodg.exe 0 0 0

----------------------------------

10 - Service

----------------------------------

1001 - Adobe Acrobat Update Service - ["C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe"]

1001 - Advanced SystemCare Service 6 - [C:\Program Files\IObit\Advanced SystemCare Ultimate\ascsvc.exe]

1001 - Andrea ADI Filters Service - [C:\Windows\system32\AEADISRV.EXE]

1001 - Application Experience - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Application Layer Gateway Service - [C:\Windows\System32\alg.exe]

1001 - Application Host Helper Service - [C:\Windows\system32\svchost.exe -k apphost]

1001 - Application Information - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Apple Mobile Device - ["C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe"]

1001 - Application Updater - ["C:\Program Files\Application Updater\ApplicationUpdater.exe"]

1001 - AdvancedSystemCareAntivirus - [C:\Program Files\IObit\Advanced SystemCare Ultimate\ascavsvc.exe]

1001 - Windows Audio Endpoint Builder - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Audio - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Base Filtering Engine - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - Background Intelligent Transfer Service - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Bonjour Service - ["C:\Program Files\Bonjour\mDNSResponder.exe"]

1001 - Computer Browser - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Browser Manager - [C:\ProgramData\Browser Manager\2.2.580.185\{16cdff19-861d-48e3-a751-d99a27784753}\browsermngr.exe]

1001 - CFUACProxy_officeguardianv2 - ["C:\ProgramData\OfficeGuardianV2\UACProxy.exe" -s "-pC:\ProgramData\OfficeGuardianV2"]

1001 - Cryptographic Services - [C:\Windows\system32\svchost.exe -k NetworkService]

1001 - DefaultTabSearch - [C:\Program Files\DefaultTab\DefaultTabSearch.exe]

1001 - DefaultTabUpdate - ["C:\Users\admin\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe"]

1001 - DHCP Client - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - DNS Client - [C:\Windows\system32\svchost.exe -k NetworkService]

1001 - Extensible Authentication Protocol - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - EpsonBidirectionalService - [C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe]

1001 - EPSON V5 Service4(01) - [C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE]

1001 - EPSON V5 Service4(04) - [C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE]

1001 - EPSON V3 Service4(01) - [C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE]

1001 - EPSON V3 Service4(04) - [C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE]

1001 - Windows Event Log - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - COM+ Event System - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Function Discovery Provider Host - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Function Discovery Resource Publication - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Windows Font Cache Service - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Microsoft FTP Service - [C:\Windows\system32\svchost.exe -k ftpsvc]

1001 - Human Interface Device Access - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Health Key and Certificate Management - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - HomeGroup Listener - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - HomeGroup Provider - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - HP Software Framework Service - ["C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe"]

1001 - HP Service - [C:\Windows\system32\Hpservice.exe]

1001 - Updater Service - ["C:\ProgramData\IBUpdaterService\ibsvc.exe" /SERVICE]

1001 - IIS Admin Service - [C:\Windows\system32\inetsrv\inetinfo.exe]

1001 - IKE and AuthIP IPsec Keying Modules - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - PnP-X IP Bus Enumerator - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - RIP Listener - [C:\Windows\System32\svchost.exe -k ipripsvc]

1001 - CNG Key Isolation - [C:\Windows\system32\lsass.exe]

1001 - KtmRm for Distributed Transaction Coordinator - [C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation]

1001 - Server - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Workstation - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - TCP/IP NetBIOS Helper - [C:\Windows\system32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - LPD Service - [C:\Windows\System32\svchost.exe -k LPDService]

1001 - Media Center Extender Service - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Windows Firewall - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - Network Connections - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Net.Pipe Listener Adapter - [C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe]

1001 - Network List Service - [C:\Windows\System32\svchost.exe -k LocalService]

1001 - Net.Tcp Listener Adapter - [C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe]

1001 - Net.Tcp Port Sharing Service - [C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe]

1001 - Network Location Awareness - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - Network Store Interface Service - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Peer Networking Identity Manager - [C:\Windows\System32\svchost.exe -k LocalServicePeerNet]

1001 - Peer Networking Grouping - [C:\Windows\System32\svchost.exe -k LocalServicePeerNet]

1001 - Program Compatibility Assistant Service - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Livescribe Pulse Smartpen Service - [C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe]

1001 - Plug and Play - [C:\Windows\system32\svchost.exe -k DcomLaunch]

1001 - Peer Name Resolution Protocol - [C:\Windows\System32\svchost.exe -k LocalServicePeerNet]

1001 - IPsec Policy Agent - [C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted]

1001 - Power - [C:\Windows\system32\svchost.exe -k DcomLaunch]

1001 - User Profile Service - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Remote Access Connection Manager - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Routing and Remote Access - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Remote Procedure Call (RPC) Locator - [C:\Windows\system32\locator.exe]

1001 - Security Accounts Manager - [C:\Windows\system32\lsass.exe]

1001 - Windows Backup - [C:\Windows\system32\svchost.exe -k SDRSVC]

1001 - Secondary Logon - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - System Event Notification Service - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Internet Connection Sharing (ICS) - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Shell Hardware Detection - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Simple TCP/IP Services - [C:\Windows\System32\tcpsvcs.exe]

1001 - SNMP Service - [C:\Windows\System32\snmp.exe]

1001 - Print Spooler - [C:\Windows\System32\spoolsv.exe]

1001 - SSDP Discovery - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Secure Socket Tunneling Protocol Service - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Windows Image Acquisition (WIA) - [C:\Windows\system32\svchost.exe -k imgsvc]

1001 - Superfetch - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Telephony - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - TPM Base Services - [C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Remote Desktop Services - [C:\Windows\System32\svchost.exe -k NetworkService]

1001 - Themes - [C:\Windows\System32\svchost.exe -k netsvcs]

1001 - Thread Ordering Server - [C:\Windows\system32\svchost.exe -k LocalService]

1001 - Distributed Link Tracking Client - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - UPnP Device Host - [C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Desktop Window Manager Session Manager - [C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Credential Manager - [C:\Windows\system32\lsass.exe]

1001 - Virtual Disk - [C:\Windows\System32\vds.exe]

1001 - World Wide Web Publishing Service - [C:\Windows\system32\svchost.exe -k iissvcs]

1001 - Windows Process Activation Service - [C:\Windows\system32\svchost.exe -k iissvcs]

1001 - Windows Connect Now - Config Registrar - [C:\Windows\System32\svchost.exe -k LocalServiceAndNoImpersonation]

1001 - Windows Event Collector - [C:\Windows\system32\svchost.exe -k NetworkService]

1001 - Windows Defender - [C:\Windows\System32\svchost.exe -k secsvcs]

1001 - Windows Management Instrumentation - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - WLAN AutoConfig - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Windows Live ID Sign-in Assistant - ["C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"]

1001 - WMI Performance Adapter - [C:\Windows\system32\wbem\WmiApSrv.exe]

1001 - Portable Device Enumerator Service - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - Security Center - [C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted]

1001 - Windows Search - [C:\Windows\system32\SearchIndexer.exe /Embedding]

1001 - Windows Update - [C:\Windows\system32\svchost.exe -k netsvcs]

1001 - Windows Driver Foundation - User-mode Driver Framework - [C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted]

1001 - WWAN AutoConfig - [C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork]

1001 - XAudioService - [C:\Windows\system32\DRIVERS\xaudio.exe]

1001 - Yahoo! Updater - ["C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe"]

1001 - iPod Service - ["C:\Program Files\iPod\bin\iPodService.exe"]

----------------------------------

11 - Windows Experience Index

----------------------------------

1101 - System Score : 3.1

1102 - Memory Score : 5.1

1103 - CPU Score : 5.1

1104 - Graphics Score : 3.5

1105 - Gaming Score : 3.1

1106 - Disk Score : 4.9

----------------------------------

12 - Event Log

----------------------------------

1201 - Time : 12/15/2012 6:39:36 AM

1202 - Source : MsiInstaller

1203 - Description : Product: QuickTime -- Error 1326. Error getting file security: C:\ProgramData\Apple Computer\Installer Cache\QuickTime 7.72.80.56\ GetLastError: 5

1201 - Time : 12/15/2012 2:48:58 AM

1202 - Source : MsiInstaller

1203 - Description : Product: QuickTime -- Error 1326. Error getting file security: C:\ProgramData\Apple Computer\Installer Cache\QuickTime 7.72.80.56\ GetLastError: 5

1201 - Time : 12/15/2012 2:37:39 AM

1202 - Source : MsiInstaller

1203 - Description : Product: QuickTime -- Error 1326. Error getting file security: C:\ProgramData\Apple Computer\Installer Cache\QuickTime 7.72.80.56\ GetLastError: 5

1201 - Time : 12/15/2012 2:16:28 AM

1202 - Source : Bonjour Service

1203 - Description : Task Scheduling Error: m->NextScheduledSPRetry 96107817

1201 - Time : 12/15/2012 2:16:28 AM

1202 - Source : Bonjour Service

1203 - Description : Task Scheduling Error: m->NextScheduledEvent 96107817

1201 - Time : 12/15/2012 2:16:28 AM

1202 - Source : Bonjour Service

1203 - Description : Task Scheduling Error: Continuously busy for more than a second

1201 - Time : 12/15/2012 2:16:26 AM

1202 - Source : Bonjour Service

1203 - Description : Task Scheduling Error: m->NextScheduledSPRetry 96105898

1201 - Time : 12/15/2012 2:16:26 AM

1202 - Source : Bonjour Service

1203 - Description : Task Scheduling Error: m->NextScheduledEvent 96105898

1201 - Time : 12/15/2012 2:16:26 AM

1202 - Source : Bonjour Service

1203 - Description : Task Scheduling Error: Continuously busy for more than a second

1201 - Time : 12/15/2012 2:16:25 AM

1202 - Source : Bonjour Service

1203 - Description : Task Scheduling Error: m->NextScheduledSPRetry 96104884

1201 - Time : 12/15/2012 6:22:01 AM

1202 - Source : volsnap

1203 - Description : The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

1201 - Time : 12/15/2012 2:42:13 AM

1202 - Source : Service Control Manager

1203 - Description : The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Apple Mobile Device service, but this action failed with the following error: An instance of the service is already running.

1201 - Time : 12/15/2012 2:41:13 AM

1202 - Source : Service Control Manager

1203 - Description : The Apple Mobile Device service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1201 - Time : 12/15/2012 2:40:52 AM

1202 - Source : Service Control Manager

1203 - Description : The Apple Mobile Device service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.

1201 - Time : 12/15/2012 2:16:34 AM

1202 - Source : ipnathlp

1203 - Description : The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

1201 - Time : 12/13/2012 12:43:16 PM

1202 - Source : SNMP

1203 - Description : The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

1201 - Time : 12/13/2012 12:43:16 PM

1202 - Source : Service Control Manager

1203 - Description : The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

1201 - Time : 12/13/2012 12:43:15 PM

1202 - Source : Service Control Manager

1203 - Description : The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

1201 - Time : 12/13/2012 12:43:15 PM

1202 - Source : Service Control Manager

1203 - Description : A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

1201 - Time : 12/13/2012 12:42:44 PM

1202 - Source : Service Control Manager

1203 - Description : The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

----------------------------------

End of file - 42344 Bytes

Thanks so much!!

Melvin_Deal · December 15, 2012

Hi dmbaker... welcome to the Iobit forums!

It appears that your machine is compromised. Please follow the guidelines in this link> http://forums.iobit.com/showthread.php?t=6216 Open the thread in that section... if and once you do that... this thread will be temporarily closed.

Please make sure to follow the instructions carefully. Expect that the machine will be dedicated to cleaning for a bit.

Sincerely,

-Mel

Live long and prosper!

dmbaker · December 28, 2012

New Problem Scan

Hi,

Thanks so much for your assistance with my laptop. I'm in the process of completing the provided instructions now and will update you on the thread you directed me to as soon as it is completed.

I ran a scan on my desktop running Windows XP and something doesn't look right to me. I was hoping you could take a look at it. I don't know for sure that this is the problem but I can tell you that I had gotten an odd message from my MS Office program that said my trial had ended and I would have to purchase the program in order to use it. The thing is, I never used a trial MS Office program. I purchased it myself directly from Microsoft and installed it with the disc and key they provided when I made my purchase. I chatted with customer service but couldn't really get anywhere with them. It seems to me that they assume you have invalid files first and it took me forever to find the email I had gotten for my proof of purchase. Even then they wanted me to call in but I was so frustrated by that time that I just used my disc and reinstalled the program. This scan seems to have some reference to MS Office files so again, I'm not sure if that has something to do with my issue but I thought I would mention it.

I've attempted to attach my scan so please let me know if there is a problem with my attachment. By the way, my file was too large to send in .txt format so I tried to open my MS Word program to copy it there and it has reverted back to the trial mode. I really don't understand that since I bought it myself and have the disc/key?? Now I guess I'll have to spend who knows how much time on the phone with MS to figure out how to fix that error. If you have any suggestions please let me know.

dmbaker · December 28, 2012

Hi,

I jumped over to the thread you referred me to but wasn't allowed to post so I thought I would try this way. I have gotten to the section where I ran the malware removal tool in my ASC program but don't see anywhere that gives me the option to save the log. It did find 17 errors but I haven't allowed the repair since I'm trying to log the file first. Please let me know if I'm missing something.

Thanks

dmbaker · December 28, 2012

Completed Log Files Unable to reply on other thread

It appears that your machine is compromised. Please follow the guidelines in this link> http://forums.iobit.com/showthread.php?t=6216 Open the thread in that section... if and once you do that... this thread will be temporarily closed.

Please make sure to follow the instructions carefully. Expect that the machine will be dedicated to cleaning for a bit.

Sincerely,
-Mel
Live long and prosper!

Hi,

When I tried to reply on the above thread it wouldn't allow me to do it so the only thing I could think to do was to come back here and report the files you requested after my scans. If I am unable to copy and paste I'll open new replies here so that you get the entire contents of each log. Thanks.

DDS Attach Log:

.

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 10/16/2011 12:21:44 AM

System Uptime: 12/28/2012 1:28:39 PM (1 hours ago)

.

Motherboard: Hewlett-Packard | | 30BE

Processor: Intel® Core2 Duo CPU T7300 @ 2.00GHz | U10 | 1980/200mhz

.

==== Disk Partitions =========================

.

C: is FIXED (NTFS) - 75 GiB total, 12.966 GiB free.

D: is CDROM (UDF)

E: is Removable

F: is Removable

H: is CDROM ()

.

==== Disabled Device Manager Items =============

.

==== System Restore Points ===================

.

RP170: 12/22/2012 1:13:11 PM - Scheduled Checkpoint

RP171: 12/25/2012 2:04:04 PM - Installed Samsung AllShare

RP172: 12/25/2012 4:53:43 PM - Device Driver Package Install: MagicISO, Inc. Storage controllers

RP174: 12/26/2012 1:23:58 PM - Installed Active@ ISO Burner

RP176: 12/26/2012 1:25:34 PM - SPTD setup V1.62

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

7-Zip 9.21

Active@ ISO Burner

Adobe AIR

Adobe Flash Player 11 ActiveX

Adobe Flash Player 11 Plugin

Adobe Reader X (10.1.4)

Adobe Shockwave Player 11.6

Advanced SystemCare Ultimate 6

Akamai NetSession Interface

Amazon MP3 Downloader 1.0.17

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Audacity 2.0

Bonjour

Browser Manager

CCleaner

Client for Google Translate

Convert PDF to Text Desktop Software version 1.2

Convert PDF to Word Desktop Software version 2.8

D3DX10

DefaultTab

DefaultTab Chrome

Epson Event Manager

Epson FAX Utility

EPSON NX110 Series Printer Uninstall

Epson PC-FAX Driver

EPSON Scan

EPSON WorkForce 320 Series Printer Uninstall

EPSON WorkForce 500 Series Printer Uninstall

EpsonNet Config V3

EpsonNet Print

EpsonNet Setup 3.3

EZPronounce

File Type Assistant

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

Grammarly

Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)

HP ESU for Microsoft Windows 7

HP Mouse Suite

HP Quick Launch Buttons

HP System Default Settings

iCloud

InstallIQ Updater

Intel® Graphics Media Accelerator Driver

Intel® Management Engine Interface

Intel® TV Wizard

IObit Toolbar v6.6

iTunes

Java 7 Update 9

Java Auto Updater

Java 6 Update 33

Livescribe Connect

Livescribe Desktop

MagicDisc 2.7.106

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft IntelliPoint 8.2

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Access MUI (English) 2007

Microsoft Office Access Setup Metadata MUI (English) 2007

Microsoft Office Excel MUI (English) 2007

Microsoft Office File Validation Add-In

Microsoft Office Groove MUI (English) 2007

Microsoft Office Groove Setup Metadata MUI (English) 2007

Microsoft Office InfoPath MUI (English) 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Publisher MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Ultimate 2007

Microsoft Office Word MUI (English) 2007

Microsoft Save as PDF or XPS Add-in for 2007 Microsoft Office programs

Microsoft Silverlight

Microsoft Store Download Manager

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Mobysaurus Thesaurus

Mozilla Firefox 13.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

MusicOasis

Natura Sound Therapy

Office Tab FreeEdition 9.20

PandaPDFConverter

QLBCASL

QuickTime

RICOH Media Driver

Safari

Samsung AllShare

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596856) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687314) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2687315) 32-Bit Edition

Skype™ 5.10

Smart Defrag 2

Soft Data Fax Modem with SmartCP

Solar System 3D Simulator

SOS Online Backup

SugarSync Manager

swMSM

Synaptics Pointing Device Driver

TheSage

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office Access 2007 Help (KB963663)

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office Infopath 2007 Help (KB963662)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2760413) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Publisher 2007 Help (KB963667)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

Updater Service

Windows Driver Package - Hewlett - Packard (HidUsb) HIDClass (01/26/2010 1.12.7600.16385)

Windows Live Communications Platform

Windows Live Essentials

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live PIMT Platform

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live UX Platform

Windows Live UX Platform Language Pack

WinX Bluray DVD iPad Ripper 4.5.5

WinX DVD Author 6.2

WinX DVD Ripper Platinum 7.0.0

WinX iPhone Ringtone Maker 1.0.1

WinX iPhone Video Converter 4.0.12

Yahoo! Software Update

Yontoo 1.10.02

.

==== Event Viewer Messages From Past Week ========

.

12/28/2012 12:08:09 PM, Error: Microsoft-Windows-SharedAccess_NAT [31004] - The DNS proxy agent was unable to allocate 0 bytes of memory. This may indicate that the system is low on virtual memory, or that the memory manager has encountered an internal error.

12/28/2012 1:30:17 PM, Error: Service Control Manager [7034] - The DefaultTabSearch service terminated unexpectedly. It has done this 1 time(s).

12/28/2012 1:30:14 PM, Error: SNMP [1500] - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

12/28/2012 1:30:13 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the HP Software Framework Service service to connect.

12/28/2012 1:30:13 PM, Error: Service Control Manager [7003] - The Net.Msmq Listener Adapter service depends the following service: msmq. This service might not be installed.

12/28/2012 1:30:13 PM, Error: Service Control Manager [7000] - The HP Software Framework Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/28/2012 1:29:42 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the COM+ System Application service to connect.

12/28/2012 1:29:42 PM, Error: Service Control Manager [7000] - The COM+ System Application service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

12/28/2012 1:28:51 PM, Error: volmgr [46] - Crash dump initialization failed!

12/28/2012 1:25:59 PM, Error: Service Control Manager [7034] - The Advanced SystemCare Service 6 service terminated unexpectedly. It has done this 1 time(s).

12/28/2012 1:25:59 PM, Error: Service Control Manager [7031] - The Browser Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

12/27/2012 7:01:00 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BFE service.

12/25/2012 4:10:53 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR2.

12/25/2012 4:06:42 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk3\DR6.

12/25/2012 4:04:45 PM, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk2\DR3.

12/25/2012 3:41:04 PM, Error: Service Control Manager [7022] - The Diagnostic System Host service hung on starting.

12/25/2012 1:07:02 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the VaultSvc service.

12/25/2012 1:06:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the BITS service.

12/25/2012 1:06:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

12/25/2012 1:06:23 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on E: cannot be read.

12/25/2012 1:05:57 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Appinfo service.

12/25/2012 1:05:27 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the LanmanServer service.

12/22/2012 12:34:34 PM, Error: Service Control Manager [7022] - The Windows Search service hung on starting.

.

==== End Of File ===========================

Iobit Malware Figher Log:

Advanced SystemCare Ultimate Log

====================================

Application Version: 6.0.7.274

Database Version:

Scan Mode:AutoCare-Idle

x64 Bit:No

Windows 7

2012-12-28(13-54-21)

====================================

[Malware Scan]: 0 Threats removed

------Details------

[Registry Scan]: 3 Problems Detected

------Details------

Deleted HKEY_CLASSES_ROOT\TypeLib\{AE827ABA-9A56-40FF-8F45-B7DE58CD9BDB}\1.0\HELPDIR

Deleted HKEY_CURRENT_USER\Software\DefaultTab

Deleted HKEY_LOCAL_MACHINE\Software\OldTimer Tools

[shortcut Clean]: 0 problems detected

------Details------

[Junkfiles Fix]: 0 problems fixed

------Details------

[Privacy Fix]: 76 problems fixed

------Details------

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{BB0564AB-4F9D-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{04A9E481-4FA7-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{0571F162-4FAC-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{0C57F282-4FA0-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{0F88B381-4FC2-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{18CA5D12-4FAA-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{1D26D88F-4FBF-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{1E6D99E2-4F9F-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{240EDF58-4FAB-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{3D2A7F4A-4FAD-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{4F06FD8E-4FC8-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{50D5EBB2-4FA6-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{566E33CA-4FAB-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{75D5486C-4FC4-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{881C309D-4FAC-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{A86641B3-4FC2-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{AAE7EA37-4FAA-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{AEBDFC11-4FBE-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{BB0564AC-4F9D-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{C69BFFC3-4F9E-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{C704FE0A-4FC2-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{CC642855-4FAB-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{D83A1952-4FBE-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{E6193AE6-4FC8-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{EEC712DC-4FA8-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{F0A9138F-4FAA-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Active\{FB3D9306-4FC0-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{827891AA-5123-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{08F0D8FA-5124-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{359E8D4C-5124-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{3FC99827-5125-11E2-AC28-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{827891AB-5123-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\RecoveryStore.{4BD5159C-4FA9-11E2-B276-00235AC26378}.dat

Deleted C:\Users\admin\AppData\Local\Microsoft\Internet Explorer\Recovery\Last Active\{36D350A1-511A-11E2-B276-00235AC26378}.dat

Deleted http://www.yahoo.com/

Deleted http://hsrd.yahoo.com/_ylt=Ah0PkxW1Fars_SKHqPXQFaObvZx4/SIG=12fcekp09/EXP=1356805982/**http%3A//us.mc1215.mail.yahoo.com/mc/welcome%3F.tm=1356719582

Deleted http://us.mc1215.mail.yahoo.com/mc/welcome?.tm=1356719582

Deleted http://us.mc1215.mail.yahoo.com/mc/welcome?.tm=1356719582#_pg=compose&&.rand=5482978&clean&.jsrand=4675961

Deleted http://us.mc1215.mail.yahoo.com/mc/welcome?.tm=1356719582#_pg=compose&&.rand=1570599330&clean&.jsrand=4844385

Deleted http://us.mc1215.mail.yahoo.com/mc/welcome?.tm=1356719582#_pg=compose&&.rand=1907342292&.jsrand=2233003

Deleted C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\downloads.sqlite

Deleted C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\sessionstore.js

Deleted C:\Users\admin\AppData\LocalLow\Microsoft\Silverlight\is\45mf13in.skr\52s25np3.zjh\1\g\wk0jxs5xnt3xzx3wa1yyzw4qb25vjqooekym3xrgmpvgyzstvaaaacaa\id.dat

Deleted C:\Users\admin\AppData\LocalLow\Microsoft\Silverlight\is\45mf13in.skr\52s25np3.zjh\1\g\wk0jxs5xnt3xzx3wa1yyzw4qb25vjqooekym3xrgmpvgyzstvaaaacaa\quota.dat

Deleted C:\Users\admin\AppData\LocalLow\Microsoft\Silverlight\is\45mf13in.skr\52s25np3.zjh\1\g\wk0jxs5xnt3xzx3wa1yyzw4qb25vjqooekym3xrgmpvgyzstvaaaacaa\used.dat

Deleted C:\Users\admin\AppData\LocalLow\Microsoft\Silverlight\is\45mf13in.skr\52s25np3.zjh\1\s\qmq203fn3qtn0mbot2ewy5y2renlk1xlpshvlg0rf2admreghbaaadfa\f\PlayerId.txt

Deleted C:\Users\admin\AppData\LocalLow\Microsoft\Silverlight\is\45mf13in.skr\52s25np3.zjh\1\s\qmq203fn3qtn0mbot2ewy5y2renlk1xlpshvlg0rf2admreghbaaadfa\group.dat

Deleted C:\Users\admin\AppData\LocalLow\Microsoft\Silverlight\is\45mf13in.skr\52s25np3.zjh\1\s\qmq203fn3qtn0mbot2ewy5y2renlk1xlpshvlg0rf2admreghbaaadfa\id.dat

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{17829132-2DBE-4F0D-B502-23BADC542F03}

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2C5BCA63-6649-4CFB-80D4-6EFFB65562A2}

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{2DF5DD3D-F489-4850-9A40-692DEA46A74B}

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{302DADCF-9BF0-4E1B-90FE-CA83797B4FB9}

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{4EB43EB4-53F3-4DBC-9F32-99BF9AB8C46E}

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{5E45A46D-E973-4CAB-A190-DB86ED44739E}

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{623A37A1-428E-4D72-9D0D-40711EEF46A6}

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{8CBFCFD5-4452-4659-8C4F-369FCD17B9F2}

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{9CDF2554-7B4C-4240-B9DE-EB865E197DB3}

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{C9AFE1C0-5E51-4128-9BC0-125BF537401A}

Deleted C:\ProgramData\Microsoft\Windows Defender\Scans\History\Results\Resource\{DFFDF11A-8953-4D6D-AC11-98DDFD6A8A7D}

Deleted C:\ProgramData\Microsoft\Windows Defender\Support\MPLog-12222012-122925.log

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\All Control Panel Items.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\28c8b86deab549a1.customDestinations-ms

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\b91050d8b077a4e8.customDestinations-ms

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Downloads.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Ease of Access.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\FAMILY.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\For Brad.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\Greatest Hits, Vol. 2.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\I Hope You Dance.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\iphone-ipad-video-pack (2).lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\iphone-ipad-video-pack.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\License Code.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\My Pictures.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\My Videos.lnk

Deleted C:\Users\admin\AppData\Roaming\Microsoft\Windows\Recent\System and Security.lnk

dmbaker · December 28, 2012

This is my second reply per your instructions

It appears that your machine is compromised. Please follow the guidelines in this link> http://forums.iobit.com/showthread.php?t=6216 Open the thread in that section... if and once you do that... this thread will be temporarily closed.

Please make sure to follow the instructions carefully. Expect that the machine will be dedicated to cleaning for a bit.

Sincerely,
-Mel
Live long and prosper!

Hi,

I hope I'm doing what you asked. As I said before, the forum won't allow me to reply to the thread you referred me to so here is the DDS log file and the second portion of my reply. It is too large so this will be split into one more reply.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by admin at 14:30:46 on 2012-12-28

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1756 [GMT -6:00]

.

AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

============== Running Processes ================

.

C:\Windows\system32\wininit.exe

C:\Windows\system32\lsm.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\ascsvc.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\ascavsvc.exe

C:\Windows\system32\Hpservice.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe

C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe

C:\Windows\system32\AEADISRV.EXE

C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\Program Files\Application Updater\ApplicationUpdater.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\ProgramData\OfficeGuardianV2\UACProxy.exe

C:\Users\admin\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE

C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE

C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE

C:\Windows\system32\taskhost.exe

C:\Windows\system32\Dwm.exe

C:\Windows\system32\taskeng.exe

C:\Windows\Explorer.EXE

C:\Program Files\IObit\Smart Defrag 2\SmartDefrag.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\Monitor.exe

C:\ProgramData\IBUpdaterService\ibsvc.exe

C:\Windows\system32\inetsrv\inetinfo.exe

C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe

C:\Program Files\Common Files\Livescribe\PenComm\PenCommService.exe

C:\Windows\system32\locator.exe

C:\Windows\System32\tcpsvcs.exe

C:\Windows\System32\snmp.exe

C:\Windows\system32\UI0Detect.exe

C:\Windows\System32\vds.exe

C:\Windows\system32\vssvc.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\Windows\system32\wbem\WmiApSrv.exe

C:\Windows\system32\DRIVERS\xaudio.exe

C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\DllHost.exe

C:\Windows\System32\alg.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\System32\hkcmd.exe

C:\Program Files\EZPronounce\EZPronounce.exe

C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe

C:\Windows\system32\igfxsrvc.exe

C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe

C:\Program Files\Analog Devices\Core\smax4pnp.exe

C:\Program Files\Microsoft IntelliPoint\ipoint.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Samsung\AllShare\AllShareAgent.exe

C:\Program Files\SOS Online Backup\OverlayCache.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\ProgramData\OfficeGuardianV2\reminder\SacReminder.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\ASCTray.exe

C:\Program Files\Hewlett-Packard\HP Mouse Suite\hpMonitor.exe

C:\ProgramData\HP Mouse Suite Config\hpwjd.exe

C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe

C:\Program Files\Microsoft IntelliPoint\dpupdchk.exe

C:\ProgramData\HP Mouse Suite Config\hpwmsd.exe

C:\Program Files\Translate Client\translateclient.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe

C:\Program Files\MagicDisc\MagicDisc.exe

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

C:\Windows\system32\DllHost.exe

C:\Program Files\IObit\Advanced SystemCare Ultimate\Asc.exe

C:\ProgramData\Browser Manager\2.2.580.185\{16cdff19-861d-48e3-a751-d99a27784753}\browsermngr.exe

C:\Program Files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe

C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\NOTEPAD.EXE

C:\Program Files\Internet Explorer\iexplore.exe

C:\Program Files\Google\Google Toolbar\GoogleToolbarUser_32.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Program Files\Internet Explorer\iexplore.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\DllHost.exe

C:\Windows\system32\conhost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\svchost.exe -k NetworkService

C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Windows\system32\svchost.exe -k apphost

C:\Windows\system32\svchost.exe -k ftpsvc

C:\Windows\System32\svchost.exe -k ipripsvc

C:\Windows\System32\svchost.exe -k NetworkServiceAndNoImpersonation

C:\Windows\System32\svchost.exe -k LPDService

C:\Windows\system32\svchost.exe -k imgsvc

C:\Windows\system32\svchost.exe -k iissvcs

C:\Windows\System32\svchost.exe -k LocalServicePeerNet

C:\Windows\System32\svchost.exe -k secsvcs

C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted

C:\Windows\system32\svchost.exe -k SDRSVC

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

uURLSearchHooks: <No Name>: - LocalServer32 - <no file>

uURLSearchHooks: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - c:\program files\iobit toolbar\ie\6.6\iobitToolbarIE.dll

uURLSearchHooks: {c95a4e8e-816d-4655-8c79-d736da1adb6d} - <orphaned>

dURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>

BHO: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - c:\program files\iobit toolbar\ie\6.6\iobitToolbarIE.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll

BHO: {2EECD738-5844-4a99-B4B6-146BF802613B} - <orphaned>

BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll

BHO: DefaultTab Browser Helper: {7F6AFBF1-E065-4627-A2FD-810366367D01} - c:\users\admin\appdata\roaming\defaulttab\defaulttab\DefaultTabBHO.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

BHO: Advanced SystemCare Browser Protection: {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - c:\program files\iobit\advanced systemcare ultimate\browerprotect\ASCPlugin_Protection.dll

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll

BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - c:\program files\yontoo\YontooIEClient.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

TB: IObit Toolbar: {0BDA0769-FD72-49F4-9266-E1FB004F4D8F} - c:\program files\iobit toolbar\ie\6.6\iobitToolbarIE.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll

uRun: [Google Update] "c:\users\admin\appdata\local\google\update\GoogleUpdate.exe" /c

uRun: [EPSON WorkForce 500 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatieqa.exe /fu "c:\windows\temp\e_sf6c7.tmp" /ef "hkcu"

uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"

uRun: [sacReminderHDDV2] c:\programdata\officeguardianv2\reminder\sacreminder.exe

uRun: [Advanced SystemCare Ultimate] "c:\program files\iobit\advanced systemcare ultimate\ASCTray.exe" /AutoStart

mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe

mRun: [EZPronounce] "c:\program files\ezpronounce\EZPronounce.exe" -boot

mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe"

mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"

mRun: [searchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"

mRun: [soundMAXPnP] c:\program files\analog devices\core\smax4pnp.exe

mRun: [intelliPoint] c:\program files\microsoft intellipoint\ipoint.exe

mRun: [Adobe ARM] c:\program files\common files\adobe\arm\1.0\adobearm.exe

mRun: [sunJavaUpdateSched] c:\program files\common files\java\java update\jusched.exe

mRun: [QlbCtrl.exe] c:\program files\hewlett-packard\hp quick launch buttons\qlbctrl.exe /start

mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"

mRun: [AllShareAgent] c:\program files\samsung\allshare\AllShareAgent.exe

StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\magicd~1.lnk - c:\program files\magicdisc\MagicDisc.exe

StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpmoni~1.lnk - c:\program files\hewlett-packard\hp mouse suite\hpMonitor.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpwjde~1.lnk - c:\programdata\hp mouse suite config\hpwjd.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpwmsd~1.lnk - c:\programdata\hp mouse suite config\hpwmsd.exe

StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\transl~1.lnk - c:\program files\translate client\translateclient.exe

uPolicies-Explorer: NoExpandedNewMenu = dword:1

mPolicies-System: ConsentPromptBehaviorUser = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-Explorer: NoResolveTrack = dword:1

IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000

IE: EZPronounce - c:\program files\ezpronounce\EZPronounce.exe/101

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll

IE: {5E57EFF2-AB54-4367-93B6-6C20DDAAA95D} - c:\program files\ezpronounce\EZPronounce.exe

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

.

INFO: HKCU has more than 50 listed domains.

If you wish to scan all of them, select the 'Force scan all domains' option.

.

DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} - hxxp://h20614.www2.hp.com/ediags/gmd/Install/Cab/hpdetect118.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab

TCP: NameServer = 192.168.1.1

TCP: Interfaces\{D4B2A4F0-90BD-497B-A6F9-E6D3946C2988} : DHCPNameServer = 192.168.1.1

TCP: Interfaces\{D4B2A4F0-90BD-497B-A6F9-E6D3946C2988}\4497E65687 : DHCPNameServer = 192.168.2.1

TCP: Interfaces\{D4B2A4F0-90BD-497B-A6F9-E6D3946C2988}\C696E6B6379737 : DHCPNameServer = 192.168.1.1

Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll

Notify: igfxcui - igfxdev.dll

AppInit_DLLs= c:\progra~2\browse~1\22580~1.185\{16cdf~1\browse~1.dll

SSODL: WebCheck - <orphaned>

SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll

.

dmbaker · December 28, 2012

Second Part of previous log file

Here is the rest of my DDS log file.

DDS (Ver_2012-11-20.01) - NTFS_x86

Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2

Run by admin at 14:30:46 on 2012-12-28

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.1756 [GMT -6:00]

.

AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}

SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

================= FIREFOX ===================

.

FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\bl973055.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - http://www.yahoo.com

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll

FF - plugin: c:\program files\amazon\mp3 downloader\npAmazonMP3DownloaderPlugin101752.dll

FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.115\npGoogleUpdate3.dll

FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll

FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: c:\users\admin\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll

FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\bl973055.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dll

FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\bl973055.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll

FF - plugin: c:\windows\system32\adobe\director\np32dsw_1167637.dll

FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll

FF - plugin: c:\windows\system32\npdeployJava1.dll

FF - plugin: c:\windows\system32\npmproxy.dll

FF - ExtSQL: 2012-12-28 07:33; ascsurfingprotection@iobit.com; c:\users\admin\appdata\roaming\mozilla\firefox\profiles\bl973055.default\extensions\ascsurfingprotection@iobit.com

.

---- FIREFOX POLICIES ----

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

* To make a manual change to preferences, you can visit the URL about:config

*/

FF - user.js: CT1561552..clientLogIsEnabled - false

FF - user.js: CT1561552..clientLogServiceUrl - hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent

FF - user.js: CT1561552..uninstallLogServiceUrl - hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation

FF - user.js: CT1561552.ALLOW_SHOWING_HIDDEN_TOOLBAR - false

FF - user.js: CT1561552.AboutPrivacyUrl - hxxp://www.conduit.com/privacy/Default.aspx

FF - user.js: CT1561552.BrowserCompStateIsOpen_129465890694457068 - true

FF - user.js: CT1561552.BrowserCompStateIsOpen_129599733639330904 - true

FF - user.js: CT1561552.BrowserCompStateIsOpen_129599733775895750 - true

FF - user.js: CT1561552.BrowserCompStateIsOpen_129755532604957823 - true

FF - user.js: CT1561552.CTID - CT1561552

FF - user.js: CT1561552.CurrentServerDate - 14-7-2012

FF - user.js: CT1561552.DSInstall - false

FF - user.js: CT1561552.DialogsAlignMode - LTR

FF - user.js: CT1561552.DialogsGetterLastCheckTime - Wed Jul 11 2012 11:49:12 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.DownloadReferralCookieData -

FF - user.js: CT1561552.FirstServerDate - 11-7-2012

FF - user.js: CT1561552.FirstTime - true

FF - user.js: CT1561552.FirstTimeFF3 - true

FF - user.js: CT1561552.FirstTimeHiddenVer - true

FF - user.js: CT1561552.FixPageNotFoundErrors - true

FF - user.js: CT1561552.GroupingServerCheckInterval - 1440

FF - user.js: CT1561552.GroupingServiceUrl - hxxp://grouping.services.conduit.com/

FF - user.js: CT1561552.HPInstall - false

FF - user.js: CT1561552.HasUserGlobalKeys - true

FF - user.js: CT1561552.HomePageProtectorEnabled - false

FF - user.js: CT1561552.HomepageBeforeUnload - http://www.yahoo.com

FF - user.js: CT1561552.Initialize - true

FF - user.js: CT1561552.InitializeCommonPrefs - true

FF - user.js: CT1561552.InstallationAndCookieDataSentCount - 3

FF - user.js: CT1561552.InstallationId - ConduitStubGeneric

FF - user.js: CT1561552.InstallationType - ConduitStubIntegration

FF - user.js: CT1561552.InstalledDate - Wed Jul 11 2012 11:49:12 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.InvalidateCache - false

FF - user.js: CT1561552.IsAlertDBUpdated - true

FF - user.js: CT1561552.IsGrouping - false

FF - user.js: CT1561552.IsInitSetupIni - true

FF - user.js: CT1561552.IsMulticommunity - false

FF - user.js: CT1561552.IsOpenThankYouPage - false

FF - user.js: CT1561552.IsOpenUninstallPage - true

FF - user.js: CT1561552.LanguagePackLastCheckTime - Fri Jul 13 2012 11:49:16 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.LanguagePackReloadIntervalMM - 1440

FF - user.js: CT1561552.LanguagePackServiceUrl - hxxp://translation.users.conduit.com/Translation.ashx

FF - user.js: CT1561552.LastLogin_3.13.0.6 - Sat Jul 14 2012 10:24:49 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.LatestVersion - 3.13.0.6

FF - user.js: CT1561552.Locale - en-us

FF - user.js: CT1561552.MCDetectTooltipHeight - 83

FF - user.js: CT1561552.MCDetectTooltipUrl - hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1

FF - user.js: CT1561552.MCDetectTooltipWidth - 295

FF - user.js: CT1561552.MyStuffEnabledAtInstallation - true

FF - user.js: CT1561552.OriginalFirstVersion - 3.13.0.6

FF - user.js: CT1561552.RadioIsPodcast - false

FF - user.js: CT1561552.RadioLastCheckTime - Fri Jul 13 2012 11:49:35 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.RadioLastUpdateIPServer - 3

FF - user.js: CT1561552.RadioLastUpdateServer - 129100288951200000

FF - user.js: CT1561552.RadioMediaID - 13448970

FF - user.js: CT1561552.RadioMediaType - Media Player

FF - user.js: CT1561552.RadioMenuSelectedID - EBRadioMenu_CT156155213448970

FF - user.js: CT1561552.RadioShrinkedFromSetup - false

FF - user.js: CT1561552.RadioStationName - Danceradio

FF - user.js: CT1561552.RadioStationURL - hxxp://101danceradio.com/wmx/classicrockjukebox64k.wmx

FF - user.js: CT1561552.SHRINK_TOOLBAR - 1

FF - user.js: CT1561552.SearchCaption - Hotspot Shield Customized Web Search

FF - user.js: CT1561552.SearchEngineBeforeUnload - chrome://browser-region/locale/region.properties

FF - user.js: CT1561552.SearchFromAddressBarIsInit - true

FF - user.js: CT1561552.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=

FF - user.js: CT1561552.SearchInNewTabEnabled - true

FF - user.js: CT1561552.SearchInNewTabIntervalMM - 1440

FF - user.js: CT1561552.SearchInNewTabLastCheckTime - Fri Jul 13 2012 11:49:16 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.SearchInNewTabServiceUrl - hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID

FF - user.js: CT1561552.SearchProtectorEnabled - false

FF - user.js: CT1561552.SearchProtectorToolbarDisabled - false

FF - user.js: CT1561552.SendProtectorDataViaLogin - true

FF - user.js: CT1561552.ServiceMapLastCheckTime - Fri Jul 13 2012 11:49:09 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.SettingsLastCheckTime - Sat Jul 14 2012 10:24:48 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.SettingsLastUpdate - 1339666862

FF - user.js: CT1561552.TBHomePageUrl - hxxp://search.conduit.com/?ctid=CT1561552&SearchSource=13

FF - user.js: CT1561552.ThirdPartyComponentsInterval - 504

FF - user.js: CT1561552.ThirdPartyComponentsLastCheck - Wed Jul 11 2012 11:49:09 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.ThirdPartyComponentsLastUpdate - 1331805997

FF - user.js: CT1561552.ToolbarShrinkedFromSetup - false

FF - user.js: CT1561552.TrusteLinkUrl - hxxp://trust.conduit.com/CT1561552

FF - user.js: CT1561552.TrustedApiDomains - conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm

FF - user.js: CT1561552.UserID - UN28788932384375718

FF - user.js: CT1561552.ValidationData_Toolbar - 0

FF - user.js: CT1561552.alertChannelId - 15257

FF - user.js: CT1561552.backendstorage.gk_iolo_notif2_sent - 73656E74

FF - user.js: CT1561552.backendstorage.hxxp://pinterest_aot_im.isenabled - 59

FF - user.js: CT1561552.backendstorage.installationdate0.2646799591156723 - 31333432303235333630363434

FF - user.js: CT1561552.backendstorage.last-search-provider - 22676F6F676C6522

FF - user.js: CT1561552.backendstorage.last-social-provider - 227961686F6F22

FF - user.js: CT1561552.backendstorage.search-providers - 7B22676F6F676C65223A5B322C313334323135303135393538375D7D

FF - user.js: CT1561552.backendstorage.social-providers - 7B227961686F6F223A5B332C313334323237393536343337315D7D

FF - user.js: CT1561552.backendstorage.toolbarappheartbeat - 7B22223A313334323231303736343235317D

FF - user.js: CT1561552.backendstorage.toolbarnotificationheartbeat - 7B2274797065223A22686561727462656174222C2274696D65223A313334323032363236333138382C2275726C223A22687474703A2F2F75732E6D67342E6D61696C2E7961686F6F2E636F6D2F6E656F2F6C61756E6368227D

FF - user.js: CT1561552.backendstorage.toolbarnotificationqueue - 5B5D

FF - user.js: CT1561552.backendstorage.toolbarnotificationsettings - 7B2273656E644E6F74696669636174696F6E73223A7B22616C6C223A747275652C2261707073223A7B22302E32363436373939353931313536373233223A7B2273686F77223A747275652C226170704E616D65223A22496F6C6F20222C22666972737454696D65223A66616C73657D7D7D7D

FF - user.js: CT1561552.backendstorage.toolbarnotificationuserid - 3336303334373531383739

FF - user.js: CT1561552.backendstorage.twitter_v1.8.0_twitter_app_open_t_f - 66616C7365

FF - user.js: CT1561552.generalConfigFromLogin - {\ApiMaxAlerts\:\12\,\socialdomains\:\social.conduit.com;apps.conduit.com;services.apps.conduit.com\,\appsdetectionurlpattern\:\hxxp://appdownload.conduit.com/\,\revertsettingsenabled\:\false\,\urlbarhiddenenabled\:\true\,\notfoundhiddenenabled\:\true\,\searchinnewtabhiddenenabled\:\true\}

FF - user.js: CT1561552.globalFirstTimeInfoLastCheckTime - Wed Jul 11 2012 11:49:12 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.homepageProtectorEnableByLogin - true

FF - user.js: CT1561552.initDone - true

FF - user.js: CT1561552.isAppTrackingManagerOn - true

FF - user.js: CT1561552.isFirstRadioInstallation - false

FF - user.js: CT1561552.myStuffEnabled - true

FF - user.js: CT1561552.myStuffPublihserMinWidth - 400

FF - user.js: CT1561552.myStuffSearchUrl - hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID

FF - user.js: CT1561552.myStuffServiceIntervalMM - 1440

FF - user.js: CT1561552.myStuffServiceUrl - hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT

FF - user.js: CT1561552.navigateToUrlOnSearch - false

FF - user.js: CT1561552.revertSettingsEnabled - false

FF - user.js: CT1561552.searchProtectorDialogDelayInSec - 10

FF - user.js: CT1561552.searchProtectorEnableByLogin - true

FF - user.js: CT1561552.testingCtid -

FF - user.js: CT1561552.toolbarAppMetaDataLastCheckTime - Fri Jul 13 2012 11:49:09 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.toolbarContextMenuLastCheckTime - Wed Jul 11 2012 11:49:16 GMT-0500 (Central Daylight Time)

FF - user.js: CT1561552.usagesFlag - 2

FF - user.js: CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1561552/CT1561552 - \df3a57fee063107e12fb802b2853777c2\

FF - user.js: CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15257/14923/US - \0\

FF - user.js: CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1561552 - \1334485963\

FF - user.js: CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us - G9mW7heT/8xIX1frcduu0A==

FF - user.js: CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us - 2E1/v7EfCEDbv3VaBQMELg==

FF - user.js: CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us - UgzXjW7BIkfdx+x39Ruv3w==

FF - user.js: CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us - 4BgM4MhF/sOgPsDNmIs3Yw==

FF - user.js: CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg - \8076e3ce381dcd1:0\

FF - user.js: CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6 - \0d648794549cd1:14f1\

FF - user.js: CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1561552 - \5a3bfb736bf65ca0cca630a3f0917948\

FF - user.js: CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us - \4be6dcf5c20c0cd98a0ae8a1b386d47e\

FF - user.js: CommunityToolbar.LatestLibsPath - file:///c:\\users\\admin\\appdata\\roaming\\mozilla\\firefox\\profiles\\bl973055.default\\conduitcommon\\modules\\3.13.0.6

FF - user.js: CommunityToolbar.LatestToolbarVersionInstalled - 3.13.0.6

FF - user.js: CommunityToolbar.SearchFromAddressBarSavedUrl -

FF - user.js: CommunityToolbar.ToolbarsList - CT1561552

FF - user.js: CommunityToolbar.ToolbarsList2 - CT1561552

FF - user.js: CommunityToolbar.ToolbarsList4 - CT1561552

FF - user.js: CommunityToolbar.globalUserId - 0abc8467-b85b-4572-b1f9-350e9e02a483

FF - user.js: CommunityToolbar.isAlertUrlAddedToFeedItemTable - true

FF - user.js: CommunityToolbar.isClickActionAddedToFeedItemTable - true

FF - user.js: CommunityToolbar.keywordURLSelectedCTID - CT1561552

FF - user.js: CommunityToolbar.notifications.alertDialogsGetterLastCheckTime - Wed Jul 11 2012 11:49:17 GMT-0500 (Central Daylight Time)

FF - user.js: CommunityToolbar.notifications.alertEnabled - true

FF - user.js: CommunityToolbar.notifications.alertInfoInterval - 1440

FF - user.js: CommunityToolbar.notifications.alertInfoLastCheckTime - Fri Jul 13 2012 12:49:13 GMT-0500 (Central Daylight Time)

FF - user.js: CommunityToolbar.notifications.clientsServerUrl - hxxp://alert.client.conduit.com

FF - user.js: CommunityToolbar.notifications.locale - en

FF - user.js: CommunityToolbar.notifications.loginIntervalMin - 1440

FF - user.js: CommunityToolbar.notifications.loginLastCheckTime - Fri Jul 13 2012 11:49:12 GMT-0500 (Central Daylight Time)

FF - user.js: CommunityToolbar.notifications.loginLastUpdateTime - 1313487611

FF - user.js: CommunityToolbar.notifications.messageShowTimeSec - 20

FF - user.js: CommunityToolbar.notifications.servicesServerUrl - hxxp://alert.services.conduit.com

FF - user.js: CommunityToolbar.notifications.showTrayIcon - false

FF - user.js: CommunityToolbar.notifications.userCloseIntervalMin - 300

FF - user.js: CommunityToolbar.notifications.userId - c2b3f866-8954-4ac9-ab95-70f604609fe1

FF - user.js: CommunityToolbar.originalHomepage - http://www.yahoo.com

FF - user.js: CommunityToolbar.originalSearchEngine - chrome://browser-region/locale/region.properties

FF - user.js: accessibility.blockautorefresh - true

FF - user.js: accessibility.typeaheadfind.flashBar - 0

FF - user.js: app.update.auto - false

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1342190740

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1342190980

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1342190860

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1342279606

FF - user.js: browser.anchor_color - #0000FF

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 614400

FF - user.js: browser.display.background_color - #C0C0C0

FF - user.js: browser.display.use_system_colors - true

FF - user.js: browser.download.lastDir - e:\\aunt barbara from dana\\Jamie

FF - user.js: browser.keywordURLPromptDeclined - 1

FF - user.js: browser.migration.version - 6

FF - user.js: browser.places.smartBookmarksVersion - 3

FF - user.js: browser.preferences.advanced.selectedTabIndex - 0

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.shell.checkDefaultBrowser - false

FF - user.js: browser.startup.homepage - http://www.yahoo.com

FF - user.js: browser.startup.homepage_override.buildID - 20120601045813

FF - user.js: browser.startup.homepage_override.mstone - 13.0

FF - user.js: browser.syncPromoViewsLeft - 0

FF - user.js: browser.tabs.loadInBackground - false

FF - user.js: browser.taskbar.lastgroupid - 308046B0AF4A39CB

FF - user.js: browser.visited_color - #800080

FF - user.js: dom.disable_open_during_load - false

FF - user.js: extensions.afurladvisor.bkp_proxy_type - -1

FF - user.js: extensions.afurladvisor.firstrun - false

FF - user.js: extensions.autoDisableScopes - 14

FF - user.js: extensions.avgdnt.bTrackers - [\2\,\3\,\1\,\4\,\5\,\6\,\7\,\8\,\9\,\10\,\11\,\12\,\13\,\14\,\15\,\16\,\17\,\18\,\19\,\20\,\21\,\22\,\23\,\24\,\25\,\26\,\27\,\28\,\29\,\30\,\31\,\32\,\33\,\34\,\35\,\38\,\39\,\40\,\42\,\49\,\44\,\45\,\46\,\47\,\48\]

FF - user.js: extensions.avgdnt.blockall - 1

FF - user.js: extensions.avgdnt.firstRun - false

FF - user.js: extensions.avgdnt.lastUpdated - 1342279485919

FF - user.js: extensions.avgdnt.version - 1

FF - user.js: extensions.blocklist.pingCountTotal - 22

FF - user.js: extensions.blocklist.pingCountVersion - 10

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.databaseSchema - 12

FF - user.js: extensions.enabledAddons - {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.15.0,{79ecc569-888e-47b8-abbc-bea375652ba2}:2.0,cstsidebar@cast.org:1.2,{0B37872F-D59F-4b47-B2FD-F37E3F979437}:2.2,{F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166,{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33,web2pdfextension@web2pdf.adobedotcom:1.2,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10297,{c95a4e8e-816d-4655-8c79-d736da1adb6d}:3.13.0.6,afurladvisor@anchorfree.com:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:13.0

FF - user.js: extensions.hotfix.lastVersion - 20120430.01

FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{1e73965b-8b48-48be-9c8d-68b920abc1c4}\:{\descriptor\:\c:\\\\program files\\\\avg\\\\avg2012\\\\firefox4\,\mtime\:1338308088095},\avg@toolbar\:{\descriptor\:\c:\\\\programdata\\\\avg secure search\\\\11.1.0.12\,\mtime\:1341890886531},\{f53c93f1-07d5-430c-86d4-c9531b27dfaf}\:{\descriptor\:\c:\\\\program files\\\\avg\\\\avg2012\\\\firefox\\\\donottrack\,\mtime\:1337182059291},\web2pdfextension@web2pdf.adobedotcom\:{\descriptor\:\c:\\\\program files\\\\adobe\\\\acrobat 10.0\\\\acrobat\\\\browser\\\\wcfirefoxextn\,\mtime\:1340244465046}}},{\name\:\app-global\,\addons\:{\afurladvisor@anchorfree.com\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\afurladvisor@anchorfree.com\,\mtime\:1342024181481},\{82af8dca-6de9-405d-bd5e-43525bdad38a}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{82af8dca-6de9-405d-bd5e-43525bdad38a}\,\mtime\:1340504160487},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1339176388658},\{cafeefac-0016-0000-0033-abcdeffedcba}\:{\descriptor\:\c:\\\\program files\\\\mozilla firefox\\\\extensions\\\\{cafeefac-0016-0000-0033-abcdeffedcba}\,\mtime\:1339970463363}}},{\name\:\app-profile\,\addons\:{\cstsidebar@cast.org\:{\descriptor\:\c:\\\\users\\\\admin\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\bl973055.default\\\\extensions\\\\cstsidebar@cast.org.xpi\,\mtime\:1336245621717},\{0b37872f-d59f-4b47-b2fd-f37e3f979437}\:{\descriptor\:\c:\\\\users\\\\admin\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\bl973055.default\\\\extensions\\\\{0b37872f-d59f-4b47-b2fd-f37e3f979437}\,\mtime\:1336267375758},\{79ecc569-888e-47b8-abbc-bea375652ba2}\:{\descriptor\:\c:\\\\users\\\\admin\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\bl973055.default\\\\extensions\\\\{79ecc569-888e-47b8-abbc-bea375652ba2}.xpi\,\mtime\:1336243752946},\{ab91efd4-6975-4081-8552-1b3922ed79e2}\:{\descriptor\:\c:\\\\users\\\\admin\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\bl973055.default\\\\extensions\\\\{ab91efd4-6975-4081-8552-1b3922ed79e2}\,\mtime\:1331671051996},\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\:{\descriptor\:\c:\\\\users\\\\admin\\\\appdata\\\\roaming\\\\mozilla\\\\firefox\\\\profiles\\\\bl973055.default\\\\extensions\\\\{c95a4e8e-816d-4655-8c79-d736da1adb6d}\,\mtime\:1342023460000}}}]

FF - user.js: extensions.lastAppVersion - 13.0

FF - user.js: extensions.lastPlatformVersion - 13.0

FF - user.js: extensions.pendingOperations - false

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: extensions.skype_toolbar.version - 6.0.0.10297

FF - user.js: idle.lastDailyNotification - 1342210255

FF - user.js: intl.charsetmenu.browser.cache - us-ascii, windows-1251, windows-1252, ISO-8859-1, UTF-8

FF - user.js: kesireader.exePath - c:\\program files\\kurzweil educational systems\\kurzweil 3000\\Kurzweil 3000.exe

FF - user.js: kesireader.port - 1007

FF - user.js: kesireader.startPort - 5003

FF - user.js: kesireader.suppressDebuggingAlerts - false

FF - user.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: network.proxy.no_proxies_on - *.local

FF - user.js: network.proxy.type - 0

FF - user.js: places.database.lastMaintenance - 1342210255

FF - user.js: places.history.expiration.transient_current_max_pages - 80303

FF - user.js: print_printer - EPSON WorkForce 320 Series (Copy 1)

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_bgcolor - false

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_bgimages - false

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_colorspace -

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_command -

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_downloadfonts - false

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_edge_bottom - 0

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_edge_left - 0

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_edge_right - 0

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_edge_top - 0

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_evenpages - true

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_footercenter -

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_footerleft - &PT

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_footerright - &D

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_headercenter -

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_headerleft - &T

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_headerright - &U

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_in_color - true

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_margin_bottom - 0.5

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_margin_left - 0.5

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_margin_right - 0.5

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_margin_top - 0.5

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_oddpages - true

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_orientation - 0

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_page_delay - 50

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_paper_data - 1

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_paper_height - 11.00

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_paper_name -

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_paper_size_type - 0

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_paper_size_unit - 0

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_paper_width - 8.50

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_plex_name -

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_resolution_name -

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_reversed - false

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_scaling - 1.00

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_shrink_to_fit - true

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_to_file - false

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_to_filename -

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_unwriteable_margin_bottom - 0

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_unwriteable_margin_left - 0

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_unwriteable_margin_right - 0

FF - user.js: printer_EPSON_WorkForce_320_Series_(Copy_1).print_unwriteable_margin_top - 0

FF - user.js: privacy.donottrackheader.enabled - true

FF - user.js: privacy.sanitize.migrateFx3Prefs - true

FF - user.js: security.disable_button.openDeviceManager - false

FF - user.js: security.warn_viewing_mixed - false

FF - user.js: services.sync.lastversion - 1.15.0

FF - user.js: storage.vacuum.last.index - 1

FF - user.js: storage.vacuum.last.places.sqlite - 1341932701

FF - user.js: toolkit.startup.last_success - 1342279485

FF - user.js: toolkit.telemetry.prompted - 2

FF - user.js: toolkit.telemetry.rejected - true

FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1342308399

FF - user.js: web2pdf.pref_create_toolbar_button_in_nav-bar - false

FF - user.js: xpinstall.whitelist.add -

FF - user.js: xpinstall.whitelist.add.36 -

FF - user.js: extentions.y2layers.installId - cb10fbf9-bfe5-4d41-b2c6-6cd062b2b071

FF - user.js: extentions.y2layers.defaultEnableAppsList - easyinline

FF - user.js: extensions.BabylonToolbar.autoRvrt - false

FF - user.js: extensions.BabylonToolbar_i.newTab - false

FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e2cbaf62000000000000001f3bb854c1&q=

FF - user.js: extensions.BabylonToolbar.id - e2cbaf62000000000000001f3bb854c1

FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}

FF - user.js: extensions.BabylonToolbar.instlDay - 15580

FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.9.12

FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.9.12

FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.9.1212:30:44

FF - user.js: extensions.BabylonToolbar.prtnrId - babylon

FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar

FF - user.js: extensions.BabylonToolbar.aflt - babsst

FF - user.js: extensions.BabylonToolbar_i.smplGrp - none

FF - user.js: extensions.BabylonToolbar.tlbrId - base

FF - user.js: extensions.BabylonToolbar.instlRef - sst

FF - user.js: extensions.BabylonToolbar.dfltLng - en

FF - user.js: extensions.BabylonToolbar.excTlbr - false

FF - user.js: extensions.BabylonToolbar.admin - false

FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=115193&tt=280812_2003_3512_8

FF - user.js: extensions.BabylonToolbar_i.babExt -

FF - user.js: extensions.BabylonToolbar_i.srcExt - ss

FF - user.js: extensions.incredibar_i.newTab - false

FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6PQKKYgoXu&loc=IB_TB&i=26&search=

FF - user.js: extensions.incredibar_i.id - e2cbaf62000000000000001f3bb854c1

FF - user.js: extensions.incredibar_i.instlDay - 15608

FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14

FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1418:17:52

FF - user.js: extensions.incredibar_i.prtnrId - Incredibar

FF - user.js: extensions.incredibar_i.prdct - incredibar

FF - user.js: extensions.incredibar_i.aflt - orgnl

FF - user.js: extensions.incredibar_i.smplGrp - none

FF - user.js: extensions.incredibar_i.tlbrId - base

FF - user.js: extensions.incredibar_i.instlRef -

FF - user.js: extensions.incredibar_i.dfltLng -

FF - user.js: extensions.incredibar_i.excTlbr - false

FF - user.js: extensions.incredibar_i.ms_url_id -

FF - user.js: extensions.incredibar_i.upn2 - 6PQKKYgoXu

FF - user.js: extensions.incredibar_i.upn2n - 92543644465370312

FF - user.js: extensions.incredibar_i.productid - 26

FF - user.js: extensions.incredibar_i.installerproductid - 26

FF - user.js: extensions.incredibar_i.did - 10643

FF - user.js: extensions.incredibar_i.ppd - 1

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.display.show_image_placeholders - true

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.urlbar.autocomplete.enabled - true

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: content.notify.ontimer - true

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.switch.threshold - 750000

FF - user.js: plugin.expose_full_path - true

FF - user.js: ui.submenuDelay - 0

.

============= SERVICES / DRIVERS ===============

.

R0 SmartDefragDriver;SmartDefragDriver;c:\windows\system32\drivers\SmartDefragDriver.sys [2012-12-14 15672]

R1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\drivers\hssdrv6.sys [2012-7-9 35560]

R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\iobit\advanced systemcare ultimate\ASCSvc.exe [2012-12-5 1050496]

R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-11-28 793600]

R2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files\iobit\advanced systemcare ultimate\ASCAvSvc.exe [2012-12-5 625536]

R2 Browser Manager;Browser Manager;c:\programdata\browser manager\2.2.580.185\{16cdff19-861d-48e3-a751-d99a27784753}\browsermngr.exe [2012-8-28 1695776]

R2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;c:\programdata\officeguardianv2\UACProxy.exe [2012-4-5 83792]

R2 DefaultTabUpdate;DefaultTabUpdate;c:\users\admin\appdata\roaming\defaulttab\defaulttab\DTUpdate.exe [2012-8-28 107520]

R2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50ST7.EXE [2012-3-19 153600]

R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\common files\epson\epw!3 ssrp\E_S50RP7.EXE [2012-3-19 121856]

R2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe -k ftpsvc [2009-7-13 20992]

R2 hpsrv;HP Service;c:\windows\system32\hpservice.exe [2011-5-13 26168]

R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2012-8-28 625120]

R2 iprip;RIP Listener;c:\windows\system32\svchost.exe -k ipripsvc [2009-7-13 20992]

R2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\common files\livescribe\pencomm\PenCommService.exe [2011-10-27 470528]

R2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\samsung\allshare\allsharedms\AllShareDMS.exe [2012-3-2 25504]

R3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\netw5v32.sys [2009-6-10 4231168]

R3 rismc32;RICOH Smart Card Reader;c:\windows\system32\drivers\rismc32.sys [2011-10-29 49152]

R3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\drivers\WSDScan.sys [2009-7-13 20480]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 DefaultTabSearch;DefaultTabSearch;c:\program files\defaulttab\DefaultTabSearch.exe [2012-11-14 568832]

S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]

S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]

S3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\drivers\HP8207_8307.sys [2010-2-4 13952]

S3 phaudlwr;Philips Audio Filter;c:\windows\system32\drivers\phaudlwr.sys [2009-10-20 89648]

S3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\drivers\PulseUsb.sys [2011-10-27 20480]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-28 14848]

S3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\drivers\rismc32.sys [2011-10-29 49152]

S3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\samsung\allshare\AllShareSlideShowService.exe [2012-3-2 27584]

S3 SPC1000;USB2.0 PC Camera (SPC1000);c:\windows\system32\drivers\spc1000.sys [2007-12-4 3033728]

S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360]

S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992]

S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504]

S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-10-28 49664]

S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2011-10-28 1343400]

.

=============== File Associations ===============

.

FileExt: .inf: inffile=c:\windows\system32\NOTEPAD.EXE %1 [userChoice]

.

=============== Created Last 30 ================

.

2012-12-26 22:25:26 -------- d-----w- C:\Temp

2012-12-26 22:10:36 -------- d-----w- C:\OutputFolder

2012-12-26 22:10:35 -------- d-----w- c:\users\admin\appdata\roaming\Digiarty

2012-12-26 22:08:58 -------- d-----w- c:\program files\Digiarty

2012-12-26 19:25:44 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-12-26 19:24:13 -------- d-----w- c:\program files\LSoft Technologies

2012-12-25 22:53:33 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2012-12-25 22:53:32 -------- d-----w- c:\program files\MagicDisc

2012-12-23 00:16:04 -------- d-----w- c:\program files\Amazon

2012-12-21 21:09:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin7.dll

2012-12-21 21:09:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin6.dll

2012-12-21 21:09:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin5.dll

2012-12-21 21:09:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin4.dll

2012-12-21 21:09:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin3.dll

2012-12-21 21:09:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin2.dll

2012-12-21 21:09:54 159744 ----a-w- c:\program files\internet explorer\plugins\npqtplugin.dll

2012-12-15 10:42:24 -------- d-----w- c:\windows\rescache

2012-12-15 10:34:03 6812136 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{1851df75-b0bb-4c04-b921-80e9679d8947}\mpengine.dll

2012-12-15 06:49:10 -------- d-----w- c:\users\admin\appdata\local\ElevatedDiagnostics

2012-12-15 03:05:37 -------- d-----w- C:\Samsung

2012-12-15 03:05:36 -------- d-----w- C:\Download

2012-12-15 03:05:13 -------- d-----w- c:\users\admin\appdata\roaming\Samsung

2012-12-15 03:04:54 -------- d-----w- C:\AllShare

2012-12-15 03:04:04 -------- d-----w- c:\program files\Samsung

2012-12-15 02:50:28 -------- d-----w- c:\windows\Migration

2012-12-15 02:39:08 -------- d-----w- c:\users\admin\appdata\local\Downloaded Installations

2012-12-14 22:07:12 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-12-14 22:07:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-12-14 18:44:08 -------- d-----w- c:\program files\iPod

2012-12-14 18:44:07 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-14 18:44:07 -------- d-----w- c:\program files\iTunes

2012-12-13 08:19:05 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-13 00:52:20 -------- d-----w- c:\program files\MSECache

2012-12-05 21:54:52 340624 ----a-w- c:\windows\system32\drivers\trufos.sys

2012-12-05 21:54:49 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2012-12-04 22:10:55 -------- d-----w- c:\program files\IObit Toolbar

2012-12-04 22:10:55 -------- d-----w- c:\program files\common files\Spigot

2012-12-04 22:10:55 -------- d-----w- c:\program files\Application Updater

2012-11-29 09:18:13 8192 ----a-w- c:\windows\system32\iisrstap.dll

2012-11-29 09:18:13 50688 ----a-w- c:\windows\system32\admwprox.dll

2012-11-29 09:18:13 26624 ----a-w- c:\windows\system32\ahadmin.dll

2012-11-29 09:18:13 154624 ----a-w- c:\windows\system32\iisRtl.dll

2012-11-29 09:18:13 15360 ----a-w- c:\windows\system32\iisreset.exe

2012-11-29 09:18:13 10752 ----a-w- c:\windows\system32\wamregps.dll

2012-11-29 09:17:54 78336 ----a-w- c:\windows\system32\synceng.dll

2012-11-29 09:17:32 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-29 09:17:32 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-29 09:17:32 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-29 09:17:32 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-29 09:17:32 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-29 09:17:32 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-29 09:17:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-29 09:16:33 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-29 09:16:33 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-29 09:16:33 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-29 09:11:36 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-11-29 09:08:09 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-29 09:08:09 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-29 09:07:27 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-11-29 09:07:27 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-11-29 09:07:27 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-11-29 09:07:27 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-11-29 09:07:27 18944 ----a-w- c:\windows\system32\netevent.dll

2012-11-29 09:07:27 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-11-29 09:07:27 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-11-29 09:07:27 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

.

==================== Find3M ====================

.

2012-12-14 18:22:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb

2012-12-14 18:22:14 1129472 ----a-w- c:\windows\system32\wininet.dll

2012-12-14 18:22:11 420864 ----a-w- c:\windows\system32\vbscript.dll

2012-12-14 18:22:11 1800704 ----a-w- c:\windows\system32\jscript9.dll

2012-12-14 18:22:11 142848 ----a-w- c:\windows\system32\ieUnatt.exe

2012-12-14 18:22:11 1427968 ----a-w- c:\windows\system32\inetcpl.cpl

2012-12-11 19:07:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-12-11 19:07:28 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-11-29 09:18:56 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-11-29 09:16:33 2560 ----a-w- c:\windows\system32\drivers\en-us\wdf01000.sys.mui

2012-10-28 23:08:54 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2012-10-28 23:08:54 247808 ----a-w- c:\windows\system32\schannel.dll

2012-10-28 23:08:54 220160 ----a-w- c:\windows\system32\ncrypt.dll

2012-10-28 23:08:54 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-10-28 23:08:54 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2012-10-15 16:54:02 22912 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2012-10-10 03:31:14 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 03:31:14 1159680 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 03:31:14 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 03:28:31 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-10 03:28:31 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-10 03:28:12 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 03:27:45 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-10 03:27:21 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

.

============= FINISH: 14:31:17.60 ===============

Melvin_Deal · December 30, 2012

Hi dmbaker!

I apologize for my late response.

You have done well in posting the logs as requested.

Please be patient for a minute. ;-) I am attempting to contact SuperDave to aid you.

The reason you are having difficulties posting on the other thread is that it is closed to your posting for your protection. You can post on this thread within the malware removal section (the one you opened)... that is all. Mods, admins, and Malware Fighters are the only ones allowed to post freely in the Malware removal section.

Sincerely,

-Mel

Live long and prosper!

Superdave · December 30, 2012

Hello and welcome to IOBit Forums. My name is Dave. I will be helping you out with your particular problem on your computer.

1. I will be working on your Malware issues. This may or may not solve other issues you have with your machine.

2. The fixes are specific to your problem and should only be used for this issue on this machine.

3. If you don't know or understand something, please don't hesitate to ask.

4. Please DO NOT run any other tools or scans while I am helping you.

5. It is important that you reply to this thread. Do not start a new topic.

6. Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

7. Absence of symptoms does not mean that everything is clear.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

*************************************************************

Please download AdwCleaner by Xplode onto your Desktop.

Double click on AdwCleaner.exe to run the tool.
Click on Search.
A logfile will automatically open after the scan has finished.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

****************************************************

Download Security Check by screen317 from one of the following links and save it to your desktop.

Link 1

Link 2

* Double-click Security Check.bat

* Follow the on-screen instructions inside of the black box.

* A Notepad document should open automatically called checkup.txt

* Post the contents of that document in your next reply.

Note: If a security program requests permission from dig.exe to access the Internet, allow it to do so.

dmbaker · December 30, 2012

AdwCleaner Search Results

Hi, thanks for your help. I don't know if this will help but I purchased this laptop from someone on ebay who kept giving suspicious excuses for lack of a better word, for putting off shipping. Then, shortly after I did get it I was getting errors for invalid software which a local computer tech fixed, or so I thought. Here are my first results.

# AdwCleaner v2.104 - Logfile created 12/30/2012 at 05:08:25

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : admin - ADMIN-PC

# Boot Mode : Normal

# Running from : C:\Users\admin\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

Found : Application Updater

Found : Browser Manager

Found : DefaultTabSearch

Found : DefaultTabUpdate

Found : IBUpdaterService

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Found : C:\user.js

File Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\bprotector_extensions.sqlite

File Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\searchplugins\my-web-search.xml

File Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\searchplugins\search-here.xml

File Found : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3v1q4w9h.default\bprotector_extensions.sqlite

Folder Found : C:\Program Files\Application Updater

Folder Found : C:\Program Files\Common Files\spigot

Folder Found : C:\Program Files\Conduit

Folder Found : C:\Program Files\DefaultTab

Folder Found : C:\ProgramData\Babylon

Folder Found : C:\ProgramData\boost_interprocess

Folder Found : C:\ProgramData\Browser Manager

Folder Found : C:\ProgramData\IBUpdaterService

Folder Found : C:\ProgramData\Tarma Installer

Folder Found : C:\Users\admin\AppData\Local\Conduit

Folder Found : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Folder Found : C:\Users\admin\AppData\Local\TempDir

Folder Found : C:\Users\admin\AppData\LocalLow\BabylonToolbar

Folder Found : C:\Users\admin\AppData\LocalLow\Conduit

Folder Found : C:\Users\admin\AppData\LocalLow\PriceGong

Folder Found : C:\Users\admin\AppData\LocalLow\Search Settings

Folder Found : C:\Users\admin\AppData\Roaming\Babylon

Folder Found : C:\Users\admin\AppData\Roaming\DefaultTab

Folder Found : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

Folder Found : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\ConduitCommon

Folder Found : C:\Users\admin\AppData\Roaming\PerformerSoft

Folder Found : C:\Users\admin\Documents\ShopToWin

Folder Found : C:\Users\user\AppData\LocalLow\AVG Secure Search

Folder Found : C:\Users\user\AppData\LocalLow\Search Settings

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\22580~1.185\{16cdf~1\browse~1.dll

Key Found : HKCU\Software\AppDataLow\Software\Conduit

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\DefaultTab

Key Found : HKCU\Software\AppDataLow\Software\Freecause

Key Found : HKCU\Software\AppDataLow\Software\PriceGong

Key Found : HKCU\Software\AppDataLow\Software\Search Settings

Key Found : HKCU\Software\AppDataLow\Software\SmartBar

Key Found : HKCU\Software\bProtector

Key Found : HKCU\Software\DataMngr

Key Found : HKCU\Software\Default Tab

Key Found : HKCU\Software\IM

Key Found : HKCU\Software\ImInstaller

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Search Settings

Key Found : HKCU\Software\Zugo

Key Found : HKLM\Software\Application Updater

Key Found : HKLM\Software\bProtector

Key Found : HKLM\SOFTWARE\Classes\AppID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Found : HKLM\Software\Conduit

Key Found : HKLM\Software\DataMngr

Key Found : HKLM\Software\Default Tab

Key Found : HKLM\Software\DefaultTab

Key Found : HKLM\Software\Freeze.com

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}

Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}

Key Found : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service

Key Found : HKLM\Software\Search Settings

Key Found : HKLM\Software\Tarma Installer

Key Found : HKLM\Software\Web Assistant

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}]

Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (en-US)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\prefs.js

Found : user_pref("CT1561552..clientLogIsEnabled", false);

Found : user_pref("CT1561552..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT1561552..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT1561552.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT1561552.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT1561552.BrowserCompStateIsOpen_129465890694457068", true);

Found : user_pref("CT1561552.BrowserCompStateIsOpen_129599733639330904", true);

Found : user_pref("CT1561552.BrowserCompStateIsOpen_129599733775895750", true);

Found : user_pref("CT1561552.BrowserCompStateIsOpen_129755532604957823", true);

Found : user_pref("CT1561552.CTID", "CT1561552");

Found : user_pref("CT1561552.CurrentServerDate", "14-7-2012");

Found : user_pref("CT1561552.DSInstall", false);

Found : user_pref("CT1561552.DialogsAlignMode", "LTR");

Found : user_pref("CT1561552.DialogsGetterLastCheckTime", "Wed Jul 11 2012 11:49:12 GMT-0500 (Central Daylig[...]

Found : user_pref("CT1561552.DownloadReferralCookieData", "");

Found : user_pref("CT1561552.FirstServerDate", "11-7-2012");

Found : user_pref("CT1561552.FirstTime", true);

Found : user_pref("CT1561552.FirstTimeFF3", true);

Found : user_pref("CT1561552.FirstTimeHiddenVer", true);

Found : user_pref("CT1561552.FixPageNotFoundErrors", true);

Found : user_pref("CT1561552.GroupingServerCheckInterval", 1440);

Found : user_pref("CT1561552.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT1561552.HPInstall", false);

Found : user_pref("CT1561552.HasUserGlobalKeys", true);

Found : user_pref("CT1561552.HomePageProtectorEnabled", false);

Found : user_pref("CT1561552.HomepageBeforeUnload", "www.yahoo.com");

Found : user_pref("CT1561552.Initialize", true);

Found : user_pref("CT1561552.InitializeCommonPrefs", true);

Found : user_pref("CT1561552.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT1561552.InstallationId", "ConduitStubGeneric");

Found : user_pref("CT1561552.InstallationType", "ConduitStubIntegration");

Found : user_pref("CT1561552.InstalledDate", "Wed Jul 11 2012 11:49:12 GMT-0500 (Central Daylight Time)");

Found : user_pref("CT1561552.InvalidateCache", false);

Found : user_pref("CT1561552.IsAlertDBUpdated", true);

Found : user_pref("CT1561552.IsGrouping", false);

Found : user_pref("CT1561552.IsInitSetupIni", true);

Found : user_pref("CT1561552.IsMulticommunity", false);

Found : user_pref("CT1561552.IsOpenThankYouPage", false);

Found : user_pref("CT1561552.IsOpenUninstallPage", true);

Found : user_pref("CT1561552.LanguagePackLastCheckTime", "Fri Jul 13 2012 11:49:16 GMT-0500 (Central Dayligh[...]

Found : user_pref("CT1561552.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT1561552.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT1561552.LastLogin_3.13.0.6", "Sat Jul 14 2012 10:24:49 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT1561552.LastLogin_3.14.1.0", "Sat Aug 25 2012 14:10:35 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT1561552.LastLogin_3.15.1.0", "Mon Aug 27 2012 09:02:04 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT1561552.LatestVersion", "3.13.0.6");

Found : user_pref("CT1561552.Locale", "en-us");

Found : user_pref("CT1561552.MCDetectTooltipHeight", "83");

Found : user_pref("CT1561552.MCDetectTooltipShow", false);

Found : user_pref("CT1561552.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT1561552.MCDetectTooltipWidth", "295");

Found : user_pref("CT1561552.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT1561552.OriginalFirstVersion", "3.13.0.6");

Found : user_pref("CT1561552.RadioIsPodcast", false);

Found : user_pref("CT1561552.RadioLastCheckTime", "Fri Jul 13 2012 11:49:35 GMT-0500 (Central Daylight Time)[...]

Found : user_pref("CT1561552.RadioLastUpdateIPServer", "3");

Found : user_pref("CT1561552.RadioLastUpdateServer", "129100288951200000");

Found : user_pref("CT1561552.RadioMediaID", "13448970");

Found : user_pref("CT1561552.RadioMediaType", "Media Player");

Found : user_pref("CT1561552.RadioMenuSelectedID", "EBRadioMenu_CT156155213448970");

Found : user_pref("CT1561552.RadioShrinkedFromSetup", false);

Found : user_pref("CT1561552.RadioStationName", "Danceradio");

Found : user_pref("CT1561552.RadioStationURL", "hxxp://101danceradio.com/wmx/classicrockjukebox64k.wmx");

Found : user_pref("CT1561552.SHRINK_TOOLBAR", 1);

Found : user_pref("CT1561552.SearchCaption", "Hotspot Shield Customized Web Search");

Found : user_pref("CT1561552.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Found : user_pref("CT1561552.SearchFromAddressBarIsInit", true);

Found : user_pref("CT1561552.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT156[...]

Found : user_pref("CT1561552.SearchInNewTabEnabled", true);

Found : user_pref("CT1561552.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT1561552.SearchInNewTabLastCheckTime", "Fri Jul 13 2012 11:49:16 GMT-0500 (Central Dayli[...]

Found : user_pref("CT1561552.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT1561552.SearchProtectorEnabled", false);

Found : user_pref("CT1561552.SearchProtectorToolbarDisabled", false);

Found : user_pref("CT1561552.SendProtectorDataViaLogin", true);

Found : user_pref("CT1561552.ServiceMapLastCheckTime", "Fri Jul 13 2012 11:49:09 GMT-0500 (Central Daylight [...]

Found : user_pref("CT1561552.SettingsLastCheckTime", "Sat Jul 14 2012 10:24:48 GMT-0500 (Central Daylight Ti[...]

Found : user_pref("CT1561552.SettingsLastUpdate", "1339666862");

Found : user_pref("CT1561552.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1561552&SearchSource=13");

Found : user_pref("CT1561552.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT1561552.ThirdPartyComponentsLastCheck", "Wed Jul 11 2012 11:49:09 GMT-0500 (Central Day[...]

Found : user_pref("CT1561552.ThirdPartyComponentsLastUpdate", "1331805997");

Found : user_pref("CT1561552.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT1561552.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1561552");

Found : user_pref("CT1561552.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT1561552.UserID", "UN28788932384375718");

Found : user_pref("CT1561552.ValidationData_Toolbar", 0);

Found : user_pref("CT1561552.alertChannelId", "15257");

Found : user_pref("CT1561552.approveUntrustedApps", false);

Found : user_pref("CT1561552.backendstorage.gk_iolo_notif2_sent", "73656E74");

Found : user_pref("CT1561552.backendstorage.hxxp://pinterest_aot_im.isenabled", "59");

Found : user_pref("CT1561552.backendstorage.installationdate0.2646799591156723", "31333432303235333630363434[...]

Found : user_pref("CT1561552.backendstorage.last-search-provider", "22676F6F676C6522");

Found : user_pref("CT1561552.backendstorage.last-social-provider", "227961686F6F22");

Found : user_pref("CT1561552.backendstorage.search-providers", "7B22676F6F676C65223A5B322C313334323135303135[...]

Found : user_pref("CT1561552.backendstorage.social-providers", "7B227961686F6F223A5B332C31333432323739353634[...]

Found : user_pref("CT1561552.backendstorage.toolbarappheartbeat", "7B22223A313334323231303736343235317D");

Found : user_pref("CT1561552.backendstorage.toolbarnotificationheartbeat", "7B2274797065223A2268656172746265[...]

Found : user_pref("CT1561552.backendstorage.toolbarnotificationqueue", "5B5D");

Found : user_pref("CT1561552.backendstorage.toolbarnotificationsettings", "7B2273656E644E6F74696669636174696[...]

Found : user_pref("CT1561552.backendstorage.toolbarnotificationuserid", "3336303334373531383739");

Found : user_pref("CT1561552.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");

Found : user_pref("CT1561552.components.1000082", false);

Found : user_pref("CT1561552.components.129369133638525482", false);

Found : user_pref("CT1561552.components.129393336051369227", false);

Found : user_pref("CT1561552.components.129465890694457068", false);

Found : user_pref("CT1561552.components.129599733639330904", false);

Found : user_pref("CT1561552.components.129605852913364926", false);

Found : user_pref("CT1561552.components.129605869266627331", false);

Found : user_pref("CT1561552.components.129623602370237963", false);

Found : user_pref("CT1561552.components.129755532604957823", false);

Found : user_pref("CT1561552.components.129789595632582626", false);

Found : user_pref("CT1561552.components.129810223371412420", false);

Found : user_pref("CT1561552.components.129834662830138324", false);

Found : user_pref("CT1561552.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT1561552.globalFirstTimeInfoLastCheckTime", "Wed Jul 11 2012 11:49:12 GMT-0500 (Central [...]

Found : user_pref("CT1561552.homepageProtectorEnableByLogin", true);

Found : user_pref("CT1561552.initDone", true);

Found : user_pref("CT1561552.isAppTrackingManagerOn", true);

Found : user_pref("CT1561552.isFirstRadioInstallation", false);

Found : user_pref("CT1561552.myStuffEnabled", true);

Found : user_pref("CT1561552.myStuffPublihserMinWidth", 400);

Found : user_pref("CT1561552.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT1561552.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT1561552.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT1561552.navigateToUrlOnSearch", false);

Found : user_pref("CT1561552.oldAppsList", "128491907140756606,128491907208256770,111,129465890694457068,129[...]

Found : user_pref("CT1561552.revertSettingsEnabled", false);

Found : user_pref("CT1561552.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT1561552.searchProtectorEnableByLogin", true);

Found : user_pref("CT1561552.testingCtid", "");

Found : user_pref("CT1561552.toolbarAppMetaDataLastCheckTime", "Fri Jul 13 2012 11:49:09 GMT-0500 (Central D[...]

Found : user_pref("CT1561552.toolbarContextMenuLastCheckTime", "Wed Jul 11 2012 11:49:16 GMT-0500 (Central D[...]

Found : user_pref("CT1561552.usagesFlag", 2);

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1561552/CT1561552[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15257/14923/US", "\"0\"");

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1561552", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1561552",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\admin\\AppData\\Roaming\\Mozilla\\F[...]

Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Found : user_pref("CommunityToolbar.ToolbarsList", "CT1561552");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1561552");

Found : user_pref("CommunityToolbar.ToolbarsList4", "CT1561552");

Found : user_pref("CommunityToolbar.globalUserId", "0abc8467-b85b-4572-b1f9-350e9e02a483");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1561552");

Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jul 11 2012 11:49:1[...]

Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 13 2012 12:49:13 GMT-050[...]

Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.notifications.locale", "en");

Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 13 2012 11:49:12 GMT-0500 (C[...]

Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.notifications.userId", "c2b3f866-8954-4ac9-ab95-70f604609fe1");

Found : user_pref("CommunityToolbar.originalHomepage", "www.yahoo.com");

Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

Found : user_pref("extensions.BabylonToolbar.admin", false);

Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Found : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Found : user_pref("extensions.BabylonToolbar.babExt", "");

Found : user_pref("extensions.BabylonToolbar.babTrack", "affID=115193&tt=280812_2003_3512_8");

Found : user_pref("extensions.BabylonToolbar.babext", "babExt");

Found : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");

Found : user_pref("extensions.BabylonToolbar.bbDpng", "28");

Found : user_pref("extensions.BabylonToolbar.bbdpng", 8);

Found : user_pref("extensions.BabylonToolbar.cntry", "US");

Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Found : user_pref("extensions.BabylonToolbar.dfltlng", "en");

Found : user_pref("extensions.BabylonToolbar.dfltsrch", "false");

Found : user_pref("extensions.BabylonToolbar.envrmnt", "production");

Found : user_pref("extensions.BabylonToolbar.excTlbr", false);

Found : user_pref("extensions.BabylonToolbar.firstrun", false);

Found : user_pref("extensions.BabylonToolbar.hdrMd5", "C3658A88C3D02C39929A372E50F5B10F");

Found : user_pref("extensions.BabylonToolbar.hmpg", false);

Found : user_pref("extensions.BabylonToolbar.hrdid", "e2cbaf62000000000000001f3bb854c1");

Found : user_pref("extensions.BabylonToolbar.id", "e2cbaf62000000000000001f3bb854c1");

Found : user_pref("extensions.BabylonToolbar.instlDay", "15580");

Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Found : user_pref("extensions.BabylonToolbar.instlday", "15580");

Found : user_pref("extensions.BabylonToolbar.instlref", "sst");

Found : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");

Found : user_pref("extensions.BabylonToolbar.keywordurl", "");

Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1212:30:44");

Found : user_pref("extensions.BabylonToolbar.lastdp", 28);

Found : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");

Found : user_pref("extensions.BabylonToolbar.newTab", false);

Found : user_pref("extensions.BabylonToolbar.newtab", "false");

Found : user_pref("extensions.BabylonToolbar.newtaburl", "");

Found : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"29\",\"lastVrsn\":\"29\",\"vrsnLoad\[...]

Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Found : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");

Found : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");

Found : user_pref("extensions.BabylonToolbar.sg", "czb");

Found : user_pref("extensions.BabylonToolbar.smplGrp", "czb");

Found : user_pref("extensions.BabylonToolbar.smplgrp", "czb");

Found : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar.srcext", "ss");

Found : user_pref("extensions.BabylonToolbar.srch", "");

Found : user_pref("extensions.BabylonToolbar.srchprvdr", "");

Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Found : user_pref("extensions.BabylonToolbar.tlbrid", "base");

Found : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Found : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1212:30:44");

Found : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Found : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1212:30:44");

Found : user_pref("extensions.BabylonToolbar_i.babExt", "");

Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=115193&tt=280812_2003_3512_8");

Found : user_pref("extensions.BabylonToolbar_i.newTab", false);

Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1212:30:44");

Found : user_pref("extensions.incredibar.actvtyRptTime", "1348867661871");

Found : user_pref("extensions.incredibar.admin", false);

Found : user_pref("extensions.incredibar.aflt", "orgnl");

Found : user_pref("extensions.incredibar.afterInstallRpt", "sent");

Found : user_pref("extensions.incredibar.cntry", "US");

Found : user_pref("extensions.incredibar.dfltLng", "EN");

Found : user_pref("extensions.incredibar.dfltSrch", false);

Found : user_pref("extensions.incredibar.dfltlng", "EN");

Found : user_pref("extensions.incredibar.dfltsrch", "false");

Found : user_pref("extensions.incredibar.did", "10643");

Found : user_pref("extensions.incredibar.envrmnt", "production");

Found : user_pref("extensions.incredibar.excTlbr", false);

Found : user_pref("extensions.incredibar.hdrMd5", "ACC0C40C751E30D91DF221FABCC39F34");

Found : user_pref("extensions.incredibar.hmpg", false);

Found : user_pref("extensions.incredibar.hrdid", "e2cbaf62000000000000001f3bb854c1");

Found : user_pref("extensions.incredibar.id", "e2cbaf62000000000000001f3bb854c1");

Found : user_pref("extensions.incredibar.installerproductid", "26");

Found : user_pref("extensions.incredibar.instlDay", "15608");

Found : user_pref("extensions.incredibar.instlRef", "");

Found : user_pref("extensions.incredibar.instlday", "15608");

Found : user_pref("extensions.incredibar.instlref", "");

Found : user_pref("extensions.incredibar.isDcmntCmplt", false);

Found : user_pref("extensions.incredibar.isdcmntcmplt", "false");

Found : user_pref("extensions.incredibar.keywordurl", "");

Found : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1418:17:52");

Found : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

Found : user_pref("extensions.incredibar.newTab", false);

Found : user_pref("extensions.incredibar.newtab", "false");

Found : user_pref("extensions.incredibar.newtaburl", "");

Found : user_pref("extensions.incredibar.noFFXTlbr", false);

Found : user_pref("extensions.incredibar.ppd", "1");

Found : user_pref("extensions.incredibar.prdct", "incredibar");

Found : user_pref("extensions.incredibar.productid", "26");

Found : user_pref("extensions.incredibar.prtnrId", "Incredibar");

Found : user_pref("extensions.incredibar.prtnrid", "Incredibar");

Found : user_pref("extensions.incredibar.sg", "none");

Found : user_pref("extensions.incredibar.smplGrp", "none");

Found : user_pref("extensions.incredibar.smplgrp", "none");

Found : user_pref("extensions.incredibar.srch", "");

Found : user_pref("extensions.incredibar.srchprvdr", "");

Found : user_pref("extensions.incredibar.tlbrId", "base");

Found : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQKKYgoXu&loc=IB_T[...]

Found : user_pref("extensions.incredibar.tlbrid", "base");

Found : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQKKYgoXu&loc=IB_T[...]

Found : user_pref("extensions.incredibar.upn2", "6PQKKYgoXu");

Found : user_pref("extensions.incredibar.upn2n", "92543644465370312");

Found : user_pref("extensions.incredibar.vrsn", "1.5.11.14");

Found : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1418:17:52");

Found : user_pref("extensions.incredibar.vrsni", "1.5.11.14");

Found : user_pref("extensions.incredibar.vrsnts", "1.5.11.1418:17:52");

Found : user_pref("extensions.incredibar_i.aflt", "orgnl");

Found : user_pref("extensions.incredibar_i.dfltLng", "");

Found : user_pref("extensions.incredibar_i.did", "10643");

Found : user_pref("extensions.incredibar_i.excTlbr", false);

Found : user_pref("extensions.incredibar_i.id", "e2cbaf62000000000000001f3bb854c1");

Found : user_pref("extensions.incredibar_i.installerproductid", "26");

Found : user_pref("extensions.incredibar_i.instlDay", "15608");

Found : user_pref("extensions.incredibar_i.instlRef", "");

Found : user_pref("extensions.incredibar_i.ms_url_id", "");

Found : user_pref("extensions.incredibar_i.newTab", false);

Found : user_pref("extensions.incredibar_i.ppd", "1");

Found : user_pref("extensions.incredibar_i.prdct", "incredibar");

Found : user_pref("extensions.incredibar_i.productid", "26");

Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Found : user_pref("extensions.incredibar_i.smplGrp", "none");

Found : user_pref("extensions.incredibar_i.tlbrId", "base");

Found : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQKKYgoXu&loc=IB[...]

Found : user_pref("extensions.incredibar_i.upn2", "6PQKKYgoXu");

Found : user_pref("extensions.incredibar_i.upn2n", "92543644465370312");

Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1418:17:52");

Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

Found : user_pref("extensions.mywebsearch.prevDefaultEngine", "Yahoo");

Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);

Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=u[...]

Found : user_pref("extensions.mywebsearch.prevSelectedEngine", "Yahoo");

Found : user_pref("extensions.toolbar.mindspark._v4Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=[...]

File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3v1q4w9h.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [32906 octets] - [30/12/2012 05:08:25]

########## EOF - C:\AdwCleaner[R1].txt - [32967 octets] ##########

dmbaker · December 30, 2012

Checkbat Results

Hi, here are my next set of results. I hope this isn't a dumb question but why does it say the results are "screen317's" security check?

Thanks,

Dana

Results of screen317's Security Check version 0.99.56

Windows 7 Service Pack 1 x86 (UAC is enabled)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Firewall Enabled!

Advanced SystemCare Ultimate

WMI entry may not exist for antivirus; attempting automatic update.

`````````Anti-malware/Other Utilities Check:`````````

CCleaner

Java 6 Update 33

Java 7 Update 9

Adobe Flash Player 11.5.502.135

Adobe Reader 10.1.4 Adobe Reader out of Date!

Mozilla Firefox (13.0)

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Google Chrome 23.0.1271.97

````````Process Check: objlist.exe by Laurent````````

SOS Online Backup OverlayCache.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Superdave · December 30, 2012

Remove the Adware:

Please close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Delete.
Confirm each time with OK
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the content of that logfile in your reply.
You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

*************************************************

Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

*************************************************

Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1

Link 2

Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

dmbaker · December 30, 2012

A few questions and FYI on the history of my machine

Hi SuperDave,

4. Please DO NOT run any other tools or scans while I am helping you.

I have my ASC6 set to update automatically as well as cleaning at log in. Do I need to change my settings until we finish with my issues? I don't believe I have any other programs to download or update automatically but if you need me to check I can do that. Would I just go to my start up folder and see which ones there are, if any? Thanks.

If you can't access the internet with your infected computer you will have to download and transfer any programs to the computer you're using now and transfer them to the infected computer with a CD-RW or a USB storage device. I prefer a CD because a storage device can get infected. If you use a storage device hold the shift key down while inserting the USB storage device for about 10 secs. You will also have to transfer the logs you receive back to the good computer using the same method until we can get the computer back on-line.

As of this post I am still able to connect and haven't really had any problems in that area. One of my concerns is that the seller may have some way of spying on my activity which I don't know if you can see or not. I wish I were experienced enough to check but for some reason I have always had a feeling about that in the back of my mind.

There is a folder, which used to be a shadow copy (I'm not familiar with that at all) when I first got the machine. The tech that helped me with the software errors told me it was safe to delete it which I tried to do but it was a fairly large folder of files and several errors were popping up during the deletion so I elected not to delete the ones that warned me not to. I did do a backup of the entire folder onto an external drive before I did anything. I'm not sure what's left of the folder but if you need any of the original info from it I do have it. The folder is called "Windows.old" and there are also a lot of pics the seller left and every time I think I've deleted them, they seem to reappear in some other location during some back ups or uploading my photo folder for sharing with other devices. I find that very odd, I don't know how to really get rid of them and mostly it makes me very weary of sharing within my home network. Should I create a new internet connection for just this machine?

I haven't actually had a lot of issues at all with this machine other than needing more space. I'm using a flash drive to help with that for now. Initially, I just wanted to get rid of the old files the seller left on it so I could free up some space. Looking back now after a year, I wish I had created a partition or something before I put so much of my own valuable info on this thing. My external HD is clickfree and only does back ups of my files. No programs are on there or disc images so I assume if I have to wipe this machine clean I would have to find a way to manually reinstall programs but I didn't recieve any discs or keys when I bought it so I'm hoping there is a way I can get that info from the machine if it becomes necessary. I'm a little afraid of that task but times are hard so if I have to I will. I want to make sure its safe and I guess go from there.

Finally, this thread refers titled "New Problem Scan" refers to a scan I had attached from my desktop computer. It was not copied and pasted as all the others related to my laptop we are working on. I just thought I would mention that to you. I hope I don't have to do all this with my desktop as well??

Sorry for the long message...thank you so much for your assistance.

dana

dmbaker · December 30, 2012

Adwcleaner txt file results

Remove the Adware:

Please close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with OK

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile in your reply.

You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

*************************************************
Update your Adobe Reader. get.adobe.com/reader.

Be sure to uncheck the Free McAfee Security Scan so it isn't installed.

*************************************************
Download Combofix from any of the links below, and save it to your DESKTOP.

Link 1
Link 2
Link 3

To prevent your anti-virus application interfering with ComboFix we need to disable it. See here for a tutorial regarding how to do so if you are unsure.

Close any open windows and double click ComboFix.exe to run it.

You will see the following image:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_disclaimer_ENG.png

Click I Agree to start the program.

ComboFix will then extract the necessary files and you will see this:

http://i424.photobucket.com/albums/pp322/digistar/NSIS_extraction.png

As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. This will not occur in Windows Vista and 7

It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

If you did not have it installed, you will see the prompt below. Choose YES.

http://i424.photobucket.com/albums/pp322/digistar/RcAuto1.gif

Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

http://i424.photobucket.com/albums/pp322/digistar/whatnext.png

Click on Yes, to continue scanning for malware.

When finished, it will produce a report for you. Please post the contents of the log (C:\ComboFix.txt).

Leave your computer alone while ComboFix is running. ComboFix will restart your computer if malware is found; allow it to do so.

Note: Please Do NOT mouseclick combofix's window while its running because it may cause it to stall.

Here are the results of the adwcleaner delete results. I'll post the next part after completion but am wondering if I need to disable ASC6 as well as my internet connection prior to running the ComboFix? I might find the answer as I go, if not I'll wait for your reply. Thanks so much.

# AdwCleaner v2.104 - Logfile created 12/30/2012 at 15:59:46

# Updated 29/12/2012 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : admin - ADMIN-PC

# Boot Mode : Normal

# Running from : C:\Users\admin\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

Stopped & Deleted : Application Updater

Stopped & Deleted : Browser Manager

Stopped & Deleted : DefaultTabSearch

Stopped & Deleted : DefaultTabUpdate

Stopped & Deleted : IBUpdaterService

***** [Files / Folders] *****

Deleted on reboot : C:\ProgramData\Browser Manager

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml

File Deleted : C:\user.js

File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\bprotector_extensions.sqlite

File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\searchplugins\my-web-search.xml

File Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\searchplugins\search-here.xml

File Deleted : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3v1q4w9h.default\bprotector_extensions.sqlite

Folder Deleted : C:\Program Files\Application Updater

Folder Deleted : C:\Program Files\Common Files\spigot

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\DefaultTab

Folder Deleted : C:\ProgramData\Babylon

Folder Deleted : C:\ProgramData\boost_interprocess

Folder Deleted : C:\ProgramData\IBUpdaterService

Folder Deleted : C:\ProgramData\Tarma Installer

Folder Deleted : C:\Users\admin\AppData\Local\Conduit

Folder Deleted : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Folder Deleted : C:\Users\admin\AppData\Local\TempDir

Folder Deleted : C:\Users\admin\AppData\LocalLow\BabylonToolbar

Folder Deleted : C:\Users\admin\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\admin\AppData\LocalLow\PriceGong

Folder Deleted : C:\Users\admin\AppData\LocalLow\Search Settings

Folder Deleted : C:\Users\admin\AppData\Roaming\Babylon

Folder Deleted : C:\Users\admin\AppData\Roaming\DefaultTab

Folder Deleted : C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager

Folder Deleted : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\ConduitCommon

Folder Deleted : C:\Users\admin\AppData\Roaming\PerformerSoft

Folder Deleted : C:\Users\admin\Documents\ShopToWin

Folder Deleted : C:\Users\user\AppData\LocalLow\AVG Secure Search

Folder Deleted : C:\Users\user\AppData\LocalLow\Search Settings

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\22580~1.185\{16cdf~1\browse~1.dll

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\DefaultTab

Key Deleted : HKCU\Software\AppDataLow\Software\Freecause

Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong

Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\bProtector

Key Deleted : HKCU\Software\DataMngr

Key Deleted : HKCU\Software\Default Tab

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5911488E-9D1E-40EC-8CBB-06B231CC153F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13D095-45C3-4271-9475-F3B48227DD9F}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKCU\Software\Search Settings

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKLM\Software\Application Updater

Key Deleted : HKLM\Software\bProtector

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{2CBD2A57-2FD5-4F1A-9FC8-90ED48FA4187}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers

Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\Software\DataMngr

Key Deleted : HKLM\Software\Default Tab

Key Deleted : HKLM\Software\DefaultTab

Key Deleted : HKLM\Software\Freeze.com

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011501160}

Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SearchSettings

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F6AFBF1-E065-4627-A2FD-810366367D01}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab Chrome

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service

Key Deleted : HKLM\Software\Search Settings

Key Deleted : HKLM\Software\Tarma Installer

Key Deleted : HKLM\Software\Web Assistant

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]

Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchSettings]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v13.0 (en-US)

File : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\prefs.js

C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\user.js ... Deleted !

Deleted : user_pref("CT1561552..clientLogIsEnabled", false);

Deleted : user_pref("CT1561552..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT1561552..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT1561552.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT1561552.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT1561552.BrowserCompStateIsOpen_129465890694457068", true);

Deleted : user_pref("CT1561552.BrowserCompStateIsOpen_129599733639330904", true);

Deleted : user_pref("CT1561552.BrowserCompStateIsOpen_129599733775895750", true);

Deleted : user_pref("CT1561552.BrowserCompStateIsOpen_129755532604957823", true);

Deleted : user_pref("CT1561552.CTID", "CT1561552");

Deleted : user_pref("CT1561552.CurrentServerDate", "14-7-2012");

Deleted : user_pref("CT1561552.DSInstall", false);

Deleted : user_pref("CT1561552.DialogsAlignMode", "LTR");

Deleted : user_pref("CT1561552.DialogsGetterLastCheckTime", "Wed Jul 11 2012 11:49:12 GMT-0500 (Central Daylig[...]

Deleted : user_pref("CT1561552.DownloadReferralCookieData", "");

Deleted : user_pref("CT1561552.FirstServerDate", "11-7-2012");

Deleted : user_pref("CT1561552.FirstTime", true);

Deleted : user_pref("CT1561552.FirstTimeFF3", true);

Deleted : user_pref("CT1561552.FirstTimeHiddenVer", true);

Deleted : user_pref("CT1561552.FixPageNotFoundErrors", true);

Deleted : user_pref("CT1561552.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT1561552.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT1561552.HPInstall", false);

Deleted : user_pref("CT1561552.HasUserGlobalKeys", true);

Deleted : user_pref("CT1561552.HomePageProtectorEnabled", false);

Deleted : user_pref("CT1561552.HomepageBeforeUnload", "www.yahoo.com");

Deleted : user_pref("CT1561552.Initialize", true);

Deleted : user_pref("CT1561552.InitializeCommonPrefs", true);

Deleted : user_pref("CT1561552.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT1561552.InstallationId", "ConduitStubGeneric");

Deleted : user_pref("CT1561552.InstallationType", "ConduitStubIntegration");

Deleted : user_pref("CT1561552.InstalledDate", "Wed Jul 11 2012 11:49:12 GMT-0500 (Central Daylight Time)");

Deleted : user_pref("CT1561552.InvalidateCache", false);

Deleted : user_pref("CT1561552.IsAlertDBUpdated", true);

Deleted : user_pref("CT1561552.IsGrouping", false);

Deleted : user_pref("CT1561552.IsInitSetupIni", true);

Deleted : user_pref("CT1561552.IsMulticommunity", false);

Deleted : user_pref("CT1561552.IsOpenThankYouPage", false);

Deleted : user_pref("CT1561552.IsOpenUninstallPage", true);

Deleted : user_pref("CT1561552.LanguagePackLastCheckTime", "Fri Jul 13 2012 11:49:16 GMT-0500 (Central Dayligh[...]

Deleted : user_pref("CT1561552.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT1561552.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT1561552.LastLogin_3.13.0.6", "Sat Jul 14 2012 10:24:49 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT1561552.LastLogin_3.14.1.0", "Sat Aug 25 2012 14:10:35 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT1561552.LastLogin_3.15.1.0", "Mon Aug 27 2012 09:02:04 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT1561552.LatestVersion", "3.13.0.6");

Deleted : user_pref("CT1561552.Locale", "en-us");

Deleted : user_pref("CT1561552.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT1561552.MCDetectTooltipShow", false);

Deleted : user_pref("CT1561552.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT1561552.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT1561552.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT1561552.OriginalFirstVersion", "3.13.0.6");

Deleted : user_pref("CT1561552.RadioIsPodcast", false);

Deleted : user_pref("CT1561552.RadioLastCheckTime", "Fri Jul 13 2012 11:49:35 GMT-0500 (Central Daylight Time)[...]

Deleted : user_pref("CT1561552.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT1561552.RadioLastUpdateServer", "129100288951200000");

Deleted : user_pref("CT1561552.RadioMediaID", "13448970");

Deleted : user_pref("CT1561552.RadioMediaType", "Media Player");

Deleted : user_pref("CT1561552.RadioMenuSelectedID", "EBRadioMenu_CT156155213448970");

Deleted : user_pref("CT1561552.RadioShrinkedFromSetup", false);

Deleted : user_pref("CT1561552.RadioStationName", "Danceradio");

Deleted : user_pref("CT1561552.RadioStationURL", "hxxp://101danceradio.com/wmx/classicrockjukebox64k.wmx");

Deleted : user_pref("CT1561552.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT1561552.SearchCaption", "Hotspot Shield Customized Web Search");

Deleted : user_pref("CT1561552.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Deleted : user_pref("CT1561552.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT1561552.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT156[...]

Deleted : user_pref("CT1561552.SearchInNewTabEnabled", true);

Deleted : user_pref("CT1561552.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT1561552.SearchInNewTabLastCheckTime", "Fri Jul 13 2012 11:49:16 GMT-0500 (Central Dayli[...]

Deleted : user_pref("CT1561552.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT1561552.SearchProtectorEnabled", false);

Deleted : user_pref("CT1561552.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT1561552.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT1561552.ServiceMapLastCheckTime", "Fri Jul 13 2012 11:49:09 GMT-0500 (Central Daylight [...]

Deleted : user_pref("CT1561552.SettingsLastCheckTime", "Sat Jul 14 2012 10:24:48 GMT-0500 (Central Daylight Ti[...]

Deleted : user_pref("CT1561552.SettingsLastUpdate", "1339666862");

Deleted : user_pref("CT1561552.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT1561552&SearchSource=13");

Deleted : user_pref("CT1561552.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT1561552.ThirdPartyComponentsLastCheck", "Wed Jul 11 2012 11:49:09 GMT-0500 (Central Day[...]

Deleted : user_pref("CT1561552.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT1561552.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT1561552.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1561552");

Deleted : user_pref("CT1561552.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT1561552.UserID", "UN28788932384375718");

Deleted : user_pref("CT1561552.ValidationData_Toolbar", 0);

Deleted : user_pref("CT1561552.alertChannelId", "15257");

Deleted : user_pref("CT1561552.approveUntrustedApps", false);

Deleted : user_pref("CT1561552.backendstorage.gk_iolo_notif2_sent", "73656E74");

Deleted : user_pref("CT1561552.backendstorage.hxxp://pinterest_aot_im.isenabled", "59");

Deleted : user_pref("CT1561552.backendstorage.installationdate0.2646799591156723", "31333432303235333630363434[...]

Deleted : user_pref("CT1561552.backendstorage.last-search-provider", "22676F6F676C6522");

Deleted : user_pref("CT1561552.backendstorage.last-social-provider", "227961686F6F22");

Deleted : user_pref("CT1561552.backendstorage.search-providers", "7B22676F6F676C65223A5B322C313334323135303135[...]

Deleted : user_pref("CT1561552.backendstorage.social-providers", "7B227961686F6F223A5B332C31333432323739353634[...]

Deleted : user_pref("CT1561552.backendstorage.toolbarappheartbeat", "7B22223A313334323231303736343235317D");

Deleted : user_pref("CT1561552.backendstorage.toolbarnotificationheartbeat", "7B2274797065223A2268656172746265[...]

Deleted : user_pref("CT1561552.backendstorage.toolbarnotificationqueue", "5B5D");

Deleted : user_pref("CT1561552.backendstorage.toolbarnotificationsettings", "7B2273656E644E6F74696669636174696[...]

Deleted : user_pref("CT1561552.backendstorage.toolbarnotificationuserid", "3336303334373531383739");

Deleted : user_pref("CT1561552.backendstorage.twitter_v1.8.0_twitter_app_open_t_f", "66616C7365");

Deleted : user_pref("CT1561552.components.1000082", false);

Deleted : user_pref("CT1561552.components.129369133638525482", false);

Deleted : user_pref("CT1561552.components.129393336051369227", false);

Deleted : user_pref("CT1561552.components.129465890694457068", false);

Deleted : user_pref("CT1561552.components.129599733639330904", false);

Deleted : user_pref("CT1561552.components.129605852913364926", false);

Deleted : user_pref("CT1561552.components.129605869266627331", false);

Deleted : user_pref("CT1561552.components.129623602370237963", false);

Deleted : user_pref("CT1561552.components.129755532604957823", false);

Deleted : user_pref("CT1561552.components.129789595632582626", false);

Deleted : user_pref("CT1561552.components.129810223371412420", false);

Deleted : user_pref("CT1561552.components.129834662830138324", false);

Deleted : user_pref("CT1561552.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT1561552.globalFirstTimeInfoLastCheckTime", "Wed Jul 11 2012 11:49:12 GMT-0500 (Central [...]

Deleted : user_pref("CT1561552.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT1561552.initDone", true);

Deleted : user_pref("CT1561552.isAppTrackingManagerOn", true);

Deleted : user_pref("CT1561552.isFirstRadioInstallation", false);

Deleted : user_pref("CT1561552.myStuffEnabled", true);

Deleted : user_pref("CT1561552.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT1561552.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT1561552.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT1561552.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT1561552.navigateToUrlOnSearch", false);

Deleted : user_pref("CT1561552.oldAppsList", "128491907140756606,128491907208256770,111,129465890694457068,129[...]

Deleted : user_pref("CT1561552.revertSettingsEnabled", false);

Deleted : user_pref("CT1561552.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT1561552.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT1561552.testingCtid", "");

Deleted : user_pref("CT1561552.toolbarAppMetaDataLastCheckTime", "Fri Jul 13 2012 11:49:09 GMT-0500 (Central D[...]

Deleted : user_pref("CT1561552.toolbarContextMenuLastCheckTime", "Wed Jul 11 2012 11:49:16 GMT-0500 (Central D[...]

Deleted : user_pref("CT1561552.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1561552/CT1561552[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15257/14923/US", "\"0\"");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1561552", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1561552",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\admin\\AppData\\Roaming\\Mozilla\\F[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1561552");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1561552");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT1561552");

Deleted : user_pref("CommunityToolbar.globalUserId", "0abc8467-b85b-4572-b1f9-350e9e02a483");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1561552");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Jul 11 2012 11:49:1[...]

Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jul 13 2012 12:49:13 GMT-050[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jul 13 2012 11:49:12 GMT-0500 (C[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "c2b3f866-8954-4ac9-ab95-70f604609fe1");

Deleted : user_pref("CommunityToolbar.originalHomepage", "www.yahoo.com");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]

Deleted : user_pref("extensions.BabylonToolbar.admin", false);

Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");

Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");

Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");

Deleted : user_pref("extensions.BabylonToolbar.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=115193&tt=280812_2003_3512_8");

Deleted : user_pref("extensions.BabylonToolbar.babext", "babExt");

Deleted : user_pref("extensions.BabylonToolbar.babtrack", "babTrack");

Deleted : user_pref("extensions.BabylonToolbar.bbDpng", "28");

Deleted : user_pref("extensions.BabylonToolbar.bbdpng", 8);

Deleted : user_pref("extensions.BabylonToolbar.cntry", "US");

Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltlng", "en");

Deleted : user_pref("extensions.BabylonToolbar.dfltsrch", "false");

Deleted : user_pref("extensions.BabylonToolbar.envrmnt", "production");

Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);

Deleted : user_pref("extensions.BabylonToolbar.firstrun", false);

Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "C3658A88C3D02C39929A372E50F5B10F");

Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);

Deleted : user_pref("extensions.BabylonToolbar.hrdid", "e2cbaf62000000000000001f3bb854c1");

Deleted : user_pref("extensions.BabylonToolbar.id", "e2cbaf62000000000000001f3bb854c1");

Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15580");

Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");

Deleted : user_pref("extensions.BabylonToolbar.instlday", "15580");

Deleted : user_pref("extensions.BabylonToolbar.instlref", "sst");

Deleted : user_pref("extensions.BabylonToolbar.isdcmntcmplt", "false");

Deleted : user_pref("extensions.BabylonToolbar.keywordurl", "");

Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.6.9.1212:30:44");

Deleted : user_pref("extensions.BabylonToolbar.lastdp", 28);

Deleted : user_pref("extensions.BabylonToolbar.mntrvrsn", "1.3.1");

Deleted : user_pref("extensions.BabylonToolbar.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar.newtab", "false");

Deleted : user_pref("extensions.BabylonToolbar.newtaburl", "");

Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"29\",\"lastVrsn\":\"29\",\"vrsnLoad\[...]

Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");

Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.prtnrid", "babylon");

Deleted : user_pref("extensions.BabylonToolbar.savedVrsnTs", "1");

Deleted : user_pref("extensions.BabylonToolbar.sg", "czb");

Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");

Deleted : user_pref("extensions.BabylonToolbar.smplgrp", "czb");

Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srcext", "ss");

Deleted : user_pref("extensions.BabylonToolbar.srch", "");

Deleted : user_pref("extensions.BabylonToolbar.srchprvdr", "");

Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");

Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.tlbrid", "base");

Deleted : user_pref("extensions.BabylonToolbar.tlbrsrchurl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]

Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.6.9.1212:30:44");

Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.6.9.12");

Deleted : user_pref("extensions.BabylonToolbar.vrsnts", "1.6.9.1212:30:44");

Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");

Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=115193&tt=280812_2003_3512_8");

Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);

Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");

Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");

Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.9.1212:30:44");

Deleted : user_pref("extensions.incredibar.actvtyRptTime", "1348867661871");

Deleted : user_pref("extensions.incredibar.admin", false);

Deleted : user_pref("extensions.incredibar.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar.afterInstallRpt", "sent");

Deleted : user_pref("extensions.incredibar.cntry", "US");

Deleted : user_pref("extensions.incredibar.dfltLng", "EN");

Deleted : user_pref("extensions.incredibar.dfltSrch", false);

Deleted : user_pref("extensions.incredibar.dfltlng", "EN");

Deleted : user_pref("extensions.incredibar.dfltsrch", "false");

Deleted : user_pref("extensions.incredibar.did", "10643");

Deleted : user_pref("extensions.incredibar.envrmnt", "production");

Deleted : user_pref("extensions.incredibar.excTlbr", false);

Deleted : user_pref("extensions.incredibar.hdrMd5", "ACC0C40C751E30D91DF221FABCC39F34");

Deleted : user_pref("extensions.incredibar.hmpg", false);

Deleted : user_pref("extensions.incredibar.hrdid", "e2cbaf62000000000000001f3bb854c1");

Deleted : user_pref("extensions.incredibar.id", "e2cbaf62000000000000001f3bb854c1");

Deleted : user_pref("extensions.incredibar.installerproductid", "26");

Deleted : user_pref("extensions.incredibar.instlDay", "15608");

Deleted : user_pref("extensions.incredibar.instlRef", "");

Deleted : user_pref("extensions.incredibar.instlday", "15608");

Deleted : user_pref("extensions.incredibar.instlref", "");

Deleted : user_pref("extensions.incredibar.isDcmntCmplt", false);

Deleted : user_pref("extensions.incredibar.isdcmntcmplt", "false");

Deleted : user_pref("extensions.incredibar.keywordurl", "");

Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1418:17:52");

Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

Deleted : user_pref("extensions.incredibar.newTab", false);

Deleted : user_pref("extensions.incredibar.newtab", "false");

Deleted : user_pref("extensions.incredibar.newtaburl", "");

Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);

Deleted : user_pref("extensions.incredibar.ppd", "1");

Deleted : user_pref("extensions.incredibar.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar.productid", "26");

Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar.prtnrid", "Incredibar");

Deleted : user_pref("extensions.incredibar.sg", "none");

Deleted : user_pref("extensions.incredibar.smplGrp", "none");

Deleted : user_pref("extensions.incredibar.smplgrp", "none");

Deleted : user_pref("extensions.incredibar.srch", "");

Deleted : user_pref("extensions.incredibar.srchprvdr", "");

Deleted : user_pref("extensions.incredibar.tlbrId", "base");

Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQKKYgoXu&loc=IB_T[...]

Deleted : user_pref("extensions.incredibar.tlbrid", "base");

Deleted : user_pref("extensions.incredibar.tlbrsrchurl", "hxxp://mystart.Incredibar.com/?a=6PQKKYgoXu&loc=IB_T[...]

Deleted : user_pref("extensions.incredibar.upn2", "6PQKKYgoXu");

Deleted : user_pref("extensions.incredibar.upn2n", "92543644465370312");

Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1418:17:52");

Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");

Deleted : user_pref("extensions.incredibar.vrsnts", "1.5.11.1418:17:52");

Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar_i.dfltLng", "");

Deleted : user_pref("extensions.incredibar_i.did", "10643");

Deleted : user_pref("extensions.incredibar_i.excTlbr", false);

Deleted : user_pref("extensions.incredibar_i.id", "e2cbaf62000000000000001f3bb854c1");

Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");

Deleted : user_pref("extensions.incredibar_i.instlDay", "15608");

Deleted : user_pref("extensions.incredibar_i.instlRef", "");

Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");

Deleted : user_pref("extensions.incredibar_i.newTab", false);

Deleted : user_pref("extensions.incredibar_i.ppd", "1");

Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar_i.productid", "26");

Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");

Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");

Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQKKYgoXu&loc=IB[...]

Deleted : user_pref("extensions.incredibar_i.upn2", "6PQKKYgoXu");

Deleted : user_pref("extensions.incredibar_i.upn2n", "92543644465370312");

Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1418:17:52");

Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

Deleted : user_pref("extensions.mywebsearch.prevDefaultEngine", "Yahoo");

Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);

Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=u[...]

Deleted : user_pref("extensions.mywebsearch.prevSelectedEngine", "Yahoo");

Deleted : user_pref("extensions.toolbar.mindspark._v4Members_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1561552&SearchSource=2&q=[...]

File : C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\3v1q4w9h.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [33037 octets] - [30/12/2012 05:08:25]

AdwCleaner[s1].txt - [33634 octets] - [30/12/2012 15:59:46]

########## EOF - C:\AdwCleaner[s1].txt - [33695 octets] ##########

Superdave · December 31, 2012

I have my ASC6 set to update automatically as well as cleaning at log in. Do I need to change my settings until we finish with my issues?

No, that should be ok.

This should get rid of any tracking cookies.

SUPERAntiSpyware

If you already have SUPERAntiSpyware be sure to check for updates before scanning!

Download SuperAntispyware Free Edition (SAS)

* Double-click the icon on your desktop to run the installer.

* When asked to Update the program definitions, click Yes

* If you encounter any problems while downloading the updates, manually download and unzip them from here

* Next click the Preferences button.

•Under Start-Up Options uncheck Start SUPERAntiSpyware when Windows starts

* Click the Scanning Control tab.

* Under Scanner Options make sure only the following are checked:

•Close browsers before scanning

•Scan for tracking cookies

•Terminate memory threats before quarantining

•Please leave the others unchecked

•Click the Close button to leave the control center screen.

* On the main screen click Scan your computer

* On the left check the box for the drive you are scanning.

* On the right choose Perform Complete Scan

* Click Next to start the scan. Please be patient while it scans your computer.

* After the scan is complete a summary box will appear. Click OK

* Make sure everything in the white box has a check next to it, then click Next

* It will quarantine what it found and if it asks if you want to reboot, click Yes

•To retrieve the removal information please do the following:

•After reboot, double-click the SUPERAntiSpyware icon on your desktop.

•Click Preferences. Click the Statistics/Logs tab.

•Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.

•It will open in your default text editor (preferably Notepad).

•Save the notepad file to your desktop by clicking (in notepad) File > Save As...

* Save the log somewhere you can easily find it. (normally the desktop)

* Click close and close again to exit the program.

*Copy and Paste the log in your post.

*********************************************

I'm not sure what's left of the folder but if you need any of the original info from it I do have it. The folder is called "Windows.old" and there are also a lot of pics the seller left and every time I think I've deleted them,

That folder is ok. It's created when a new system is installed over an old one.

I'll post the next part after completion but am wondering if I need to disable ASC6 as well as my internet connection prior to running the ComboFix?

It would be best to disable it.

dmbaker · December 31, 2012

ComboFix Results

Hi Dave,

Ok, so ComboFix did not notify me that I should install Microsoft Windows Recovery Console, but it did ask me to turn off ASC. I did, or so I thought but another pop up says its still running so before clicking OK I right click ASC at the top of my desktop and clicked on shut down. It shut down my computer. So, I logged back on and opend CCleaner, go to start up programs and disabled it there plus opened settings again in ASC and unchecked every single thing then closed it. Clicked on ComboFix, still it says ASC was running but I know I turned it off so I clicked ok. ComboFix ran for about 30 minutes then shut down the computer. I waited about 20 minutes before powering it back up thinking ComboFix would do it but since it never did I went ahead.

ComboFix popped up and says its preparing a log file and not to open any programs. So, I waited and here are the results that eventually popped up. I hope I didn't mess it up but hopefully these results will tell you something. On the preview my post is too long so my next one will have the txt results.

Thanks so much,

dana

PS. Fyi, I reupdated my info in my profile. I thought I had filled it all out but didn't see it there when I checked. I thought you might need that info so I put as much info as I could. I'm working with the HP 6910p laptop but I actually have several computers all running ASC Ultimate 6 w Anti-Virus. I hope I can remember all the settings I just unclicked.

dmbaker · December 31, 2012

ComboFix Results Part II

Hi Dave,

Here is my txt file. I noticed you had a reply for me so I'll post this and jump over for more instructions.

Thanks,

dana

ComboFix 12-12-30.01 - admin 12/30/2012 17:51:01.1.2 - x86

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.3063.2058 [GMT -6:00]

Running from: c:\users\admin\Desktop\ComboFix.exe

AV: Advanced SystemCare Ultimate *Enabled/Updated* {1C304DC4-1D72-5DB9-B33A-43B638ECFD30}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

* Created a new restore point

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\system32\drivers\etc\hosts.ics

c:\windows\system32\roboot.exe

c:\windows\vspc1000.exe

.

((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-31 )))))))))))))))))))))))))))))))

.

2012-12-31 00:06 . 2012-12-31 00:17 -------- d-----w- c:\users\admin\AppData\Local\temp

2012-12-31 00:06 . 2012-12-31 00:06 -------- d-----w- c:\users\user\AppData\Local\temp

2012-12-31 00:06 . 2012-12-31 00:06 -------- d-----w- c:\users\Guest\AppData\Local\temp

2012-12-31 00:06 . 2012-12-31 00:06 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp

2012-12-28 21:13 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ED31CFE3-CF92-4FAB-B610-305D9DD3D2AE}\mpengine.dll

2012-12-26 22:25 . 2012-12-26 22:25 -------- d-----w- C:\Temp

2012-12-26 22:10 . 2012-12-26 22:10 -------- d-----w- C:\OutputFolder

2012-12-26 22:10 . 2012-12-26 22:35 -------- d-----w- c:\users\admin\AppData\Roaming\Digiarty

2012-12-26 22:08 . 2012-12-26 22:34 -------- d-----w- c:\program files\Digiarty

2012-12-26 19:25 . 2012-12-26 19:25 691696 ----a-w- c:\windows\system32\drivers\sptd.sys

2012-12-26 19:24 . 2012-12-26 19:24 -------- d-----w- c:\program files\LSoft Technologies

2012-12-25 22:53 . 2009-02-25 00:42 116736 ----a-w- c:\windows\system32\drivers\mcdbus.sys

2012-12-25 22:53 . 2012-12-25 22:55 -------- d-----w- c:\program files\MagicDisc

2012-12-23 00:16 . 2012-12-23 00:16 -------- d-----w- c:\users\admin\AppData\Roaming\Amazon

2012-12-23 00:16 . 2012-12-23 00:16 -------- d-----w- c:\program files\Amazon

2012-12-21 21:09 . 2012-12-21 21:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin7.dll

2012-12-21 21:09 . 2012-12-21 21:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin6.dll

2012-12-21 21:09 . 2012-12-21 21:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin5.dll

2012-12-21 21:09 . 2012-12-21 21:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin4.dll

2012-12-21 21:09 . 2012-12-21 21:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin3.dll

2012-12-21 21:09 . 2012-12-21 21:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin2.dll

2012-12-21 21:09 . 2012-12-21 21:09 159744 ----a-w- c:\program files\Internet Explorer\Plugins\npqtplugin.dll

2012-12-19 22:20 . 2012-12-19 22:20 -------- d-----w- c:\users\user\AppData\Local\FileTypeAssistant

2012-12-19 21:18 . 2012-12-19 21:18 -------- d-----w- c:\users\user\AppData\Local\Macromedia

2012-12-19 21:12 . 2012-12-21 02:33 -------- d-----w- c:\users\user\AppData\Roaming\translateclient

2012-12-15 10:42 . 2012-12-15 10:43 -------- d-----w- c:\windows\rescache

2012-12-15 03:05 . 2012-12-15 03:05 -------- d-----w- C:\Samsung

2012-12-15 03:05 . 2012-12-15 03:05 -------- d-----w- C:\Download

2012-12-15 03:05 . 2012-12-25 20:05 -------- d-----w- c:\users\admin\AppData\Roaming\Samsung

2012-12-15 03:04 . 2012-12-15 03:04 -------- d-----w- C:\AllShare

2012-12-15 03:04 . 2012-12-15 03:04 -------- d-----w- c:\program files\Samsung

2012-12-15 02:50 . 2012-12-15 02:50 -------- d-----w- c:\windows\Migration

2012-12-15 02:39 . 2012-12-15 02:41 -------- d-----w- c:\users\admin\AppData\Local\Downloaded Installations

2012-12-14 22:07 . 2012-05-09 00:35 29528 ----a-w- c:\windows\system32\SmartDefragBootTime.exe

2012-12-14 22:07 . 2010-11-27 00:02 15672 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys

2012-12-14 18:44 . 2012-12-14 18:44 -------- d-----w- c:\program files\iPod

2012-12-14 18:44 . 2012-12-14 18:45 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1

2012-12-14 18:44 . 2012-12-14 18:45 -------- d-----w- c:\program files\iTunes

2012-12-13 08:19 . 2012-09-25 05:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll

2012-12-13 00:52 . 2012-12-13 00:52 -------- d-----w- c:\program files\MSECache

2012-12-05 21:54 . 2011-11-22 00:58 340624 ----a-w- c:\windows\system32\drivers\trufos.sys

2012-12-05 21:54 . 2012-03-15 20:16 353096 ----a-w- c:\windows\system32\drivers\bdfsfltr.sys

2012-12-04 22:10 . 2012-12-04 22:10 -------- d-----w- c:\program files\IObit Toolbar

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2012-12-11 19:07 . 2012-03-31 19:56 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe

2012-12-11 19:07 . 2011-10-28 22:34 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl

2012-11-29 09:18 . 2012-11-29 09:18 561664 ----a-w- c:\windows\apppatch\AcLayers.dll

2012-11-29 09:18 . 2012-11-29 09:18 8192 ----a-w- c:\windows\system32\iisrstap.dll

2012-11-29 09:18 . 2012-11-29 09:18 50688 ----a-w- c:\windows\system32\admwprox.dll

2012-11-29 09:18 . 2012-11-29 09:18 26624 ----a-w- c:\windows\system32\ahadmin.dll

2012-11-29 09:18 . 2012-11-29 09:18 154624 ----a-w- c:\windows\system32\iisRtl.dll

2012-11-29 09:18 . 2012-11-29 09:18 15360 ----a-w- c:\windows\system32\iisreset.exe

2012-11-29 09:18 . 2012-11-29 09:18 10752 ----a-w- c:\windows\system32\wamregps.dll

2012-11-29 09:17 . 2012-11-29 09:17 78336 ----a-w- c:\windows\system32\synceng.dll

2012-11-29 09:17 . 2012-11-29 09:17 73216 ----a-w- c:\windows\system32\WUDFSvc.dll

2012-11-29 09:17 . 2012-11-29 09:17 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys

2012-11-29 09:17 . 2012-11-29 09:17 613888 ----a-w- c:\windows\system32\WUDFx.dll

2012-11-29 09:17 . 2012-11-29 09:17 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll

2012-11-29 09:17 . 2012-11-29 09:17 196608 ----a-w- c:\windows\system32\WUDFHost.exe

2012-11-29 09:17 . 2012-11-29 09:17 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll

2012-11-29 09:17 . 2012-11-29 09:17 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys

2012-11-29 09:16 . 2012-11-29 09:16 9728 ----a-w- c:\windows\system32\Wdfres.dll

2012-11-29 09:16 . 2012-11-29 09:16 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys

2012-11-29 09:16 . 2012-11-29 09:16 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys

2012-11-29 09:16 . 2012-11-29 09:16 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui

2012-11-29 09:11 . 2012-11-29 09:11 2345984 ----a-w- c:\windows\system32\win32k.sys

2012-11-29 09:08 . 2012-11-29 09:08 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll

2012-11-29 09:08 . 2012-11-29 09:08 193536 ----a-w- c:\windows\system32\dhcpcore6.dll

2012-11-29 09:07 . 2012-11-29 09:07 52224 ----a-w- c:\windows\system32\nlaapi.dll

2012-11-29 09:07 . 2012-11-29 09:07 499712 ----a-w- c:\windows\system32\iphlpsvc.dll

2012-11-29 09:07 . 2012-11-29 09:07 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys

2012-11-29 09:07 . 2012-11-29 09:07 242176 ----a-w- c:\windows\system32\nlasvc.dll

2012-11-29 09:07 . 2012-11-29 09:07 18944 ----a-w- c:\windows\system32\netevent.dll

2012-11-29 09:07 . 2012-11-29 09:07 175104 ----a-w- c:\windows\system32\netcorehc.dll

2012-11-29 09:07 . 2012-11-29 09:07 156672 ----a-w- c:\windows\system32\ncsi.dll

2012-11-29 09:07 . 2012-11-29 09:07 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys

2012-10-28 23:10 . 2012-10-28 23:10 56320 ----a-w- c:\windows\system32\TSWbPrxy.exe

2012-10-28 23:10 . 2012-10-28 23:10 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys

2012-10-28 23:10 . 2012-10-28 23:10 4916224 ----a-w- c:\windows\system32\mstscax.dll

2012-10-28 23:10 . 2012-10-28 23:10 46592 ----a-w- c:\windows\system32\MsRdpWebAccess.dll

2012-10-28 23:10 . 2012-10-28 23:10 37376 ----a-w- c:\windows\system32\tsgqec.dll

2012-10-28 23:10 . 2012-10-28 23:10 32768 ----a-w- c:\windows\system32\TsUsbGDCoInstaller.dll

2012-10-28 23:10 . 2012-10-28 23:10 317440 ----a-w- c:\windows\system32\wksprt.exe

2012-10-28 23:10 . 2012-10-28 23:10 3072 ----a-w- c:\windows\system32\drivers\en-US\tsusbflt.sys.mui

2012-10-28 23:10 . 2012-10-28 23:10 2739712 ----a-w- c:\windows\system32\rdpcorets.dll

2012-10-28 23:10 . 2012-10-28 23:10 269312 ----a-w- c:\windows\system32\aaclient.dll

2012-10-28 23:10 . 2012-10-28 23:10 221184 ----a-w- c:\windows\system32\rdpudd.dll

2012-10-28 23:10 . 2012-10-28 23:10 192000 ----a-w- c:\windows\system32\rdpendp_winip.dll

2012-10-28 23:10 . 2012-10-28 23:10 16896 ----a-w- c:\windows\system32\wksprtPS.dll

2012-10-28 23:10 . 2012-10-28 23:10 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys

2012-10-28 23:10 . 2012-10-28 23:10 13312 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyExtension.dll

2012-10-28 23:10 . 2012-10-28 23:10 12800 ----a-w- c:\windows\system32\RdpGroupPolicyExtension.dll

2012-10-28 23:10 . 2012-10-28 23:10 12288 ----a-w- c:\windows\system32\TsUsbRedirectionGroupPolicyControl.exe

2012-10-28 23:10 . 2012-10-28 23:10 1048064 ----a-w- c:\windows\system32\mstsc.exe

2012-10-28 23:08 . 2012-10-28 23:08 369856 ----a-w- c:\windows\system32\drivers\cng.sys

2012-10-28 23:08 . 2012-10-28 23:08 247808 ----a-w- c:\windows\system32\schannel.dll

2012-10-28 23:08 . 2012-10-28 23:08 220160 ----a-w- c:\windows\system32\ncrypt.dll

2012-10-28 23:08 . 2012-10-28 23:08 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys

2012-10-28 23:08 . 2012-10-28 23:08 1039360 ----a-w- c:\windows\system32\lsasrv.dll

2012-10-15 16:54 . 2012-07-19 19:30 22912 ----a-w- c:\windows\system32\RegistryDefragBootTime.exe

2012-10-10 03:31 . 2012-10-10 03:31 140288 ----a-w- c:\windows\system32\cryptsvc.dll

2012-10-10 03:31 . 2012-10-10 03:31 1159680 ----a-w- c:\windows\system32\crypt32.dll

2012-10-10 03:31 . 2012-10-10 03:31 103936 ----a-w- c:\windows\system32\cryptnet.dll

2012-10-10 03:29 . 2012-10-10 03:29 542208 ----a-w- c:\windows\system32\kerberos.dll

2012-10-10 03:29 . 2012-10-10 03:29 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll

2012-10-10 03:29 . 2012-10-10 03:29 293376 ----a-w- c:\windows\system32\KernelBase.dll

2012-10-10 03:29 . 2012-10-10 03:29 271360 ----a-w- c:\windows\system32\conhost.exe

2012-10-10 03:29 . 2012-10-10 03:29 169984 ----a-w- c:\windows\system32\winsrv.dll

2012-10-10 03:28 . 2012-10-10 03:28 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe

2012-10-10 03:28 . 2012-10-10 03:28 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe

2012-10-10 03:28 . 2012-10-10 03:28 2048 ----a-w- c:\windows\system32\tzres.dll

2012-10-10 03:27 . 2012-10-10 03:27 172544 ----a-w- c:\windows\system32\wintrust.dll

2012-10-10 03:27 . 2012-10-10 03:27 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys

2012-06-08 17:26 . 2012-03-11 19:38 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!1BackedupFileOverlay]

@="{3F1FB271-8290-4330-8069-310F32C030EF}"

[HKEY_CLASSES_ROOT\CLSID\{3F1FB271-8290-4330-8069-310F32C030EF}]

2010-04-20 21:22 596480 ----a-w- c:\program files\SOS Online Backup\ShlOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!2LiveProtectedFileOverlay]

@="{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}"

[HKEY_CLASSES_ROOT\CLSID\{C26F9E4A-0BA6-4005-90FE-8665DBC229C8}]

2010-04-20 21:22 596480 ----a-w- c:\program files\SOS Online Backup\ShlOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!3ProtectedFileOverlay]

@="{A94C4834-6F18-491F-A205-3AFF24B16BC0}"

[HKEY_CLASSES_ROOT\CLSID\{A94C4834-6F18-491F-A205-3AFF24B16BC0}]

2010-04-20 21:22 596480 ----a-w- c:\program files\SOS Online Backup\ShlOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!4SharedFileOverlay]

@="{C85F4084-C3E3-453c-B242-4BDABA8F58FB}"

[HKEY_CLASSES_ROOT\CLSID\{C85F4084-C3E3-453c-B242-4BDABA8F58FB}]

2010-04-20 21:22 596480 ----a-w- c:\program files\SOS Online Backup\ShlOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!5SyncedFileOverlay]

@="{58605E40-AE20-45d7-887B-08F3D9FF3651}"

[HKEY_CLASSES_ROOT\CLSID\{58605E40-AE20-45d7-887B-08F3D9FF3651}]

2010-04-20 21:22 596480 ----a-w- c:\program files\SOS Online Backup\ShlOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!6SyncingFileOverlay]

@="{06DF45CB-D312-4306-B97D-6CDA50A10B30}"

[HKEY_CLASSES_ROOT\CLSID\{06DF45CB-D312-4306-B97D-6CDA50A10B30}]

2010-04-20 21:22 596480 ----a-w- c:\program files\SOS Online Backup\ShlOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!7ConflictedFileOverlay]

@="{D1542785-76CA-4d0c-9688-F290B1E77E01}"

[HKEY_CLASSES_ROOT\CLSID\{D1542785-76CA-4d0c-9688-F290B1E77E01}]

2010-04-20 21:22 596480 ----a-w- c:\program files\SOS Online Backup\ShlOverlays.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncBackedUp]

@="{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}"

[HKEY_CLASSES_ROOT\CLSID\{0C4A258A-3F3B-4FFF-80A7-9B3BEC139472}]

2012-12-13 04:49 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncPending]

@="{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}"

[HKEY_CLASSES_ROOT\CLSID\{62CCD8E3-9C21-41E1-B55E-1E26DFC68511}]

2012-12-13 04:49 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncRoot]

@="{A759AFF6-5851-457D-A540-F4ECED148351}"

[HKEY_CLASSES_ROOT\CLSID\{A759AFF6-5851-457D-A540-F4ECED148351}]

2012-12-13 04:49 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\SugarSyncShared]

@="{1574C9EF-7D58-488F-B358-8B78C1538F51}"

[HKEY_CLASSES_ROOT\CLSID\{1574C9EF-7D58-488F-B358-8B78C1538F51}]

2012-12-13 04:49 382664 ----a-w- c:\program files\SugarSync\SugarSyncShellExt.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Advanced SystemCare Ultimate"="c:\program files\IObit\Advanced SystemCare Ultimate\ASCTray.exe" [2012-11-07 512384]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-24 173592]

"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-27 30040]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorUser"= 0 (0x0)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]

"NoExpandedNewMenu"= 1 (0x1)

.

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]

"NoResolveTrack"= 1 (0x1)

.

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]

BootExecute REG_MULTI_SZ autocheck autochk *\0SmartDefragBootTime.exe

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"

.

[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]

path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk

backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup

backupExtension=.CommonStartup

.

[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CNET TechTracker.lnk]

backup=c:\windows\pss\CNET TechTracker.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Epson all-in-one Registration.lnk]

path=c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Epson all-in-one Registration.lnk

backup=c:\windows\pss\Epson all-in-one Registration.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]

backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnk.Startup

backupExtension=.Startup

.

[HKLM\~\startupfolder\C:^Users^admin^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]

path=c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk

backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup

backupExtension=.Startup

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MobileDocuments

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_dec12

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartNowToolbarHelper

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]

2012-09-24 02:43 926896 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare Ultimate]

2012-11-07 21:50 512384 ----a-w- c:\program files\IObit\Advanced SystemCare Ultimate\ASCTray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AllShareAgent]

2012-03-02 05:59 285072 ----a-w- c:\program files\Samsung\AllShare\AllShareAgent.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]

2012-11-28 20:13 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EEventManager]

2009-04-07 14:13 673616 ------w- c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 320 Series]

2009-09-14 12:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGJA.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 320 Series (Copy 1)]

2009-09-14 12:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGJA.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON WorkForce 500 Series]

2008-02-22 11:00 188928 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIEQA.EXE

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZPronounce]

2006-10-20 22:41 94208 ----a-w- c:\program files\EZPronounce\EZPronounce.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FUFAXSTM]

2009-12-03 05:00 847872 ------w- c:\program files\Epson Software\FAX Utility\FUFAXSTM.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]

2011-11-11 20:00 136176 ----atw- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]

2009-02-27 00:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray]

2009-09-24 00:30 141848 ----a-w- c:\windows\System32\igfxtray.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]

2011-10-11 17:49 1179648 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IntelliPoint]

2011-08-01 20:56 1821576 ----a-w- c:\program files\Microsoft IntelliPoint\ipoint.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]

2012-12-12 19:57 152544 ----a-w- c:\program files\iTunes\iTunesHelper.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Persistence]

2009-09-24 00:30 150552 ----a-w- c:\windows\System32\igfxpers.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]

2009-11-11 20:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

2012-04-19 01:56 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SacReminderHDDV2]

2011-07-25 06:37 464720 ----a-r- c:\programdata\OfficeGuardianV2\reminder\SacReminder.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]

2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]

2012-07-13 18:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SMessaging]

2011-12-02 21:46 45472 ----a-w- c:\program files\SOS Online Backup\SMessaging.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]

2007-02-21 23:14 1183744 ----a-w- c:\program files\Analog Devices\Core\smax4pnp.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]

2012-07-03 14:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]

2012-04-10 20:14 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]

2010-06-04 07:17 1791272 ----a-w- c:\program files\Synaptics\SynTP\SynTPEnh.exe

.

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WorkForce 320(Network)]

2009-09-14 12:00 200704 ----a-w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGJA.EXE

.

R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]

R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]

R3 HP8207_8307;HP-HP8207_8307;c:\windows\system32\DRIVERS\HP8207_8307.sys [x]

R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [x]

R3 PulseUsb;Livescribe Smartpen USB Driver;c:\windows\system32\DRIVERS\PulseUsb.sys [x]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]

R3 RICOH SmartCard Reader;RICOH SmartCard Reader;c:\windows\system32\DRIVERS\rismc32.sys [x]

R3 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files\Samsung\AllShare\AllShareSlideShowService.exe [x]

R3 SPC1000;USB2.0 PC Camera (SPC1000);c:\windows\system32\DRIVERS\spc1000.sys [x]

R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]

R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]

R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]

S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]

S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]

S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]

S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files\IObit\Advanced SystemCare Ultimate\ascsvc.exe [x]

S2 ASCAntivirusSrv;AdvancedSystemCareAntivirus;c:\program files\IObit\Advanced SystemCare Ultimate\ascavsvc.exe [x]

S2 CFUACProxy_officeguardianv2;CFUACProxy_officeguardianv2;c:\programdata\OfficeGuardianV2\UACProxy.exe [x]

S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]

S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]

S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [x]

S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]

S2 iprip;RIP Listener;c:\windows\System32\svchost.exe [x]

S2 PenCommService;Livescribe Pulse Smartpen Service;c:\program files\Common Files\Livescribe\PenComm\PenCommService.exe [x]

S2 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]

S3 netw5v32;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]

S3 rismc32;RICOH Smart Card Reader;c:\windows\system32\DRIVERS\rismc32.sys [x]

S3 WSDScan;WSD Scan Support via UMB;c:\windows\system32\DRIVERS\WSDScan.sys [x]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]

iissvcs REG_MULTI_SZ w3svc was

apphost REG_MULTI_SZ apphostsvc

ftpsvc REG_MULTI_SZ ftpsvc

ipripsvc REG_MULTI_SZ iprip

LPDService REG_MULTI_SZ LPDSVC

GPSvcGroup REG_MULTI_SZ GPSvc

.

Contents of the 'Scheduled Tasks' folder

.

2012-12-31 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 19:07]

.

2012-12-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 20:14]

.

2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-10 20:14]

.

2012-12-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2079686707-671026812-3926691569-1000Core.job

- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 20:00]

.

2012-12-31 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2079686707-671026812-3926691569-1000UA.job

- c:\users\admin\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-11 20:00]

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local;<local>

IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html

IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html

IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html

IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000

IE: EZPronounce - c:\program files\EZPronounce\EZPronounce.exe/101

IE: {{5E57EFF2-AB54-4367-93B6-6C20DDAAA95D} - c:\program files\EZPronounce\EZPronounce.exe

TCP: DhcpNameServer = 192.168.1.1

FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\

FF - prefs.js: browser.search.selectedEngine - Google

FF - prefs.js: browser.startup.homepage - http://www.yahoo.com

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2012-12-28 07:33; ascsurfingprotection@iobit.com; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\bl973055.default\extensions\ascsurfingprotection@iobit.com

# Mozilla User Preferences

/* Do not edit this file.

*

* If you make changes to this file while the application is running,

* the changes will be overwritten when the application exits.

*

dmbaker · December 31, 2012

ComboFix Results Part III

Hi Dave,

Still too long, so this is the rest of it. Sorry about that, I didn't know if you would rather I attach it or do it this way.

* To make a manual change to preferences, you can visit the URL about:config

*/

FF - user.js: accessibility.blockautorefresh - true

FF - user.js: accessibility.typeaheadfind - true

FF - user.js: accessibility.typeaheadfind.casesensitive - 1

FF - user.js: accessibility.typeaheadfind.flashBar - 0

FF - user.js: app.update.auto - false

FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1342190740

FF - user.js: app.update.lastUpdateTime.background-update-timer - 1342190980

FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1342190860

FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1342279606

FF - user.js: browser.anchor_color - #0000FF

FF - user.js: browser.bookmarks.editDialog.firstEditField - tagsField

FF - user.js: browser.bookmarks.restore_default_bookmarks - false

FF - user.js: browser.cache.disk.capacity - 1048576

FF - user.js: browser.cache.disk.smart_size.first_run - false

FF - user.js: browser.cache.disk.smart_size_cached_value - 614400

FF - user.js: browser.cache.memory.capacity - 65536

FF - user.js: browser.chrome.favicons - false

FF - user.js: browser.display.background_color - #C0C0C0

FF - user.js: browser.display.use_system_colors - true

FF - user.js: browser.download.lastDir - e:\\Aunt Barbara from Dana\\Jamie

FF - user.js: browser.download.save_converter_index - 0

FF - user.js: browser.feeds.handler.default - bookmarks

FF - user.js: browser.feeds.showFirstRunUI - false

FF - user.js: browser.keywordURLPromptDeclined - 1

FF - user.js: browser.migration.version - 6

FF - user.js: browser.places.smartBookmarksVersion - 3

FF - user.js: browser.preferences.advanced.selectedTabIndex - 0

FF - user.js: browser.rights.3.shown - true

FF - user.js: browser.search.defaultenginename - Yahoo

FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&ilc=12&type=685749

FF - user.js: browser.search.selectedEngine - Google

FF - user.js: browser.search.useDBForOrder - true

FF - user.js: browser.shell.checkDefaultBrowser - false

FF - user.js: browser.startup.homepage - http://www.yahoo.com

FF - user.js: browser.startup.homepage_override.buildID - 20120601045813

FF - user.js: browser.startup.homepage_override.mstone - 13.0

FF - user.js: browser.syncPromoViewsLeft - 0

FF - user.js: browser.tabs.loadInBackground - false

FF - user.js: browser.taskbar.lastgroupid - 308046B0AF4A39CB

FF - user.js: browser.turbo.enabled - true

FF - user.js: browser.visited_color - #800080

FF - user.js: content.interrupt.parsing - true

FF - user.js: content.max.tokenizing.time - 2250000

FF - user.js: content.notify.ontimer - true

FF - user.js: content.switch.threshold - 750000

FF - user.js: dom.disable_open_during_load - false

FF - user.js: extensions.afurladvisor.bkp_proxy_type - -1

FF - user.js: extensions.afurladvisor.firstrun - false

FF - user.js: extensions.avgdnt.bTrackers - [\2\,\3\,\1\,\4\,\5\,\6\,\7\,\8\,\9\,\10\,\11\,\12\,\13\,\14\,\15\,\16\,\17\,\18\,\19\,\20\,\21\,\22\,\23\,\24\,\25\,\26\,\27\,\28\,\29\,\30\,\31\,\32\,\33\,\34\,\35\,\38\,\39\,\40\,\42\,\49\,\44\,\45\,\46\,\47\,\48\]

FF - user.js: extensions.avgdnt.blockall - 1

FF - user.js: extensions.avgdnt.firstRun - false

FF - user.js: extensions.avgdnt.lastUpdated - 1342279485919

FF - user.js: extensions.avgdnt.version - 1

FF - user.js: extensions.blocklist.pingCountTotal - 22

FF - user.js: extensions.blocklist.pingCountVersion - 10

FF - user.js: extensions.bootstrappedAddons - {}

FF - user.js: extensions.crossrider.bic - 1397e28072d6c60cc4af9e705d2ce1c5

FF - user.js: extensions.databaseSchema - 12

FF - user.js: extensions.enabledAddons - {ab91efd4-6975-4081-8552-1b3922ed79e2}:1.0.15.0,{79ecc569-888e-47b8-abbc-bea375652ba2}:2.0,cstsidebar@cast.org:1.2,{0B37872F-D59F-4b47-B2FD-F37E3F979437}:2.2,{F53C93F1-07D5-430c-86D4-C9531B27DFAF}:12.0.0.2166,{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33,web2pdfextension@web2pdf.adobedotcom:1.2,{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:6.0.0.10297,{c95a4e8e-816d-4655-8c79-d736da1adb6d}:3.13.0.6,afurladvisor@anchorfree.com:1.1,{972ce4c6-7e08-4474-a285-3208198ce6fd}:13.0

FF - user.js: extensions.hotfix.lastVersion - 20120430.01

FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1339176388658},\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\,\mtime\:1339970463363}}},{\name\:\winreg-app-user\,\addons\:{\{b64982b1-d112-42b5-b1e4-d3867c4533f8}\:{\descriptor\:\c:\\\\ProgramData\\\\Browser Manager\\\\2.2.580.185\\\\{16cdff19-861d-48e3-a751-d99a27784753}\\\\FirefoxExtension\,\mtime\:1346175002883}}},{\name\:\app-profile\,\addons\:{\ascsurfingprotection@iobit.com\:{\descriptor\:\c:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bl973055.default\\\\extensions\\\\ascsurfingprotection@iobit.com\,\mtime\:1354744472739},\cstsidebar@cast.org\:{\descriptor\:\c:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bl973055.default\\\\extensions\\\\cstsidebar@cast.org.xpi\,\mtime\:1336245621717},\iobit@mybrowserbar.com\:{\descriptor\:\c:\\\\Program Files\\\\IObit Toolbar\\\\FF\,\mtime\:1354659061675},\wtxpcom@mybrowserbar.com\:{\descriptor\:\c:\\\\Program Files\\\\Common Files\\\\Spigot\\\\wtxpcom\,\mtime\:1354659061675},\{0B37872F-D59F-4b47-B2FD-F37E3F979437}\:{\descriptor\:\c:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bl973055.default\\\\extensions\\\\{0B37872F-D59F-4b47-B2FD-F37E3F979437}\,\mtime\:1336267375758},\{79ecc569-888e-47b8-abbc-bea375652ba2}\:{\descriptor\:\c:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bl973055.default\\\\extensions\\\\{79ecc569-888e-47b8-abbc-bea375652ba2}.xpi\,\mtime\:1336243752946},\{ab91efd4-6975-4081-8552-1b3922ed79e2}\:{\descriptor\:\c:\\\\Users\\\\admin\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bl973055.default\\\\extensions\\\\{ab91efd4-6975-4081-8552-1b3922ed79e2}\,\mtime\:1331671051996}}}]

FF - user.js: extensions.lastAppVersion - 13.0

FF - user.js: extensions.lastPlatformVersion - 13.0

FF - user.js: extensions.pendingOperations - false

FF - user.js: extensions.shownSelectionUI - true

FF - user.js: extensions.skype_toolbar.version - 6.0.0.10297

FF - user.js: extensions.toolbar.mindspark._v4Members_.initialized - true

FF - user.js: extensions.toolbar.mindspark._v4Members_.installation.installDate - 2012091713

FF - user.js: extensions.toolbar.mindspark._v4Members_.installation.partnerId - ^XQ^xdm002^S01933^us

FF - user.js: extensions.toolbar.mindspark._v4Members_.installation.partnerSubId - CLrr39egubICFahAMgodFgIASA

FF - user.js: extensions.toolbar.mindspark._v4Members_.installation.success - true

FF - user.js: extensions.toolbar.mindspark._v4Members_.installation.toolbarId - ACD4E032-5059-45A9-BB86-7CEEF23DBE83

FF - user.js: extensions.toolbar.mindspark._v4Members_.lastActivePing - 1348857542238

FF - user.js: extensions.toolbar.mindspark._v4Members_.options.defaultSearch - true

FF - user.js: extensions.toolbar.mindspark._v4Members_.options.homePageEnabled - false

FF - user.js: extensions.toolbar.mindspark._v4Members_.options.keywordEnabled - true

FF - user.js: extensions.toolbar.mindspark._v4Members_.options.tabEnabled - false

FF - user.js: extensions.toolbar.mindspark._v4Members_.searchHistory - MIGMATITE

FF - user.js: extensions.toolbar.mindspark._v4Members_.weather.location - 77001

FF - user.js: extensions.toolbar.mindspark.lastInstalled - dictionaryboss@mindspark.com

FF - user.js: extensions.ui.dictionary.hidden - true

FF - user.js: extensions.ui.lastCategory - addons://list/extension

FF - user.js: extensions.ui.locale.hidden - true

FF - user.js: extentions.undefined.lastDnsTest - 374592

FF - user.js: idle.lastDailyNotification - 1342210255

FF - user.js: intl.charsetmenu.browser.cache - us-ascii, windows-1251, windows-1252, ISO-8859-1, UTF-8

FF - user.js: kesireader.exePath - c:\\Program Files\\Kurzweil Educational Systems\\Kurzweil 3000\\Kurzweil 3000.exe

FF - user.js: kesireader.port - 1007

FF - user.js: kesireader.startPort - 5003

FF - user.js: kesireader.suppressDebuggingAlerts - false

FF - user.js: layout.spellcheckDefault - 0

FF - user.js: network.cookie.prefsMigrated - true

FF - user.js: network.http.max-connections - 48

FF - user.js: network.http.max-connections-per-server - 16

FF - user.js: network.http.max-persistent-connections-per-proxy - 16

FF - user.js: network.http.max-persistent-connections-per-server - 8

FF - user.js: network.http.pipelining.maxrequests - 8

FF - user.js: network.http.request.max-start-delay - 0

FF - user.js: network.proxy.no_proxies_on - *.local

FF - user.js: network.proxy.type - 0

FF - user.js: places.database.lastMaintenance - 1342210255

FF - user.js: places.history.expiration.transient_current_max_pages - 80303

FF - user.js: plugin.expose_full_path - true

FF - user.js: pref.advanced.images.disable_button.view_image - false

FF - user.js: pref.advanced.javascript.disable_button.advanced - false

FF - user.js: prefs.fc_uuid - 652d58e8-0857-4e21-90ff-7335bcb15d18

FF - user.js: print_printer - EPSON WorkForce 320 Series (Copy 1)

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_bgcolor - false

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_bgimages - false

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_colorspace -

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_command -

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_downloadfonts - false

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_edge_bottom - 0

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_edge_left - 0

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_edge_right - 0

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_edge_top - 0

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_evenpages - true

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_footercenter -

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_footerleft - &PT

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_footerright - &D

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_headercenter -

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_headerleft - &T

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_headerright - &U

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_in_color - true

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_margin_bottom - 0.5

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_margin_left - 0.5

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_margin_right - 0.5

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_margin_top - 0.5

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_oddpages - true

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_orientation - 0

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_page_delay - 50

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_paper_data - 1

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_paper_height - 11.00

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_paper_name -

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_paper_size_type - 0

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_paper_size_unit - 0

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_paper_width - 8.50

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_plex_name -

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_resolution_name -

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_reversed - false

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_scaling - 1.00

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_shrink_to_fit - true

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_to_file - false

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_to_filename -

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_unwriteable_margin_bottom - 0

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_unwriteable_margin_left - 0

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_unwriteable_margin_right - 0

FF - user.js: printer_EPSON497A8B_(WorkForce_320).print_unwriteable_margin_top - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_bgcolor - false

FF - user.js: printer_EPSON_WorkForce_320_Series.print_bgimages - false

FF - user.js: printer_EPSON_WorkForce_320_Series.print_colorspace -

FF - user.js: printer_EPSON_WorkForce_320_Series.print_command -

FF - user.js: printer_EPSON_WorkForce_320_Series.print_downloadfonts - false

FF - user.js: printer_EPSON_WorkForce_320_Series.print_edge_bottom - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_edge_left - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_edge_right - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_edge_top - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_evenpages - true

FF - user.js: printer_EPSON_WorkForce_320_Series.print_footercenter -

FF - user.js: printer_EPSON_WorkForce_320_Series.print_footerleft - &PT

FF - user.js: printer_EPSON_WorkForce_320_Series.print_footerright - &D

FF - user.js: printer_EPSON_WorkForce_320_Series.print_headercenter -

FF - user.js: printer_EPSON_WorkForce_320_Series.print_headerleft - &T

FF - user.js: printer_EPSON_WorkForce_320_Series.print_headerright - &U

FF - user.js: printer_EPSON_WorkForce_320_Series.print_in_color - true

FF - user.js: printer_EPSON_WorkForce_320_Series.print_margin_bottom - 0.5

FF - user.js: printer_EPSON_WorkForce_320_Series.print_margin_left - 0.5

FF - user.js: printer_EPSON_WorkForce_320_Series.print_margin_right - 0.5

FF - user.js: printer_EPSON_WorkForce_320_Series.print_margin_top - 0.5

FF - user.js: printer_EPSON_WorkForce_320_Series.print_oddpages - true

FF - user.js: printer_EPSON_WorkForce_320_Series.print_orientation - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_page_delay - 50

FF - user.js: printer_EPSON_WorkForce_320_Series.print_paper_data - 1

FF - user.js: printer_EPSON_WorkForce_320_Series.print_paper_height - 11.00

FF - user.js: printer_EPSON_WorkForce_320_Series.print_paper_name -

FF - user.js: printer_EPSON_WorkForce_320_Series.print_paper_size_type - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_paper_size_unit - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_paper_width - 8.50

FF - user.js: printer_EPSON_WorkForce_320_Series.print_plex_name -

FF - user.js: printer_EPSON_WorkForce_320_Series.print_resolution_name -

FF - user.js: printer_EPSON_WorkForce_320_Series.print_reversed - false

FF - user.js: printer_EPSON_WorkForce_320_Series.print_scaling - 1.00

FF - user.js: printer_EPSON_WorkForce_320_Series.print_shrink_to_fit - true

FF - user.js: printer_EPSON_WorkForce_320_Series.print_to_file - false

FF - user.js: printer_EPSON_WorkForce_320_Series.print_to_filename -

FF - user.js: printer_EPSON_WorkForce_320_Series.print_unwriteable_margin_bottom - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_unwriteable_margin_left - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_unwriteable_margin_right - 0

FF - user.js: printer_EPSON_WorkForce_320_Series.print_unwriteable_margin_top - 0