Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

tags.bluekai in my browser?


  • Please log in to reply

#1
sidneybnice

sidneybnice

    New Member

  • Member
  • Pip
  • 4 posts
When I login - browser is already open with this in address line

http://tags.bluekai....;30;&r=82846338

(338 is the end of the address line in browser)

slower than normal response in browser

OTL logfile created on: 3/22/2013 8:13:45 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\sbn\Downloads
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

11.99 Gb Total Physical Memory | 9.39 Gb Available Physical Memory | 78.33% Memory free
29.98 Gb Paging File | 27.15 Gb Available in Paging File | 90.57% Paging File free
Paging file location(s): j:\pagefile.sys 18418 18418 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97.56 Gb Total Space | 28.57 Gb Free Space | 29.29% Space Free | Partition Type: NTFS
Drive D: | 21.58 Gb Total Space | 19.03 Gb Free Space | 88.16% Space Free | Partition Type: NTFS
Drive E: | 802.51 Gb Total Space | 244.40 Gb Free Space | 30.45% Space Free | Partition Type: NTFS
Drive I: | 129.00 Gb Total Space | 106.45 Gb Free Space | 82.52% Space Free | Partition Type: NTFS
Drive J: | 111.79 Gb Total Space | 28.16 Gb Free Space | 25.19% Space Free | Partition Type: NTFS

Computer Name: I7-860 | User Name: sbn | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/03/22 20:13:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\sbn\Downloads\OTL.exe
PRC - [2013/02/23 09:36:56 | 004,165,776 | ---- | M] (H.D.S. Hungary) -- C:\Program Files (x86)\Hard Disk Sentinel\hdsentinel.exe
PRC - [2013/02/09 13:33:25 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/12/14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/11/29 21:33:06 | 000,232,608 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012/11/18 14:05:04 | 001,263,616 | ---- | M] (SRWare) -- C:\Program Files (x86)\SRWare Iron\iron.exe
PRC - [2012/09/17 13:41:58 | 000,508,336 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
PRC - [2012/08/21 09:58:22 | 000,328,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccsvchst.exe
PRC - [2011/08/22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnetdhcp.exe
PRC - [2011/08/22 17:07:18 | 000,103,536 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011/08/22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) -- C:\Windows\SysWOW64\vmnat.exe
PRC - [2011/08/22 16:34:52 | 011,837,440 | ---- | M] () -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
PRC - [2011/08/22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/11/03 20:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
PRC - [2009/02/20 00:48:24 | 000,024,576 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe


========== Modules (No Company Name) ==========

MOD - [2013/03/13 14:58:50 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2013/03/07 17:12:56 | 000,205,312 | ---- | M] () -- C:\Users\sbn\AppData\Local\Chromium\User Data\Default\Extensions\hehijbfgiekmjfkfjpbkbammjbdenadd\5.3.6.1_0\plugin\blackfishietab.dll
MOD - [2012/11/08 18:46:30 | 001,400,846 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avcodec-54.dll
MOD - [2012/11/08 18:46:30 | 000,222,734 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avformat-54.dll
MOD - [2012/11/08 18:46:30 | 000,151,054 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\avutil-51.dll
MOD - [2012/09/26 16:47:44 | 000,144,384 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libEGL.dll
MOD - [2012/09/26 16:46:54 | 000,735,744 | ---- | M] () -- C:\Program Files (x86)\SRWare Iron\libGLESv2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2009/03/12 15:45:32 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
MOD - [2008/11/21 13:58:42 | 000,057,344 | ---- | M] () -- C:\Program Files (x86)\Epson Software\Event Manager\Assistants\Scan Assistant\Satwain.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/02/27 09:37:56 | 002,789,376 | ---- | M] (Bdrive Inc.) [Auto | Running] -- C:\Program Files\NetDrive\ndsvc.exe -- (ndsvc)
SRV:64bit: - [2012/12/19 14:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011/01/10 13:21:02 | 000,231,280 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\Microsoft.HomeServer.Archive.TransferService.exe -- (arXfrSvc)
SRV:64bit: - [2011/01/10 13:20:18 | 000,109,936 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\esClient.exe -- (esClient)
SRV:64bit: - [2011/01/10 13:19:58 | 000,489,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Home Server\WHSConnector.exe -- (WHSConnector)
SRV:64bit: - [2009/12/28 15:37:34 | 000,331,752 | ---- | M] (XIMETA, Inc.) [Auto | Running] -- C:\Program Files\NDAS\System\ndassvc.exe -- (ndassvc)
SRV:64bit: - [2009/07/13 20:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/13 14:58:50 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/11/29 21:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012/11/06 17:20:35 | 000,147,888 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\ramaint.exe -- (LMIMaint)
SRV - [2012/11/06 17:20:28 | 000,375,728 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe -- (LMIGuardianSvc)
SRV - [2012/06/15 21:24:19 | 000,138,272 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ccSvcHst.exe -- (NIS)
SRV - [2011/08/22 17:07:32 | 000,354,416 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011/08/22 17:06:56 | 000,432,752 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011/08/22 16:34:52 | 011,837,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe -- (VMwareHostd)
SRV - [2011/08/22 15:28:42 | 000,079,872 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011/08/21 23:11:28 | 000,846,448 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe -- (VMUSBArbService)
SRV - [2011/05/23 17:51:00 | 000,095,232 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmdb.exe -- (XRNADB)
SRV - [2011/03/04 12:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/12/15 14:31:20 | 000,460,144 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShare\FlipShareService.exe -- (FlipShare Service)
SRV - [2010/12/15 14:22:42 | 001,085,440 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe -- (FlipShareServer)
SRV - [2010/11/08 13:04:18 | 000,407,424 | ---- | M] (LogMeIn, Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe -- (LogMeIn)
SRV - [2010/11/03 20:19:24 | 000,094,024 | ---- | M] (Sling Media Inc.) [Auto | Running] -- C:\Program Files (x86)\Sling Media\SlingAgent\SlingAgentService.exe -- (SlingAgentService)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007/12/17 04:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007/01/11 04:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/02/02 21:22:41 | 000,063,712 | ---- | M] (Bdrive Inc.) [File_System | On_Demand | Stopped] -- C:\Program Files\NetDrive\NDFS.sys -- (ndfs)
DRV:64bit: - [2013/01/22 13:59:30 | 000,035,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WLRAWMp50x64.sys -- (WLRAWMp50x64)
DRV:64bit: - [2013/01/22 13:59:30 | 000,034,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WLRAWSp50x64.sys -- (WLRAWSp50x64)
DRV:64bit: - [2012/12/19 15:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/12/19 14:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/12/14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012/11/06 17:20:29 | 000,088,008 | ---- | M] (LogMeIn, Inc.) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\LMIRfsClientNP.dll -- (LMIRfsClientNP)
DRV:64bit: - [2012/11/06 06:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/08/23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012/08/23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012/07/05 21:17:58 | 000,037,536 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012/07/05 21:17:57 | 000,737,952 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012/06/06 23:43:38 | 000,167,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ccsetx64.sys -- (ccSet_NIS)
DRV:64bit: - [2012/05/21 20:37:12 | 001,129,120 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symefa64.sys -- (SymEFA)
DRV:64bit: - [2012/04/17 21:13:32 | 000,405,624 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symnets.sys -- (SymNetS)
DRV:64bit: - [2012/04/17 20:42:14 | 000,190,072 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\ironx64.sys -- (SymIRON)
DRV:64bit: - [2012/03/23 08:08:30 | 000,175,736 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012/03/01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/08/22 17:07:58 | 000,062,064 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011/08/22 17:06:14 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011/08/22 15:12:26 | 000,045,680 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011/08/22 15:12:26 | 000,020,080 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011/08/21 23:11:26 | 000,039,024 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011/08/21 23:01:22 | 000,037,680 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vmusb.sys -- (vmusb)
DRV:64bit: - [2011/08/08 14:59:12 | 000,116,336 | ---- | M] (VMware, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011/07/25 21:18:35 | 000,451,192 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NISx64\1309010.00E\symds64.sys -- (SymDS)
DRV:64bit: - [2011/06/01 06:18:22 | 000,079,360 | ---- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ax88772.sys -- (AX88772)
DRV:64bit: - [2011/03/11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/03/04 12:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV:64bit: - [2011/02/18 16:36:58 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/01/26 21:35:26 | 000,425,064 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010/12/08 13:21:14 | 000,014,944 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\radpms.sys -- (radpms)
DRV:64bit: - [2010/11/20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/19 17:25:40 | 000,210,944 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc)
DRV:64bit: - [2010/11/19 17:25:40 | 000,049,664 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh)
DRV:64bit: - [2010/11/09 15:35:24 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010/09/26 21:10:30 | 000,035,840 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BVRPMPR5a64.SYS -- (BVRPMPR5a64)
DRV:64bit: - [2010/03/30 23:35:04 | 000,020,968 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz133_x64.sys -- (cpuz133)
DRV:64bit: - [2010/02/08 08:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA)
DRV:64bit: - [2009/12/28 15:39:58 | 000,151,528 | ---- | M] (XIMETA, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\lpx6x.sys -- (lpx)
DRV:64bit: - [2009/12/28 15:39:44 | 000,486,888 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ndasscsi.sys -- (ndasscsi)
DRV:64bit: - [2009/12/28 15:39:24 | 001,053,160 | ---- | M] (XIMETA, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ndasrofs.sys -- (ndasrofs)
DRV:64bit: - [2009/12/28 15:39:12 | 000,607,208 | ---- | M] (Windows ® Codename Longhorn DDK provider) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ndasfat.sys -- (ndasfat)
DRV:64bit: - [2009/12/28 15:39:06 | 000,746,472 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\ndasfs.sys -- (ndasfs)
DRV:64bit: - [2009/12/28 15:39:06 | 000,738,280 | ---- | M] (XIMETA, Inc.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lfsfilt.sys -- (lfsfilt)
DRV:64bit: - [2009/12/28 15:38:56 | 000,497,640 | ---- | M] (XIMETA, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ndasbus.sys -- (ndasbus)
DRV:64bit: - [2009/10/07 15:11:30 | 000,053,096 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BackupReader.sys -- (BackupReader)
DRV:64bit: - [2009/08/21 21:24:04 | 000,084,512 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2009/07/13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/07/13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 19:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/06/04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/05/08 11:08:00 | 000,020,520 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mcdbus.sys -- (mcdbus)
DRV:64bit: - [2008/11/16 18:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE)
DRV:64bit: - [2008/11/14 14:18:48 | 000,517,632 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btprot.sys -- (BTPROT)
DRV:64bit: - [2008/11/14 14:18:48 | 000,031,744 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btiausb.sys -- (BTIAUSB)
DRV:64bit: - [2008/09/16 11:21:06 | 000,092,160 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btiaspp.sys -- (btiaspp)
DRV:64bit: - [2008/09/16 11:21:06 | 000,082,944 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btiaa2dp.sys -- (btiaa2dp)
DRV:64bit: - [2008/09/16 11:21:06 | 000,037,888 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btiapan.sys -- (BTiAPan)
DRV:64bit: - [2008/08/11 12:40:58 | 000,072,216 | ---- | M] (LogMeIn, Inc.) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys -- (LMIRfsDriver)
DRV:64bit: - [2008/08/11 12:40:32 | 000,011,552 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lmimirr.sys -- (lmimirr)
DRV:64bit: - [2008/07/30 16:04:24 | 000,025,088 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btiasco.sys -- (iAnywhere_btAudio)
DRV:64bit: - [2008/07/30 16:04:24 | 000,010,880 | ---- | M] (iAnywhere Solutions) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btiarcp.sys -- (btiarcp)
DRV:64bit: - [2007/11/13 11:54:08 | 000,026,472 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BS_I2c64.sys -- (BS_I2cIo)
DRV:64bit: - [2006/10/31 02:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BIOS64.sys -- (BIOS)
DRV - [2013/03/13 14:08:27 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130322.018\ex64.sys -- (NAVEX15)
DRV - [2013/03/13 14:08:27 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\VirusDefs\20130322.018\eng64.sys -- (NAVENG)
DRV - [2013/01/22 13:59:30 | 000,035,352 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WLRAWMp50x64.sys -- (WLRAWMp50x64)
DRV - [2013/01/22 13:59:30 | 000,034,328 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\WLRAWSp50x64.sys -- (WLRAWSp50x64)
DRV - [2013/01/19 14:14:48 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2013/01/15 21:51:11 | 001,388,120 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\BASHDefs\20130301.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012/12/12 23:22:42 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012/08/31 19:34:01 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\Definitions\IPSDefs\20130322.001\IDSviA64.sys -- (IDSVia64)
DRV - [2009/07/13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009/02/24 18:35:44 | 000,255,552 | ---- | M] (MagicISO, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\mcdbus.sys -- (mcdbus)
DRV - [2008/08/11 12:41:00 | 000,015,928 | ---- | M] (LogMeIn, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\LogMeIn\x64\rainfo.sys -- (LMIInfo)
DRV - [2006/10/31 02:25:02 | 000,014,136 | R--- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BIOS64.sys -- (BIOS)
DRV - [2006/04/13 15:33:28 | 000,008,192 | ---- | M] (BIOSTAR Group) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\BS_I2c64.sys -- (BS_I2cIo)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F4 EB 56 3F 8E B9 CA 01 [binary data]
IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{180780f0-b348-4b44-8210-94a8f3ee15b2}: "URL" = http://search.comcas...q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "XFINITY"
FF - prefs.js..browser.search.selectedEngine: "XFINITY"
FF - prefs.js..browser.startup.homepage: "http://xfinity.comca...nsDate06082012"
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:2
FF - prefs.js..extensions.enabledItems: 5
FF - prefs.js..extensions.enabledItems: 3
FF - prefs.js..extensions.enabledItems: 1
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:10.1.0.68 - 2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}:6.0.39
FF - prefs.js..extensions.enabledItems: {34712C68-7391-4c47-94F3-8F88D49AD632}:1.3.0
FF - prefs.js..keyword.URL: "http://search.condui...d=CT2786678&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.1.13: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=15.0.1.13: c:\program files (x86)\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\sbn\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\sbn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\sbn\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\sbn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\sbn\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\sbn\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPlgn\ [2012/02/02 08:03:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\coFFPlgn\ [2013/03/22 20:00:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/06/12 17:43:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013/02/09 13:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013/02/09 13:33:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/02/25 09:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/25 09:56:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\[email protected]: C:\Users\sbn\AppData\Roaming\Move Networks [2011/01/06 11:37:03 | 000,000,000 | ---D | M]

[2011/01/07 15:27:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sbn\AppData\Roaming\Mozilla\Extensions
[2013/02/22 22:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sbn\AppData\Roaming\Mozilla\Firefox\Profiles\ddnpg09g.default\extensions
[2011/05/18 22:13:42 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Users\sbn\AppData\Roaming\Mozilla\Firefox\Profiles\ddnpg09g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/18 22:13:42 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\sbn\AppData\Roaming\Mozilla\Firefox\Profiles\ddnpg09g.default\extensions\[email protected]
[2011/01/30 10:01:34 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\sbn\AppData\Roaming\Mozilla\Firefox\Profiles\ddnpg09g.default\extensions\[email protected]
[2013/02/22 22:55:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011/03/14 09:57:59 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011/07/01 09:22:41 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
[2012/10/06 13:58:02 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/11/20 20:05:53 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/02/12 13:03:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2012/06/12 17:43:27 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012/02/02 08:03:31 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.1.3\IPSFFPLGN
[2013/02/09 13:33:43 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2011/01/06 11:37:03 | 000,000,000 | ---D | M] (Move Media Player) -- C:\USERS\SBN\APPDATA\ROAMING\MOVE NETWORKS
[2013/02/09 13:33:27 | 000,124,056 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/02/28 15:04:46 | 000,020,569 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\xfinity.xml

========== Chrome ==========

CHR - default_search_provider: XFINITY Search (Enabled)
CHR - default_search_provider: search_url = http://search.comcas...q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\sbn\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\sbn\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\sbn\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll
CHR - plugin: Norton Confidential (Enabled) = C:\Users\sbn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.4.6_0\npcoplgn.dll
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\sbn\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\sbn\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll
CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Move Streaming Media Player (Enabled) = C:\Users\sbn\AppData\Roaming\Move Networks\plugins\npqmp071706000001.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll
CHR - Extension: RealDownloader = C:\Users\sbn\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: Norton Identity Protection = C:\Users\sbn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.11.8_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Users\sbn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\

O1 HOSTS File: ([2012/07/18 21:13:15 | 000,000,906 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 192.168.99.211 WHSSERVER #Windows Home Server#
O1 - Hosts: 192.1.1.1 blueirissoftware.com
O2:64bit: - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O2:64bit: - BHO: (BrowserHelper Class) - {9A065C65-4EE7-4DDD-9918-F129089A894A} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (ExplorerBHO Class) - {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll (IvoSoft)
O3:64bit: - HKLM\..\Toolbar: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Classic Explorer Bar) - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll (IvoSoft)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.1.14\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll (Conduit Ltd.)
O3:64bit: - HKCU\..\Toolbar\ShellBrowser: (Home Server Banner) - {D73E76A3-F902-45BD-8FC8-95AE8E014671} - C:\Program Files\Windows Home Server\WHSDeskBands.dll (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Classic Start Menu] C:\Program Files\Classic Shell\ClassicStartMenu.exe (IvoSoft)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe (LogMeIn, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [DocuPrint 3045NI RUN] C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmRun.exe ()
O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows ® Win 7 DDK provider)
O4 - HKLM..\Run: [IndexSearch] C:\Program Files (x86)\Nuance\PaperPort\IndexSearch.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [Launcher3045NI] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\Launcher\xrlaunch.exe" /S Xerox WorkCentre 3045NI File not found
O4 - HKLM..\Run: [NetDrive] C:\Program Files\NetDrive\netdrive.exe (Bdrive Inc.)
O4 - HKLM..\Run: [PaperPort PTD] C:\Program Files (x86)\Nuance\PaperPort\pptd40nt.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PPort11reminder] C:\Program Files (x86)\Nuance\PaperPort\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [StatusAutoRun3045NI] "C:\Program Files (x86)\Xerox Office Printing\WorkCentre SSW\PrintingScout\xrksmpl.exe" Xerox WorkCentre 3045NI,hide,\S File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe" File not found
O4 - HKCU..\Run: [cdloader] C:\Users\sbn\AppData\Roaming\mjusbsp\cdloader2.exe (magicJack L.P.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 95
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: dnsalias.com ([sidneybnice] * in Trusted sites)
O15 - HKCU\..Trusted Domains: gotdns.com ([mycams] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range10 ([*] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range11 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range12 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range13 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range14 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range15 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range16 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range17 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range18 ([*] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range2 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range3 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range4 ([*] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range4 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range5 ([*] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range5 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range6 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range7 ([*] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range8 ([http] in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range9 ([http] in Trusted sites)
O16:64bit: - DPF: {108D3206-846A-4A93-BACB-F0572D043ED7} http://65.184.219.142:81/webrec.cab (Reg Error: Key error.)
O16:64bit: - DPF: {51E7F2F2-DF6C-46F1-A7F2-855361D917A3} http://192.168.99.208/webrec.cab (Reg Error: Key error.)
O16 - DPF: {0C036302-8A4E-43F6-8076-DFAB58D37531} http://remote.aver.com/WebCamX.cab (WebCamX Control)
O16 - DPF: {0F1B49C0-9894-4696-8E8D-DB1F5D02FBAB} http://192.168.99.13...UltraMJCamX.cab (UltraMJCamX Class)
O16 - DPF: {1DF430D7-7F16-4A97-B48D-3369B6C09225} http://192.168.99.18:83/netcam.cab (NetCam Viewer Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.co...sreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {497598B2-EA11-4C50-8841-CDF0EDCD5101} http://192.168.99.2:.../XPlugLite3.cab (XPlugLite3 Class)
O16 - DPF: {51E7F2F2-DF6C-46F1-A7F2-855361D917A3} http://75.178.77.159/webrec.cab (DHSurveillanceCtrl Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {992F7D8A-48D9-42D9-9C80-229F72296433} http://192.168.99.18/inetutil.cab (Inetutil Control)
O16 - DPF: {A4150320-98EC-4DB6-9BFB-EBF4B6FBEB16} http://192.168.99.63.../DVM_IPCam2.ocx (DVM_IPCam2 Control)
O16 - DPF: {A93B47FD-9BF6-4DA8-97FC-9270B9D64A6C} http://192.168.99.54...in/h263ctrl.cab (VaPgCtrl Class)
O16 - DPF: {B0781EB7-16EA-49F1-9C1D-9716D88206CF} http://192.168.99.5:61/view.cab (CSQ Object)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CCA0B877-CB5E-4ADC-AD30-457C379512DD} http://192.168.99.20:8888/xplugDL.cab (Gif89 Lite Class)
O16 - DPF: {DB7ACFA2-9634-4C98-BC9D-FB9416153022} http://192.168.99.209/nvEPLMedia.cab (nvEPLMedia Control)
O16 - DPF: {FFFFFFFF-19EB-49E8-BB30-8DE03499D2F0} http://sidneybnice.d...00/NetVideo.cab (NetClientOCX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{954B3510-B865-4BE3-AD2B-C6F04AFE22DD}: NameServer = 4.2.2.2,4.2.2.3
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5E103D3-C506-4AF9-8C08-ACBBD625DED0}: DhcpNameServer = 208.67.222.222 208.67.220.220
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CD9B0CF3-7013-4193-B862-920E0B258D3D}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EE2FA180-D2A0-47F6-8FFF-16E1695C4C3C}: NameServer = 8.8.8.8,8.8.4.4
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1a7f6acf-7444-11df-afd7-005056c00008}\Shell - "" = AutoRun
O33 - MountPoints2\{1a7f6acf-7444-11df-afd7-005056c00008}\Shell\AutoRun\command - "" = J:\DTVP_Launcher.exe
O33 - MountPoints2\{e1b6bf9f-258b-11df-899b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{e1b6bf9f-258b-11df-899b-806e6f6e6963}\Shell\AutoRun\command - "" = H:\AUTORUN.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/03/22 16:26:51 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Roaming\Malwarebytes
[2013/03/22 16:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/03/22 16:26:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013/03/22 16:26:46 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013/03/22 16:26:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013/03/22 16:26:32 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\Programs
[2013/03/22 16:26:21 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\sbn\Desktop\mbam-setup-1.70.0.1100.exe
[2013/03/22 14:49:48 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{50528083-23CC-4212-A3F8-C47B13CCC0A8}
[2013/03/21 23:29:31 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{94710ACC-A427-4B33-9923-2A80363E660D}
[2013/03/21 11:29:07 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{33F5640D-752F-400F-9B4E-0E0882F78AB2}
[2013/03/20 23:28:43 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{79BB34CF-E414-4B51-B7FD-AE1BC132FDD3}
[2013/03/19 22:03:40 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{BDD3041C-3F08-4BEA-AC52-3510AEAB9704}
[2013/03/18 19:15:01 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{6534C464-D4D0-45B9-A3A3-BF2B912F2333}
[2013/03/18 07:14:50 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{9632B2F9-2AC7-4F5E-AE48-54A7CF7E3F29}
[2013/03/17 13:05:06 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{A831E206-201F-435C-B8B7-87B949BF9A73}
[2013/03/16 22:56:49 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{BC342E84-7AD3-483F-8753-D4C2468CC3BA}
[2013/03/16 10:56:37 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{A13F574E-FD44-4D11-989A-C8D9E69DE495}
[2013/03/15 20:56:49 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{6459AF6A-349E-4773-8BBF-C470E3E40A69}
[2013/03/14 23:44:12 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{2B096B96-6C03-4EF8-9E35-A38D37A23633}
[2013/03/14 11:44:00 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{18BB478B-BC01-4CA1-9EC2-F49AB82D5C84}
[2013/03/13 13:55:33 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{241A2C33-40EC-4A62-AB8A-842B920E642F}
[2013/03/10 22:36:13 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{F1F29956-EBB9-4747-9A7D-D0344D2FE757}
[2013/03/10 10:35:49 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{2B4DC04F-C6F8-4602-B624-C8BC96AFDDD2}
[2013/03/09 12:24:35 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{DCADE819-A2E4-44D5-BEC9-D41B3C2AE496}
[2013/03/08 19:07:42 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{B5505CF5-5D65-47EA-ACB9-EA0D51756325}
[2013/03/07 22:05:15 | 011,318,840 | ---- | C] (Perspective Software ) -- C:\Users\sbn\Desktop\bi_update- 3.18.03.exe
[2013/03/07 22:04:20 | 053,449,728 | ---- | C] (Perspective Software ) -- C:\Users\sbn\Desktop\BlueIris.exe
[2013/03/07 14:13:15 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{2DE2F64D-D1FF-454C-81C0-F0C7003D7BF0}
[2013/03/06 22:43:23 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{F14BE7D4-C662-487B-9D78-5290ED60C521}
[2013/03/05 13:17:46 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{202E30AA-330D-411F-9AC4-BF42786816A5}
[2013/03/04 13:40:25 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{D425B308-B4D7-4D26-8D1D-F6A693276CE0}
[2013/03/03 13:00:43 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{F697B1B3-6EAF-4A1B-91A3-5D2FD932672C}
[2013/03/02 18:31:03 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{D40D17FB-FD28-42B7-A6EA-532D1CB1A7A5}
[2013/03/01 18:56:53 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{A47FB843-FD3F-4FCE-B639-01CA537B35D7}
[2013/02/28 20:47:43 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{D051EDD6-E963-46C2-AF0B-E0190222F0E8}
[2013/02/28 08:47:32 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{28995ED4-F773-430D-9AB9-7449E79DCA65}
[2013/02/27 09:37:50 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{07138007-A4E1-45AE-B571-DA0C78EBF3D0}
[2013/02/25 23:21:13 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{3183098E-AD19-47C1-95DE-37C28EFB1F43}
[2013/02/25 09:56:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013/02/25 09:56:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2013/02/25 09:56:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013/02/25 09:56:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2013/02/25 08:24:36 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{F2F28202-F792-40CE-BE46-0EEB83A0A45D}
[2013/02/24 13:47:24 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{D9ACA964-A9D8-4FC6-BC83-75EEC26D122A}
[2013/02/23 09:35:39 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{F8B0890E-17EB-4C29-AB4E-1D9A0187538F}
[2013/02/22 20:26:37 | 000,000,000 | ---D | C] -- C:\Program Files\Fresco Logic Inc
[2013/02/22 20:22:07 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{E5851061-3C84-474F-977C-40EBE9998082}
[2013/02/21 21:26:27 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{B35389D4-763E-453E-970E-26F38CC4B81F}
[2013/02/21 09:26:03 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{173EB596-A8C6-4B16-A313-810BE21ED15D}
[2013/02/20 21:25:52 | 000,000,000 | ---D | C] -- C:\Users\sbn\AppData\Local\{D7111907-DBE4-4FE8-9EB1-D2E41F4E17C2}
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/22 20:08:39 | 000,787,586 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/03/22 20:08:39 | 000,665,884 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/03/22 20:08:39 | 000,123,278 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/03/22 20:07:28 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 20:07:28 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/03/22 20:00:32 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/22 20:00:21 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013/03/22 20:00:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/03/22 19:58:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/03/22 19:43:00 | 000,000,900 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059518191-1834790585-2457831073-1000UA.job
[2013/03/22 19:29:00 | 000,000,892 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/22 16:26:47 | 000,001,131 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/22 16:26:21 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\sbn\Desktop\mbam-setup-1.70.0.1100.exe
[2013/03/21 12:43:00 | 000,000,848 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2059518191-1834790585-2457831073-1000Core.job
[2013/03/20 00:22:25 | 000,002,019 | ---- | M] () -- C:\Users\sbn\Application Data\Microsoft\Internet Explorer\Quick Launch\Shared Folders on Server.lnk
[2013/03/18 17:41:54 | 005,538,832 | ---- | M] () -- C:\Users\sbn\Desktop\IMG_0149.JPG
[2013/03/18 16:52:21 | 000,551,026 | ---- | M] () -- C:\Users\sbn\Desktop\photo (8).JPG
[2013/03/13 14:45:27 | 000,002,360 | ---- | M] () -- C:\Users\sbn\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/03/13 14:18:13 | 000,246,768 | ---- | M] () -- C:\Users\sbn\Desktop\HL3.jpg
[2013/03/13 14:17:32 | 000,347,216 | ---- | M] () -- C:\Users\sbn\Desktop\HL2.jpg
[2013/03/13 14:16:44 | 000,239,171 | ---- | M] () -- C:\Users\sbn\Desktop\HL1.jpg
[2013/03/07 22:05:22 | 011,318,840 | ---- | M] (Perspective Software ) -- C:\Users\sbn\Desktop\bi_update- 3.18.03.exe
[2013/03/07 22:05:06 | 053,449,728 | ---- | M] (Perspective Software ) -- C:\Users\sbn\Desktop\BlueIris.exe
[2013/02/27 14:52:51 | 000,109,575 | ---- | M] () -- C:\Users\sbn\Desktop\CC-bill.jpg
[2013/02/25 12:24:03 | 000,082,426 | ---- | M] () -- C:\Users\sbn\Desktop\Comcast bill - 02-25-13-ViewBill.pdf
[2013/02/22 20:32:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIh_01009.Wdf
[2013/02/22 20:32:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIc_01009.Wdf
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/22 16:26:47 | 000,001,131 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013/03/18 17:33:31 | 005,538,832 | ---- | C] () -- C:\Users\sbn\Desktop\IMG_0149.JPG
[2013/03/18 16:52:21 | 000,551,026 | ---- | C] () -- C:\Users\sbn\Desktop\photo (8).JPG
[2013/03/13 14:18:12 | 000,246,768 | ---- | C] () -- C:\Users\sbn\Desktop\HL3.jpg
[2013/03/13 14:17:32 | 000,347,216 | ---- | C] () -- C:\Users\sbn\Desktop\HL2.jpg
[2013/03/13 14:16:44 | 000,239,171 | ---- | C] () -- C:\Users\sbn\Desktop\HL1.jpg
[2013/02/27 14:52:50 | 000,109,575 | ---- | C] () -- C:\Users\sbn\Desktop\CC-bill.jpg
[2013/02/25 12:24:55 | 000,082,426 | ---- | C] () -- C:\Users\sbn\Desktop\Comcast bill - 02-25-13-ViewBill.pdf
[2013/02/22 20:32:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIh_01009.Wdf
[2013/02/22 20:32:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_FLxHCIc_01009.Wdf
[2012/11/25 21:24:09 | 000,031,767 | ---- | C] () -- C:\Windows\maxlink.ini
[2012/11/25 21:21:02 | 000,130,048 | ---- | C] () -- C:\Windows\SysWow64\xrfr4aJBF.DLL
[2012/11/25 21:21:02 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\xrhr4aLM.DLL
[2012/05/18 10:07:10 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012/05/02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012/03/02 14:27:09 | 000,153,600 | ---- | C] () -- C:\Windows\SysWow64\WS_ContextMenu.dll
[2012/02/14 21:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012/02/14 21:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012/01/18 08:21:34 | 000,000,420 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012/01/15 10:37:28 | 000,000,023 | ---- | C] () -- C:\Users\sbn\17.cmd
[2012/01/13 17:47:38 | 000,000,023 | ---- | C] () -- C:\Users\sbn\66.cmd
[2011/12/03 12:59:49 | 000,000,023 | ---- | C] () -- C:\Users\sbn\65.cmd
[2011/12/03 12:23:21 | 000,000,023 | ---- | C] () -- C:\Users\sbn\63.cmd
[2011/12/03 00:19:07 | 000,000,024 | ---- | C] () -- C:\Users\sbn\p.cmd
[2011/10/22 14:52:21 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI
[2011/09/12 18:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011/08/22 07:21:40 | 000,001,190 | ---- | C] () -- C:\Users\sbn\advanced_ip_scanner_MAC.bin
[2011/04/25 19:24:28 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011/03/11 23:42:49 | 000,000,023 | ---- | C] () -- C:\Users\sbn\77.cmd
[2011/03/11 23:42:22 | 000,000,023 | ---- | C] () -- C:\Users\sbn\76.cmd
[2011/03/11 23:41:56 | 000,000,023 | ---- | C] () -- C:\Users\sbn\75.cmd
[2011/01/04 17:41:30 | 000,001,940 | ---- | C] () -- C:\Users\sbn\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/12/04 11:22:12 | 000,060,304 | ---- | C] () -- C:\Users\sbn\g2mdlhlpx.exe
[2010/07/18 00:10:42 | 000,005,120 | ---- | C] () -- C:\Users\sbn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/11 17:59:00 | 000,007,658 | ---- | C] () -- C:\Users\sbn\AppData\Local\Resmon.ResmonCfg
[2008/05/09 16:08:32 | 000,001,067 | ---- | C] () -- C:\Users\sbn\AppData\Local\bmarchive.bms

========== ZeroAccess Check ==========

[2009/07/13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/08/21 08:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/08/21 08:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/08/21 08:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2010/06/24 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Citrix
[2010/04/26 11:23:21 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\code4ward
[2011/02/08 17:29:11 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\DiskAid
[2010/04/24 10:43:05 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Epson
[2010/12/22 17:07:11 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Flip Video
[2012/06/13 19:32:05 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Foxit Software
[2010/11/13 17:33:15 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\FreeFileSync
[2012/08/03 17:16:28 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\GARMIN
[2012/06/04 17:21:24 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Hard Disk Sentinel
[2011/11/04 21:32:14 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Hulubulu
[2011/07/08 13:23:01 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\IcoFX
[2012/07/13 17:15:11 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\mjusbsp
[2013/01/20 17:50:35 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\NetDrive
[2010/05/04 14:05:06 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\pdf995
[2012/02/01 08:39:47 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Product_RM
[2012/01/31 22:48:45 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Registry Mechanic
[2012/11/25 21:33:44 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\ScanSoft
[2011/11/30 12:43:44 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Sling Media
[2012/11/25 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Swiftdata
[2010/07/08 12:15:13 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\TeamViewer
[2010/08/10 16:07:32 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Tific
[2013/03/20 00:27:45 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\uTorrent
[2013/02/25 10:00:36 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\webex
[2012/01/30 08:38:10 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Windows Home Server
[2011/07/03 17:46:27 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\WindSolutions
[2012/03/22 19:59:37 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\WinISO Computing
[2012/11/25 21:33:48 | 000,000,000 | ---D | M] -- C:\Users\sbn\AppData\Roaming\Zeon

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 112 bytes -> C:\ProgramData\TEMP:D1B5B4F1

< End of report >
  • 0

Advertisements


#2
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
A belated welcome to Geeks2Go sidneybnice,

Please post back if you still need assistance, and we will take up from there.
  • 0

#3
sidneybnice

sidneybnice

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Yes please I still need help.

I still have this http://tags.bluekai.com ..... in a browser window when PC is first started.

I can't seem to figure our why this is happening or how to stop it from happening.
  • 0

#4
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Your links don't seem to go anywhere of value. Let's check further though.


The system is Windows 7, so when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"



To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Download RogueKiller from here to your desktop.

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
Wen RogueKiller finises it's opening scan, press the Scan button..
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.

-------

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
  • 0

#5
sidneybnice

sidneybnice

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
RogueKiller V8.5.4 [Mar 18 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : sbn [Admin rights]
Mode : Scan -- Date : 04/16/2013 20:17:44
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 11 ¤¤¤
[STARTUP][BLACKLISTDLL] Lock.lnk @sbn : C:\Windows\System32\rundll32.exe|user32.dll, LockWorkStation -> FOUND
[HJPOL] HKCU\[...]\System : DisableTaskMgr (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : ConsentPromptBehaviorUser (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\Wow6432Node\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

192.168.99.211 WHSSERVER #Windows Home Server#
192.1.1.1 blueirissoftware.com


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: M4-CT128M4SSD2 ATA Device +++++
--- User ---
[MBR] 9cf87e94633327e69928199e26966744
[BSP] 462615eb31da60d7e7a0b952903b0e39 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 22102 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: OCZ-VERTEX3 ATA Device +++++
--- User ---
[MBR] f881a4529e1e4234c1a38db0948297b5
[BSP] d443bb7b5d50009920953cfaa91d5364 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 114471 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive2: Hitachi HDS721010CLA332 ATA Device +++++
--- User ---
[MBR] 76a080df7200b4288041a4f7722e567c
[BSP] 97aa0223ca28f478fe184a6a7e5c4f79 : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 132099 Mo
1 - [XXXXXX] EXTEN-LBA (0x0f) [VISIBLE] Offset (sectors): 270542848 | Size: 821767 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_04162013_02d2017.txt >>
RKreport[1]_S_04162013_02d2017.txt


uninstall_list.txt

µTorrent
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Shockwave Player 11.6
Advanced IP Scanner
Advanced Port Scanner v1.3
Advanced Renamer
Apple Application Support
Apple Software Update
Auslogics Task Manager
Blue Iris ActiveX Control
Blue Iris ActiveX Control
Blue Manager Suite
Catalyst Control Center - Branding
Cisco WebEx Meetings
Citrix XenCenter
Conduit Engine
D3DX10
DiskAid 4.53
DivX Setup
Epson Event Manager
Epson Print CD
EPSON Scan
EpsonNet Print
EpsonNet Setup
Feedback Tool
Feedback Tool
FlipShare
Foxit Reader
FreeFileSync v3.11
Garmin POI Loader
Garmin USB Drivers
Garmin WebUpdater
Google Earth Plug-in
Google Talk Plugin
Google Update Helper
Hard Disk Sentinel
Hot CPU Tester Pro 4.3
HW Monitor
HydraVision
IcoFX 1.6.4
Image Retriever 9
IP Camera
Jasc Paint Shop Pro 9
Java™ 6 Update 39
K-Lite Codec Pack 8.8.0 (Full)
Logitech Alert Commander
LogMeIn
Magic ISO Maker v5.4 (build 0239)
MagicDisc 2.7.106
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft File Transfer Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access database engine 2007 (English)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Live Add-in 1.5
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Streets & Trips 2010
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable Package
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox (3.6.13)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NetDrive
Norton Internet Security
OcxSetup version 1.0.2.26
Pdf995
PerformanceTest v6.1
QuickTime
RealDownloader
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealNetworks - Microsoft Visual C++ 2010 Runtime
RealPlayer
RealPlayer
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
RealUpgrade 1.1
Royal TS
ScanSoft PaperPort 11
SeaTools for Windows
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
SlingPlayer
SlingPlayer
SRWare Iron version 25.0.1400.0
swMSM
System Requirements Lab
tools-freebsd
tools-linux
tools-netware
tools-solaris
tools-windows
tools-winPre2k
TVTXt MPEG-4 CODEC
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768021) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195
VLC media player 2.0.1
VMware Workstation
VMware Workstation
WebM Media Foundation Components
Windows Home Server Home Computer Restore CD (Dual Boot)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Installer
Windows Live Messenger
Windows Live Messenger
Windows Live Photo Common
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Media Player Firefox Plugin
WinISO
Wondershare Video Converter Ultimate(Build 5.4.2.0)
Xerox WorkCentre 3045NI
Xerox WorkCentre 3045NI

Edited by sidneybnice, 16 April 2013 - 07:25 PM.

  • 0

#6
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts
Second person I am apologizing to for not knowing you had posted. I will surely make changes to do better.


Go to Start - Control Panel - Programs - Programs and Features/Uninstall, then click on each of the following programs, if they show there, and click "Uninstall/Change".

uTorrentBar Toolbar
Conduit Engine


----------

Be sure to continue to temporarily disable any protective software when running the scan tools we use here.

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

------------

Can you explain this, from the RogueKiller log. It seems to be a setting to lock down a workstation?

[STARTUP][BLACKLISTDLL] Lock.lnk @sbn : C:\Windows\System32\rundll32.exe|user32.dll, LockWorkStation -> FOUND


  • 0

#7
sidneybnice

sidneybnice

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
"Can you explain this, from the RogueKiller log. It seems to be a setting to lock down a workstation?
[STARTUP][BLACKLISTDLL] Lock.lnk @sbn : C:\Windows\System32\rundll32.exe|user32.dll, LockWorkStation -> FOUND"

Yes. The system is setup to auto login and then lock once logged in. It is not critical to keep if you think is somehow impacting the "tags.bluekai" issue.



# AdwCleaner v2.300 - Logfile created 05/03/2013 at 20:32:26
# Updated 28/04/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : sbn - I7-860
# Boot Mode : Normal
# Running from : C:\Users\sbn\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\ConduitEngine
Folder Found : C:\Users\sbn\AppData\Local\Conduit
Folder Found : C:\Users\sbn\AppData\Local\ConduitEngine
Folder Found : C:\Users\sbn\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\sbn\AppData\Roaming\Mozilla\Firefox\Profiles\ddnpg09g.default\Conduit
Folder Found : C:\Users\sbn\AppData\Roaming\Mozilla\Firefox\Profiles\ddnpg09g.default\ConduitEngine
Folder Found : C:\Users\sbn\AppData\Roaming\Mozilla\Firefox\Profiles\ddnpg09g.default\CT2786678
Folder Found : C:\Users\sbn\AppData\Roaming\Mozilla\Firefox\Profiles\ddnpg09g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\sbn\AppData\Roaming\Mozilla\Firefox\Profiles\ddnpg09g.default\extensions\[email protected]

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\PIP

***** [Internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Registry is clean.

-\\ Mozilla Firefox v3.6.13 (en-US)

File : C:\Users\sbn\AppData\Roaming\Mozilla\Firefox\Profiles\ddnpg09g.default\prefs.js

Found : user_pref("CT2786678..clientLogIsEnabled", false);
Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2786678.AppTrackingLastCheckTime", "Fri Feb 22 2013 21:55:38 GMT-0600 (Central Standard[...]
Found : user_pref("CT2786678.CTID", "CT2786678");
Found : user_pref("CT2786678.CurrentServerDate", "26-4-2013");
Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Fri Feb 22 2013 21:55:28 GMT-0600 (Central Standa[...]
Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Found : user_pref("CT2786678.EMailNotifierPollDate", "Wed Mar 14 2012 00:51:59 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 500);
Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Thu Apr 25 2013 21:34:08 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Thu Apr 25 2013 21:34:07 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Thu Apr 25 2013 21:34:06 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Thu Apr 25 2013 21:34:07 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Thu Apr 25 2013 21:34:08 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Thu Apr 25 2013 21:34:08 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Thu Apr 25 2013 21:34:06 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Thu Apr 25 2013 21:34:08 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Thu Apr 25 2013 21:34:08 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Thu Apr 25 2013 21:34:07 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Thu Apr 25 2013 21:34:07 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2786678.FeedTTL2429156813729834876", 5);
Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2786678.FirstServerDate", "14-3-2012");
Found : user_pref("CT2786678.FirstTime", true);
Found : user_pref("CT2786678.FirstTimeFF3", true);
Found : user_pref("CT2786678.FixPageNotFoundErrors", false);
Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Found : user_pref("CT2786678.Initialize", true);
Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Found : user_pref("CT2786678.InstalledDate", "Wed Mar 14 2012 00:51:59 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2786678.IsGrouping", false);
Found : user_pref("CT2786678.IsMulticommunity", false);
Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central Dayligh[...]
Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2786678.LastLogin_3.3.3.2", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central Daylight Time)"[...]
Found : user_pref("CT2786678.LatestVersion", "3.18.0.7");
Found : user_pref("CT2786678.Locale", "en");
Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Found : user_pref("CT2786678.MCDetectTooltipShow", false);
Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central Dayli[...]
Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central Daylight [...]
Found : user_pref("CT2786678.SettingsLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("CT2786678.SettingsLastUpdate", "1366903226");
Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central Day[...]
Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Found : user_pref("CT2786678.UserID", "UN20040804812761126");
Found : user_pref("CT2786678.ValidationData_Search", 0);
Found : user_pref("CT2786678.WeatherNetwork", "");
Found : user_pref("CT2786678.WeatherPollDate", "Fri Mar 16 2012 16:09:39 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2786678.WeatherUnit", "F");
Found : user_pref("CT2786678.alertChannelId", "1178763");
Found : user_pref("CT2786678.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Found : user_pref("CT2786678.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT2786678.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT2786678.backendstorage./9b+7e.:2z527", "247E707273303C3833477B473C3F2C742E7E7D792022342[...]
Found : user_pref("CT2786678.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT2786678.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT2786678.backendstorage./9b+7e06cg5el8:", "6E6D6B6C6A716F757670");
Found : user_pref("CT2786678.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A747371727077757B7C76242F4B4947[...]
Found : user_pref("CT2786678.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT2786678.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT2786678.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT2786678.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT2786678.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT2786678.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT2786678.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT2786678.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Found : user_pref("CT2786678.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT2786678.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT2786678.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT2786678.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT2786678.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT2786678.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT2786678.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT2786678.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT2786678.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT2786678.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT2786678.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT2786678.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT2786678.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT2786678.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT2786678.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Found : user_pref("CT2786678.backendstorage./9b-0?3g>d", "3E69716A736D746D7A777176792078777E7E257A5022242A27[...]
Found : user_pref("CT2786678.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT2786678.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT2786678.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT2786678.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT2786678.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]
Found : user_pref("CT2786678.backendstorage./9b5ba==9cjag", "6670693F42733F6E7A45707576787848494F4F7B7C");
Found : user_pref("CT2786678.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6B6C6A716F75756F737472");
Found : user_pref("CT2786678.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT2786678.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Found : user_pref("CT2786678.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT2786678.backendstorage./9b<:222h64<l8daj", "6D70706F7674727976742A787B727C79757D20");
Found : user_pref("CT2786678.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT2786678.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT2786678.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT2786678.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT2786678.backendstorage.cbfirsttime", "576564204D617220313420323031322030303A35313A35392[...]
Found : user_pref("CT2786678.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476[...]
Found : user_pref("CT2786678.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Found : user_pref("CT2786678.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Found : user_pref("CT2786678.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Found : user_pref("CT2786678.backendstorage.mam_gk_appstatereporttime", "31333636393336313238333836");
Found : user_pref("CT2786678.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B22[...]
Found : user_pref("CT2786678.backendstorage.mam_gk_currentversion", "312E342E342E36");
Found : user_pref("CT2786678.backendstorage.mam_gk_first_time", "31");
Found : user_pref("CT2786678.backendstorage.mam_gk_lastlogintime", "31333636393336313235343733");
Found : user_pref("CT2786678.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C69637[...]
Found : user_pref("CT2786678.backendstorage.mam_gk_settings1.4.3.2", "7B22537461747573223A227375636365656465[...]
Found : user_pref("CT2786678.backendstorage.mam_gk_settings1.4.4.6", "7B22537461747573223A227375636365656465[...]
Found : user_pref("CT2786678.backendstorage.mam_gk_showclosebutton", "74727565");
Found : user_pref("CT2786678.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Found : user_pref("CT2786678.backendstorage.mam_gk_userid", "61356330383339652D663163332D346430372D616434352[...]
Found : user_pref("CT2786678.backendstorage.pg_enable", "74727565");
Found : user_pref("CT2786678.backendstorage.searchappstate", "32");
Found : user_pref("CT2786678.backendstorage.searchapptracking", "73656E74");
Found : user_pref("CT2786678.backendstorage.sf_just_installed", "46414C5345");
Found : user_pref("CT2786678.backendstorage.sf_status", "454E41424C4544");
Found : user_pref("CT2786678.components.1000034", false);
Found : user_pref("CT2786678.components.1000080", false);
Found : user_pref("CT2786678.components.1000234", false);
Found : user_pref("CT2786678.components.129295698017012804", false);
Found : user_pref("CT2786678.components.129309485163350924", false);
Found : user_pref("CT2786678.components.129315411424256896", false);
Found : user_pref("CT2786678.components.129526967958500204", false);
Found : user_pref("CT2786678.components.129579220236217502", false);
Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central [...]
Found : user_pref("CT2786678.isAppTrackingManagerOn", false);
Found : user_pref("CT2786678.myStuffEnabled", true);
Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129789450454597254[...]
Found : user_pref("CT2786678.testingCtid", "");
Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Mar 14 2012 00:51:59 GMT-0500 (Central D[...]
Found : user_pref("CT2786678.usageEnabled", false);
Found : user_pref("CT2786678.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"12f[...]
Found : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,ConduitEngine");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Mar 14 2012 00:51:59 GMT-05[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Thu Apr 25 2013 19:28:50 GMT-0500 (Centr[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central D[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "ad02e6e2-636b-4ac3-a95f-24492d391153");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Mar 15 2012 17:19:10 GMT-0500 (Cen[...]
Found : user_pref("CommunityToolbar.globalUserId", "dbcd3cde-52bb-407f-8b70-32f86b9be7d1");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Feb 22 2013 21:55:39 GMT-0600 (Central Stan[...]
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central Da[...]
Found : user_pref("ConduitEngine.FirstServerDate", "03/14/2012 08");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Found : user_pref("ConduitEngine.InstalledDate", "Wed Mar 14 2012 00:51:59 GMT-0500 (Central Daylight Time)"[...]
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central Day[...]
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central Daylight Ti[...]
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Central Dayligh[...]
Found : user_pref("ConduitEngine.UserID", "UN82626252500938642");
Found : user_pref("ConduitEngine.engineLocale", "en-US");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Centr[...]
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Apr 25 2013 19:28:42 GMT-0500 (Cent[...]
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", false);
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");

-\\ Google Chrome v26.0.1410.64

File : C:\Users\sbn\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Chromium v25.0.1400.0

File : C:\Users\sbn\AppData\Local\Chromium\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [23361 octets] - [03/05/2013 20:32:26]

########## EOF - C:\AdwCleaner[R1].txt - [23422 octets] ##########
  • 0

#8
Jintan

Jintan

    Trusted Helper

  • Malware Removal
  • 904 posts

Yes. The system is setup to auto login and then lock once logged in.


Out of curiosity, what is the use of that please? What value does it provide?



Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • You will be prompted to restart your computer. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


Open AdwCleaner, and click the Uninstall button to have it remove itself.

----------

Open and update Malwarebytes.

* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform quick scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by Malwarebytes and can be viewed by clicking the Logs tab in Malwarebytes.
* Copy and Paste the entire report in your next reply. If it calls for a reboot to complete the repairs do that as well then.

---------------

Disable your antivirus program and click here and download the esetsmartinstaller_enu.exe Eset installer. Then click that file to run the scanner.

If you accept the Terms of Use, check the box and click Start. It will take a couple minutes for the scanner to get ready. When the Computer scan settings display shows, check the following boxes:

Remove found threats
Scan unwanted applications


Next to "Current scan targets: Operating memory, Local drives", click the "Change" word. Make sure you place a check next to all disk drives, including any external drives that are attached (no need to check off the floppy or DVD/CD-Rom drives).

Then click the Advanced option, the place a check next to the following (if it is not already checked):

Enable Anti-Stealth technology

Click Start. This scan may take a while, so please be patient.

If infection is found, at the end of the scan click "List of found threats".

In that display, at the bottom, select the option to save the results as a text file, and save that to your desktop. Post that back here please.

Post that log and the Malwarebytes log please.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP