cabbagethrower

# AdwCleaner v2.114 - Logfile created 03/15/2013 at 22:41:35 # Updated 05/03/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Vicki - VICKI-VAIO # Boot Mode : Normal # Running from : C:\Users\Vicki\Desktop\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\searchplugins\Conduit.xml Folder Deleted : C:\Program Files (x86)\uTorrentBar Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\Vicki\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Vicki\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Vicki\AppData\LocalLow\uTorrentBar Folder Deleted : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\Conduit Folder Deleted : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\ConduitEngine Folder Deleted : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\jetpack ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD64F354-3D26-49DF-BF9B-0EFC90F026B7} Key Deleted : HKLM\Software\uTorrentBar Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD64F354-3D26-49DF-BF9B-0EFC90F026B7} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{724DA54E-3D64-45FB-BCC7-79B6A5B322A9} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0BD2FD4-60EB-4750-9F5F-A5ADB91DBF44} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\prefs.js Deleted : user_pref("CT2548838..clientLogIsEnabled", true); Deleted : user_pref("CT2548838..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2548838..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2548838.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2548838.CT2548838", "CT2548838"); Deleted : user_pref("CT2548838.CurrentServerDate", "12-5-2011"); Deleted : user_pref("CT2548838.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2548838.DialogsGetterLastCheckTime", "Wed May 11 2011 19:54:38 GMT-0400 (Eastern Daylig[...] Deleted : user_pref("CT2548838.DownloadReferralCookieData", ""); Deleted : user_pref("CT2548838.ExternalComponentPollDate129315605408469349", "Wed May 11 2011 19:54:34 GMT-040[...] Deleted : user_pref("CT2548838.FirstServerDate", "12-5-2011"); Deleted : user_pref("CT2548838.FirstTime", true); Deleted : user_pref("CT2548838.FirstTimeFF3", true); Deleted : user_pref("CT2548838.FixPageNotFoundErrors", false); Deleted : user_pref("CT2548838.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2548838.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2548838.HasUserGlobalKeys", true); Deleted : user_pref("CT2548838.Initialize", true); Deleted : user_pref("CT2548838.InitializeCommonPrefs", true); Deleted : user_pref("CT2548838.InstallationAndCookieDataSentCount", 1); Deleted : user_pref("CT2548838.InstalledDate", "Wed May 11 2011 19:54:40 GMT-0400 (Eastern Daylight Time)"); Deleted : user_pref("CT2548838.IsGrouping", false); Deleted : user_pref("CT2548838.IsMulticommunity", false); Deleted : user_pref("CT2548838.IsOpenThankYouPage", true); Deleted : user_pref("CT2548838.IsOpenUninstallPage", true); Deleted : user_pref("CT2548838.LanguagePackLastCheckTime", "Wed May 11 2011 19:54:40 GMT-0400 (Eastern Dayligh[...] Deleted : user_pref("CT2548838.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2548838.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2548838.LastLogin_3.3.3.2", "Wed May 11 2011 19:54:38 GMT-0400 (Eastern Daylight Time)"[...] Deleted : user_pref("CT2548838.LatestVersion", "3.2.5.2"); Deleted : user_pref("CT2548838.Locale", "en"); Deleted : user_pref("CT2548838.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2548838.MCDetectTooltipShow", false); Deleted : user_pref("CT2548838.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2548838.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2548838.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2548838.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT254[...] Deleted : user_pref("CT2548838.SearchInNewTabEnabled", true); Deleted : user_pref("CT2548838.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2548838.SearchInNewTabLastCheckTime", "Wed May 11 2011 19:54:38 GMT-0400 (Eastern Dayli[...] Deleted : user_pref("CT2548838.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2548838.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Deleted : user_pref("CT2548838.ServiceMapLastCheckTime", "Wed May 11 2011 19:54:32 GMT-0400 (Eastern Daylight [...] Deleted : user_pref("CT2548838.SettingsLastCheckTime", "Wed May 11 2011 19:54:32 GMT-0400 (Eastern Daylight Ti[...] Deleted : user_pref("CT2548838.SettingsLastUpdate", "1304242869"); Deleted : user_pref("CT2548838.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2548838.ThirdPartyComponentsLastCheck", "Wed May 11 2011 19:54:32 GMT-0400 (Eastern Day[...] Deleted : user_pref("CT2548838.ThirdPartyComponentsLastUpdate", "1246786978"); Deleted : user_pref("CT2548838.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2548838"); Deleted : user_pref("CT2548838.UserID", "UN75093566282353104"); Deleted : user_pref("CT2548838.alertChannelId", "941820"); Deleted : user_pref("CT2548838.approveUntrustedApps", true); Deleted : user_pref("CT2548838.components.129118145441094066", false); Deleted : user_pref("CT2548838.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...] Deleted : user_pref("CT2548838.globalFirstTimeInfoLastCheckTime", "Wed May 11 2011 19:54:38 GMT-0400 (Eastern [...] Deleted : user_pref("CT2548838.isAppTrackingManagerOn", true); Deleted : user_pref("CT2548838.myStuffEnabled", true); Deleted : user_pref("CT2548838.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2548838.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2548838.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2548838.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2548838.testingCtid", ""); Deleted : user_pref("CT2548838.toolbarAppMetaDataLastCheckTime", "Wed May 11 2011 19:54:33 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2548838.toolbarContextMenuLastCheckTime", "Wed May 11 2011 19:54:40 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2548838.usagesFlag", 1); Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2548838"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/941820/937604/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2548838", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2548838",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2548838/CT2548838[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?curre[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", false); Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2548838"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2548838"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Oct 04 2011 15:50:50 GMT-04[...] Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Nov 12 2011 18:58:49 GMT-0500 (Easte[...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Nov 12 2011 18:58:40 GMT-0500 (Eastern S[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "eabe6ba6-2a06-415a-b63f-86fceb8bf109"); Deleted : user_pref("CommunityToolbar.globalUserId", "fff0c183-1e18-43ab-a6a9-ec4feb5a4752"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2548838"); Deleted : user_pref("ConduitEngine.AppDetectionDialogShown", true); Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Oct 21 2011 19:39:55 GMT-0400 (Eastern Dayl[...] Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine"); Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Nov 10 2011 02:53:34 GMT-0500 (Eastern St[...] Deleted : user_pref("ConduitEngine.FirstServerDate", "12/22/2010 01"); Deleted : user_pref("ConduitEngine.FirstTime", true); Deleted : user_pref("ConduitEngine.FirstTimeFF3", true); Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false); Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true); Deleted : user_pref("ConduitEngine.Initialize", true); Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true); Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration"); Deleted : user_pref("ConduitEngine.InstalledDate", "Sun Dec 19 2010 16:40:11 GMT-0500 (Eastern Standard Time)"[...] Deleted : user_pref("ConduitEngine.IsMulticommunity", false); Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false); Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false); Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Nov 12 2011 18:58:42 GMT-0500 (Eastern Sta[...] Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun Jan 30 2011 14:21:21 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Nov 12 2011 21:58:42 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...] Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Nov 12 2011 21:58:42 GMT-0500 (Eastern Standar[...] Deleted : user_pref("ConduitEngine.UserID", "UN40243523722230773"); Deleted : user_pref("ConduitEngine.engineLocale", "en-US"); Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Nov 12 2011 18:58:42 GMT-0500 (Easte[...] Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Nov 12 2011 22:58:42 GMT-0500 (East[...] Deleted : user_pref("ConduitEngine.initDone", true); Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Deleted : user_pref("ConduitEngine.isDetectionEnabled", true); Deleted : user_pref("ConduitEngine.usagesFlag", 2); Deleted : user_pref("browser.search.defaultthis.engineName", "TVersitybar Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&Sea[...] -\\ Google Chrome v25.0.1364.172 File : C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [16392 octets] - [15/03/2013 22:32:56] AdwCleaner[R2].txt - [16453 octets] - [15/03/2013 22:41:05] AdwCleaner[s1].txt - [16741 octets] - [15/03/2013 22:41:35] ########## EOF - C:\AdwCleaner[s1].txt - [16802 octets] ########## Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! avast! Antivirus Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 Java 6 Update 23 Java 7 Update 17 Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox 17.0.1 Firefox out of Date! Google Chrome 25.0.1364.152 Google Chrome 25.0.1364.172 ````````Process Check: objlist.exe by Laurent```````` AVAST Software Avast AvastSvc.exe AVAST Software Avast AvastUI.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 0% ````````````````````End of Log``````````````````````

# AdwCleaner v2.114 - Logfile created 03/15/2013 at 22:32:56 # Updated 05/03/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : Vicki - VICKI-VAIO # Boot Mode : Normal # Running from : C:\Users\Vicki\Desktop\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\searchplugins\Conduit.xml Folder Found : C:\Program Files (x86)\uTorrentBar Folder Found : C:\ProgramData\Partner Folder Found : C:\Users\Vicki\AppData\LocalLow\Conduit Folder Found : C:\Users\Vicki\AppData\LocalLow\PriceGong Folder Found : C:\Users\Vicki\AppData\LocalLow\uTorrentBar Folder Found : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\Conduit Folder Found : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\ConduitEngine Folder Found : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\jetpack ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\Toolbar Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Found : HKLM\Software\Conduit Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD64F354-3D26-49DF-BF9B-0EFC90F026B7} Key Found : HKLM\Software\uTorrentBar Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD64F354-3D26-49DF-BF9B-0EFC90F026B7} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{724DA54E-3D64-45FB-BCC7-79B6A5B322A9} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0BD2FD4-60EB-4750-9F5F-A5ADB91DBF44} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\prefs.js Found : user_pref("CT2548838..clientLogIsEnabled", true); Found : user_pref("CT2548838..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2548838..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2548838.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2548838.CT2548838", "CT2548838"); Found : user_pref("CT2548838.CurrentServerDate", "12-5-2011"); Found : user_pref("CT2548838.DialogsAlignMode", "LTR"); Found : user_pref("CT2548838.DialogsGetterLastCheckTime", "Wed May 11 2011 19:54:38 GMT-0400 (Eastern Daylig[...] Found : user_pref("CT2548838.DownloadReferralCookieData", ""); Found : user_pref("CT2548838.ExternalComponentPollDate129315605408469349", "Wed May 11 2011 19:54:34 GMT-040[...] Found : user_pref("CT2548838.FirstServerDate", "12-5-2011"); Found : user_pref("CT2548838.FirstTime", true); Found : user_pref("CT2548838.FirstTimeFF3", true); Found : user_pref("CT2548838.FixPageNotFoundErrors", false); Found : user_pref("CT2548838.GroupingServerCheckInterval", 1440); Found : user_pref("CT2548838.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2548838.HasUserGlobalKeys", true); Found : user_pref("CT2548838.Initialize", true); Found : user_pref("CT2548838.InitializeCommonPrefs", true); Found : user_pref("CT2548838.InstallationAndCookieDataSentCount", 1); Found : user_pref("CT2548838.InstalledDate", "Wed May 11 2011 19:54:40 GMT-0400 (Eastern Daylight Time)"); Found : user_pref("CT2548838.IsGrouping", false); Found : user_pref("CT2548838.IsMulticommunity", false); Found : user_pref("CT2548838.IsOpenThankYouPage", true); Found : user_pref("CT2548838.IsOpenUninstallPage", true); Found : user_pref("CT2548838.LanguagePackLastCheckTime", "Wed May 11 2011 19:54:40 GMT-0400 (Eastern Dayligh[...] Found : user_pref("CT2548838.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2548838.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2548838.LastLogin_3.3.3.2", "Wed May 11 2011 19:54:38 GMT-0400 (Eastern Daylight Time)"[...] Found : user_pref("CT2548838.LatestVersion", "3.2.5.2"); Found : user_pref("CT2548838.Locale", "en"); Found : user_pref("CT2548838.MCDetectTooltipHeight", "83"); Found : user_pref("CT2548838.MCDetectTooltipShow", false); Found : user_pref("CT2548838.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2548838.MCDetectTooltipWidth", "295"); Found : user_pref("CT2548838.SearchFromAddressBarIsInit", true); Found : user_pref("CT2548838.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT254[...] Found : user_pref("CT2548838.SearchInNewTabEnabled", true); Found : user_pref("CT2548838.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2548838.SearchInNewTabLastCheckTime", "Wed May 11 2011 19:54:38 GMT-0400 (Eastern Dayli[...] Found : user_pref("CT2548838.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2548838.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...] Found : user_pref("CT2548838.ServiceMapLastCheckTime", "Wed May 11 2011 19:54:32 GMT-0400 (Eastern Daylight [...] Found : user_pref("CT2548838.SettingsLastCheckTime", "Wed May 11 2011 19:54:32 GMT-0400 (Eastern Daylight Ti[...] Found : user_pref("CT2548838.SettingsLastUpdate", "1304242869"); Found : user_pref("CT2548838.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2548838.ThirdPartyComponentsLastCheck", "Wed May 11 2011 19:54:32 GMT-0400 (Eastern Day[...] Found : user_pref("CT2548838.ThirdPartyComponentsLastUpdate", "1246786978"); Found : user_pref("CT2548838.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2548838"); Found : user_pref("CT2548838.UserID", "UN75093566282353104"); Found : user_pref("CT2548838.alertChannelId", "941820"); Found : user_pref("CT2548838.approveUntrustedApps", true); Found : user_pref("CT2548838.components.129118145441094066", false); Found : user_pref("CT2548838.generalConfigFromLogin", "{\"SocialDomains\":\"social.conduit.com;apps.conduit.[...] Found : user_pref("CT2548838.globalFirstTimeInfoLastCheckTime", "Wed May 11 2011 19:54:38 GMT-0400 (Eastern [...] Found : user_pref("CT2548838.isAppTrackingManagerOn", true); Found : user_pref("CT2548838.myStuffEnabled", true); Found : user_pref("CT2548838.myStuffPublihserMinWidth", 400); Found : user_pref("CT2548838.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2548838.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2548838.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2548838.testingCtid", ""); Found : user_pref("CT2548838.toolbarAppMetaDataLastCheckTime", "Wed May 11 2011 19:54:33 GMT-0400 (Eastern D[...] Found : user_pref("CT2548838.toolbarContextMenuLastCheckTime", "Wed May 11 2011 19:54:40 GMT-0400 (Eastern D[...] Found : user_pref("CT2548838.usagesFlag", 1); Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2548838"); Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/941820/937604/US", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2548838", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2548838",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/21/2[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2548838/CT2548838[...] Found : user_pref("CommunityToolbar.ETag.hxxp://tracking.usage.app.conduit-services.com/FirstTime.ashx?curre[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...] Found : user_pref("CommunityToolbar.EngineHiddenByUser", false); Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine"); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine"); Found : user_pref("CommunityToolbar.IsEngineShown", true); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2548838"); Found : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2548838"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Oct 04 2011 15:50:50 GMT-04[...] Found : user_pref("CommunityToolbar.alert.alertEnabled", true); Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Nov 12 2011 18:58:49 GMT-0500 (Easte[...] Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Nov 12 2011 18:58:40 GMT-0500 (Eastern S[...] Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "eabe6ba6-2a06-415a-b63f-86fceb8bf109"); Found : user_pref("CommunityToolbar.globalUserId", "fff0c183-1e18-43ab-a6a9-ec4feb5a4752"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2548838"); Found : user_pref("ConduitEngine.AppDetectionDialogShown", true); Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Fri Oct 21 2011 19:39:55 GMT-0400 (Eastern Dayl[...] Found : user_pref("ConduitEngine.CTID", "ConduitEngine"); Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Thu Nov 10 2011 02:53:34 GMT-0500 (Eastern St[...] Found : user_pref("ConduitEngine.FirstServerDate", "12/22/2010 01"); Found : user_pref("ConduitEngine.FirstTime", true); Found : user_pref("ConduitEngine.FirstTimeFF3", true); Found : user_pref("ConduitEngine.FixPageNotFoundErrors", false); Found : user_pref("ConduitEngine.HasUserGlobalKeys", true); Found : user_pref("ConduitEngine.Initialize", true); Found : user_pref("ConduitEngine.InitializeCommonPrefs", true); Found : user_pref("ConduitEngine.InstallationType", "UnknownIntegration"); Found : user_pref("ConduitEngine.InstalledDate", "Sun Dec 19 2010 16:40:11 GMT-0500 (Eastern Standard Time)"[...] Found : user_pref("ConduitEngine.IsMulticommunity", false); Found : user_pref("ConduitEngine.IsOpenThankYouPage", false); Found : user_pref("ConduitEngine.IsOpenUninstallPage", false); Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Nov 12 2011 18:58:42 GMT-0500 (Eastern Sta[...] Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sun Jan 30 2011 14:21:21 GMT-0500 (Eastern Standard Ti[...] Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Sat Nov 12 2011 21:58:42 GMT-0500 (Eastern Standard Ti[...] Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true); Found : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...] Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Nov 12 2011 21:58:42 GMT-0500 (Eastern Standar[...] Found : user_pref("ConduitEngine.UserID", "UN40243523722230773"); Found : user_pref("ConduitEngine.engineLocale", "en-US"); Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Nov 12 2011 18:58:42 GMT-0500 (Easte[...] Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Sat Nov 12 2011 22:58:42 GMT-0500 (East[...] Found : user_pref("ConduitEngine.initDone", true); Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true); Found : user_pref("ConduitEngine.isDetectionEnabled", true); Found : user_pref("ConduitEngine.usagesFlag", 2); Found : user_pref("browser.search.defaultthis.engineName", "TVersitybar Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&Sea[...] -\\ Google Chrome v25.0.1364.172 File : C:\Users\Vicki\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. File : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [16261 octets] - [15/03/2013 22:32:56] ########## EOF - C:\AdwCleaner[R1].txt - [16322 octets] ##########

ComboFix 13-03-15.01 - Vicki 03/15/2013 21:34:36.2.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.1962 [GMT -4:00] Running from: c:\users\Vicki\Desktop\ComboFix.exe AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C} SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\15034475r3r7 c:\programdata\Roaming c:\users\Public\Documents\~WRL0003.tmp c:\users\Vicki\AppData\Local\Temp\1.tmp\F_IN_BOX.dll c:\windows\assembly\tmp\U c:\windows\TEMP\WRusr.dll-3054639-0.tmp c:\windows\TEMP\WRusr.dll-3054639-1.tmp . . ((((((((((((((((((((((((( Files Created from 2013-02-16 to 2013-03-16 ))))))))))))))))))))))))))))))) . . 2013-03-16 01:42 . 2013-03-16 01:42 -------- d-----w- c:\users\Mcx1-VICKI-VAIO.Vicki-VAIO\AppData\Local\temp 2013-03-16 00:16 . 2013-03-16 01:44 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B2CAF2CE-41A1-4FEB-8A12-771783BC27DC}\offreg.dll 2013-03-15 18:45 . 2012-12-14 20:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-15 08:18 . 2013-03-15 08:21 -------- d-----w- c:\users\Administrator 2013-03-15 06:30 . 2012-08-24 18:13 154480 ----a-w- c:\windows\system32\drivers\ksecpkg.sys 2013-03-15 06:30 . 2012-08-24 18:09 458712 ----a-w- c:\windows\system32\drivers\cng.sys 2013-03-15 06:30 . 2012-08-24 18:05 340992 ----a-w- c:\windows\system32\schannel.dll 2013-03-15 06:30 . 2012-08-24 16:57 247808 ----a-w- c:\windows\SysWow64\schannel.dll 2013-03-15 06:30 . 2012-08-24 18:03 1448448 ----a-w- c:\windows\system32\lsasrv.dll 2013-03-15 06:30 . 2012-08-24 16:57 22016 ----a-w- c:\windows\SysWow64\secur32.dll 2013-03-15 06:30 . 2012-08-24 16:53 96768 ----a-w- c:\windows\SysWow64\sspicli.dll 2013-03-15 06:21 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll 2013-03-15 06:21 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll 2013-03-15 05:59 . 2013-02-12 04:12 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-15 04:58 . 2013-03-15 04:58 -------- d-----w- c:\users\Vicki\AppData\Local\IsolatedStorage 2013-03-14 05:27 . 2013-03-14 05:27 16486616 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe 2013-03-14 04:00 . 2013-03-14 04:00 0 ----a-w- c:\windows\SysWow64\sho6FA9.tmp 2013-03-14 03:45 . 2013-02-02 07:31 17815040 ----a-w- c:\windows\system32\mshtml.dll 2013-03-14 03:45 . 2013-02-02 06:58 10925568 ----a-w- c:\windows\system32\ieframe.dll 2013-03-07 05:26 . 2013-03-07 05:26 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-28 22:17 . 2013-02-28 22:17 0 ----a-w- c:\windows\SysWow64\sho8DF8.tmp 2013-02-28 21:54 . 2013-01-04 06:11 2284544 ----a-w- c:\windows\SysWow64\msmpeg2vdec.dll 2013-02-28 21:54 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-02-28 21:54 . 2013-01-13 19:24 221184 ----a-w- c:\windows\system32\UIAnimation.dll 2013-02-28 21:54 . 2013-01-04 06:11 2776576 ----a-w- c:\windows\system32\msmpeg2vdec.dll 2013-02-28 21:54 . 2013-01-13 19:02 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll 2013-02-28 21:53 . 2013-01-13 18:32 465920 ----a-w- c:\windows\system32\WMPhoto.dll 2013-02-21 23:15 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-21 23:15 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-21 23:11 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2013-02-21 23:11 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2013-02-21 23:11 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2013-02-21 23:11 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2013-02-21 22:46 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-21 22:46 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-21 22:46 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-21 22:46 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-02-21 22:46 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-02-21 22:44 . 2012-12-07 11:20 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2013-02-21 22:44 . 2012-12-07 11:19 51712 ----a-w- c:\windows\system32\esrb.rs 2013-02-21 22:44 . 2012-12-07 10:46 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2013-02-21 22:44 . 2012-12-07 11:20 23552 ----a-w- c:\windows\system32\oflc.rs 2013-02-21 22:44 . 2012-12-07 10:46 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2013-02-21 22:44 . 2012-12-07 10:46 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2013-02-21 22:44 . 2012-12-07 11:19 55296 ----a-w- c:\windows\system32\cero.rs 2013-02-21 22:44 . 2012-12-07 10:46 55296 ----a-w- c:\windows\SysWow64\cero.rs 2013-02-21 22:42 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-02-15 22:31 . 2013-02-15 22:31 186432 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-16 01:08 . 2012-10-17 00:33 7021336 ----a-w- c:\users\Mcx1-VICKI-VAIO.Vicki-VAIO\AppData\Roaming\wruninstall.exe 2013-03-14 05:27 . 2012-03-28 04:33 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 05:27 . 2012-03-28 04:33 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-14 03:50 . 2010-09-15 02:41 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-07 05:26 . 2010-12-15 23:53 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-21 22:34 . 2012-07-07 19:12 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-02-12 05:45 . 2013-03-14 03:27 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45 . 2013-03-14 03:27 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45 . 2013-03-14 03:27 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 05:45 . 2013-03-14 03:27 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 04:48 . 2013-03-14 03:27 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-02-12 04:48 . 2013-03-14 03:27 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-01-04 04:43 . 2013-02-21 22:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] 2011-05-09 09:49 176936 ----a-w- c:\program files (x86)\uTorrentBar\prxtbuTo0.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\prxtbuTo0.dll" [2011-05-09 176936] . [HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" [2009-11-20 284696] "SmartWiHelper"="c:\program files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" [2010-01-20 82944] "VAIOSurvey"="c:\program files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" [2009-10-26 390448] "ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2009-08-27 320880] "PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2009-10-24 597792] "InstaLAN"="c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2010-07-28 1485208] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-28 59280] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] . c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560] Uninstall Webroot RunOnce.lnk - c:\users\Administrator\AppData\Roaming\wruninstall.exe [2013-3-15 7021336] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-9-4 1081632] . c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Best Buy Software Installer.lnk - c:\program files\Best Buy Software Installer\Best Buy Software Installer.exe [2010-2-15 1135560] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "DisableLocalMachineRun"= 0 (0x0) "DisableLocalMachineRunOnce"= 0 (0x0) "DisableCurrentUserRun"= 0 (0x0) "DisableCurrentUserRunOnce"= 0 (0x0) "NoFile"= 0 (0x0) "HideClock"= 0 (0x0) "NoDevMgrUpdate"= 0 (0x0) "NoDFSTab"= 0 (0x0) "NoEncryptOnMove"= 0 (0x0) "NoResolveTrack"= 0 (0x0) "NoStartMenuSubFolders"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon] 2009-12-02 05:03 98304 ----a-w- c:\windows\System32\VESWinlogon.dll . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-08-31 362992] R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2010-07-01 51600] R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-19 340240] R3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392] R3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2010-07-21 45456] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456] R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-08-31 313840] R3 SOHCImp;VAIO Media plus Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-09-10 108400] R3 SOHDms;VAIO Media plus Digital Media Server;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280] R3 SOHDs;VAIO Media plus Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-09-10 67952] R3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-09-27 303872] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856] R3 TVICHW64;TVICHW64;c:\windows\system32\DRIVERS\TVICHW64.SYS [2010-12-16 21200] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736] R3 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-09-27 864000] R3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-05-24 655088] R3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896] R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152] R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update 5\VUAgent.exe [2010-06-09 1223024] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-15 1255736] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2009-05-20 55280] S1 aswKbd;aswKbd; [x] S1 aswSnx;aswSnx; [x] S1 aswSP;aswSP; [x] S2 aswFsBlk;aswFsBlk; [x] S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-11-20 13336] S2 McciCMService64;McciCMService64;c:\program files\Common Files\Motive\McciCMService.exe [2010-04-30 517632] S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112] S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2009-11-06 93696] S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsne64.sys [2009-09-15 75776] S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2010-08-12 257936] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2008-09-18 104960] S2 UNS;Intel® Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2009-12-14 2320920] S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968] S3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2009-11-18 52264] S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-11-18 35104] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2009-12-14 56344] S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-12-16 151936] S3 IntcDAud;Intel® Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-09-15 244736] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2009-08-19 11392] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] S3 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2009-12-01 571248] S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2009-12-18 36760] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-11-12 395264] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-03-14 19:29 1629648 ----a-w- c:\program files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe . Contents of the 'Scheduled Tasks' folder . 2013-03-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-28 05:27] . 2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-07 07:10] . 2013-03-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-05-07 07:10] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast] @="{472083B0-C522-11CF-8763-00608CC02F24}" [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}] 2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-16 9636896] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-09-15 166424] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-09-15 390680] "Persistence"="c:\windows\system32\igfxpers.exe" [2010-09-15 410136] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-19 1931024] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 2327952] "ATT-SST_McciTrayApp"="c:\program files\ATT-SST\McciTrayApp.exe" [2010-07-27 3453440] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.com/ mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = <local>;*.local IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105 Trusted Zone: $talisma_url$ TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - prefs.js: network.proxy.type - 4 . . ------- File Associations ------- . inifile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 JSEFile="%SystemRoot%\System32\WScript.exe" "%1" %* txtfile=%SystemRoot%\SysWow64\NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{66bd2442-241b-44cd-8c7a-b51037053cdb} - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . [HKEY_LOCAL_MACHINE\system\ControlSet001\services\SampleCollector] "ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\% C3 Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=inteldata\"" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions] @Denied: (2) (LocalSystem) "{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"=hex:51,66,7a,6c,4c,1d,38,12,94,83,60, bb,86,ad,dc,08,d0,28,de,c7,86,fa,1f,e8 "{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc, 1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7 "{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,38,12,d5,94,07, 72,c2,98,42,03,c9,fd,97,9a,f4,87,69,57 "{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23, 94,30,02,d1,0f,f1,da,12,24,73,56,27,d2 "{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,38,12,2a,03,db, df,77,ea,35,06,c3,62,df,65,c4,9b,cc,bd . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration] @Denied: (2) (LocalSystem) "Timestamp"=hex:89,3a,ae,25,71,f8,cb,01 . [HKEY_USERS\S-1-5-21-3303109360-2646701333-378507720-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (S-1-5-21-3303109360-2646701333-378507720-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\S-1-5-21-3303109360-2646701333-378507720-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (S-1-5-21-3303109360-2646701333-378507720-1000) @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files\AVAST Software\Avast\AvastSvc.exe c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe c:\program files (x86)\Common Files\Motive\McciCMService.exe c:\programdata\TVersity\Media Server\MediaServer.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgr.exe c:\windows\SysWOW64\DllHost.exe c:\program files (x86)\Sony\VAIO Event Service\VESMgrSub.exe c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe c:\program files\Sony\VAIO Care\VCSpt.exe c:\windows\SysWOW64\DllHost.exe . ************************************************************************** . Completion time: 2013-03-15 22:03:00 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-16 02:03 . Pre-Run: 254,707,466,240 bytes free Post-Run: 254,308,999,168 bytes free . - - End Of File - - 7585AEEC2196431710A7CB7BF3A004EA

I ran the Malwarebytes Anti-Rootkit and it detected a threat and cleaned it. I ran it again with no threats detected and after which my firewall still wouldn't work, so I ran the fixdamage.exe and my computer rebooted. Now everything is back to the way it's supposed to be. My windows security center works and my google searches aren't being redirected. I have attached the logs, but i'm not sure if you even need them anymore. I have struggled with this for months. Thank you so much, you have no idea how much of a help you've been! mbar-log-2013-03-15 (19-32-38).txt mbar-log-2013-03-15 (19-54-25).txt system-log.txt

RogueKiller V8.5.3 _x64_ [Mar 13 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : Vicki [Admin rights] Mode : Scan -- Date : 03/15/2013 18:16:50 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 9 ¤¤¤ [TASK][sUSP PATH] p9pl60163400886378486 : \\?\globalroot\Device\HarddiskVolume3\Users\Vicki\AppData\Local\Temp\p9pl60163400886378486.tmp [x] -> FOUND [TASK][sUSP PATH] thpm2978962241191313467 : \\.\globalroot\Device\HarddiskVolume3\Users\Vicki\AppData\Local\Temp\thpm2978962241191313467.tmp [x] -> FOUND [TASK][sUSP PATH] thpm3398933900914838794 : \\.\globalroot\Device\HarddiskVolume3\Users\Vicki\AppData\Local\Temp\thpm3398933900914838794.tmp [x] -> FOUND [PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND [HJPOL] HKCU\[...]\System : DisableCMD (0) -> FOUND [HJPOL] HKLM\[...]\System : DisableCMD (0) -> FOUND [HJPOL] HKLM\[...]\Wow6432Node\System : DisableCMD (0) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: ST9500325AS +++++ --- User --- [MBR] e3ba3cf4b3cb8ee0a5de7dddbc0f9609 [bSP] 7653806e98605be24dc3fc74f6b35b1d : Windows 7/8 MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 10618 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 21747712 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 21952512 | Size: 466220 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_03152013_02d1816.txt >> RKreport[1]_S_03152013_02d1816.txt

Hi, I wanted to start off with a thanks for helping me, because i'm at a loss for what to do next. I ran the Malwarebytes Anti-Malware and it said that no threats were found, so now i'm onto the next step with the DDS and Attach. Google keeps redirecting my search results and I cannot get my Security Center to turn on. The DDS results as follows: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16470 BrowserJavaVersion: 10.17.2 Run by Vicki at 16:05:16 on 2013-03-15 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3758.1825 [GMT -4:00] . AV: Webroot SecureAnywhere *Enabled/Updated* {53211D91-0C31-95F2-E3A5-7661FB22889E} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Webroot SecureAnywhere *Enabled/Updated* {E840FC75-2A0B-9A7C-D915-4D1380A5C223} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files\Webroot\WRSA.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k NetworkService C:\Program Files\AVAST Software\Avast\AvastSvc.exe C:\Windows\system32\WLANExt.exe C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe C:\Program Files (x86)\Common Files\Motive\McciCMService.exe C:\Program Files\Common Files\Motive\McciCMService.exe C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\ProgramData\TVersity\Media Server\MediaServer.exe C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Windows\SysWOW64\DllHost.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Windows\system32\svchost.exe -k bthsvcs C:\Windows\system32\SearchIndexer.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\iPod\bin\iPodService.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe C:\Program Files\Sony\VAIO Care\VCPerfService.exe C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\taskeng.exe C:\Program Files\Webroot\WRSA.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\igfxsrvc.exe C:\Windows\system32\taskeng.exe C:\Program Files\Sony\VAIO Care\VCSpt.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe C:\Program Files\Microsoft IntelliPoint\ipoint.exe C:\Program Files\ATT-SST\McciTrayApp.exe C:\Program Files (x86)\Common Files\Motive\McciContextHookShim.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\System32\StikyNot.exe C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe C:\Program Files\AVAST Software\Avast\AvastUI.exe C:\Program Files (x86)\iTunes\iTunesHelper.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinSetup.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe C:\Windows\system32\wbem\unsecapp.exe C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe C:\Program Files (x86)\Sony\SmartWi Connection Utility\CCP.exe C:\Program Files\Sony\VAIO Care\VCsystray.exe C:\Windows\System32\msdtc.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\SearchProtocolHost.exe C:\Program Files\Sony\VAIO Care\listener.exe C:\Program Files\Sony\VAIO Update 5\VUAgent.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.com/ uDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mStart Page = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT mDefault_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SNNT&bmod=SNNT uProxyOverride = <local>;*.local uURLSearchHooks: {66bd2442-241b-44cd-8c7a-b51037053cdb} - <orphaned> mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTo0.dll TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar.dll uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe mRun: [iAStorIcon] "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" mRun: [smartWiHelper] "C:\Program Files (x86)\Sony\SmartWi Connection Utility\SmartWiHelper.exe" /WindowsStartup mRun: [VAIOSurvey] "C:\Program Files (x86)\Sony\VAIO Survey\VAIO Sat Survey.exe" mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" mRun: [PMBVolumeWatcher] "C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe" mRun: [instaLAN] "C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" startup mRun: [WRSVC] "C:\Program Files\Webroot\WRSA.exe" -ul mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\BLUETO~1.LNK - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe uPolicies-Explorer: NoViewOnDrive = dword:0 uPolicies-Explorer: DisableLocalMachineRun = dword:0 uPolicies-Explorer: DisableLocalMachineRunOnce = dword:0 uPolicies-Explorer: DisableCurrentUserRun = dword:0 uPolicies-Explorer: DisableCurrentUserRunOnce = dword:0 uPolicies-Explorer: NoDriveTypeAutoRun = dword:0 uPolicies-Explorer: NoFile = dword:0 uPolicies-Explorer: HideClock = dword:0 uPolicies-Explorer: NoDevMgrUpdate = dword:0 uPolicies-Explorer: NoDFSTab = dword:0 uPolicies-Explorer: NoWindowsUpdate = dword:0 uPolicies-Explorer: NoEncryptOnMove = dword:0 uPolicies-Explorer: NoRunasInstallPrompt = dword:0 uPolicies-Explorer: NoResolveTrack = dword:0 uPolicies-Explorer: NoStartMenuSubFolders = dword:0 uPolicies-System: NoDispAppearancePage = dword:0 uPolicies-System: NoDispSettingsPage = dword:0 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoViewOnDrive = dword:0 mPolicies-Explorer: DisableLocalMachineRun = dword:0 mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0 mPolicies-Explorer: DisableCurrentUserRun = dword:0 mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:0 mPolicies-Explorer: NoFile = dword:0 mPolicies-Explorer: HideClock = dword:0 mPolicies-Explorer: NoDevMgrUpdate = dword:0 mPolicies-Explorer: NoDFSTab = dword:0 mPolicies-Explorer: NoWindowsUpdate = dword:0 mPolicies-Explorer: NoEncryptOnMove = dword:0 mPolicies-Explorer: NoRunasInstallPrompt = dword:0 mPolicies-Explorer: NoResolveTrack = dword:0 mPolicies-Explorer: NoStartMenuSubFolders = dword:0 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 mPolicies-System: NoDispAppearancePage = dword:0 mPolicies-System: NoDispSettingsPage = dword:0 mPolicies-Explorer: NoViewOnDrive = dword:0 mPolicies-Explorer: DisableLocalMachineRun = dword:0 mPolicies-Explorer: DisableLocalMachineRunOnce = dword:0 mPolicies-Explorer: DisableCurrentUserRun = dword:0 mPolicies-Explorer: DisableCurrentUserRunOnce = dword:0 mPolicies-Explorer: NoDriveTypeAutoRun = dword:0 mPolicies-Explorer: NoFile = dword:0 mPolicies-Explorer: HideClock = dword:0 mPolicies-Explorer: NoDevMgrUpdate = dword:0 mPolicies-Explorer: NoDFSTab = dword:0 mPolicies-Explorer: NoWindowsUpdate = dword:0 mPolicies-Explorer: NoEncryptOnMove = dword:0 mPolicies-Explorer: NoRunasInstallPrompt = dword:0 mPolicies-Explorer: NoResolveTrack = dword:0 mPolicies-Explorer: NoStartMenuSubFolders = dword:0 mPolicies-System: NoDispAppearancePage = dword:0 mPolicies-System: NoDispSettingsPage = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm Trusted Zone: $talisma_url$ DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} - hxxp://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} - hxxp://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab DPF: {5D6F45B3-9043-443D-A792-115447494D24} - hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} - hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab DPF: {CAFEEFAC-0017-0000-0015-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_15-windows-i586.cab DPF: {E0FEE963-BB53-4215-81AD-B28C77384644} - hxxps://pattcw.att.motive.com/wizlet/DSLActivation/static/installer/ATTInternetInstaller64.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{BCD93852-938C-45F8-9EB2-E2E8A3E797F1} : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{BCD93852-938C-45F8-9EB2-E2E8A3E797F1}\14454513031393 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{BCD93852-938C-45F8-9EB2-E2E8A3E797F1}\2375942554339353 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{BCD93852-938C-45F8-9EB2-E2E8A3E797F1}\2375942554938343 : DHCPNameServer = 192.168.1.254 TCP: Interfaces\{BCD93852-938C-45F8-9EB2-E2E8A3E797F1}\2656C6B696E6E233164326 : DHCPNameServer = 192.168.2.1 TCP: Interfaces\{BCD93852-938C-45F8-9EB2-E2E8A3E797F1}\C696E6B6379737 : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{BCD93852-938C-45F8-9EB2-E2E8A3E797F1}\D457666616371686 : DHCPNameServer = 75.75.75.75 75.75.76.76 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll Notify: VESWinlogon - VESWinlogon.dll SSODL: WebCheck - <orphaned> mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Webroot Browser Helper Object: {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll x64-BHO: {DBC80044-A445-435b-BC74-9C25C1C588A9} - <orphaned> x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll x64-TB: Webroot Toolbar: {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\PKG\LPBar64.dll x64-Run: [RtHDVCpl] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [igfxTray] "C:\Windows\System32\igfxtray.exe" x64-Run: [HotKeysCmds] "C:\Windows\System32\hkcmd.exe" x64-Run: [Persistence] "C:\Windows\System32\igfxpers.exe" x64-Run: [intelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray x64-Run: [intelliPoint] "c:\Program Files\Microsoft IntelliPoint\ipoint.exe" x64-Run: [ATT-SST_McciTrayApp] "C:\Program Files\ATT-SST\McciTrayApp.exe" x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {43699cd0-e34f-11de-8a39-0800200c9a66} - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\PKG\LPBar64.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: igfxcui - igfxdev.dll x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2548838&SearchSource=3&q={searchTerms} FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?sourceid=navclient&hl=en&q= FF - prefs.js: network.proxy.type - 4 FF - component: C:\Users\Vicki\AppData\Roaming\Mozilla\Firefox\Profiles\seb5euz9.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Common Files\Motive\npMotive.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\Vicki\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll FF - plugin: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll . ============= SERVICES / DRIVERS =============== . R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2010-5-7 55280] R0 WRkrn;WRkrn;C:\Windows\System32\drivers\WRkrn.sys [2011-11-20 111080] R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2012-8-5 19600] R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2012-4-14 969200] R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2012-4-14 359464] R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2012-4-14 25232] R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-4-14 71600] R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-8-25 44808] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-4-26 13336] R2 McciCMService64;McciCMService64;C:\Program Files\Common Files\Motive\McciCMService.exe [2011-3-21 517632] R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2009-10-24 360224] R2 regi;regi;C:\Windows\System32\drivers\regi.sys [2010-5-7 14112] R2 rimspci;rimspci;C:\Windows\System32\drivers\rimssne64.sys [2010-4-26 93696] R2 risdsnpe;risdsnpe;C:\Windows\System32\drivers\risdsne64.sys [2010-4-26 75776] R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2011-1-13 257936] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2010-5-7 104960] R2 UNS;Intel® Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-4-26 2320920] R2 WRSVC;WRSVC;C:\Program Files\Webroot\WRSA.exe [2011-11-20 727456] R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2010-5-7 19968] R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2010-4-26 56344] R3 Impcd;Impcd;C:\Windows\System32\drivers\Impcd.sys [2010-4-26 151936] R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2010-9-14 244736] R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-4-26 11392] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] R3 VAIO Power Management;VAIO Power Management;C:\Program Files\Sony\VAIO Power Management\SPMService.exe [2010-5-7 571248] R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2010-5-7 1223024] R3 wdkmd;Intel WiDi KMD;C:\Windows\System32\drivers\WDKMD.sys [2009-12-17 36760] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2010-4-26 395264] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 Roxio Upnp Server 10;Roxio Upnp Server 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2009-8-31 362992] S3 btusbflt;Bluetooth USB Filter;C:\Windows\System32\drivers\btusbflt.sys [2010-4-26 52264] S3 btwl2cap;Bluetooth L2CAP Service;C:\Windows\System32\drivers\btwl2cap.sys [2010-4-26 35104] S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-7-19 340240] S3 NETw5s64;Intel® Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\System32\drivers\NETw5s64.sys [2010-1-13 7675392] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-3-15 19456] S3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2009-8-31 313840] S3 SOHCImp;VAIO Media plus Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2010-9-10 108400] S3 SOHDms;VAIO Media plus Digital Media Server;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe [2010-10-12 423280] S3 SOHDs;VAIO Media plus Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2010-9-10 67952] S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2010-9-27 303872] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-3-15 57856] S3 TVICHW64;TVICHW64;C:\Windows\System32\drivers\TVicHW64.sys [2010-12-15 21200] S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736] S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2010-9-27 864000] S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2010-10-25 655088] S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2010-10-25 387896] S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2010-10-25 101152] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-9-14 1255736] . =============== File Associations =============== . FileExt: .txt: txtfile=C:\Windows\SysWow64\NOTEPAD.EXE %1 FileExt: .ini: inifile=C:\Windows\SysWow64\NOTEPAD.EXE %1 FileExt: .inf: inffile=C:\Windows\SysWow64\NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2013-03-15 18:45:29 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-03-15 18:12:10 -------- d-----w- C:\Users\Vicki\AppData\Local\{8EE1E1DC-FC90-4E61-BB0E-E4D889F714C3} 2013-03-15 06:30:53 458712 ----a-w- C:\Windows\System32\drivers\cng.sys 2013-03-15 06:30:53 340992 ----a-w- C:\Windows\System32\schannel.dll 2013-03-15 06:30:53 247808 ----a-w- C:\Windows\SysWow64\schannel.dll 2013-03-15 06:30:53 154480 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys 2013-03-15 06:30:52 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll 2013-03-15 06:30:52 22016 ----a-w- C:\Windows\SysWow64\secur32.dll 2013-03-15 06:30:52 1448448 ----a-w- C:\Windows\System32\lsasrv.dll 2013-03-15 06:21:06 514560 ----a-w- C:\Windows\SysWow64\qdvd.dll 2013-03-15 06:21:06 366592 ----a-w- C:\Windows\System32\qdvd.dll 2013-03-15 05:59:09 19968 ----a-w- C:\Windows\System32\drivers\usb8023.sys 2013-03-15 04:58:19 -------- d-----w- C:\Users\Vicki\AppData\Local\IsolatedStorage 2013-03-15 04:31:42 -------- d-----w- C:\Users\Vicki\AppData\Local\{C1B3651D-82A6-4AF5-9548-5BE1A4A0DD00} 2013-03-14 05:27:10 16486616 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe 2013-03-14 04:33:19 -------- d-----w- C:\Users\Vicki\AppData\Local\{33BB492E-21D7-44D6-9F34-52AD5238A923} 2013-03-14 04:00:27 0 ----a-w- C:\Windows\SysWow64\sho6FA9.tmp 2013-03-07 05:26:49 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2013-02-28 22:17:32 0 ----a-w- C:\Windows\SysWow64\sho8DF8.tmp 2013-02-28 21:54:31 2284544 ----a-w- C:\Windows\SysWow64\msmpeg2vdec.dll 2013-02-28 21:54:30 2776576 ----a-w- C:\Windows\System32\msmpeg2vdec.dll 2013-02-28 21:54:30 221184 ----a-w- C:\Windows\System32\UIAnimation.dll 2013-02-28 21:54:30 187392 ----a-w- C:\Windows\SysWow64\UIAnimation.dll 2013-02-28 21:54:00 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll 2013-02-28 21:53:59 465920 ----a-w- C:\Windows\System32\WMPhoto.dll 2013-02-21 23:15:43 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-21 23:15:43 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-21 23:11:55 46080 ----a-w- C:\Windows\System32\atmlib.dll 2013-02-21 23:11:55 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2013-02-21 23:11:54 367616 ----a-w- C:\Windows\System32\atmfd.dll 2013-02-21 23:11:53 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2013-02-21 22:46:44 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe 2013-02-21 22:46:40 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe 2013-02-21 22:46:38 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe 2013-02-21 22:46:24 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-02-21 22:46:24 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-02-21 22:44:53 51712 ----a-w- C:\Windows\SysWow64\esrb.rs 2013-02-21 22:44:53 51712 ----a-w- C:\Windows\System32\esrb.rs 2013-02-21 22:44:53 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2013-02-21 22:44:52 23552 ----a-w- C:\Windows\SysWow64\oflc.rs 2013-02-21 22:44:52 23552 ----a-w- C:\Windows\System32\oflc.rs 2013-02-21 22:44:52 20480 ----a-w- C:\Windows\SysWow64\pegi-fi.rs 2013-02-21 22:44:51 55296 ----a-w- C:\Windows\SysWow64\cero.rs 2013-02-21 22:44:51 55296 ----a-w- C:\Windows\System32\cero.rs 2013-02-21 22:42:10 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-02-21 22:23:08 -------- d-----w- C:\Users\Vicki\AppData\Local\{59D4B1EF-AB76-463F-8CAC-9975BB28E4B2} 2013-02-15 22:31:23 186432 ----a-w- C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll . ==================== Find3M ==================== . 2013-03-14 05:27:21 73432 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-14 05:27:21 693976 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-03-12 13:51:00 150160 ----a-w- C:\Windows\SysWow64\WRusr.dll 2013-03-12 13:51:00 111080 ----a-w- C:\Windows\System32\drivers\WRkrn.sys 2013-03-12 13:51:00 102280 ----a-w- C:\Windows\System32\WRusr.dll 2013-03-07 05:26:37 782240 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2013-02-21 22:34:47 861088 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2013-02-12 05:45:24 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2013-02-12 05:45:22 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2013-02-12 05:45:22 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll 2013-02-12 05:45:22 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll 2013-02-12 04:48:31 474112 ----a-w- C:\Windows\apppatch\AcSpecfc.dll 2013-02-12 04:48:26 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll 2013-02-02 06:57:02 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2013-02-02 06:47:24 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2013-02-02 06:47:19 1392128 ----a-w- C:\Windows\System32\wininet.dll 2013-02-02 06:42:18 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2013-02-02 06:41:51 599040 ----a-w- C:\Windows\System32\vbscript.dll 2013-02-02 06:38:01 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2013-02-02 03:38:35 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2013-02-02 03:30:32 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2013-02-02 03:30:21 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2013-02-02 03:26:47 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2013-02-02 03:26:21 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2013-02-02 03:23:28 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2013-01-13 21:17:03 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\Windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\Windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\Windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\Windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\Windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\Windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\Windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\Windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\Windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\Windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\Windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\Windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\Windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\Windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\Windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\Windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\Windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\Windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\Windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\Windows\System32\d3d10level9.dll 2013-01-13 19:20:42 194560 ----a-w- C:\Windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\Windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\Windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\Windows\System32\d2d1.dll 2013-01-13 18:34:58 364544 ----a-w- C:\Windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:09:52 522752 ----a-w- C:\Windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\Windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\Windows\System32\XpsPrint.dll 2013-01-04 05:46:09 215040 ----a-w- C:\Windows\System32\winsrv.dll 2013-01-04 04:51:16 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll 2013-01-04 03:26:48 3153408 ----a-w- C:\Windows\System32\win32k.sys 2013-01-04 02:47:35 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2013-01-04 02:47:34 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2013-01-04 02:47:34 2048 ----a-w- C:\Windows\SysWow64\user.exe 2013-01-04 02:47:33 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2013-01-03 06:00:54 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys 2013-01-03 06:00:42 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS 2012-11-11 21:06:39 7021336 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe . ============= FINISH: 16:05:59.56 =============== The Attach results as follows: . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 9/13/2010 8:04:22 PM System Uptime: 3/15/2013 12:05:29 PM (4 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel® Core™ i3 CPU M 350 @ 2.27GHz | N/A | 2266/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 455 GiB total, 236.232 GiB free. E: is Removable F: is Removable G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP398: 3/7/2013 12:22:31 AM - Removed Java™ 6 Update 3 RP400: 3/7/2013 12:25:38 AM - Installed Java 7 Update 17 RP402: 3/13/2013 11:40:08 PM - Windows Update RP404: 3/15/2013 12:50:41 AM - Installed Microsoft Research AutoCollage 2008 version 1.1 RP406: 3/15/2013 1:17:12 AM - Removed Microsoft Research AutoCollage 2008 version 1.1 RP408: 3/15/2013 1:59:12 AM - Windows Update RP410: 3/15/2013 2:48:53 AM - Windows Update RP411: 3/15/2013 3:44:45 AM - VAIO Care Automatic Restore Point . ==== Installed Programs ====================== . Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Adobe Shockwave Player 12.0 Apple Application Support Apple Mobile Device Support Apple Software Update Application Manager for VAIO ArcSoft Magic-i Visual Effects 2 ArcSoft WebCam Companion 3 AT&T Service & Support Tool att.net Internet Mail avast! Free Antivirus Belkin Setup and Router Monitor Best Buy Software Installer Bonjour Coupon Printer for Windows D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Free Mp3 Wma Converter V 2.2 GIMP 2.6.11 Google Chrome Google Update Helper Intel PROSet Wireless Intel® Control Center Intel® Graphics Media Accelerator Driver Intel® Management Engine Components Intel® PROSet/Wireless WiFi Software Intel® Rapid Storage Technology Intel® Wireless Display InterActual Player iTunes Java 7 Update 17 Java Auto Updater Java™ 6 Update 23 JavaFX 2.1.1 Junk Mail filter update Malwarebytes Anti-Malware version 1.70.0.1100 Media Gallery Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Click-to-Run 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Home and Student 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Single Image 2010 Microsoft Office Starter 2010 - English Microsoft Office Word MUI (English) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Notepad++ OOBE PlayReady PC Runtime amd64 PMB PMB VAIO Edition Guide PMB VAIO Edition plug-in (Click to Disc) PMB VAIO Edition plug-in (VAIO Image Optimizer) PMB VAIO Edition plug-in (VAIO Movie Story) Realtek High Definition Audio Driver Remote Keyboard Remote Play with PlayStation 3 Remote Play with PlayStation®3 Roxio Central Audio Roxio Central Copy Roxio Central Core Roxio Central Data Roxio Central Tools Roxio Easy Media Creator 10 LJ Roxio Easy Media Creator Home SAMSUNG Intelli-studio Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Setting Utility Series Setup_msm_VCMS_x64 Setup_msm_VOFS_x64 Setup_VEP_x64_Contain_SSDB SmartWi Connection Utility SOHLib Merge Module Sony Home Network Library swMSM Synaptics Pointing Device Driver TVersity Codec Pack 1.7 TVersity Media Server 1.9.7 Unity Web Player Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition uTorrentBar Toolbar VAIO - Remote Keyboard VAIO Care VAIO Care Update VAIO Content Metadata Intelligent Analyzing Manager VAIO Content Metadata Intelligent Network Service Manager VAIO Content Metadata Manager Settings VAIO Content Metadata XML Interface Library VAIO Content Monitoring Settings VAIO Control Center VAIO Data Restore Tool VAIO DVD Menu Data VAIO Entertainment Platform VAIO Event Service VAIO Hardware Diagnostics VAIO Help and Support VAIO Media plus VAIO Media plus Opening Movie VAIO Movie Story Template Data VAIO Original Function Settings VAIO Personalization Manager VAIO Power Management VAIO Quick Web Access VAIO Survey VAIO Transfer Support VAIO Update VAIO Wallpaper Contents VD64Inst VLC media player 2.0.2 WIDCOMM Bluetooth Software Windows Driver Package - Broadcom Bluetooth (09/09/2009 6.2.0.9405) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Live Communications Platform Windows Live Essentials Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin Xiph.Org Open Codecs 0.85.17777 Yahoo! Software Update . ==== Event Viewer Messages From Past Week ======== . 3/9/2013 12:52:01 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the Wlansvc service. 3/15/2013 7:23:13 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SampleCollector service. 3/15/2013 4:22:10 AM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 3/15/2013 4:20:24 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service. 3/15/2013 4:18:57 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Upnp Server 10 service to connect. 3/15/2013 4:18:56 AM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed. 3/15/2013 4:18:53 AM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed. 3/15/2013 4:18:44 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service. 3/15/2013 4:17:45 AM, Error: volmgr [46] - Crash dump initialization failed! 3/15/2013 1:40:49 AM, Error: Service Control Manager [7031] - The WRSVC service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. 3/14/2013 3:11:04 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1053" attempting to start the service gupdate with arguments "/comsvc" in order to run the server: {4EB61BAC-A3B6-4760-9581-655041EF4D69} 3/14/2013 3:10:59 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Google Update Service (gupdate) service to connect. 3/14/2013 3:10:59 PM, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/13/2013 3:49:56 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the WRSVC service to connect. 3/13/2013 3:49:56 PM, Error: Service Control Manager [7000] - The WRSVC service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 3/12/2013 9:47:59 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the UxSms service. 3/12/2013 9:47:29 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the SysMain service. 3/10/2013 9:08:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the AudioEndpointBuilder service. . ==== End Of File ===========================