yamman

Members
  • Content count

    12
  • Joined

  • Last visited

About yamman

  • Rank
    New Member
  1. HI Just one final question When I was about to install microsoft essentials it sorta warned that conflicts could take place with ohter anti virus etc, is this the case with Kaspersky? or can they run side by side
  2. Hi Gringo Many thanks Please consider thread closed:)
  3. <p>Hi Gringo eset report follows</p> <p> </p> <p> </p> <div>C:\music\wav\FoxitReader545.0124_enu_Setup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>a variant of Win32/Bundled.Toolbar.Ask application</div> <div>C:\music\wav\HiJackThis-d2c.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div> <div>C:\Program Files (x86)\MapsGalaxy_39EI\Installr\7.bin\39EIPlug.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.MyWebSearch application</div> <div>C:\Program Files (x86)\MapsGalaxy_39EI\Installr\7.bin\39EZSETP.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.MyWebSearch.Q application</div> <div>C:\Program Files (x86)\MapsGalaxy_39EI\Installr\7.bin\NP39EISb.dll<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/Toolbar.MyWebSearch application</div> <div>C:\Users\kenmaniow\Downloads\FreemakeAudioConverterSetup.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/OpenCandy application</div> <div>C:\Users\kenmaniow\Downloads\FreeMp3WmaOggConverter.exe<span class="Apple-tab-span" style="white-space:pre"> </span>multiple threats</div> <div>C:\Users\kenmaniow\Downloads\MapsGalaxy.exe<span class="Apple-tab-span" style="white-space:pre"> </span>Win32/AdInstaller application</div> <div> </div>
  4. Hi Gringo Here is hi jack this log Logfile of Trend Micro HijackThis v2.0.4 Scan saved at 10:29:26, on 31/03/2013 Platform: Windows 7 SP1 (WinNT 6.00.3505) MSIE: Internet Explorer v10.0 (10.00.9200.16521) Boot mode: Normal Running processes: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\PROGRAM FILES (X86)\EPSON SOFTWARE\EVENT MANAGER\EEVENTMANAGER.EXE C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe C:\Users\kenmaniow\jagexcache\jagexlauncher\bin\JagexLauncher.exe C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\music\wav\HijackThis.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: ProtexisLicensing - Unknown owner - C:\windows\SysWOW64\PSIService.exe O23 - Service: Rapport Management Service (RapportMgmtService) - Trusteer Ltd. - C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUPnPRenderer9.exe O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files (x86)\Roxio\Digital Home 9\RoxioUpnpService9.exe O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files (x86)\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: Skype Updater (SkypeUpdate) - Unknown owner - (no file) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing) O23 - Service: SureThing Labelflash service - MicroVision Development, Inc. - C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing) O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing) O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing) O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing) -- End of file - 4429 bytes and Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Database version: v2013.03.29.03 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16521 kenmaniow :: KENMANIOW-PC [administrator] 31/03/2013 10:15:37 mbam-log-2013-03-31 (10-15-37).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 220273 Time elapsed: 2 minute(s), 57 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Couldn't find " run as administor" for hi jack this with right click
  5. <p>Hi If you mean problems with what you have asked me to do then none</p> <p>Tried to post log but says post is too long, is it worth attaching or zipping</p> <p> </p> <p> </p> <p> </p> <div> </div>
  6. Hi Gringo, thanks for your help so far here is combo fix log ComboFix 13-03-30.01 - kenmaniow 30/03/2013 18:54:14.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8151.6266 [GMT 0:00] Running from: c:\users\kenmaniow\Desktop\ComboFix.exe AV: Kaspersky Internet Security *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} FW: Kaspersky Internet Security *Disabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} SP: Kaspersky Internet Security *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ADS - windows: deleted 24 bytes in 1 streams. . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\pswi_preloaded.exe c:\users\kenmaniow\AppData\Roaming\kenmaniowlog.dat c:\users\kenmaniow\AppData\Roaming\tsdnwin.dll c:\users\kenmaniow\AppData\Roaming\Windir c:\windows\SysWow64\windir . . ((((((((((((((((((((((((( Files Created from 2013-02-28 to 2013-03-30 ))))))))))))))))))))))))))))))) . . 2013-03-30 12:02 . 2013-03-30 12:02 -------- d-----w- c:\windows\snack 2013-03-29 15:20 . 2013-03-29 15:20 -------- d-----w- c:\users\kenmaniow\Calibre Library 2013-03-29 12:47 . 2013-03-29 12:47 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-03-29 12:47 . 2013-03-29 12:47 -------- d-----w- c:\programdata\Malwarebytes 2013-03-29 12:47 . 2012-12-14 16:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-03-29 09:49 . 2013-03-29 09:49 388096 ----a-r- c:\users\kenmaniow\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-29 09:49 . 2013-03-29 09:49 -------- d-----w- c:\program files (x86)\Trend Micro 2013-03-26 18:29 . 2013-01-13 19:53 187392 ----a-w- c:\windows\SysWow64\UIAnimation.dll 2013-03-26 18:26 . 2013-03-19 05:50 9311288 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{01AC9C64-B29C-40E5-A66A-08223AFF180F}\mpengine.dll 2013-03-21 18:06 . 2013-03-21 18:06 -------- d-----w- c:\programdata\ATI 2013-03-21 18:06 . 2013-03-21 18:06 -------- d-----w- c:\program files (x86)\AMD AVT 2013-03-21 18:05 . 2013-03-21 18:05 -------- d-----w- c:\program files (x86)\AMD APP 2013-03-14 11:36 . 2010-11-26 18:02 17720 ----a-w- c:\windows\system32\drivers\SmartDefragDriver.sys 2013-03-14 11:33 . 2013-03-14 11:33 -------- d-----w- c:\program files\Microsoft Silverlight 2013-03-14 11:33 . 2013-03-14 11:33 -------- d-----w- c:\program files (x86)\Microsoft Silverlight 2013-03-14 11:30 . 2013-03-14 11:30 19968 ----a-w- c:\windows\system32\drivers\usb8023.sys 2013-03-06 21:01 . 2013-03-06 21:01 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-03 13:24 . 2013-03-03 13:24 -------- d-----w- c:\users\kenmaniow\InsidiaXcache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-03-30 14:45 . 2011-06-25 19:04 895088 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll 2013-03-30 14:45 . 2011-06-25 19:04 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll 2013-03-30 14:45 . 2011-07-13 19:36 710992 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll 2013-03-22 20:33 . 2010-12-03 19:10 72013344 ----a-w- c:\windows\system32\MRT.exe 2013-03-14 11:31 . 2013-03-14 11:31 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll 2013-03-14 11:31 . 2013-03-14 11:31 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2013-03-14 11:31 . 2013-03-14 11:31 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll 2013-03-14 11:31 . 2013-03-14 11:31 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll 2013-03-14 11:31 . 2013-03-14 11:31 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-03-14 11:31 . 2013-03-14 11:31 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll 2013-03-13 18:05 . 2012-04-01 17:35 693976 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-03-13 18:05 . 2011-05-17 17:38 73432 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-06 21:01 . 2012-06-26 20:37 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2013-03-06 21:01 . 2010-11-30 20:18 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-02-17 09:41 . 2013-02-17 09:41 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-17 09:41 . 2013-02-17 09:41 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe 2013-02-17 09:41 . 2013-02-17 09:41 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe 2013-02-17 09:35 . 2013-02-17 09:35 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-17 09:35 . 2013-02-17 09:35 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-17 09:35 . 2013-02-17 09:35 3153408 ----a-w- c:\windows\system32\win32k.sys 2013-02-17 09:34 . 2013-02-17 09:34 7680 ----a-w- c:\windows\SysWow64\instnm.exe 2013-02-17 09:34 . 2013-02-17 09:34 5120 ----a-w- c:\windows\SysWow64\wow32.dll 2013-02-17 09:34 . 2013-02-17 09:34 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2013-02-17 09:34 . 2013-02-17 09:34 25600 ----a-w- c:\windows\SysWow64\setup16.exe 2013-02-17 09:34 . 2013-02-17 09:34 215040 ----a-w- c:\windows\system32\winsrv.dll 2013-02-17 09:34 . 2013-02-17 09:34 2048 ----a-w- c:\windows\SysWow64\user.exe 2013-02-17 09:34 . 2013-02-17 09:34 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll 2013-02-13 16:13 . 2013-02-13 15:48 0 ----a-w- c:\users\kenmaniow\AppData\Roaming\powerbot.exe 2013-01-21 11:12 . 2013-01-21 11:12 2177664 ----a-w- c:\windows\system32\coin93.dll 2013-01-19 11:51 . 2013-01-19 11:51 424448 ----a-w- c:\windows\system32\KernelBase.dll 2013-01-19 11:51 . 2013-01-19 11:51 362496 ----a-w- c:\windows\system32\wow64win.dll 2013-01-19 11:51 . 2013-01-19 11:51 338432 ----a-w- c:\windows\system32\conhost.exe 2013-01-19 11:51 . 2013-01-19 11:51 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll 2013-01-19 11:51 . 2013-01-19 11:51 243200 ----a-w- c:\windows\system32\wow64.dll 2013-01-19 11:51 . 2013-01-19 11:51 16384 ----a-w- c:\windows\system32\ntvdm64.dll 2013-01-19 11:51 . 2013-01-19 11:51 13312 ----a-w- c:\windows\system32\wow64cpu.dll 2013-01-19 11:51 . 2013-01-19 11:51 1161216 ----a-w- c:\windows\system32\kernel32.dll 2013-01-19 11:51 . 2013-01-19 11:51 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 6144 ---ha-w- c:\windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 5120 ---ha-w- c:\windows\SysWow64\api-ms-win-core-file-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2013-01-19 11:51 . 2013-01-19 11:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2013-01-19 11:50 . 2013-01-19 11:50 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-19 11:50 . 2013-01-19 11:50 800768 ----a-w- c:\windows\system32\usp10.dll 2013-01-19 11:50 . 2013-01-19 11:50 626688 ----a-w- c:\windows\SysWow64\usp10.dll 2013-01-19 11:49 . 2013-01-19 11:49 55296 ----a-w- c:\windows\system32\cero.rs 2013-01-19 11:49 . 2013-01-19 11:49 51712 ----a-w- c:\windows\system32\esrb.rs 2013-01-19 11:49 . 2013-01-19 11:49 46592 ----a-w- c:\windows\system32\fpb.rs 2013-01-19 11:49 . 2013-01-19 11:49 45568 ----a-w- c:\windows\system32\oflc-nz.rs . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" [2012-10-31 206448] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352] "IObit Malware Fighter"="c:\program files (x86)\IObit\IObit Malware Fighter\IMF.exe" [2012-12-25 4474832] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice] @="Service" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched . [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus] "DisableMonitoring"=dword:00000001 . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 RapportMgmtService;Rapport Management Service;c:\program files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-07 931640] R2 SkypeUpdate;Skype Updater; [x] R3 dc21x4vm;dc21x4vm;c:\windows\system32\DRIVERS\dc21x4vm.sys [2009-06-10 57344] R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368] R3 FileMonitor;FileMonitor;c:\program files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2012-01-05 21384] R3 FoxAwdWINFLASH64;FoxAwdWINFLASH64;c:\program files (x86)\Foxconn\FOX LiveUpdate\FoxAwdWINFLASH64.SYS [x] R3 FXDrv32;FXDrv32;c:\program files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys [x] R3 hidshim;Service for HID-KMDF Shim layer;c:\windows\system32\DRIVERS\hidshim.sys [2007-07-11 6656] R3 iaNvStor;iaNvStor;c:\windows\system32\DRIVERS\iaNvStor.sys [2009-07-01 344600] R3 IFCoEMP;IFCoEMP;c:\windows\system32\DRIVERS\ifM52x64.sys [2010-08-13 339728] R3 IFCoEVB;IFCoEVB;c:\windows\system32\DRIVERS\ifP52X64.sys [2010-08-13 65808] R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [2009-11-16 40144] R3 ioatdma2;Intel® QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [2009-11-16 42192] R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [2012-06-11 12800] R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [2012-06-11 171008] R3 nvamacpi;nvamacpi;c:\windows\system32\DRIVERS\NVAMACPI.sys [2009-07-17 28192] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-10-24 19456] R3 RegFilter;RegFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\regfilter.sys [2012-07-05 33224] R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104] R3 SureThing Labelflash service;SureThing Labelflash service;c:\program files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-07-15 74392] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-10-24 57856] R3 UrlFilter;UrlFilter;c:\program files (x86)\IObit\IObit Malware Fighter\drivers\win7_amd64\UrlFilter.sys [2012-07-05 21904] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] R3 V0420VID;Live! Cam Vista IM (VF0420);c:\windows\system32\DRIVERS\V0420Vid.sys [2007-05-31 107072] R3 vcrdrx64;VIA MSP Card Reader Host Controller;c:\windows\system32\DRIVERS\vcrdrx64.sys [2010-08-13 127088] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-01 1255736] R3 wbondir;Winbond CIR Transceiver;c:\windows\system32\DRIVERS\wbondir.sys [2007-06-24 65024] R3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [2007-03-28 46592] R3 winbondhidcir;Winbond HID CIR Receiver;c:\windows\system32\DRIVERS\winbondhidcir.sys [2007-07-11 25088] R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2010-11-01 14544] S0 ioatdma;Intel® QuickData Technology device;c:\windows\System32\Drivers\ioatdma.sys [2009-11-16 46792] S0 johci;JMicron 1394 Filter Driver;c:\windows\system32\DRIVERS\johci.sys [2010-08-24 25688] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2007-05-01 52856] S0 RapportKE64;RapportKE64;c:\windows\System32\Drivers\RapportKE64.sys [2011-11-07 63760] S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 17720] S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864] S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2010-04-22 27736] S1 RapportCerberus_43926;RapportCerberus_43926;c:\programdata\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-23 505720] S1 RapportEI64;RapportEI64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-07 55056] S1 RapportPG64;RapportPG64;c:\program files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-07 61712] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-05-14 759048] S2 AdvancedSystemCareService6;Advanced SystemCare Service 6;c:\program files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2013-01-15 465216] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640] S2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2011-04-25 136576] S2 IMFservice;IMF Service;c:\program files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2012-01-09 821592] S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256] S3 HECIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-16 428136] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-03-30 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 18:05] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184] . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService FontCache . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm uInternet Settings,ProxyOverride = *.local mSearchAssistant = IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office14\ONBttnIE.dll/105 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\ FF - prefs.js: browser.startup.homepage - www.tiscali.co.uk FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2012-05-22 18:50; linkfilter@kaspersky.ru; c:\program files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - . Toolbar-Locked - (no file) Wow6432Node-HKLM-Run-<NO NAME> - (no file) SafeBoot-SolutoService HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start Toolbar-Locked - (no file) . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.032" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.abr" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ani" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.arw" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bay" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bmp" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bw" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bwf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bwf" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cel\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cel" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cr2" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.crw" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cs1" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cur" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dcr" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dcx" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dib" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.djv" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.djvu" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dng" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.emf" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.eps" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.erf" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fff" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.flc" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fli\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fli" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fpx" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.gif" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.hdr" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.icl" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.icn" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.iff" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ilbm" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.int" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.inta" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.iw4" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.j2c" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.j2k" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jbr" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jfif" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jif" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jp2" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpc" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpe" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpeg" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpg" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpk" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpx" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kar\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.kar" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.kdc" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.lbm" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m15\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.m15" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.m1a" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2a\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.m2a" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m75\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.m75" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mef" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mos" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mpv" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mrw" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.nef" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.orf" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pbm" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pbr" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pcd" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pct" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pcx" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pef" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pgm" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pic" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pics\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pics" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pict" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pix" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.png" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ppm" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.psd" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.psp" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pspbrush" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pspimage" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qcp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.qcp" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qtpf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.qtpf" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.raf" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ras" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.raw" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rgb" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rgba" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rle" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rsb" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rw2" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sdv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sdv" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sfil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sfil" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sgi" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.smf" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.smi" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.smil\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.smil" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sml" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sr2" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.srf" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.swa\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.swa" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tga" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.thm" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tif" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.tiff" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ttc" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ttf" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ulw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ulw" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vfw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.vfw" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wbm" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wbmp" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wmf" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xbm" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xif" . [HKEY_USERS\S-1-5-21-1763247867-1763741188-780871625-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xpm" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe c:\windows\SysWOW64\IoctlSvc.exe c:\windows\SysWOW64\PSIService.exe c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe . ************************************************************************** . Completion time: 2013-03-30 19:10:52 - machine was rebooted ComboFix-quarantined-files.txt 2013-03-30 19:10 . Pre-Run: 848,543,199,232 bytes free Post-Run: 848,480,759,808 bytes free . - - End Of File - - 548C2FEC84508A761DD8BD194A0A6A6B
  7. HI Gringo here are other 2 reps ADW # AdwCleaner v2.115 - Logfile created 03/30/2013 at 11:54:29 # Updated 17/03/2013 by Xplode # Operating system : Windows 7 Home Premium Service Pack 1 (64 bits) # User : kenmaniow - KENMANIOW-PC # Boot Mode : Normal # Running from : C:\music\wav\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrch.xml File Deleted : C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\searchplugins\Conduit.xml File Deleted : C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\searchplugins\delta.xml File Deleted : C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\searchplugins\Web Search.xml Folder Deleted : C:\Program Files (x86)\Conduit Folder Deleted : C:\ProgramData\Babylon Folder Deleted : C:\ProgramData\blekko toolbars Folder Deleted : C:\ProgramData\Tarma Installer Folder Deleted : C:\Users\kenmaniow\AppData\Local\Conduit Folder Deleted : C:\Users\kenmaniow\AppData\Local\PackageAware Folder Deleted : C:\Users\kenmaniow\AppData\LocalLow\Conduit Folder Deleted : C:\Users\kenmaniow\AppData\Roaming\Babylon Folder Deleted : C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\Conduit Folder Deleted : C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\ConduitCommon Folder Deleted : C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\CT2680363 Folder Deleted : C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3} Folder Deleted : C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\jetpack Folder Deleted : C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\Smartbar Folder Deleted : C:\Users\kenmaniow\AppData\Roaming\OpenCandy ***** [Registry] ***** Key Deleted : HKCU\Software\1ClickDownload Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar Key Deleted : HKCU\Software\BabylonToolbar Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\DataMngr Key Deleted : HKCU\Software\DataMngr_Toolbar Key Deleted : HKCU\Software\Iminent Key Deleted : HKCU\Software\InstallCore Key Deleted : HKCU\Software\SmartBar Key Deleted : HKCU\Software\59558bdee03abd43 Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E} Key Deleted : HKLM\Software\Babylon Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994} Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\DataMngr Key Deleted : HKLM\Software\Freeze.com Key Deleted : HKLM\Software\Iminent Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\facemoodssrv_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASAPI32 Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IminentSetup_RASMANCS Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88} Key Deleted : HKLM\SOFTWARE\Wow6432Node\59558bdee03abd43 Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5} Key Deleted : HKLM\SOFTWARE\Tarma Installer Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}] ***** [internet Browsers] ***** -\\ Internet Explorer v10.0.9200.16521 [OK] Registry is clean. -\\ Mozilla Firefox v19.0.2 (en-GB) File : C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\prefs.js C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\user.js ... Deleted ! Deleted : user_pref("CT2680363..clientLogIsEnabled", false); Deleted : user_pref("CT2680363..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2680363..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2680363.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2680363.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2680363.AppTrackingLastCheckTime", "Tue Aug 14 2012 15:50:34 GMT+0100 (GMT Daylight Tim[...] Deleted : user_pref("CT2680363.CT2680363", "CT2680363"); Deleted : user_pref("CT2680363.CurrentServerDate", "24-3-2013"); Deleted : user_pref("CT2680363.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2680363.DialogsGetterLastCheckTime", "Fri Mar 29 2013 09:03:20 GMT+0000 (GMT Standard T[...] Deleted : user_pref("CT2680363.DownloadReferralCookieData", ""); Deleted : user_pref("CT2680363.EMailNotifierCheckInterval", "5"); Deleted : user_pref("CT2680363.EMailNotifierPollDate", "Sun Jan 22 2012 18:21:52 GMT+0000 (GMT Standard Time)"[...] Deleted : user_pref("CT2680363.EMailNotifierSound", "NONE"); Deleted : user_pref("CT2680363.EnableClickToSearchBox", false); Deleted : user_pref("CT2680363.EnableSearchHistory", false); Deleted : user_pref("CT2680363.EnableSearchSuggest", false); Deleted : user_pref("CT2680363.ExternalComponentPollDate129221960058849484", "Mon Dec 19 2011 18:35:18 GMT+000[...] Deleted : user_pref("CT2680363.ExternalComponentPollDate129222078068706850", "Sun Jan 22 2012 10:58:24 GMT+000[...] Deleted : user_pref("CT2680363.ExternalComponentPollDate129228979092089554", "Sat Oct 27 2012 19:13:48 GMT+010[...] Deleted : user_pref("CT2680363.ExternalComponentPollDate129243777123493394", "Sun Jan 22 2012 10:48:24 GMT+000[...] Deleted : user_pref("CT2680363.ExternalComponentPollDate129308349891594152", "Sun Jan 22 2012 11:02:25 GMT+000[...] Deleted : user_pref("CT2680363.ExternalComponentPollDate129362183886169315", "Tue Dec 13 2011 17:26:30 GMT+000[...] Deleted : user_pref("CT2680363.ExternalComponentPollDate129688838925307332", "Thu Dec 22 2011 13:51:00 GMT+000[...] Deleted : user_pref("CT2680363.ExternalComponentPollDate129688842010768035", "Sat Oct 27 2012 19:13:48 GMT+010[...] Deleted : user_pref("CT2680363.FirstServerDate", "27-5-2011"); Deleted : user_pref("CT2680363.FirstTime", true); Deleted : user_pref("CT2680363.FirstTimeFF3", true); Deleted : user_pref("CT2680363.FixPageNotFoundErrors", false); Deleted : user_pref("CT2680363.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2680363.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2680363.HasUserGlobalKeys", true); Deleted : user_pref("CT2680363.HomePageProtectorEnabled", false); Deleted : user_pref("CT2680363.Initialize", true); Deleted : user_pref("CT2680363.InitializeCommonPrefs", true); Deleted : user_pref("CT2680363.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2680363.InstalledDate", "Fri May 27 2011 19:12:53 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2680363.IsAlertDBUpdated", true); Deleted : user_pref("CT2680363.IsGrouping", false); Deleted : user_pref("CT2680363.IsMulticommunity", false); Deleted : user_pref("CT2680363.IsOpenThankYouPage", true); Deleted : user_pref("CT2680363.IsOpenUninstallPage", true); Deleted : user_pref("CT2680363.LanguagePackLastCheckTime", "Fri Mar 29 2013 09:03:20 GMT+0000 (GMT Standard Ti[...] Deleted : user_pref("CT2680363.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2680363.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2680363.LastLogin_3.10.0.1", "Fri Apr 20 2012 13:50:50 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2680363.LastLogin_3.12.0.7", "Wed May 09 2012 21:16:40 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2680363.LastLogin_3.12.2.3", "Sun Jun 03 2012 07:42:10 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2680363.LastLogin_3.13.0.6", "Sun Jul 15 2012 19:08:59 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2680363.LastLogin_3.14.1.0", "Fri Aug 24 2012 08:29:07 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2680363.LastLogin_3.15.1.0", "Fri Nov 09 2012 13:57:23 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2680363.LastLogin_3.16.0.3", "Sun Feb 10 2013 11:08:35 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2680363.LastLogin_3.18.0.7", "Fri Mar 29 2013 09:03:20 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2680363.LastLogin_3.3.3.2", "Sat Jun 25 2011 19:04:16 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2680363.LastLogin_3.5.0.12", "Mon Aug 15 2011 18:35:23 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2680363.LastLogin_3.6.0.10", "Sun Aug 28 2011 18:16:10 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT2680363.LastLogin_3.7.0.6", "Mon Nov 07 2011 17:18:30 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2680363.LastLogin_3.8.0.8", "Thu Nov 24 2011 18:43:16 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2680363.LastLogin_3.8.1.0", "Mon Jan 09 2012 19:32:56 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2680363.LastLogin_3.9.0.3", "Fri Mar 09 2012 14:31:44 GMT+0000 (GMT Standard Time)"); Deleted : user_pref("CT2680363.LatestVersion", "3.18.0.7"); Deleted : user_pref("CT2680363.Locale", "en"); Deleted : user_pref("CT2680363.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2680363.MCDetectTooltipShow", false); Deleted : user_pref("CT2680363.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2680363.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2680363.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2680363.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT2680363.SearchBackToDefaultEngine", false); Deleted : user_pref("CT2680363.SearchBoxWidth", 150); Deleted : user_pref("CT2680363.SearchEngine", "Adventurer's%20Log||hxxp://www.runescape.com/redirect.ws?mod=ad[...] Deleted : user_pref("CT2680363.SearchEngineBeforeUnload", "RuneScape Customized Web Search"); Deleted : user_pref("CT2680363.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2680363.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT268[...] Deleted : user_pref("CT2680363.SearchInNewTabEnabled", true); Deleted : user_pref("CT2680363.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2680363.SearchInNewTabLastCheckTime", "Fri Mar 29 2013 09:03:08 GMT+0000 (GMT Standard [...] Deleted : user_pref("CT2680363.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2680363.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT2680363.SearchInNewTabUserEnabled", false); Deleted : user_pref("CT2680363.SearchProtectorEnabled", false); Deleted : user_pref("CT2680363.SearchProtectorToolbarDisabled", false); Deleted : user_pref("CT2680363.ServiceMapLastCheckTime", "Fri Mar 29 2013 09:03:20 GMT+0000 (GMT Standard Time[...] Deleted : user_pref("CT2680363.SettingsLastCheckTime", "Fri Mar 29 2013 09:03:08 GMT+0000 (GMT Standard Time)"[...] Deleted : user_pref("CT2680363.SettingsLastUpdate", "1364109299"); Deleted : user_pref("CT2680363.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2680363.ThirdPartyComponentsLastCheck", "Fri Oct 19 2012 12:26:53 GMT+0100 (GMT Dayligh[...] Deleted : user_pref("CT2680363.ThirdPartyComponentsLastUpdate", "1331805997"); Deleted : user_pref("CT2680363.ToolbarDisabled", false); Deleted : user_pref("CT2680363.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2680363"); Deleted : user_pref("CT2680363.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2680363.UserID", "UN71283764062202168"); Deleted : user_pref("CT2680363.ValidationData_Search", 2); Deleted : user_pref("CT2680363.ValidationData_Toolbar", 2); Deleted : user_pref("CT2680363.alertChannelId", "1072794"); Deleted : user_pref("CT2680363.approveUntrustedApps", true); Deleted : user_pref("CT2680363.components.1000", false); Deleted : user_pref("CT2680363.components.1000034", false); Deleted : user_pref("CT2680363.components.1001", true); Deleted : user_pref("CT2680363.components.129222078068706850", false); Deleted : user_pref("CT2680363.components.129243777123493394", false); Deleted : user_pref("CT2680363.components.129308349891594152", false); Deleted : user_pref("CT2680363.components.129681484474800181", false); Deleted : user_pref("CT2680363.components.309887677762704", false); Deleted : user_pref("CT2680363.components.5567654423577676934", false); Deleted : user_pref("CT2680363.components.5567654435776682311", false); Deleted : user_pref("CT2680363.components.6344014529820961218", false); Deleted : user_pref("CT2680363.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2680363.globalFirstTimeInfoLastCheckTime", "Thu Oct 18 2012 07:17:58 GMT+0100 (GMT Dayl[...] Deleted : user_pref("CT2680363.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2680363.initDone", true); Deleted : user_pref("CT2680363.isAppTrackingManagerOn", false); Deleted : user_pref("CT2680363.myStuffEnabled", true); Deleted : user_pref("CT2680363.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2680363.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2680363.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2680363.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2680363.oldAppsList", "129217750664239615,129217750664239616,111,129240097234456939,129[...] Deleted : user_pref("CT2680363.revertSettingsEnabled", true); Deleted : user_pref("CT2680363.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2680363.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2680363.testingCtid", ""); Deleted : user_pref("CT2680363.toolbarAppMetaDataLastCheckTime", "Fri Mar 29 2013 09:03:20 GMT+0000 (GMT Stand[...] Deleted : user_pref("CT2680363.toolbarContextMenuLastCheckTime", "Fri Oct 19 2012 12:35:44 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CT2680363.usageEnabled", false); Deleted : user_pref("CT2680363.usagesFlag", 2); Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1348764733,\"uuid\":814967234088652,\"seq_id\":4,\"ss[...] Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...] Deleted : user_pref("CT3220468.FirstTime", "true"); Deleted : user_pref("CT3220468.FirstTimeFF3", "true"); Deleted : user_pref("CT3220468.UserID", "UN47945961287924765"); Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true"); Deleted : user_pref("CT3220468.autoDisableScopes", -1); Deleted : user_pref("CT3220468.cb_experience_000", "3"); Deleted : user_pref("CT3220468.cb_firstuse0100", "1"); Deleted : user_pref("CT3220468.cbcountry_001", "GB"); Deleted : user_pref("CT3220468.cbfirsttime", "Wed Sep 19 2012 18:47:48 GMT+0100 (GMT Daylight Time)"); Deleted : user_pref("CT3220468.defaultSearch", "FALSE"); Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...] Deleted : user_pref("CT3220468.enableAlerts", "always"); Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE"); Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundError", "true"); Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true"); Deleted : user_pref("CT3220468.fixUrls", true); Deleted : user_pref("CT3220468.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...] Deleted : user_pref("CT3220468.installId", "fft4146.tmp.exe"); Deleted : user_pref("CT3220468.installType", "XPE"); Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.isNewTabEnabled", true); Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true"); Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}"); Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"short\",\"EB_MAIN_FRAME_URL\":\"[...] Deleted : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.openThankYouPage", "true"); Deleted : user_pref("CT3220468.openUninstallPage", "FALSE"); Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747"); Deleted : user_pref("CT3220468.search.searchCount", "0"); Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true"); Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}"); Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...] Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...] Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...] Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348076854194"); Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1348764848647"); Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348215008794"); Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348835334946"); Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348215008727"); Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1348764849329"); Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1348764848069"); Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348215008761"); Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1348835333130"); Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1348764848397"); Deleted : user_pref("CT3220468.settingsINI", true); Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false"); Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468"); Deleted : user_pref("CT3220468.smartbar.Uninstall", "0"); Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 "); Deleted : user_pref("CT3220468.toolbarBornServerTime", "19-9-2012"); Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "28-9-2012"); Deleted : user_pref("CT3220468.url_history0001", "hxxp://www.sportsdirect.com/ladies/ladies-jackets-and-coats?[...] Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2680363"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2680363/CT2680363[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1072794/1068498/UK", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2680363", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2680363",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2680363&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2680363/CT2680363[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4be[...] Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\kenmaniow\\AppData\\Roaming\\Mozill[...] Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", ""); Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2680363"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2680363"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 27 2011 19:12:51 GMT+01[...] Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true); Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jun 25 2011 20:13:57 GMT+0100 (GMT D[...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jun 25 2011 20:17:20 GMT+0100 (GMT Dayli[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "5d66eea0-c3b9-4784-8881-173f3e0dcea9"); Deleted : user_pref("CommunityToolbar.globalUserId", "daf69694-bc5a-4611-9cbf-821beca24416"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Oct 22 2012 19:50:4[...] Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true); Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Oct 27 2012 19:13:56 GMT+010[...] Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Oct 27 2012 19:13:48 GMT+0100 (G[...] Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.notifications.userId", "391f2aa6-c78c-411b-a602-c46086ee511a"); Deleted : user_pref("browser.search.defaultthis.engineName", "RuneScape Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&Sea[...] Deleted : user_pref("browser.search.selectedEngine", "Delta Search"); Deleted : user_pref("extensions.facemoods.DNSErrUrl", "hxxp://start.facemoods.com/?a=grupo&f=5"); Deleted : user_pref("extensions.facemoods.aflt", "grupo"); Deleted : user_pref("extensions.facemoods.dfltSrch", true); Deleted : user_pref("extensions.facemoods.dfltSrchPrvdr", "Facemoods Search"); Deleted : user_pref("extensions.facemoods.dnsErr", true); Deleted : user_pref("extensions.facemoods.firstRun", true); Deleted : user_pref("extensions.facemoods.hmpg", true); Deleted : user_pref("extensions.facemoods.hmpgUrl", "hxxp://start.facemoods.com/?a=grupo"); Deleted : user_pref("extensions.facemoods.id", "2ce7d6a2000000000000d02788153747"); Deleted : user_pref("extensions.facemoods.instlDay", "15312"); Deleted : user_pref("extensions.facemoods.mntz", ""); Deleted : user_pref("extensions.facemoods.newTab", true); Deleted : user_pref("extensions.facemoods.newTabUrl", "hxxp://start.facemoods.com/?a=grupo&f=2"); Deleted : user_pref("extensions.facemoods.prtnrId", "facemoods.com"); Deleted : user_pref("extensions.facemoods.searchProviderAdded", true); Deleted : user_pref("extensions.facemoods.sid", "ffcce12534f0438e831f93f6d47f7a35"); Deleted : user_pref("extensions.facemoods.tlbrSrchUrl", "hxxp://start.facemoods.com/?a=grupo&f=3"); Deleted : user_pref("extensions.facemoods.vrsn", "1.4.17.11"); Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false); Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false); -\\ Google Chrome v [unable to get version] File : C:\Users\kenmaniow\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. -\\ Opera v [unable to get version] File : C:\Users\kenmaniow\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] File is clean. ************************* AdwCleaner[s1].txt - [31240 octets] - [30/03/2013 11:54:29] ########## EOF - C:\AdwCleaner[s1].txt - [31301 octets] ########## Rogue Killer RogueKiller V8.5.4 _x64_ [Mar 18 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version Started in : Normal mode User : kenmaniow [Admin rights] Mode : Remove -- Date : 03/30/2013 12:03:54 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> REPLACED (1) [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0) [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Particular Files / Folders: ¤¤¤ ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\windows\system32\drivers\etc\hosts ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: Hitachi HDS721010CLA332 ATA Device +++++ --- User --- [MBR] 49cf153a8e77c6f192501a320f44a4d4 [bSP] e52148441532b1ae07a75d3fc429dd28 : Windows 7/8 MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 11240 Mo 1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 23021568 | Size: 942627 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[2]_D_03302013_02d1203.txt >> RKreport[1]_S_03302013_02d1202.txt ; RKreport[2]_D_03302013_02d1203.txt
  8. Hi Gringo Here we go then Security check log Results of screen317's Security Check version 0.99.61 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Windows Firewall Disabled! Kaspersky Internet Security Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.70.0.1100 JavaFX 2.1.1 Java 7 Update 17 Adobe Flash Player 11.6.602.180 Adobe Reader 10.1.6 Adobe Reader out of Date! Mozilla Firefox (19.0.2) Google Chrome 24.0.1312.56 Google Chrome 24.0.1312.57 ````````Process Check: objlist.exe by Laurent```````` IObit IObit Malware Fighter IMFsrv.exe IObit IObit Malware Fighter IMF.exe Kaspersky Lab Kaspersky Internet Security 2012 avp.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 2% ````````````````````End of Log`````````````````````` will run other 2 and post
  9. Hi I was directed this way by Daledoc please see attached DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 10.0.9200.16521 BrowserJavaVersion: 10.17.2 Run by kenmaniow at 14:23:48 on 2013-03-29 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.8151.5316 [GMT 0:00] . AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984} SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: IObit Malware Fighter *Disabled/Updated* {A751AC20-3B48-5237-898A-78C4436BB78D} FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF} . ============== Running Processes =============== . C:\windows\system32\lsm.exe C:\windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe C:\windows\system32\svchost.exe -k RPCSS C:\windows\system32\atiesrxx.exe C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\windows\system32\svchost.exe -k LocalService C:\windows\system32\svchost.exe -k netsvcs C:\windows\system32\svchost.exe -k GPSvcGroup C:\windows\system32\atieclxx.exe C:\windows\system32\svchost.exe -k NetworkService C:\windows\System32\spoolsv.exe C:\windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\Seagate\Basics\Service\SyncServicesBasics.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\windows\SysWOW64\IoctlSvc.exe C:\windows\SysWOW64\PSIService.exe C:\Program Files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe C:\windows\system32\svchost.exe -k imgsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\windows\system32\taskhost.exe C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\windows\System32\rundll32.exe C:\windows\system32\Dwm.exe C:\windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\windows\System32\svchost.exe -k LocalServicePeerNet C:\windows\system32\SearchIndexer.exe C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe C:\windows\system32\SearchProtocolHost.exe C:\windows\System32\svchost.exe -k secsvcs C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe C:\windows\system32\taskhost.exe C:\windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtblfs.exe C:\PROGRAM FILES (X86)\EPSON SOFTWARE\EVENT MANAGER\EEVENTMANAGER.EXE C:\PROGRAM FILES\MICROSOFT INTELLITYPE PRO\ITYPE.EXE C:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\Users\kenmaniow\AppData\Local\Google\Chrome\Application\chrome.exe C:\windows\system32\wbem\wmiprvse.exe C:\windows\system32\vssvc.exe C:\windows\System32\svchost.exe -k swprv C:\windows\system32\SearchFilterHost.exe C:\windows\system32\wuauclt.exe C:\windows\system32\SearchProtocolHost.exe c:\program files\windows defender\MpCmdRun.exe C:\windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uDefault_Page_URL = hxxp://nmd.msn.com mWinlogon: Userinit = userinit.exe, BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned> BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> uRun: [EPSON Stylus Photo R220 Series] C:\windows\System32\spool\DRIVERS\x64\3\E_IATIAIA.EXE /FU "C:\windows\TEMP\E_S9897.tmp" /EF "HKCU" uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [iObit Malware Fighter] "C:\Program Files (x86)\IObit\IObit Malware Fighter\IMF.exe" /autostart mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-Explorer: NoDriveTypeAutoRun = dword:28 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Add to Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {924B4927-D3BA-41EA-9F7E-8A89194AB3AC} - hxxp://panda-plugin.disney.go.com/plugin/win32/p3dactivex.cab DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{022AA692-04DA-451A-8519-E1894DA96E65} : DHCPNameServer = 192.168.1.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-mWinlogon: Userinit = C:\windows\System32\userinit.exe x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-BHO: {AA58ED58-01DD-4d91-8333-CF10577473F7} - <orphaned> x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll x64-TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Program Files (x86)\Epson Software\Easy Photo Print\EPTBL.dll x64-TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file> x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-Notify: klogon - C:\windows\System32\klogon.dll x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Delta Search FF - prefs.js: browser.startup.homepage - www.tiscali.co.uk FF - prefs.js: network.proxy.type - 0 FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll FF - plugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Users\kenmaniow\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll FF - plugin: C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\extensions\{a8864317-e18b-4292-99d9-e6e65ab905d3}\plugins\np-mswmp.dll FF - plugin: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll FF - plugin: C:\windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\windows\SysWOW64\npmproxy.dll FF - ExtSQL: 2013-03-29 09:50; ffxtlbr@delta.com; C:\Users\kenmaniow\AppData\Roaming\Mozilla\Firefox\Profiles\df9lq9ag.default\extensions\ffxtlbr@delta.com FF - ExtSQL: !HIDDEN! 2012-05-22 18:50; linkfilter@kaspersky.ru; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\FFExt\linkfilter@kaspersky.ru . ---- FIREFOX POLICIES ---- * * * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * To make a manual change to preferences, you can visit the URL about:config */ # Mozilla User Preferences /* Do not edit this file. FF - user.js: accessibility.typeaheadfind.flashBar - 0 FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1314558209 FF - user.js: app.update.lastUpdateTime.background-update-timer - 1314558449 FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1314558329 FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313775133 FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304101778 FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1314551887 FF - user.js: browser.anchor_color - #0000FF FF - user.js: browser.cache.disk.capacity - 1048576 FF - user.js: browser.cache.disk.smart_size.first_run - false FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576 FF - user.js: browser.cache.memory.capacity - 65536 FF - user.js: browser.chrome.favicons - false FF - user.js: browser.display.background_color - #C0C0C0 FF - user.js: browser.display.show_image_placeholders - true FF - user.js: browser.display.use_system_colors - true FF - user.js: browser.download.dir - C:\\music\\wav FF - user.js: browser.download.folderList - 2 FF - user.js: browser.history_expire_days.mirror - 180 FF - user.js: browser.migration.version - 5 FF - user.js: browser.places.smartBookmarksVersion - 2 FF - user.js: browser.privatebrowsing.autostart - true FF - user.js: browser.rights.3.shown - true FF - user.js: browser.search.defaultenginename - Yahoo FF - user.js: browser.search.defaultthis.engineName - RuneScape Customized Web Search FF - user.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=3&q={searchTerms} FF - user.js: browser.search.param.yahoo-fr - chr-greentree_ff&type=382950 FF - user.js: browser.search.selectedEngine - Yahoo FF - user.js: browser.sessionstore.resume_session_once - true FF - user.js: browser.shell.checkDefaultBrowser - false FF - user.js: browser.startup.homepage - hxxp://www.talktalk.co.uk/ FF - user.js: browser.startup.homepage_override.buildID - 20110811165603 FF - user.js: browser.startup.homepage_override.mstone - rv:6.0 FF - user.js: browser.tabs.warnOnClose - false FF - user.js: browser.taskbar.lastgroupid - Mozilla.Firefox.6.0 FF - user.js: browser.turbo.enabled - true FF - user.js: browser.urlbar.autocomplete.enabled - true FF - user.js: browser.urlbar.autofill - true FF - user.js: browser.visited_color - #800080 FF - user.js: browser.xul.error_pages.enabled - true FF - user.js: CommunityToolbar.alert.alertDialogsGetterLastCheckTime - Fri May 27 2011 19:12:51 GMT+0100 (GMT Daylight Time) FF - user.js: CommunityToolbar.alert.alertEnabled - true FF - user.js: CommunityToolbar.alert.alertInfoInterval - 1440 FF - user.js: CommunityToolbar.alert.alertInfoLastCheckTime - Sat Jun 25 2011 20:13:57 GMT+0100 (GMT Daylight Time) FF - user.js: CommunityToolbar.alert.clientsServerUrl - hxxp://alert.client.conduit.com FF - user.js: CommunityToolbar.alert.locale - en FF - user.js: CommunityToolbar.alert.loginIntervalMin - 1440 FF - user.js: CommunityToolbar.alert.loginLastCheckTime - Sat Jun 25 2011 20:17:20 GMT+0100 (GMT Daylight Time) FF - user.js: CommunityToolbar.alert.loginLastUpdateTime - 1305622559 FF - user.js: CommunityToolbar.alert.messageShowTimeSec - 20 FF - user.js: CommunityToolbar.alert.servicesServerUrl - hxxp://alert.services.conduit.com FF - user.js: CommunityToolbar.alert.showTrayIcon - false FF - user.js: CommunityToolbar.alert.userCloseIntervalMin - 300 FF - user.js: CommunityToolbar.alert.userId - 5d66eea0-c3b9-4784-8881-173f3e0dcea9 FF - user.js: CommunityToolbar.CantToolbarBeEngineOwner - CT2680363 FF - user.js: CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1072794/1068498/UK - \0\ FF - user.js: CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2680363 - \0\ FF - user.js: CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en - wVmmvqqOMqrv5xct1cJIHg== FF - user.js: CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en - 0uSPYx+Kl2jpu8sJZMeHjw== FF - user.js: CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en - Dclc8oo4TTv7+mAkSlUSWg== FF - user.js: CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en - K4Vqu91uAzWURlxJRdXJOg== FF - user.js: CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg - \07879643d3acc1:0\ FF - user.js: CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2 - \07b2625f8cb1:0\ FF - user.js: CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12 - \8028f138140cc1:0\ FF - user.js: CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10 - \80ee9485875dcc1:0\ FF - user.js: CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2680363 - \634501322816130000\ FF - user.js: CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2680363&octid=CT2680363 - \1314515416\ FF - user.js: CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2680363/CT2680363 - \1311168834\ FF - user.js: CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en - \634492029952000000\ FF - user.js: CommunityToolbar.globalUserId - daf69694-bc5a-4611-9cbf-821beca24416 FF - user.js: CommunityToolbar.isAlertUrlAddedToFeedItemTable - true FF - user.js: CommunityToolbar.isClickActionAddedToFeedItemTable - true FF - user.js: CommunityToolbar.LatestLibsPath - file:///C:\\Users\\kenmaniow\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\df9lq9ag.default\\conduitCommon\\modules\\3.6.0.10 FF - user.js: CommunityToolbar.LatestToolbarVersionInstalled - 3.6.0.10 FF - user.js: CommunityToolbar.notifications.alertDialogsGetterLastCheckTime - Sun Aug 28 2011 19:14:36 GMT+0100 (GMT Daylight Time) FF - user.js: CommunityToolbar.notifications.alertEnabled - true FF - user.js: CommunityToolbar.notifications.alertInfoInterval - 1440 FF - user.js: CommunityToolbar.notifications.alertInfoLastCheckTime - Sun Aug 28 2011 20:01:41 GMT+0100 (GMT Daylight Time) FF - user.js: CommunityToolbar.notifications.clientsServerUrl - hxxp://alert.client.conduit.com FF - user.js: CommunityToolbar.notifications.locale - en FF - user.js: CommunityToolbar.notifications.loginIntervalMin - 1440 FF - user.js: CommunityToolbar.notifications.loginLastCheckTime - Sun Aug 28 2011 20:01:32 GMT+0100 (GMT Daylight Time) FF - user.js: CommunityToolbar.notifications.loginLastUpdateTime - 1313487611 FF - user.js: CommunityToolbar.notifications.messageShowTimeSec - 20 FF - user.js: CommunityToolbar.notifications.servicesServerUrl - hxxp://alert.services.conduit.com FF - user.js: CommunityToolbar.notifications.showTrayIcon - false FF - user.js: CommunityToolbar.notifications.userCloseIntervalMin - 300 FF - user.js: CommunityToolbar.notifications.userId - 391f2aa6-c78c-411b-a602-c46086ee511a FF - user.js: CommunityToolbar.SearchFromAddressBarSavedUrl - FF - user.js: CommunityToolbar.ToolbarsList - CT2680363 FF - user.js: CommunityToolbar.ToolbarsList2 - CT2680363 FF - user.js: content.interrupt.parsing - true FF - user.js: content.max.tokenizing.time - 2250000 FF - user.js: content.maxtextrun - 8191 FF - user.js: content.notify.backoffcount - 5 FF - user.js: content.notify.interval - 750000 FF - user.js: content.notify.ontimer - true FF - user.js: content.switch.threshold - 750000 FF - user.js: CT2680363..clientLogIsEnabled - false FF - user.js: CT2680363..clientLogServiceUrl - hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent FF - user.js: CT2680363..uninstallLogServiceUrl - hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation FF - user.js: CT2680363.AboutPrivacyUrl - hxxp://www.conduit.com/privacy/Default.aspx FF - user.js: CT2680363.alertChannelId - 1072794 FF - user.js: CT2680363.approveUntrustedApps - true FF - user.js: CT2680363.AppTrackingLastCheckTime - Fri Aug 26 2011 10:01:39 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.components.1000 - false FF - user.js: CT2680363.components.1000034 - true FF - user.js: CT2680363.components.1001 - true FF - user.js: CT2680363.CT2680363 - CT2680363 FF - user.js: CT2680363.CurrentServerDate - 28-8-2011 FF - user.js: CT2680363.DialogsAlignMode - LTR FF - user.js: CT2680363.DialogsGetterLastCheckTime - Sun Aug 28 2011 20:42:52 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.DownloadReferralCookieData - FF - user.js: CT2680363.EMailNotifierPollDate - Sun Aug 28 2011 20:56:34 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.EnableClickToSearchBox - false FF - user.js: CT2680363.EnableSearchHistory - false FF - user.js: CT2680363.EnableSearchSuggest - false FF - user.js: CT2680363.ExternalComponentPollDate129221960058849484 - Sun Aug 28 2011 19:16:16 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.ExternalComponentPollDate129222078068706850 - Sun Aug 28 2011 20:51:34 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.ExternalComponentPollDate129228979092089554 - Sun Aug 28 2011 18:16:10 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.ExternalComponentPollDate129243777123493394 - Sun Aug 28 2011 20:31:34 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.ExternalComponentPollDate129308349891594152 - Sun Aug 28 2011 20:59:34 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.ExternalComponentPollDate129362183886169315 - Sun Aug 28 2011 20:59:34 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.FirstServerDate - 27-5-2011 FF - user.js: CT2680363.FirstTime - true FF - user.js: CT2680363.FirstTimeFF3 - true FF - user.js: CT2680363.FixPageNotFoundErrors - false FF - user.js: CT2680363.generalConfigFromLogin - {\ApiMaxAlerts\:\12\,\SocialDomains\:\social.conduit.com;apps.conduit.com;services.apps.conduit.com\,\AppsDetectionUrlPattern\:\hxxp://appdownload.conduit.com/\,\RevertSettingsEnabled\:\FALSE\} FF - user.js: CT2680363.globalFirstTimeInfoLastCheckTime - Sun Aug 28 2011 18:16:10 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.GroupingServerCheckInterval - 1440 FF - user.js: CT2680363.GroupingServiceUrl - hxxp://grouping.services.conduit.com/ FF - user.js: CT2680363.HasUserGlobalKeys - true FF - user.js: CT2680363.homepageProtectorEnableByLogin - true FF - user.js: CT2680363.HomePageProtectorEnabled - false FF - user.js: CT2680363.initDone - true FF - user.js: CT2680363.Initialize - true FF - user.js: CT2680363.InitializeCommonPrefs - true FF - user.js: CT2680363.InstallationAndCookieDataSentCount - 3 FF - user.js: CT2680363.InstalledDate - Fri May 27 2011 19:12:53 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.IsAlertDBUpdated - true FF - user.js: CT2680363.isAppTrackingManagerOn - true FF - user.js: CT2680363.IsGrouping - false FF - user.js: CT2680363.IsMulticommunity - false FF - user.js: CT2680363.IsOpenThankYouPage - true FF - user.js: CT2680363.IsOpenUninstallPage - true FF - user.js: CT2680363.LanguagePackLastCheckTime - Sun Aug 28 2011 20:01:33 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.LanguagePackReloadIntervalMM - 1440 FF - user.js: CT2680363.LanguagePackServiceUrl - hxxp://translation.users.conduit.com/Translation.ashx FF - user.js: CT2680363.LastLogin_3.3.3.2 - Sat Jun 25 2011 19:04:16 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.LastLogin_3.5.0.12 - Mon Aug 15 2011 18:35:23 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.LastLogin_3.6.0.10 - Sun Aug 28 2011 18:16:10 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.LatestVersion - 3.6.0.10 FF - user.js: CT2680363.Locale - en FF - user.js: CT2680363.MCDetectTooltipHeight - 83 FF - user.js: CT2680363.MCDetectTooltipShow - false FF - user.js: CT2680363.MCDetectTooltipUrl - hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1 FF - user.js: CT2680363.MCDetectTooltipWidth - 295 FF - user.js: CT2680363.myStuffEnabled - true FF - user.js: CT2680363.MyStuffEnabledAtInstallation - true FF - user.js: CT2680363.myStuffPublihserMinWidth - 400 FF - user.js: CT2680363.myStuffSearchUrl - hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID FF - user.js: CT2680363.myStuffServiceIntervalMM - 1440 FF - user.js: CT2680363.myStuffServiceUrl - hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT FF - user.js: CT2680363.oldAppsList - 129217750664239615,129217750664239616,111,129240097234456939,129221960058849484,129228979092089554,129222078068706850,129243777123493394,129308349891594152,129362183886169315,1000034,1000080,1000082,1000234,1000515,1000,1001,1002,1003,1004,1005,1006,1007,1008,1009,1010,1011,1012 FF - user.js: CT2680363.SearchBackToDefaultEngine - false FF - user.js: CT2680363.SearchEngine - Adventurer's%20Log||hxxp://www.runescape.com/redirect.ws?mod=adventurers-log&ssl=0&dest=display_player_profile.ws%3FsearchName%3DUCM_SEARCH_TERM FF - user.js: CT2680363.SearchEngineBeforeUnload - RuneScape Customized Web Search FF - user.js: CT2680363.SearchFromAddressBarIsInit - true FF - user.js: CT2680363.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2680363&SearchSource=2&q= FF - user.js: CT2680363.SearchInNewTabEnabled - true FF - user.js: CT2680363.SearchInNewTabIntervalMM - 1440 FF - user.js: CT2680363.SearchInNewTabLastCheckTime - Sun Aug 28 2011 20:01:32 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.SearchInNewTabServiceUrl - hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID FF - user.js: CT2680363.SearchInNewTabUsageUrl - hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID FF - user.js: CT2680363.SearchInNewTabUserEnabled - false FF - user.js: CT2680363.searchProtectorDialogDelayInSec - 10 FF - user.js: CT2680363.searchProtectorEnableByLogin - true FF - user.js: CT2680363.SearchProtectorEnabled - false FF - user.js: CT2680363.SearchProtectorToolbarDisabled - false FF - user.js: CT2680363.ServiceMapLastCheckTime - Sun Aug 28 2011 20:01:33 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.SettingsLastCheckTime - Sun Aug 28 2011 18:16:09 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.SettingsLastUpdate - 1314515416 FF - user.js: CT2680363.SHRINK_TOOLBAR - 1 FF - user.js: CT2680363.testingCtid - FF - user.js: CT2680363.ThirdPartyComponentsInterval - 504 FF - user.js: CT2680363.ThirdPartyComponentsLastCheck - Sun Aug 21 2011 17:55:52 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.ThirdPartyComponentsLastUpdate - 1246786978 FF - user.js: CT2680363.toolbarAppMetaDataLastCheckTime - Sun Aug 28 2011 20:01:33 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.toolbarContextMenuLastCheckTime - Sun Aug 21 2011 19:14:34 GMT+0100 (GMT Daylight Time) FF - user.js: CT2680363.TrustedApiDomains - conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm FF - user.js: CT2680363.TrusteLinkUrl - hxxp://trust.conduit.com/CT2680363 FF - user.js: CT2680363.usageEnabled - false FF - user.js: CT2680363.usagesFlag - 2 FF - user.js: CT2680363.UserID - UN71283764062202168 FF - user.js: CT2680363.ValidationData_Search - 2 FF - user.js: CT2680363.ValidationData_Toolbar - 2 FF - user.js: extensions.blocklist.pingCountTotal - 117 FF - user.js: extensions.blocklist.pingCountVersion - 9 FF - user.js: extensions.bootstrappedAddons - {} FF - user.js: extensions.databaseSchema - 4 FF - user.js: extensions.enabledAddons - {a8864317-e18b-4292-99d9-e6e65ab905d3}:3.6.0.10,{972ce4c6-7e08-4474-a285-3208198ce6fd}:6.0 FF - user.js: extensions.enabledItems - KavAntiBanner@Kaspersky.ru:11.0.1.400,linkfilter@kaspersky.ru:11.0.1.400,{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22,{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23,{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17 FF - user.js: extensions.installCache - [{\name\:\app-global\,\addons\:{\KavAntiBanner@Kaspersky.ru\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\KavAntiBanner@Kaspersky.ru\,\mtime\:1291230873874},\linkfilter@kaspersky.ru\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\linkfilter@kaspersky.ru\,\mtime\:1291230872797},\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1313783101396},\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\,\mtime\:1291148303700},\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}\,\mtime\:1292961981616},\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}\,\mtime\:1298706864586},\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\:{\descriptor\:\C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\,\mtime\:1309629596931}}},{\name\:\app-profile\,\addons\:{\{a8864317-e18b-4292-99d9-e6e65ab905d3}\:{\descriptor\:\C:\\\\Users\\\\kenmaniow\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\df9lq9ag.default\\\\extensions\\\\{a8864317-e18b-4292-99d9-e6e65ab905d3}\,\mtime\:1313516164417}}}] FF - user.js: extensions.lastAppVersion - 6.0 FF - user.js: extensions.lastPlatformVersion - 6.0 FF - user.js: extensions.pendingOperations - false FF - user.js: extensions.update.notifyUser - false FF - user.js: idle.lastDailyNotification - 1313692764 FF - user.js: intl.charsetmenu.browser.cache - windows-1252, ISO-8859-2, UTF-8, ISO-8859-15, windows-1250 FF - user.js: network.cookie.prefsMigrated - true FF - user.js: network.http.max-connections - 48 FF - user.js: network.http.max-connections-per-server - 16 FF - user.js: network.http.max-persistent-connections-per-proxy - 16 FF - user.js: network.http.max-persistent-connections-per-server - 8 FF - user.js: network.http.pipelining - true FF - user.js: network.http.pipelining.maxrequests - 8 FF - user.js: network.http.proxy.pipelining - true FF - user.js: network.http.request.max-start-delay - 0 FF - user.js: network.proxy.type - 0 FF - user.js: nglayout.initialpaint.delay - 0 FF - user.js: places.database.lastMaintenance - 1313692764 FF - user.js: places.history.expiration.transient_current_max_pages - 256411 FF - user.js: places.last_vacuum - 1301945733 FF - user.js: plugin.expose_full_path - true FF - user.js: pref.advanced.javascript.disable_button.advanced - false FF - user.js: pref.browser.homepage.disable_button.current_page - false FF - user.js: print.print_printer - Epson Stylus Photo R200 (M) FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_bgcolor - false FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_bgimages - false FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_command - FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_downloadfonts - false FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_edge_bottom - 0 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_edge_left - 0 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_edge_right - 0 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_edge_top - 0 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_evenpages - true FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_footercenter - FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_footerleft - &PT FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_footerright - &D FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_headercenter - FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_headerleft - &T FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_headerright - &U FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_in_color - true FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_margin_bottom - 0.5 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_margin_left - 0.5 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_margin_right - 0.5 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_margin_top - 0.5 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_oddpages - true FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_orientation - 0 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_page_delay - 50 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_pagedelay - 500 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_paper_data - 9 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_paper_height - 11.00 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_paper_size_type - 0 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_paper_size_unit - 1 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_paper_width - 8.50 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_reversed - false FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_scaling - 1.00 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_shrink_to_fit - true FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_to_file - false FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_to_filename - FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_unwriteable_margin_bottom - 0 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_unwriteable_margin_left - 0 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_unwriteable_margin_right - 0 FF - user.js: print.printer_Epson_Stylus_Photo_R200_(M).print_unwriteable_margin_top - 0 FF - user.js: print_printer - Epson Stylus Photo R200 (M) FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_bgcolor - false FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_bgimages - false FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_colorspace - FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_command - FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_downloadfonts - false FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_edge_bottom - 0 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_edge_left - 0 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_edge_right - 0 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_edge_top - 0 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_evenpages - true FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_footercenter - FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_footerleft - &PT FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_footerright - &D FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_headercenter - FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_headerleft - &T FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_headerright - &U FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_in_color - true FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_margin_bottom - 0.5 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_margin_left - 0.5 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_margin_right - 0.5 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_margin_top - 0.5 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_oddpages - true FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_orientation - 0 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_page_delay - 50 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_paper_data - 9 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_paper_height - 11.00 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_paper_name - FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_paper_size_type - 0 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_paper_size_unit - 1 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_paper_width - 8.50 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_plex_name - FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_resolution_name - FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_reversed - false FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_scaling - 1.00 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_shrink_to_fit - true FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_to_file - false FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_to_filename - FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_unwriteable_margin_bottom - 0 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_unwriteable_margin_left - 0 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_unwriteable_margin_right - 0 FF - user.js: printer_Epson_Stylus_Photo_R200_(M).print_unwriteable_margin_top - 0 FF - user.js: privacy.sanitize.migrateFx3Prefs - true FF - user.js: security.warn_viewing_mixed - false FF - user.js: services.sync.lastversion - 1.7b1pre FF - user.js: storage.vacuum.last.index - 1 FF - user.js: storage.vacuum.last.places.sqlite - 1313004826 FF - user.js: ui.submenuDelay - 0 FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1314715388 FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - FF - user.js: extensions.delta.tlbrSrchUrl - FF - user.js: extensions.delta.id - 2ce7d6a2000000000000d02788153747 FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3} FF - user.js: extensions.delta.instlDay - 15793 FF - user.js: extensions.delta.vrsn - 1.8.10.0 FF - user.js: extensions.delta.vrsni - 1.8.10.0 FF - user.js: extensions.delta.vrsnTs - 1.8.10.09:50:49 FF - user.js: extensions.delta.prtnrId - delta FF - user.js: extensions.delta.prdct - delta FF - user.js: extensions.delta.aflt - babsst FF - user.js: extensions.delta.smplGrp - none FF - user.js: extensions.delta.tlbrId - base FF - user.js: extensions.delta.instlRef - sst FF - user.js: extensions.delta.dfltLng - en FF - user.js: extensions.delta.excTlbr - false FF - user.js: extensions.delta.admin - false FF - user.js: extensions.delta.autoRvrt - false FF - user.js: extensions.delta.rvrt - false FF - user.js: extensions.delta.newTab - false . ============= SERVICES / DRIVERS =============== . R0 ioatdma;Intel® QuickData Technology device;C:\windows\System32\drivers\ioatdma.sys [2009-11-16 46792] R0 johci;JMicron 1394 Filter Driver;C:\windows\System32\drivers\johci.sys [2010-11-18 25688] R0 MpFilter;Microsoft Malware Protection Driver;C:\windows\System32\drivers\MpFilter.sys [2012-8-30 228768] R0 PxHlpa64;PxHlpa64;C:\windows\System32\drivers\PxHlpa64.sys [2012-6-15 52856] R0 RapportKE64;RapportKE64;C:\windows\System32\drivers\RapportKE64.sys [2011-2-10 63760] R0 SmartDefragDriver;SmartDefragDriver;C:\windows\System32\drivers\SmartDefragDriver.sys [2013-3-14 17720] R1 kl2;kl2;C:\windows\System32\drivers\kl2.sys [2011-3-4 11864] R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\windows\System32\drivers\klim6.sys [2010-4-22 27736] R1 RapportCerberus_43926;RapportCerberus_43926;C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\43926\RapportCerberus64_43926.sys [2012-10-23 505720] R1 RapportEI64;RapportEI64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [2011-11-7 55056] R1 RapportPG64;RapportPG64;C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [2011-11-7 61712] R2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048] R2 AdvancedSystemCareService6;Advanced SystemCare Service 6;C:\Program Files (x86)\IObit\Advanced SystemCare 6\ASCService.exe [2012-10-24 465216] R2 AMD External Events Utility;AMD External Events Utility;C:\windows\System32\atiesrxx.exe [2012-12-19 240640] R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe [2011-4-24 206448] R2 EPSON_PM_RPCV4_05;EPSON V3 Service4(05);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE [2012-1-27 136576] R2 IMFservice;IMF Service;C:\Program Files (x86)\IObit\IObit Malware Fighter\IMFsrv.exe [2011-8-26 821592] R2 RapportMgmtService;Rapport Management Service;C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2011-11-7 931640] R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\windows\System32\drivers\AtihdW76.sys [2012-11-6 96256] R3 FileMonitor;FileMonitor;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\FileMonitor.sys [2013-3-14 21384] R3 HECIx64;Intel® Management Engine Interface;C:\windows\System32\drivers\HECIx64.sys [2010-11-22 56344] R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\windows\System32\drivers\klmouflt.sys [2009-11-2 22544] R3 RegFilter;RegFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\RegFilter.sys [2013-3-14 33224] R3 RTL8167;Realtek 8167 NT Driver;C:\windows\System32\drivers\Rt64win7.sys [2011-5-30 428136] R3 UrlFilter;UrlFilter;C:\Program Files (x86)\IObit\IObit Malware Fighter\Drivers\win7_amd64\UrlFilter.sys [2013-3-14 21904] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 SkypeUpdate;Skype Updater; [x] S3 dc21x4vm;dc21x4vm;C:\windows\System32\drivers\dc21x4vm.sys [2009-6-10 57344] S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\windows\System32\drivers\ssudbus.sys [2013-1-13 102368] S3 FoxAwdWINFLASH64;FoxAwdWINFLASH64;C:\Program Files (x86)\Foxconn\FOX LiveUpdate\FoxAwdWINFLASH64.sys [2011-6-24 17808] S3 fssfltr;fssfltr;C:\windows\System32\drivers\fssfltr.sys [2010-12-3 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-9-23 1493352] S3 FXDrv32;FXDrv32;C:\Program Files (x86)\Foxconn\FOX LiveUpdate\FXDrv64.sys [2011-6-24 32024] S3 hidshim;Service for HID-KMDF Shim layer;C:\windows\System32\drivers\hidshim.sys [2010-11-18 6656] S3 iaNvStor;iaNvStor;C:\windows\System32\drivers\iaNvStor.sys [2010-11-18 344600] S3 IFCoEMP;IFCoEMP;C:\windows\System32\drivers\ifM52x64.sys [2010-8-13 339728] S3 IFCoEVB;IFCoEVB;C:\windows\System32\drivers\ifP52x64.sys [2010-8-13 65808] S3 ioatdma1;ioatdma1;C:\windows\System32\drivers\qd162x64.sys [2009-11-16 40144] S3 ioatdma2;Intel® QuickData Technology device ver.2;C:\windows\System32\drivers\qd262x64.sys [2009-11-16 42192] S3 nmwcdnsucx64;Nokia USB Flashing Generic;C:\windows\System32\drivers\nmwcdnsucx64.sys [2012-6-11 12800] S3 nmwcdnsux64;Nokia USB Flashing Phone Parent;C:\windows\System32\drivers\nmwcdnsux64.sys [2012-6-11 171008] S3 nvamacpi;nvamacpi;C:\windows\System32\drivers\nvamacpi.sys [2009-7-17 28192] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\windows\System32\drivers\rdpvideominiport.sys [2012-10-24 19456] S3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);C:\windows\System32\drivers\ssudmdm.sys [2013-1-13 203104] S3 SureThing Labelflash service;SureThing Labelflash service;C:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2010-12-1 74392] S3 TsUsbFlt;TsUsbFlt;C:\windows\System32\drivers\TsUsbFlt.sys [2012-10-24 57856] S3 USBAAPL64;Apple Mobile USB Driver;C:\windows\System32\drivers\usbaapl64.sys [2012-9-28 53760] S3 V0420VID;Live! Cam Vista IM (VF0420);C:\windows\System32\drivers\V0420Vid.sys [2011-2-12 107072] S3 vcrdrx64;VIA MSP Card Reader Host Controller;C:\windows\System32\drivers\vcrdrx64.sys [2010-11-18 127088] S3 WatAdminSvc;Windows Activation Technologies Service;C:\windows\System32\Wat\WatAdminSvc.exe [2010-12-1 1255736] S3 wbondir;Winbond CIR Transceiver;C:\windows\System32\drivers\wbondir.sys [2010-11-18 65024] S3 winbondcir;Winbond IR Transceiver;C:\windows\System32\drivers\winbondcir.sys [2010-11-18 46592] S3 winbondhidcir;Winbond HID CIR Receiver;C:\windows\System32\drivers\winbondhidcir.sys [2010-11-18 25088] S3 WinRing0_1_2_0;WinRing0_1_2_0;C:\Program Files (x86)\IObit\Game Booster\Driver\WinRing0x64.sys [2012-7-1 14544] . =============== File Associations =============== . FileExt: .vbe: VBEFile=NOTEPAD.EXE %1 FileExt: .vbs: VBSFile=NOTEPAD.EXE %1 FileExt: .js: JSFile=NOTEPAD.EXE %1 FileExt: .jse: JSEFile=NOTEPAD.EXE %1 FileExt: .wsf: WSFFile=NOTEPAD.EXE %1 . =============== Created Last 30 ================ . 2013-03-29 12:47:45 24176 ----a-w- C:\windows\System32\drivers\mbam.sys 2013-03-29 12:47:45 -------- d-----w- C:\ProgramData\Malwarebytes 2013-03-29 12:47:45 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-03-29 09:59:18 76232 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01AC9C64-B29C-40E5-A66A-08223AFF180F}\offreg.dll 2013-03-29 09:49:52 388096 ----a-r- C:\Users\kenmaniow\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe 2013-03-29 09:49:52 -------- d-----w- C:\Program Files (x86)\Trend Micro 2013-03-29 09:49:23 -------- d-----w- C:\Users\kenmaniow\AppData\Roaming\Babylon 2013-03-29 09:49:23 -------- d-----w- C:\ProgramData\Babylon 2013-03-26 18:29:45 2776576 ----a-w- C:\windows\System32\msmpeg2vdec.dll 2013-03-26 18:26:14 9311288 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{01AC9C64-B29C-40E5-A66A-08223AFF180F}\mpengine.dll 2013-03-21 18:06:06 -------- d-----w- C:\Program Files (x86)\AMD AVT 2013-03-21 18:05:59 -------- d-----w- C:\Program Files (x86)\AMD APP 2013-03-14 11:36:41 17720 ----a-w- C:\windows\System32\drivers\SmartDefragDriver.sys 2013-03-14 11:30:51 19968 ----a-w- C:\windows\System32\drivers\usb8023.sys 2013-03-06 21:01:34 95648 ----a-w- C:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-03-03 13:24:45 -------- d-----w- C:\Users\kenmaniow\InsidiaXcache . ==================== Find3M ==================== . 2013-03-14 11:31:39 474112 ----a-w- C:\windows\apppatch\AcSpecfc.dll 2013-03-14 11:31:39 350208 ----a-w- C:\windows\apppatch\AppPatch64\AcLayers.dll 2013-03-14 11:31:39 308736 ----a-w- C:\windows\apppatch\AppPatch64\AcGenral.dll 2013-03-14 11:31:39 2176512 ----a-w- C:\windows\apppatch\AcGenral.dll 2013-03-14 11:31:39 135168 ----a-w- C:\windows\apppatch\AppPatch64\AcXtrnal.dll 2013-03-14 11:31:39 111104 ----a-w- C:\windows\apppatch\AppPatch64\acspecfc.dll 2013-03-13 18:05:35 73432 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-03-13 18:05:35 693976 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe 2013-03-06 21:01:30 861088 ----a-w- C:\windows\SysWow64\npDeployJava1.dll 2013-03-06 21:01:30 782240 ----a-w- C:\windows\SysWow64\deployJava1.dll 2013-02-17 09:41:06 5553512 ----a-w- C:\windows\System32\ntoskrnl.exe 2013-02-17 09:41:06 3967848 ----a-w- C:\windows\SysWow64\ntkrnlpa.exe 2013-02-17 09:41:05 3913064 ----a-w- C:\windows\SysWow64\ntoskrnl.exe 2013-02-17 09:35:51 288088 ----a-w- C:\windows\System32\drivers\FWPKCLNT.SYS 2013-02-17 09:35:51 1913192 ----a-w- C:\windows\System32\drivers\tcpip.sys 2013-02-17 09:35:03 3153408 ----a-w- C:\windows\System32\win32k.sys 2013-02-17 09:34:37 7680 ----a-w- C:\windows\SysWow64\instnm.exe 2013-02-17 09:34:37 5120 ----a-w- C:\windows\SysWow64\wow32.dll 2013-02-17 09:34:37 44032 ----a-w- C:\windows\apppatch\acwow64.dll 2013-02-17 09:34:37 25600 ----a-w- C:\windows\SysWow64\setup16.exe 2013-02-17 09:34:37 215040 ----a-w- C:\windows\System32\winsrv.dll 2013-02-17 09:34:37 2048 ----a-w- C:\windows\SysWow64\user.exe 2013-02-17 09:34:37 14336 ----a-w- C:\windows\SysWow64\ntvdm64.dll 2013-02-13 16:13:42 0 ----a-w- C:\Users\kenmaniow\AppData\Roaming\powerbot.exe 2013-01-29 21:41:39 2516 --sha-w- C:\windows\SysWow64\KGyGaAvL.sys 2013-01-21 11:12:12 2177664 ----a-w- C:\windows\System32\coin93.dll 2013-01-19 11:50:19 68608 ----a-w- C:\windows\System32\taskhost.exe 2013-01-19 11:50:07 800768 ----a-w- C:\windows\System32\usp10.dll 2013-01-19 11:50:07 626688 ----a-w- C:\windows\SysWow64\usp10.dll 2013-01-19 11:47:54 750592 ----a-w- C:\windows\System32\win32spl.dll 2013-01-19 11:47:54 492032 ----a-w- C:\windows\SysWow64\win32spl.dll 2013-01-19 11:47:29 307200 ----a-w- C:\windows\System32\ncrypt.dll 2013-01-19 11:47:29 220160 ----a-w- C:\windows\SysWow64\ncrypt.dll 2013-01-19 11:40:56 2002432 ----a-w- C:\windows\System32\msxml6.dll 2013-01-19 11:40:56 1882624 ----a-w- C:\windows\System32\msxml3.dll 2013-01-19 11:40:56 1389568 ----a-w- C:\windows\SysWow64\msxml6.dll 2013-01-19 11:40:56 1236992 ----a-w- C:\windows\SysWow64\msxml3.dll 2013-01-17 01:28:58 273840 ------w- C:\windows\System32\MpSigStub.exe 2013-01-15 18:49:06 26432 ----a-w- C:\windows\System32\RegistryDefragBootTime.exe 2013-01-13 21:17:03 9728 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 21:17:02 2560 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 21:16:42 10752 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 21:12:46 3584 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 21:11:21 4096 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 21:11:08 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 21:11:07 5632 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 21:11:07 3072 ---ha-w- C:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:35:31 9728 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll 2013-01-13 20:35:31 2560 ---ha-w- C:\windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll 2013-01-13 20:35:18 10752 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll 2013-01-13 20:32:07 3584 ---ha-w- C:\windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll 2013-01-13 20:31:48 4096 ---ha-w- C:\windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll 2013-01-13 20:31:41 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll 2013-01-13 20:31:40 5632 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-version-l1-1-0.dll 2013-01-13 20:31:40 3072 ---ha-w- C:\windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll 2013-01-13 20:31:00 1247744 ----a-w- C:\windows\SysWow64\DWrite.dll 2013-01-13 20:22:22 1988096 ----a-w- C:\windows\SysWow64\d3d10warp.dll 2013-01-13 20:20:31 293376 ----a-w- C:\windows\SysWow64\dxgi.dll 2013-01-13 20:09:00 249856 ----a-w- C:\windows\SysWow64\d3d10_1core.dll 2013-01-13 20:08:43 220160 ----a-w- C:\windows\SysWow64\d3d10core.dll 2013-01-13 20:08:35 1504768 ----a-w- C:\windows\SysWow64\d3d11.dll 2013-01-13 19:59:04 1643520 ----a-w- C:\windows\System32\DWrite.dll 2013-01-13 19:58:28 1175552 ----a-w- C:\windows\System32\FntCache.dll 2013-01-13 19:54:01 604160 ----a-w- C:\windows\SysWow64\d3d10level9.dll 2013-01-13 19:53:58 207872 ----a-w- C:\windows\SysWow64\WindowsCodecsExt.dll 2013-01-13 19:53:14 187392 ----a-w- C:\windows\SysWow64\UIAnimation.dll 2013-01-13 19:51:30 2565120 ----a-w- C:\windows\System32\d3d10warp.dll 2013-01-13 19:49:17 363008 ----a-w- C:\windows\System32\dxgi.dll 2013-01-13 19:48:47 161792 ----a-w- C:\windows\SysWow64\d3d10_1.dll 2013-01-13 19:46:25 1080832 ----a-w- C:\windows\SysWow64\d3d10.dll 2013-01-13 19:43:21 1230336 ----a-w- C:\windows\SysWow64\WindowsCodecs.dll 2013-01-13 19:38:39 333312 ----a-w- C:\windows\System32\d3d10_1core.dll 2013-01-13 19:38:32 1887232 ----a-w- C:\windows\System32\d3d11.dll 2013-01-13 19:38:21 296960 ----a-w- C:\windows\System32\d3d10core.dll 2013-01-13 19:37:57 3419136 ----a-w- C:\windows\SysWow64\d2d1.dll 2013-01-13 19:25:04 245248 ----a-w- C:\windows\System32\WindowsCodecsExt.dll 2013-01-13 19:24:33 648192 ----a-w- C:\windows\System32\d3d10level9.dll 2013-01-13 19:24:30 221184 ----a-w- C:\windows\System32\UIAnimation.dll 2013-01-13 19:20:42 194560 ----a-w- C:\windows\System32\d3d10_1.dll 2013-01-13 19:20:04 1238528 ----a-w- C:\windows\System32\d3d10.dll 2013-01-13 19:15:40 1424384 ----a-w- C:\windows\System32\WindowsCodecs.dll 2013-01-13 19:10:36 3928064 ----a-w- C:\windows\System32\d2d1.dll 2013-01-13 19:02:06 417792 ----a-w- C:\windows\SysWow64\WMPhoto.dll 2013-01-13 18:34:58 364544 ----a-w- C:\windows\SysWow64\XpsGdiConverter.dll 2013-01-13 18:32:43 465920 ----a-w- C:\windows\System32\WMPhoto.dll 2013-01-13 18:09:52 522752 ----a-w- C:\windows\System32\XpsGdiConverter.dll 2013-01-13 17:26:42 1158144 ----a-w- C:\windows\SysWow64\XpsPrint.dll 2013-01-13 17:05:09 1682432 ----a-w- C:\windows\System32\XpsPrint.dll 2013-01-04 06:11:21 2284544 ----a-w- C:\windows\SysWow64\msmpeg2vdec.dll . ============= FINISH: 14:24:26.86 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 30/11/2010 19:32:41 System Uptime: 29/03/2013 14:08:08 (0 hours ago) . Motherboard: FOXCONN | | H55M-S Processor: Intel® Core i5 CPU 760 @ 2.80GHz | CPU 1 | 2801/133mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 921 GiB total, 790.174 GiB free. D: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP1185: 23/03/2013 06:40:35 - Installed Rapport RP1186: 23/03/2013 09:07:59 - Installed Rapport RP1187: 23/03/2013 14:04:10 - Installed calibre RP1188: 23/03/2013 14:09:18 - Installed Rapport RP1189: 23/03/2013 18:34:02 - Installed Rapport RP1190: 23/03/2013 19:18:46 - Installed Rapport RP1191: 24/03/2013 06:42:48 - Installed Rapport RP1192: 24/03/2013 10:57:52 - Installed Rapport RP1193: 24/03/2013 17:03:13 - Installed Rapport RP1194: 25/03/2013 12:31:39 - Installed Rapport RP1195: 25/03/2013 19:10:14 - Installed Rapport RP1196: 26/03/2013 18:25:41 - Windows Update RP1197: 26/03/2013 18:29:11 - Windows Update RP1198: 27/03/2013 07:54:50 - Installed Rapport RP1199: 27/03/2013 18:27:32 - Installed Rapport RP1200: 27/03/2013 20:48:46 - IObit Uninstaller restore point RP1201: 27/03/2013 20:50:33 - IObit Uninstaller restore point RP1202: 27/03/2013 20:52:15 - IObit Uninstaller restore point RP1203: 27/03/2013 20:53:30 - IObit Uninstaller restore point RP1204: 27/03/2013 20:55:10 - IObit Uninstaller restore point RP1205: 27/03/2013 20:56:23 - IObit Uninstaller restore point RP1206: 27/03/2013 20:57:14 - IObit Uninstaller restore point RP1207: 27/03/2013 20:58:07 - IObit Uninstaller restore point RP1208: 27/03/2013 20:58:44 - IObit Uninstaller restore point RP1209: 28/03/2013 17:49:25 - Installed Rapport RP1210: 28/03/2013 18:23:04 - IObit Uninstaller restore point RP1211: 28/03/2013 18:25:37 - IObit Uninstaller restore point RP1212: 29/03/2013 08:19:01 - Installed Rapport RP1213: 29/03/2013 09:49:34 - Installed HiJackThis RP1214: 29/03/2013 10:50:03 - IObit Uninstaller restore point RP1215: 29/03/2013 14:10:35 - Installed Rapport . ==== Installed Programs ====================== . ABBYY FineReader 9.0 Sprint ACDSee Photo Editor ACDSee Photo Manager 2009 Adobe AIR Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.6) Advanced SystemCare 6 Amazon Kindle Amazon MP3 Downloader 1.0.9 AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Media Foundation Decoders Angry Birds AnyDVD Apple Application Support Apple Mobile Device Support Apple Software Update ATI Catalyst Registration µTorrent AVI To MP4 Converter 1.0 Bonjour calibre Catalyst Control Center Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish CCleaner CDex extraction audio ConvertXtoDVD 4.1.7.343 Corel Paint Shop Pro Photo XI Creative Live! Cam Center Creative Live! Cam Vista IM Driver (1.00.03.0000) Creative Software AutoUpdate D3DX10 Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition Disney Toontown Online docrafts Digital Designer™ Download Navigator Drive Manager DVD Decrypter (Remove Only) DVD Shrink 3.2 Epson Connect Printer Setup Epson Easy Photo Print 2 Epson Event Manager Epson Print CD EPSON Printer Finder EPSON Printer Software EPSON Scan EPSON SX535WD Series Printer Uninstall EpsonNet Print Foundation Factory 2 FOX LiveUpdate FoxTab PDF Creator Free M4a to MP3 Converter 6.2 Free MP3 WMA OGG Converter 8.9.1 Freemake Audio Converter version 1.1.0 Freemake Video Converter version 3.1.2 Game Booster 3 Genesys USB Mass Storage Device Google Chrome Google Update Helper HiJackThis Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678) IObit Malware Fighter iTunes Java 7 Update 17 Java Auto Updater JavaFX 2.1.1 Junk Mail filter update Kaspersky Internet Security 2012 Malwarebytes Anti-Malware version 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft IntelliType Pro 8.2 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (English) 2010 Microsoft Office Access Setup Metadata MUI (English) 2010 Microsoft Office Excel MUI (English) 2010 Microsoft Office Groove MUI (English) 2010 Microsoft Office InfoPath MUI (English) 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (English) 2010 Microsoft Office Outlook MUI (English) 2010 Microsoft Office PowerPoint MUI (English) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (Spanish) 2010 Microsoft Office Proofing (English) 2010 Microsoft Office Publisher MUI (English) 2010 Microsoft Office Shared 64-bit MUI (English) 2010 Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2010 Microsoft Office Shared MUI (English) 2010 Microsoft Office Shared Setup Metadata MUI (English) 2010 Microsoft Office Word MUI (English) 2010 Microsoft Search Enhancement Pack Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft_VC100_CRT_SP1_x64 Microsoft_VC100_CRT_SP1_x86 Mozilla Firefox 19.0.2 (x86 en-GB) MSVC80_x64_v2 MSVC80_x86_v2 MSVC90_x64 MSVC90_x86 MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser and SDK MyFreeCodec Nero 8 neroxml Network Guide EPSON SX535WD Series Nokia Connectivity Cable Driver Nokia Suite OLYMPUS Master 2 QuickTime Rapport RealNetworks - Microsoft Visual C++ 2008 Runtime Realtek Ethernet Controller Driver Realtek High Definition Audio Driver Roxio Media Manager RuneScape Launcher 1.2.2 Samsung Kies SAMSUNG USB Driver for Mobile Phones Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft Filter Pack 2.0 (KB2553501) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft OneNote 2010 (KB2760600) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2760762) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2687505) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Sky Go Desktop Sky Player Desktop Skype™ 5.10 Smart Defrag 2 SoulSeek Client 156c SSC Service Utility v4.30 SureThing CD Labeler Deluxe 5 The Lord of the Rings FREE Trial Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2010 (KB2494150) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2553378) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687503) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition Update for Microsoft Office 2010 (KB2767886) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2597090) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft PowerPoint 2010 (KB2598240) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition User's Guide EPSON SX535WD Series VCRedistSetup VD64Inst VLC media player 1.1.11 Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinRAR 4.00 beta 2 (64-bit) Yahoo! Messenger . ==== Event Viewer Messages From Past Week ======== . 29/03/2013 14:12:18, Error: Service Control Manager [7000] - The Google Update Service (gupdate) service failed to start due to the following error: The system cannot find the path specified. 29/03/2013 14:11:51, Error: Service Control Manager [7032] - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: An instance of the service is already running. 29/03/2013 14:11:21, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service. 29/03/2013 14:11:21, Error: Service Control Manager [7024] - The Windows Search service terminated with service-specific error %%-2147218173. 29/03/2013 14:09:42, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Roxio Hard Drive Watcher 9 service to connect. 29/03/2013 14:08:43, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Microsoft Antimalware Service service to connect. 29/03/2013 14:08:43, Error: Service Control Manager [7000] - The Microsoft Antimalware Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 29/03/2013 13:02:35, Error: Disk [11] - The driver detected a controller error on \Device\Harddisk1\DR1. . ==== End Of File ===========================
  10. ok dale thanks for that i will do as asked and post in the relevant area Cheers
  11. OK I have a recurring prob that I lose con allegedly, router working but i get yello exclamation mark in task bar Happens at same time every day, n cant see any schedules running I have run hijack this and found a few entries I dont recognise and I have a few issues with browser toolbars that appear
  12. HI Joined today, think I may have a problem