Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

Solved: hello and need help please "reveton trojan"


(!)

jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 09:25 AM #61
i aint lol so how you learn all this pal years of messing about with them
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 09:45 AM #62
here you go lol

ComboFix 12-05-19.01 - John 19/05/2012 14:20:59.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2935.2552 [GMT 1:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Iconix
c:\documents and settings\All Users\Application Data\Iconix\John.usr
c:\documents and settings\All Users\Application Data\Iconix\SYSTEM.usr
c:\documents and settings\All Users\Application Data\MPK
c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\Help topics.lnk
c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\KGB Employee Monitor on the Web.url
c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\KGB Employee Monitor.lnk
c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\Order now!.url
c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\Uninstall KGB Employee Monitor.lnk
c:\documents and settings\All Users\Application Data\MPK\mpk.db
c:\documents and settings\All Users\Application Data\MPK\S0000
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\John\Favorites\locked- Golden Hat Exclusive Bingo Offer.URL.wvqk
c:\documents and settings\John\Favorites\locked- Posh Bingo.URL.phma
c:\documents and settings\John\Favorites\locked-( I.F.F) im ****ed foundation.URL.gzol
c:\documents and settings\John\Favorites\locked-0845 Numbers, 0845 Number, Free 0845 Numbers, Cheap 0845 Numbers - Just 0845 Numbers - Free Local Rate 0845 Numbers, No Set-up Fee.URL.dwsf
c:\documents and settings\John\Favorites\locked-1 Hour Loan Cash 1 Hour Cash in 1 Hour Frequently Asked Questions.URL.mqkl
c:\documents and settings\John\Favorites\locked-101 Halloween Ideas.URL.froy
c:\documents and settings\John\Favorites\locked-6 Laminate Floor Underlay Tips.URL.nlju
c:\documents and settings\John\Favorites\locked-76mm Bolt Through Tubular Mortice Latch - Door Hardware from Next Day Diy UK.url.laly
c:\documents and settings\John\Favorites\locked-AA Route Planner Routes, maps and directions - The AA.URL.froy
c:\documents and settings\John\Favorites\locked-About us - Index Books Recruitment.url.sqal
c:\documents and settings\John\Favorites\locked-Acai Optimum.URL.wvqk
c:\documents and settings\John\Favorites\locked-Advanced Colon.URL.bdvi
c:\documents and settings\John\Favorites\locked-aha - SupaPrice.co.uk.URL.htgn
c:\documents and settings\John\Favorites\locked-All About Weight Consultants.URL.dhtg
c:\documents and settings\John\Favorites\locked-amazon.co.uk PSP Accessories.url.ineb
c:\documents and settings\John\Favorites\locked-AOL.URL.lrfe
c:\documents and settings\John\Favorites\locked-Apple (United Kingdom) - iTunes - Affiliates - Download iTunes.URL.mrxr
c:\documents and settings\John\Favorites\locked-Apply Online Forbes Rentals.url.fedy
c:\documents and settings\John\Favorites\locked-Arch Pain - Arch Pain Products.URL.jrzy
c:\documents and settings\John\Favorites\locked-BBC - CBeebies - Big and Small House.URL.umgn
c:\documents and settings\John\Favorites\locked-BBC - KS3 Bitesize Maths - Algebra.url.eqcn
c:\documents and settings\John\Favorites\locked-Ben & Jerry's Ice Cream - Ben & Jerry's - Halloween Crafts.URL.vtps
c:\documents and settings\John\Favorites\locked-Ben & Jerry's Ice Cream - Spooky Halloween Site.URL.bnpz
c:\documents and settings\John\Favorites\locked-Bing.url.gfkl
c:\documents and settings\John\Favorites\locked-bonprix.co.uk My Personal Account.URL.vqkl
c:\documents and settings\John\Favorites\locked-Boxes and Packaging Online.URL.zzpp
c:\documents and settings\John\Favorites\locked-BranchOut.url.fdez
c:\documents and settings\John\Favorites\locked-Browse our list of 456 fantastic freebies sourced from the best UK web sites.URL.ztgr
c:\documents and settings\John\Favorites\locked-BSmart! Home.URL.vscu
c:\documents and settings\John\Favorites\locked-Business for Sale - Buy Sell Commercial Businesses FREE - RightBiz UK.URL.iyin
c:\documents and settings\John\Favorites\locked-Buy a Business.URL.oanp
c:\documents and settings\John\Favorites\locked-Buy My House - Home Buyers - Buy My Home - Homebuyers.URL.kpnj
c:\documents and settings\John\Favorites\locked-CEOP website.url.yqkl
c:\documents and settings\John\Favorites\locked-Cheap Mobile Phones @ OneStopPhoneShop (From Firefox).URL.qdez
c:\documents and settings\John\Favorites\locked-Cheap Mobile Phones @ OneStopPhoneShop.URL.rmgn
c:\documents and settings\John\Favorites\locked-Child Maintenance and Enforcement Commission - managing child support.url.lfed
c:\documents and settings\John\Favorites\locked-Children Charity Donate Barnardo's Believe In Children Campaign Commission Children Services.URL.ldvs
c:\documents and settings\John\Favorites\locked-Chiquito Mexican restaurant, Trafford Centre Restaurants in Manchester.URL.fomr
c:\documents and settings\John\Favorites\locked-Chiquito Restaurants Website.URL.fhyv
c:\documents and settings\John\Favorites\locked-Choosing a Business Name - Help & ideas for new company names.URL.raqk
c:\documents and settings\John\Favorites\locked-Cinema Bolton Vue Cinema Bolton Films Showing at Bolton Cinema.URL.zwvq
c:\documents and settings\John\Favorites\locked-Classified adverts, Manchester classified adverts online.URL.xfed
c:\documents and settings\John\Favorites\locked-Collections Advisor jobs in Farnworth with Irwin Mitchell Solicitors.URL.hqan
c:\documents and settings\John\Favorites\locked-Coloring Pages - Free Coloring Book Pages for Children - Coloring Printouts - Free Printable Coloring Pages to Print Out Coloring Pages.URL.dgtc
c:\documents and settings\John\Favorites\locked-Company information, credit checks and Companies House documents on UK businesses - TY Listing - Page Number 1.URL.aolr
c:\documents and settings\John\Favorites\locked-Consumer Contact.url.gsqa
c:\documents and settings\John\Favorites\locked-Customer Support.URL.npzo
c:\documents and settings\John\Favorites\locked-cybermentors.URL.boli
c:\documents and settings\John\Favorites\locked-Digital Printing - Digital Printing Services, Digital Print UK, Digital Print Blackburn.URL.dfkl
c:\documents and settings\John\Favorites\locked-Discount & Cheap Laminate Flooring, Cheap Paint, DIY Supplies.url.vqvi
c:\documents and settings\John\Favorites\locked-Discover Bing.url.icax
c:\documents and settings\John\Favorites\locked-distribution CD-Rom ISO download page.URL.stps
c:\documents and settings\John\Favorites\locked-Do-it - Volunteering made easy.url.avik
c:\documents and settings\John\Favorites\locked-Domain Name Suggestions.URL.faly
c:\documents and settings\John\Favorites\locked-DoomsDayKillers chat group - Were Gonna Kill Em All.URL.fanp
c:\documents and settings\John\Favorites\locked-Dr Foot- For all your foot pain needs.URL.komr
c:\documents and settings\John\Favorites\locked-drfoot.co.uk has been registered.URL.ooyi
c:\documents and settings\John\Favorites\locked-Dynamic Demand.URL.tmrx
c:\documents and settings\John\Favorites\locked-eHow How To Do Just About Everything! How To Videos & Articles.URL.olrf
c:\documents and settings\John\Favorites\locked-Elite Credit Repair Services.URL.rlik
c:\documents and settings\John\Favorites\locked-Eminem’s family ę Eminemisgod.URL.vcuj
c:\documents and settings\John\Favorites\locked-Events and What's On.URL.gfkl
c:\documents and settings\John\Favorites\locked-Farnworth BL4 9JP - Google Maps.url.lylf
c:\documents and settings\John\Favorites\locked-Farnworth BL4 9JP, UK to Swinton M27 5WQ, UK - Google Maps.url.qqcn
c:\documents and settings\John\Favorites\locked-Film and movie quotes.URL.fgng
c:\documents and settings\John\Favorites\locked-Find a local Business in your area.URL.sful
c:\documents and settings\John\Favorites\locked-Find iTunes voucher codes, iTunes cashback, iTunes discount codes & iTunes promotional codes at Quidco.URL.uxyh
c:\documents and settings\John\Favorites\locked-FindaParty.co.uk - Find a home party plan consultant or business near you.url.nmhm
c:\documents and settings\John\Favorites\locked-Fire International Xploder Movie Player and Media Centre (PSP) Amazon.co.uk PC & Video Games.url.ryvq
c:\documents and settings\John\Favorites\locked-FlyingShare - Flying Share.URL.adws
c:\documents and settings\John\Favorites\locked-FoxTab PDF Creator.url.yypt
c:\documents and settings\John\Favorites\locked-Fragrance Finder.url.rnez
c:\documents and settings\John\Favorites\locked-Free Halloween Backgrounds - Free Clipart.URL.drzy
c:\documents and settings\John\Favorites\locked-Free iTunes Voucher Codes FreebieJeebies - Free Gadgets.URL.hgtc
c:\documents and settings\John\Favorites\locked-Free Kids Crafts - More Halloween Crafts.URL.ebwl
c:\documents and settings\John\Favorites\locked-Free Kids Games, Coloring & Jigsaw Puzzles for Children.URL.poyi
c:\documents and settings\John\Favorites\locked-free unlock code generator software by imei number Resources and Information. This website is for sale!.URL.rhtg
c:\documents and settings\John\Favorites\locked-Freedom of information statistics on implementation in central government.url.banp
c:\documents and settings\John\Favorites\locked-Friends Reunited.URL.maxp
c:\documents and settings\John\Favorites\locked-Full Halloween.URL.caxy
c:\documents and settings\John\Favorites\locked-funny joke text messages information news, videos, photos and comments about funny joke text messages from the best web sites and blogs.URL.qqkl
c:\documents and settings\John\Favorites\locked-Gatekey Lending UK.URL.maxp
c:\documents and settings\John\Favorites\locked-Genes Reunited Tree.URL.yzol
c:\documents and settings\John\Favorites\locked-Get Bookmark Add-ons.URL.lrfe
c:\documents and settings\John\Favorites\locked-Golden Hat Bingo Online Bingo Free Bingo Bingo Games No Deposit Bingo Free UK Bingo Sites.URL.nfed
c:\documents and settings\John\Favorites\locked-HBO True Blood Homepage.URL.mpsc
c:\documents and settings\John\Favorites\locked-Hi-Life Diners Club, 2 4 1 restaurants in Manchester, Liverpool, Leeds, Preston, Newcastle, Belfast, Dublin and throughout the UK & Ireland.URL.whqa
c:\documents and settings\John\Favorites\locked-HM Revenue & Customs Childcare vouchers and tax credits - better off calculator.URL.fmhq
c:\documents and settings\John\Favorites\locked-Home - All About You Features - Sell Your Story To Women's Magazines.URL.ulkl
c:\documents and settings\John\Favorites\locked-Home - Toys R Us - Britain's greatest toy store.URL.ulyv
c:\documents and settings\John\Favorites\locked-Home Phil Collins.URL.eebw
c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (2).url.ldvs
c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (3).url.mgnp
c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (4).url.gmgn
c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK.url.gfkl
c:\documents and settings\John\Favorites\locked-http--businessinyou.bis.gov.uk-.url.nphm
c:\documents and settings\John\Favorites\locked-http--www.adelante.co.uk-product%20pdfs-MobilePOS.pdf.url.vqcn
c:\documents and settings\John\Favorites\locked-http--www.cmoptions.org-en-faqs-index.asp.url.forh
c:\documents and settings\John\Favorites\locked-http www.medavia.co.uk .URL.bbdv
c:\documents and settings\John\Favorites\locked-Internet Safety & Security Links.url.xxal
c:\documents and settings\John\Favorites\locked-Internet Safety.url.ylyc
c:\documents and settings\John\Favorites\locked-Intuitģ Website Building Software & Website Design.URL.qcnj
c:\documents and settings\John\Favorites\locked-iPhone 4 now available on Orange.url.jwsw
c:\documents and settings\John\Favorites\locked-Isle of Man Classifieds - manx.net.url.nphm
c:\documents and settings\John\Favorites\locked-Isle of Man classifieds - ManxAds.url.oyin
c:\documents and settings\John\Favorites\locked-Isle of Man Steam Packet Company.url.ygnf
c:\documents and settings\John\Favorites\locked-iTunes GB Discount Codes, Voucher Codes & Printable Discount Vouchers!.URL.ubwv
c:\documents and settings\John\Favorites\locked-iTunes voucher codes, iTunes discount vouchers, iTunes discount codes, iTunes promotional codes, iTunes money off vouchers, iTunes coupon codes.URL.ccuj
c:\documents and settings\John\Favorites\locked-iTunes Voucher Codes,iTunes Promotional Codes and Discount Codes - CouponSnapshot UK.URL.tgrf
c:\documents and settings\John\Favorites\locked-J2 Bar Nightclb Bolton Tickets.URL.dyif
c:\documents and settings\John\Favorites\locked-Jason Manford Concert Tickets - O2 Apollo Manchester Manchester,United Kingdom.URL.qanc
c:\documents and settings\John\Favorites\locked-Jobs at Insurance Jobs Board UK recruitment site.url.nezy
c:\documents and settings\John\Favorites\locked-Jobs in Bl4 Bl4 Vacancies Fish4 Manchester.url.froy
c:\documents and settings\John\Favorites\locked-Karndean Flooring, Quickstep, Pergo Laminate Flooring, Bamboo, Vinyl and Wood Flooring.URL.xmgn
c:\documents and settings\John\Favorites\locked-Laminate Underlay.URL.qgtc
c:\documents and settings\John\Favorites\locked-Laptop Covers skins UK - Laptop Covers vinyl covers - Laptop Covers vinyl stickers UK.URL.vscu
c:\documents and settings\John\Favorites\locked-Learn How to Play Bingo Playing Bingo Online at Mecca Bingo.url.kujw
c:\documents and settings\John\Favorites\locked-Learning to Read - Ideas and Activities to Learn to Spell and Write Words.url.ptmh
c:\documents and settings\John\Favorites\locked-Legal And Copyright Vertex.url.mgnp
c:\documents and settings\John\Favorites\locked-Little Rascals Kids Club Bolton Marketplace Shopping Centre.url.yiki
c:\documents and settings\John\Favorites\locked-Lose 2 Stone In 30Days WeeklyHealthNewsUK.URL.froy
c:\documents and settings\John\Favorites\locked-Lovefilmbook.URL.ezyl
c:\documents and settings\John\Favorites\locked-lovehome.co.uk Interior design ideas and easy how to guides for decorating, DIY and the garden.url.nezy
c:\documents and settings\John\Favorites\locked-Magic Competitions - Competitions, Comps, Freebies & Offers For The UK.URL.prom
c:\documents and settings\John\Favorites\locked-Magic Freebies UK - UK Freebies, Free Samples and Free Stuff.URL.wnpz
c:\documents and settings\John\Favorites\locked-Magic Price Comparison - compare prices dvd, blu-ray, wii, ds, xbox 360, ps3, ps2, consoles.URL.htpt
c:\documents and settings\John\Favorites\locked-Magic Promotions - Marketing Made Easier.URL.bfed
c:\documents and settings\John\Favorites\locked-Make sure your CV is an attention grabber! Worklife - Jobsite.url.yvqv
c:\documents and settings\John\Favorites\locked-Makeup Artist Supplies, Beauty Supplies, Cosmetic Cases, Makeup Cases, Train Cases, Airbrush Makeup Kits, Makeup Brush Sets and Makeup Palettes.URL.tcnx
c:\documents and settings\John\Favorites\locked-Manchester's 106.6 - Home.URL.rdws
c:\documents and settings\John\Favorites\locked-Manchester.fish4jobs.co.uk Jobs in Manchester, Top Manchester Vacancies & Recruitment Site.url.pscs
c:\documents and settings\John\Favorites\locked-Math is Fun - Maths Resources.URL.ujws
c:\documents and settings\John\Favorites\locked-Mecca Bingo Bolton Find Bingo Halls in Bolton.url.sqal
c:\documents and settings\John\Favorites\locked-MobilePOS mobile phone based credit card payments system.url.snfb
c:\documents and settings\John\Favorites\locked-Mobsters 2 Vendetta on Facebook - Online Item Equipment Manager - Location Selection.URL.lqvi
c:\documents and settings\John\Favorites\locked-MOBSTERS ADDS 200 FREE ENERGY EMAIL QUICK ADDS STATS INFO.URL.ebwl
c:\documents and settings\John\Favorites\locked-Money Transfer & Online Payment NETELLER - Free Account Registration.URL.qklj
c:\documents and settings\John\Favorites\locked-mumandbabyonline - Home RA.URL.ikxr
c:\documents and settings\John\Favorites\locked-My Old House - Every house has a story to tell, what's yours .URL.ntik
c:\documents and settings\John\Favorites\locked-Namesco - Get a professional Website Completly Free.URL.ylrp
c:\documents and settings\John\Favorites\locked-News 6 Daily - Work at home mum makes £4,397-month working part-time from home.url.mruj
c:\documents and settings\John\Favorites\locked-Nouvatan Spray Tan Solutions, Spray Tanning Retail Products, Spray Tanning Equipment and nationwide Spray Tanning Training - 07932 508084 - Training & Info.URL.pdvm
c:\documents and settings\John\Favorites\locked-O2 Mobile Phones, Broadband & Sims From The UK's Leading Provider.URL.bpti
c:\documents and settings\John\Favorites\locked-ODEON - The Trafford Centre, Manchester.URL.hlfn
c:\documents and settings\John\Favorites\locked-Online Photo! Enhancement Platform can be embedded on your website to create an online photo editor.URL.gklr
c:\documents and settings\John\Favorites\locked-OpenOffice.org.url.uxbw
c:\documents and settings\John\Favorites\locked-Oriflame Consultant Registration Form.url.npdv
c:\documents and settings\John\Favorites\locked-Oriflame – Natural Swedish Cosmetics.url.nedh
c:\documents and settings\John\Favorites\locked-Party Plan Together - Sharing the Secrets of Success.url.pyzy
c:\documents and settings\John\Favorites\locked-Party Plan Together Ľ Links - Sharing the Secrets of Success.url.qdey
c:\documents and settings\John\Favorites\locked-Payday Loans Cheque Cashing Payday Advance Pawnbroking Second hand goods from Cash Converters.URL.lcne
c:\documents and settings\John\Favorites\locked-People we've helped - Child Maintenance Options.url.rwsg
c:\documents and settings\John\Favorites\locked-Pepsi Max - Win a Flip every 10 minutes.URL.nufn
c:\documents and settings\John\Favorites\locked-Play Online Bingo at Gone Bingo UK - Get £15 free Sign-Up Bonus!.URL.rxbw
c:\documents and settings\John\Favorites\locked-pogo.URL.kxrw
c:\documents and settings\John\Favorites\locked-Radio Station Guide.url.yxbw
c:\documents and settings\John\Favorites\locked-Rally Point - Play Free Online Games at Games.co.uk.URL.cngn
c:\documents and settings\John\Favorites\locked-Rebus Puzzles (Pictogram Puzzles).URL.vxbw
c:\documents and settings\John\Favorites\locked-RewardTV.URL.jlos
c:\documents and settings\John\Favorites\locked-Royal Mail - Products and Services for Personal Customers.URL.afbp
c:\documents and settings\John\Favorites\locked-Salford - Manchester Before the Bench April 12, 2012.url.hlfn
c:\documents and settings\John\Favorites\locked-Serif Product Registration.url.nedh
c:\documents and settings\John\Favorites\locked-Sexy MySpace layouts & backgrounds created by CoolChasers - CoolChaser.URL.fnpd
c:\documents and settings\John\Favorites\locked-Short Term Loans - Wonga Cash on demand.URL.bpti
c:\documents and settings\John\Favorites\locked-Small Business UK Guides & tips for small business start ups and small companies.URL.tkia
c:\documents and settings\John\Favorites\locked-Smithills Farm - March 2012 on PhotoPeach - Fresh slideshows to go!.url.cney
c:\documents and settings\John\Favorites\locked-Smithills Farm (2) March 2012 on PhotoPeach - Fresh slideshows to go!.url.lcne
c:\documents and settings\John\Favorites\locked-Sony Ericsson XPERIA X10 mini pro review & compare deals on contract.url.jtik
c:\documents and settings\John\Favorites\locked-Sourz cocktails – cocktail recipes from Sourz Sourz.URL.iaxb
c:\documents and settings\John\Favorites\locked-Sourz shots, cocktails and flavours Sourz.URL.mfup
c:\documents and settings\John\Favorites\locked-Spanish Customs and Traditions.URL.pyia
c:\documents and settings\John\Favorites\locked-Spanish Traditions - An Overview of Culture and Traditions in Spain.URL.upzv
c:\documents and settings\John\Favorites\locked-Speedtest.net - The Global Broadband Speed Test.url.vmru
c:\documents and settings\John\Favorites\locked-Starfall's Learn to Read with phonics.url.iaxb
c:\documents and settings\John\Favorites\locked-Super Hub.url.rwsg
c:\documents and settings\John\Favorites\locked-Tarosophy.URL.pdvm
c:\documents and settings\John\Favorites\locked-Tea Tree Oil - Travel - Recreation.URL.bpti
c:\documents and settings\John\Favorites\locked-Thank you for downloading Opera.url.dhmf
c:\documents and settings\John\Favorites\locked-Thank you for registering - www.energysavingplug.co.uk.URL.eyhl
c:\documents and settings\John\Favorites\locked-The Beauty Biz - Categories.URL.cney
c:\documents and settings\John\Favorites\locked-The Party Plan Guru.url.bpti
c:\documents and settings\John\Favorites\locked-the swarm.url.zvqr
c:\documents and settings\John\Favorites\locked-Thinkuknow.url.tikx
c:\documents and settings\John\Favorites\locked-TrialPay Online Payment and Promotions Platform for Leading Software and Social Apps Publishers.URL.rujz
c:\documents and settings\John\Favorites\locked-UK Office Direct.URL.yfnp
c:\documents and settings\John\Favorites\locked-Ultimate Handyman Laminate flooring underlay.URL.vmru
c:\documents and settings\John\Favorites\locked-Underlay.URL.hlfn
c:\documents and settings\John\Favorites\locked-Unlock your party potential! The Party Plan Guru.url.oscn
c:\documents and settings\John\Favorites\locked-Using and Maxing Out Speeds With uTorrent - AfterDawn Guides.url.cdhm
c:\documents and settings\John\Favorites\locked-Virtual Global Taskforce.url.bpti
c:\documents and settings\John\Favorites\locked-vision2learn - Register for an online course.url.gyol
c:\documents and settings\John\Favorites\locked-Weight Loss surgery - BMI Healthcare.URL.yqaf
c:\documents and settings\John\Favorites\locked-Welcome to BrightHouse.URL.vmru
c:\documents and settings\John\Favorites\locked-Welcome to Isle Of Man Homes - Failt! - Save Yourself Money.url.afbp
c:\documents and settings\John\Favorites\locked-WELL ESTABLISHED NAIL AND BEAUTY BUSINESS FOR SALE FOR SALE.URL.mdhm
c:\documents and settings\John\Favorites\locked-Willow Wellbeing Torquay Beauty Counselling Massage Stress Depression.URL.miax
c:\documents and settings\John\Favorites\locked-zmovie - insidious.url.yqaf
c:\documents and settings\John\System
c:\documents and settings\John\System\locked-win_qs8.jqx.rnxp
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtensionWithFF8Fix.exe
c:\program files\Complitly\FireFoxUninstaller.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\support@Complitly.com\chrome.manifest
c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png
c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\options.js
c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul
c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js
c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js
c:\program files\Complitly\support@Complitly.com\install.rdf
c:\program files\Complitly\System.Data.SQLite.dll
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\Internet Explorer\SET10.tmp
c:\program files\Internet Explorer\SET12C.tmp
c:\program files\Internet Explorer\SET12D.tmp
c:\program files\Internet Explorer\SET130.tmp
c:\program files\Internet Explorer\SET131.tmp
c:\program files\Internet Explorer\SET2.tmp
c:\program files\Internet Explorer\SET3.tmp
c:\program files\Internet Explorer\SET380.tmp
c:\program files\Internet Explorer\SET381.tmp
c:\program files\Internet Explorer\SET3B.tmp
c:\program files\Internet Explorer\SET3C.tmp
c:\program files\Internet Explorer\SET3DA.tmp
c:\program files\Internet Explorer\SET3DB.tmp
c:\program files\Internet Explorer\SET4.tmp
c:\program files\Internet Explorer\SET5.tmp
c:\program files\Internet Explorer\SET6.tmp
c:\program files\Internet Explorer\SET7.tmp
c:\program files\Internet Explorer\SET9C.tmp
c:\program files\Internet Explorer\SET9D.tmp
c:\program files\Internet Explorer\SETCA.tmp
c:\program files\Internet Explorer\SETCB.tmp
c:\program files\Internet Explorer\SETF.tmp
c:\program files\Internet Explorer\SETF8.tmp
c:\program files\Internet Explorer\SETF9.tmp
c:\windows\$NtUninstallKB64146$
c:\windows\$NtUninstallKB64146$\1428729786\@
c:\windows\$NtUninstallKB64146$\1428729786\cfg.ini
c:\windows\$NtUninstallKB64146$\1428729786\Desktop.ini
c:\windows\$NtUninstallKB64146$\1428729786\L\pqpygwuk
c:\windows\$NtUninstallKB64146$\1428729786\U\00000001.@
c:\windows\$NtUninstallKB64146$\1428729786\U\00000002.@
c:\windows\$NtUninstallKB64146$\1428729786\U\00000004.@
c:\windows\$NtUninstallKB64146$\1428729786\U\80000000.@
c:\windows\$NtUninstallKB64146$\1428729786\U\80000004.@
c:\windows\$NtUninstallKB64146$\1428729786\U\80000032.@
c:\windows\$NtUninstallKB64146$\1428729786\version
c:\windows\$NtUninstallKB64146$\2031495861
c:\windows\system32\dds_trash_log.cmd
c:\windows\system32\dllcache\dlimport.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\SET10.tmp
c:\windows\system32\SET100.tmp
c:\windows\system32\SET101.tmp
c:\windows\system32\SET102.tmp
c:\windows\system32\SET103.tmp
c:\windows\system32\SET104.tmp
c:\windows\system32\SET105.tmp
c:\windows\system32\SET106.tmp
c:\windows\system32\SET107.tmp
c:\windows\system32\SET109.tmp
c:\windows\system32\SET10A.tmp
c:\windows\system32\SET10B.tmp
c:\windows\system32\SET10C.tmp
c:\windows\system32\SET10D.tmp
c:\windows\system32\SET10E.tmp
c:\windows\system32\SET10F.tmp
c:\windows\system32\SET11.tmp
c:\windows\system32\SET110.tmp
c:\windows\system32\SET111.tmp
c:\windows\system32\SET112.tmp
c:\windows\system32\SET113.tmp
c:\windows\system32\SET114.tmp
c:\windows\system32\SET115.tmp
c:\windows\system32\SET116.tmp
c:\windows\system32\SET117.tmp
c:\windows\system32\SET118.tmp
c:\windows\system32\SET119.tmp
c:\windows\system32\SET11A.tmp
c:\windows\system32\SET11B.tmp
c:\windows\system32\SET11C.tmp
c:\windows\system32\SET11D.tmp
c:\windows\system32\SET11E.tmp
c:\windows\system32\SET11F.tmp
c:\windows\system32\SET120.tmp
c:\windows\system32\SET121.tmp
c:\windows\system32\SET122.tmp
c:\windows\system32\SET123.tmp
c:\windows\system32\SET124.tmp
c:\windows\system32\SET12F.tmp
c:\windows\system32\SET13.tmp
c:\windows\system32\SET130.tmp
c:\windows\system32\SET131.tmp
c:\windows\system32\SET132.tmp
c:\windows\system32\SET133.tmp
c:\windows\system32\SET134.tmp
c:\windows\system32\SET135.tmp
c:\windows\system32\SET136.tmp
c:\windows\system32\SET137.tmp
c:\windows\system32\SET138.tmp
c:\windows\system32\SET139.tmp
c:\windows\system32\SET13A.tmp
c:\windows\system32\SET13B.tmp
c:\windows\system32\SET13C.tmp
c:\windows\system32\SET13D.tmp
c:\windows\system32\SET13E.tmp
c:\windows\system32\SET13F.tmp
c:\windows\system32\SET14.tmp
c:\windows\system32\SET141.tmp
c:\windows\system32\SET142.tmp
c:\windows\system32\SET143.tmp
c:\windows\system32\SET144.tmp
c:\windows\system32\SET145.tmp
c:\windows\system32\SET146.tmp
c:\windows\system32\SET147.tmp
c:\windows\system32\SET148.tmp
c:\windows\system32\SET149.tmp
c:\windows\system32\SET14A.tmp
c:\windows\system32\SET14B.tmp
c:\windows\system32\SET14C.tmp
c:\windows\system32\SET14D.tmp
c:\windows\system32\SET14E.tmp
c:\windows\system32\SET14F.tmp
c:\windows\system32\SET15.tmp
c:\windows\system32\SET150.tmp
c:\windows\system32\SET151.tmp
c:\windows\system32\SET152.tmp
c:\windows\system32\SET153.tmp
c:\windows\system32\SET154.tmp
c:\windows\system32\SET155.tmp
c:\windows\system32\SET156.tmp
c:\windows\system32\SET157.tmp
c:\windows\system32\SET158.tmp
c:\windows\system32\SET159.tmp
c:\windows\system32\SET15A.tmp
c:\windows\system32\SET15B.tmp
c:\windows\system32\SET15C.tmp
c:\windows\system32\SET15D.tmp
c:\windows\system32\SET15E.tmp
c:\windows\system32\SET15F.tmp
c:\windows\system32\SET16.tmp
c:\windows\system32\SET161.tmp
c:\windows\system32\SET162.tmp
c:\windows\system32\SET163.tmp
c:\windows\system32\SET164.tmp
c:\windows\system32\SET165.tmp
c:\windows\system32\SET166.tmp
c:\windows\system32\SET167.tmp
c:\windows\system32\SET168.tmp
c:\windows\system32\SET169.tmp
c:\windows\system32\SET16A.tmp
c:\windows\system32\SET16B.tmp
c:\windows\system32\SET16C.tmp
c:\windows\system32\SET16D.tmp
c:\windows\system32\SET16E.tmp
c:\windows\system32\SET16F.tmp
c:\windows\system32\SET17.tmp
c:\windows\system32\SET170.tmp
c:\windows\system32\SET171.tmp
c:\windows\system32\SET172.tmp
c:\windows\system32\SET173.tmp
c:\windows\system32\SET174.tmp
c:\windows\system32\SET175.tmp
c:\windows\system32\SET176.tmp
c:\windows\system32\SET18.tmp
c:\windows\system32\SET19.tmp
c:\windows\system32\SET1A.tmp
c:\windows\system32\SET1B.tmp
c:\windows\system32\SET1C.tmp
c:\windows\system32\SET1D.tmp
c:\windows\system32\SET1E.tmp
c:\windows\system32\SET1F.tmp
c:\windows\system32\SET20.tmp
c:\windows\system32\SET21.tmp
c:\windows\system32\SET22.tmp
c:\windows\system32\SET23.tmp
c:\windows\system32\SET24.tmp
c:\windows\system32\SET25.tmp
c:\windows\system32\SET26.tmp
c:\windows\system32\SET27.tmp
c:\windows\system32\SET28.tmp
c:\windows\system32\SET29.tmp
c:\windows\system32\SET2A.tmp
c:\windows\system32\SET2B.tmp
c:\windows\system32\SET2C.tmp
c:\windows\system32\SET2D.tmp
c:\windows\system32\SET2D8.tmp
c:\windows\system32\SET2E.tmp
c:\windows\system32\SET2F.tmp
c:\windows\system32\SET2F9.tmp
c:\windows\system32\SET2FA.tmp
c:\windows\system32\SET2FB.tmp
c:\windows\system32\SET2FF.tmp
c:\windows\system32\SET30.tmp
c:\windows\system32\SET300.tmp
c:\windows\system32\SET301.tmp
c:\windows\system32\SET305.tmp
c:\windows\system32\SET307.tmp
c:\windows\system32\SET31.tmp
c:\windows\system32\SET32.tmp
c:\windows\system32\SET33.tmp
c:\windows\system32\SET34.tmp
c:\windows\system32\SET35.tmp
c:\windows\system32\SET37.tmp
c:\windows\system32\SET38.tmp
c:\windows\system32\SET383.tmp
c:\windows\system32\SET384.tmp
c:\windows\system32\SET385.tmp
c:\windows\system32\SET386.tmp
c:\windows\system32\SET387.tmp
c:\windows\system32\SET388.tmp
c:\windows\system32\SET389.tmp
c:\windows\system32\SET38A.tmp
c:\windows\system32\SET38B.tmp
c:\windows\system32\SET38C.tmp
c:\windows\system32\SET38D.tmp
c:\windows\system32\SET38E.tmp
c:\windows\system32\SET38F.tmp
c:\windows\system32\SET39.tmp
c:\windows\system32\SET391.tmp
c:\windows\system32\SET392.tmp
c:\windows\system32\SET393.tmp
c:\windows\system32\SET394.tmp
c:\windows\system32\SET395.tmp
c:\windows\system32\SET396.tmp
c:\windows\system32\SET397.tmp
c:\windows\system32\SET398.tmp
c:\windows\system32\SET399.tmp
c:\windows\system32\SET39A.tmp
c:\windows\system32\SET39B.tmp
c:\windows\system32\SET39C.tmp
c:\windows\system32\SET39D.tmp
c:\windows\system32\SET39E.tmp
c:\windows\system32\SET39F.tmp
c:\windows\system32\SET3A.tmp
c:\windows\system32\SET3A0.tmp
c:\windows\system32\SET3A1.tmp
c:\windows\system32\SET3A2.tmp
c:\windows\system32\SET3A3.tmp
c:\windows\system32\SET3A4.tmp
c:\windows\system32\SET3A5.tmp
c:\windows\system32\SET3A6.tmp
c:\windows\system32\SET3B.tmp
c:\windows\system32\SET3C.tmp
c:\windows\system32\SET3D.tmp
c:\windows\system32\SET3DD.tmp
c:\windows\system32\SET3DE.tmp
c:\windows\system32\SET3DF.tmp
c:\windows\system32\SET3E.tmp
c:\windows\system32\SET3E0.tmp
c:\windows\system32\SET3E1.tmp
c:\windows\system32\SET3E2.tmp
c:\windows\system32\SET3E3.tmp
c:\windows\system32\SET3E4.tmp
c:\windows\system32\SET3E5.tmp
c:\windows\system32\SET3E6.tmp
c:\windows\system32\SET3E7.tmp
c:\windows\system32\SET3E8.tmp
c:\windows\system32\SET3E9.tmp
c:\windows\system32\SET3EB.tmp
c:\windows\system32\SET3EC.tmp
c:\windows\system32\SET3ED.tmp
c:\windows\system32\SET3EE.tmp
c:\windows\system32\SET3EF.tmp
c:\windows\system32\SET3F.tmp
c:\windows\system32\SET3F0.tmp
c:\windows\system32\SET3F1.tmp
c:\windows\system32\SET3F2.tmp
c:\windows\system32\SET3F3.tmp
c:\windows\system32\SET3F4.tmp
c:\windows\system32\SET3F5.tmp
c:\windows\system32\SET3F6.tmp
c:\windows\system32\SET3F7.tmp
c:\windows\system32\SET3F8.tmp
c:\windows\system32\SET3F9.tmp
c:\windows\system32\SET3FA.tmp
c:\windows\system32\SET3FB.tmp
c:\windows\system32\SET3FC.tmp
c:\windows\system32\SET3FD.tmp
c:\windows\system32\SET3FE.tmp
c:\windows\system32\SET3FF.tmp
c:\windows\system32\SET40.tmp
c:\windows\system32\SET400.tmp
c:\windows\system32\SET41.tmp
c:\windows\system32\SET42.tmp
c:\windows\system32\SET43.tmp
c:\windows\system32\SET44.tmp
c:\windows\system32\SET45.tmp
c:\windows\system32\SET46.tmp
c:\windows\system32\SET461.tmp
c:\windows\system32\SET46A.tmp
c:\windows\system32\SET46B.tmp
c:\windows\system32\SET47.tmp
c:\windows\system32\SET473.tmp
c:\windows\system32\SET48.tmp
c:\windows\system32\SET488.tmp
c:\windows\system32\SET49.tmp
c:\windows\system32\SET4A.tmp
c:\windows\system32\SET4B.tmp
c:\windows\system32\SET4C.tmp
c:\windows\system32\SET4D.tmp
c:\windows\system32\SET4E.tmp
c:\windows\system32\SET4F.tmp
c:\windows\system32\SET5.tmp
c:\windows\system32\SET50.tmp
c:\windows\system32\SET51.tmp
c:\windows\system32\SET52.tmp
c:\windows\system32\SET53.tmp
c:\windows\system32\SET54.tmp
c:\windows\system32\SET55.tmp
c:\windows\system32\SET56.tmp
c:\windows\system32\SET57.tmp
c:\windows\system32\SET58.tmp
c:\windows\system32\SET59.tmp
c:\windows\system32\SET5B.tmp
c:\windows\system32\SET5C.tmp
c:\windows\system32\SET5D.tmp
c:\windows\system32\SET5E.tmp
c:\windows\system32\SET5F.tmp
c:\windows\system32\SET6.tmp
c:\windows\system32\SET60.tmp
c:\windows\system32\SET61.tmp
c:\windows\system32\SET62.tmp
c:\windows\system32\SET63.tmp
c:\windows\system32\SET64.tmp
c:\windows\system32\SET65.tmp
c:\windows\system32\SET66.tmp
c:\windows\system32\SET67.tmp
c:\windows\system32\SET68.tmp
c:\windows\system32\SET69.tmp
c:\windows\system32\SET6A.tmp
c:\windows\system32\SET6B.tmp
c:\windows\system32\SET6C.tmp
c:\windows\system32\SET6D.tmp
c:\windows\system32\SET6E.tmp
c:\windows\system32\SET6F.tmp
c:\windows\system32\SET7.tmp
c:\windows\system32\SET70.tmp
c:\windows\system32\SET71.tmp
c:\windows\system32\SET72.tmp
c:\windows\system32\SET73.tmp
c:\windows\system32\SET74.tmp
c:\windows\system32\SET75.tmp
c:\windows\system32\SET76.tmp
c:\windows\system32\SET77.tmp
c:\windows\system32\SET78.tmp
c:\windows\system32\SET79.tmp
c:\windows\system32\SET7A.tmp
c:\windows\system32\SET7B.tmp
c:\windows\system32\SET7C.tmp
c:\windows\system32\SET7D.tmp
c:\windows\system32\SET7F.tmp
c:\windows\system32\SET8.tmp
c:\windows\system32\SET80.tmp
c:\windows\system32\SET81.tmp
c:\windows\system32\SET82.tmp
c:\windows\system32\SET83.tmp
c:\windows\system32\SET84.tmp
c:\windows\system32\SET85.tmp
c:\windows\system32\SET86.tmp
c:\windows\system32\SET87.tmp
c:\windows\system32\SET88.tmp
c:\windows\system32\SET89.tmp
c:\windows\system32\SET8A.tmp
c:\windows\system32\SET8B.tmp
c:\windows\system32\SET8C.tmp
c:\windows\system32\SET8D.tmp
c:\windows\system32\SET8E.tmp
c:\windows\system32\SET8F.tmp
c:\windows\system32\SET9.tmp
c:\windows\system32\SET90.tmp
c:\windows\system32\SET91.tmp
c:\windows\system32\SET92.tmp
c:\windows\system32\SET93.tmp
c:\windows\system32\SET94.tmp
c:\windows\system32\SET95.tmp
c:\windows\system32\SET96.tmp
c:\windows\system32\SET97.tmp
c:\windows\system32\SET98.tmp
c:\windows\system32\SET99.tmp
c:\windows\system32\SET9A.tmp
c:\windows\system32\SET9B.tmp
c:\windows\system32\SET9C.tmp
c:\windows\system32\SET9D.tmp
c:\windows\system32\SET9E.tmp
c:\windows\system32\SET9F.tmp
c:\windows\system32\SETA.tmp
c:\windows\system32\SETA0.tmp
c:\windows\system32\SETA1.tmp
c:\windows\system32\SETA2.tmp
c:\windows\system32\SETA3.tmp
c:\windows\system32\SETA4.tmp
c:\windows\system32\SETA5.tmp
c:\windows\system32\SETA6.tmp
c:\windows\system32\SETA7.tmp
c:\windows\system32\SETA8.tmp
c:\windows\system32\SETA9.tmp
c:\windows\system32\SETAA.tmp
c:\windows\system32\SETAB.tmp
c:\windows\system32\SETAD.tmp
c:\windows\system32\SETAE.tmp
c:\windows\system32\SETAF.tmp
c:\windows\system32\SETB.tmp
c:\windows\system32\SETB0.tmp
c:\windows\system32\SETB1.tmp
c:\windows\system32\SETB2.tmp
c:\windows\system32\SETB3.tmp
c:\windows\system32\SETB4.tmp
c:\windows\system32\SETB5.tmp
c:\windows\system32\SETB6.tmp
c:\windows\system32\SETB7.tmp
c:\windows\system32\SETB8.tmp
c:\windows\system32\SETB9.tmp
c:\windows\system32\SETBA.tmp
c:\windows\system32\SETBB.tmp
c:\windows\system32\SETBC.tmp
c:\windows\system32\SETBD.tmp
c:\windows\system32\SETBE.tmp
c:\windows\system32\SETBF.tmp
c:\windows\system32\SETC.tmp
c:\windows\system32\SETC0.tmp
c:\windows\system32\SETC1.tmp
c:\windows\system32\SETC2.tmp
c:\windows\system32\SETC3.tmp
c:\windows\system32\SETC4.tmp
c:\windows\system32\SETC5.tmp
c:\windows\system32\SETC7.tmp
c:\windows\system32\SETC8.tmp
c:\windows\system32\SETC9.tmp
c:\windows\system32\SETCA.tmp
c:\windows\system32\SETCB.tmp
c:\windows\system32\SETCC.tmp
c:\windows\system32\SETCD.tmp
c:\windows\system32\SETCE.tmp
c:\windows\system32\SETCF.tmp
c:\windows\system32\SETD.tmp
c:\windows\system32\SETD0.tmp
c:\windows\system32\SETD1.tmp
c:\windows\system32\SETD2.tmp
c:\windows\system32\SETD3.tmp
c:\windows\system32\SETD4.tmp
c:\windows\system32\SETD5.tmp
c:\windows\system32\SETD6.tmp
c:\windows\system32\SETD7.tmp
c:\windows\system32\SETD8.tmp
c:\windows\system32\SETD9.tmp
c:\windows\system32\SETDB.tmp
c:\windows\system32\SETDC.tmp
c:\windows\system32\SETDD.tmp
c:\windows\system32\SETDE.tmp
c:\windows\system32\SETDF.tmp
c:\windows\system32\SETE.tmp
c:\windows\system32\SETE0.tmp
c:\windows\system32\SETE1.tmp
c:\windows\system32\SETE2.tmp
c:\windows\system32\SETE3.tmp
c:\windows\system32\SETE4.tmp
c:\windows\system32\SETE5.tmp
c:\windows\system32\SETE6.tmp
c:\windows\system32\SETE7.tmp
c:\windows\system32\SETE8.tmp
c:\windows\system32\SETE9.tmp
c:\windows\system32\SETEA.tmp
c:\windows\system32\SETEB.tmp
c:\windows\system32\SETEC.tmp
c:\windows\system32\SETED.tmp
c:\windows\system32\SETEE.tmp
c:\windows\system32\SETEF.tmp
c:\windows\system32\SETF.tmp
c:\windows\system32\SETF0.tmp
c:\windows\system32\SETF1.tmp
c:\windows\system32\SETF2.tmp
c:\windows\system32\SETF3.tmp
c:\windows\system32\SETF4.tmp
c:\windows\system32\SETF5.tmp
c:\windows\system32\SETF6.tmp
c:\windows\system32\SETF7.tmp
c:\windows\system32\SETF8.tmp
c:\windows\system32\SETF9.tmp
c:\windows\system32\SETFA.tmp
c:\windows\system32\SETFB.tmp
c:\windows\system32\SETFC.tmp
c:\windows\system32\SETFD.tmp
c:\windows\system32\SETFE.tmp
c:\windows\system32\SETFF.tmp
c:\windows\system32\winsh320
c:\windows\system32\winsh321
c:\windows\system32\winsh322
c:\windows\system32\winsh323
c:\windows\system32\winsh324
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_AMSERVICE
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-19 00:27 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys
2012-05-19 00:27 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys
2012-05-17 03:10 . 2012-05-17 03:10 -------- d-----w- c:\windows\Microsoft Antimalware
2012-05-09 21:22 . 2012-05-17 06:43 -------- d-----w- c:\documents and settings\John\Application Data\Hvdnffpyhy
2012-05-09 21:21 . 2012-05-09 21:21 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}
2012-05-09 21:20 . 2012-05-17 04:33 -------- d-----w- c:\program files\Common Files\HotKey
2012-05-09 21:19 . 2012-05-17 04:33 -------- d-----w- c:\documents and settings\John\Application Data\Ywehet
2012-05-09 21:19 . 2012-05-09 22:39 -------- d-----w- c:\documents and settings\John\Application Data\Loxai
2012-05-09 21:19 . 2012-05-09 21:19 -------- d-----w- c:\documents and settings\John\Application Data\Uvohv
2012-05-06 13:22 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-05-06 13:21 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-05-06 13:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-05-06 13:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-05-06 13:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-05-06 13:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-05-05 19:55 . 2012-05-05 19:55 -------- d-----w- c:\windows\ServicePackFiles
2012-05-05 19:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2012-05-05 18:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-05-05 18:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-05-05 18:35 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-05-05 18:35 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-05-05 18:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-05-05 18:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-05-05 18:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-05-05 18:35 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2012-05-05 18:35 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-05-05 18:35 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-05-05 18:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-05-05 18:35 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-05-05 18:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-05-05 18:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-05-05 18:33 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-05-05 18:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-05-05 18:33 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-05-05 18:31 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-05-05 18:30 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-05-05 17:30 . 2012-05-05 17:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 17:29 . 2012-05-05 17:29 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 17:29 . 2012-05-05 17:29 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-05 16:36 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-05-05 16:36 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-05-05 16:36 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-05-05 16:36 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-05 15:48 . 2012-05-05 15:48 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-05-05 15:03 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-05-05 15:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-05 15:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\program files\Common Files\Java
2012-05-05 13:46 . 2012-05-06 13:38 -------- dc-h--w- c:\windows\ie8
2012-05-04 16:11 . 2012-05-04 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\I Want This
2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\program files\I Want This
2012-04-27 09:12 . 2011-10-04 21:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-04-27 09:11 . 2012-04-27 09:12 -------- d-----w- c:\program files\GPLGS
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Babylon
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- C:\Program1
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\John\Application Data\Babylon
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\program files\PDFCreator
2012-04-21 16:34 . 2012-04-21 16:34 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2012-04-21 16:33 . 2012-04-29 12:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-21 16:33 . 2012-04-21 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 17:51 . 2010-06-02 13:20 81920 -c--a-w- c:\windows\ALCFDRTM.VER
2012-03-30 13:13 . 2012-03-30 13:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 13:13 . 2011-06-05 12:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2010-04-26 19:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 17:29 . 2011-04-30 10:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\71d83054-7dbe-45c3-a453-719bb81c5f99.com" [2012-04-28 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-08-17 342872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-1-10 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableRegedit"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN111v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceConnect]
2010-01-28 13:48 10035448 ----a-w- c:\program files\3 Mobile Broadband\3Connect\Wilog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 16:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IconixOEAddOn]
2010-08-17 19:32 342872 ----a-w- c:\program files\Iconix\OEAddOn\OEdmn_6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-02-02 13:15 1085952 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSNUpd]
2010-07-14 13:51 152896 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\psnupd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-02 13:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 17:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 13:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"YahooAUService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [14/12/2010 11:15 1737464]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [22/08/2010 22:59 283992]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [10/01/2012 18:39 167936]
R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [10/01/2012 18:39 1759584]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16:45 57440]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 14:13 253600]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [10/01/2012 18:39 360529]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15/09/2010 12:14 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [05/05/2012 18:30 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14/01/2009 02:23 458752]
S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [24/09/2010 14:19 268528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
S7oppilx
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:13]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48]
.
2012-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48]
.
2012-01-29 c:\windows\Tasks\Qtutqqbm.job
- c:\windows\system32\msconfv.dll [2012-01-18 19:46]
.
2012-05-19 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-03-10 18:22]
.
2012-05-19 c:\windows\Tasks\User_Feed_Synchronization-{C4DFAE7E-416B-4244-8132-23CA1C0E809F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\hjcms5ve.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=30c6e44e000000000000e0469aa5cccd&q=
FF - prefs.js: network.proxy.type - 2
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: CT2438727.AboutPrivacyUrl - hxxp://www.conduit.com/privacy/Default.aspx
FF - user.js: CT2438727.CTID - CT2438727
FF - user.js: CT2438727.CommunitiesChangesLastCheckTime - 0
FF - user.js: CT2438727.CurrentServerDate - 15-2-2011
FF - user.js: CT2438727.DialogsAlignMode - LTR
FF - user.js: CT2438727.DownloadReferralCookieData -
FF - user.js: CT2438727.FirstServerDate - 20-9-2010
FF - user.js: CT2438727.FirstTime - true
FF - user.js: CT2438727.FirstTimeFF3 - true
FF - user.js: CT2438727.FirstTimeSettingsDone - true
FF - user.js: CT2438727.FixPageNotFoundErrors - true
FF - user.js: CT2438727.GroupingInvalidateCache - false
FF - user.js: CT2438727.GroupingLastCheckTime - 0
FF - user.js: CT2438727.GroupingLastServerUpdateTime - 0
FF - user.js: CT2438727.GroupingServerCheckInterval - 1440
FF - user.js: CT2438727.GroupingServiceUrl - hxxp://grouping.services.conduit.com/
FF - user.js: CT2438727.Initialize - true
FF - user.js: CT2438727.InitializeCommonPrefs - true
FF - user.js: CT2438727.InstallationAndCookieDataSentCount - 3
FF - user.js: CT2438727.InstalledDate - Mon Sep 20 2010 01:25 GMT+0100 (GMT Daylight Time)
FF - user.js: CT2438727.InvalidateCache - false
FF - user.js: CT2438727.IsGrouping - false
FF - user.js: CT2438727.IsMulticommunity - false
FF - user.js: CT2438727.IsOpenThankYouPage - true
FF - user.js: CT2438727.IsOpenUninstallPage - true
FF - user.js: CT2438727.LanguagePackLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.LanguagePackReloadIntervalMM - 1440
FF - user.js: CT2438727.LanguagePackServiceUrl - hxxp://translation.users.conduit.com/Translation.ashx
FF - user.js: CT2438727.LastLogin_2.7.1.3 - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.LatestVersion - 2.7.1.3
FF - user.js: CT2438727.Locale - en
FF - user.js: CT2438727.LoginCache - 4
FF - user.js: CT2438727.MCDetectTooltipHeight - 83
FF - user.js: CT2438727.MCDetectTooltipUrl - hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1
FF - user.js: CT2438727.MCDetectTooltipWidth - 295
FF - user.js: CT2438727.RadioLastCheckTime - 0
FF - user.js: CT2438727.RadioLastUpdateIPServer - 0
FF - user.js: CT2438727.RadioLastUpdateServer - 0
FF - user.js: CT2438727.SHRINK_TOOLBAR - 1
FF - user.js: CT2438727.SearchEngine - Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&Search Source=1
FF - user.js: CT2438727.SearchFromAddressBarIsInit - true
FF - user.js: CT2438727.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=
FF - user.js: CT2438727.SearchInNewTabEnabled - true
FF - user.js: CT2438727.SearchInNewTabIntervalMM - 1440
FF - user.js: CT2438727.SearchInNewTabLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.SearchInNewTabServiceUrl - hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID
FF - user.js: CT2438727.SearchInNewTabUsageUrl - hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID
FF - user.js: CT2438727.SettingsCheckIntervalMin - 120
FF - user.js: CT2438727.SettingsLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.SettingsLastUpdate - 1297721424
FF - user.js: CT2438727.ThirdPartyComponentsInterval - 504
FF - user.js: CT2438727.ThirdPartyComponentsLastCheck - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.ThirdPartyComponentsLastUpdate - 1246790578
FF - user.js: CT2438727.TrusteLinkUrl - hxxp://trust.conduit.com/EB_ORIGINAL_CTID
FF - user.js: CT2438727.UserID - UN14965108183067577
FF - user.js: CT2438727.ValidationData_Search - 0
FF - user.js: CT2438727.ValidationData_Toolbar - 2
FF - user.js: CT2438727.alertChannelId - 832836
FF - user.js: CT2438727.clientLogIsEnabled - false
FF - user.js: CT2438727.clientLogServiceUrl - hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent
FF - user.js: CT2438727.myStuffEnabled - true
FF - user.js: CT2438727.myStuffPublihserMinWidth - 400
FF - user.js: CT2438727.myStuffSearchUrl - hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIG INAL_CTID
FF - user.js: CT2438727.myStuffServiceIntervalMM - 1440
FF - user.js: CT2438727.myStuffServiceUrl - hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_L UT
FF - user.js: CT2438727.uninstallLogServiceUrl - hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation
FF - user.js: CommunityToolbar.SearchFromAddressBarSavedUrl - chrome://browser-region/locale/region.properties
FF - user.js: CommunityToolbar.ToolbarsList - CT2438727
FF - user.js: CommunityToolbar.ToolbarsList2 - CT2438727
FF - user.js: CommunityToolbar.alert.alertInfoInterval - 1440
FF - user.js: CommunityToolbar.alert.alertInfoLastCheckTime - Tue Feb 15 2011 19:52 GMT+0000 (GMT Standard Time)
FF - user.js: CommunityToolbar.alert.clientsServerUrl - hxxp://alert.client.conduit.com
FF - user.js: CommunityToolbar.alert.locale - en
FF - user.js: CommunityToolbar.alert.loginIntervalMin - 1440
FF - user.js: CommunityToolbar.alert.loginLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CommunityToolbar.alert.loginLastUpdateTime - 1291052234
FF - user.js: CommunityToolbar.alert.messageShowTimeSec - 20
FF - user.js: CommunityToolbar.alert.servicesServerUrl - hxxp://alert.services.conduit.com
FF - user.js: CommunityToolbar.alert.showTrayIcon - false
FF - user.js: CommunityToolbar.alert.userCloseIntervalMin - 300
FF - user.js: CommunityToolbar.alert.userId - {029615fa-cf91-40f4-9072-93950c5fb5f8}
FF - user.js: accessibility.browsewithcaret - true
FF - user.js: accessibility.typeaheadfind - true
FF - user.js: accessibility.typeaheadfind.casesensitive - 1
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.disable_button.showUpdateHistory - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1326979408
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1326979287
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1326979528
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313360628
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304117503
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1326987885
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.use_document_fonts - 0
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\John\\Desktop
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.download.manager.retention - 0
FF - user.js: browser.download.save_converter_index - 3
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 5
FF - user.js: browser.offline - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.selectedEngine - Bing
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - user.js: browser.startup.homepage_override.buildID - 20111220165912
FF - user.js: browser.startup.homepage_override.mstone - rv:9.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.loadInBackground - false
FF - user.js: browser.urlbar.default.behavior - 1
FF - user.js: browser.visited_color - #800080
FF - user.js: dom.disable_open_during_load - false
FF - user.js: dom.event.contextmenu.enabled - false
FF - user.js: dom.max_script_run_time - 0
FF - user.js: extensions.MicrosoftCG.lastRunTime - Mon, 01 Nov 2010 22:13 GMT
FF - user.js: extensions.blocklist.pingCountTotal - 237
FF - user.js: extensions.blocklist.pingCountVersion - 9
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:9.0.1
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\ \\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1277663450843},\smartwebpri nting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031},\jqs@sun.com\:{\descripto r\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1288081481343} }},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1326272142546},\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\,\mtime\:1326329926656}}},{\name\:\winreg-app-user\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031}}},{\name\:\app-profile\,\addons\:{\firefox@zoodles.com\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \firefox@zoodles.com.xpi\,\mtime\:1314085773315},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1280323145296},\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \{7b13ec3e-999a-4b70-b9cb-2617b8323822}\,\mtime\:1326224466051}}}]
FF - user.js: extensions.lastAppVersion - 9.0.1
FF - user.js: extensions.lastPlatformVersion - 9.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.zoodles.account_created - true
FF - user.js: extensions.zoodles.toolbar_installed - true
FF - user.js: font.name.serif.x-western - Verdana
FF - user.js: general.useragent.extra.microsoftdotnet - ( .NET CLR 3.5.30729)
FF - user.js: general.useragent.extra.zoodles -
FF - user.js: general.useragent.extra.zoodles_parent - InquisitiveMindsAddon
FF - user.js: gfx.blacklist.direct2d - 2
FF - user.js: gfx.blacklist.layers.direct3d10 - 2
FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2
FF - user.js: idle.lastDailyNotification - 1326992866
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-8, UTF-8, ISO-8859-2, windows-1252, ISO-8859-15
FF - user.js: lightweightThemes.isThemeSelected - false
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\30987\,\name\:\endless possibilities by etsu\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/7/30987/etsu_v2_header.jpg?1260925626\,\footerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\etsu meusy‚€™s work has been described as ‚€œsunny and clean‚€Ě by giant robot and ‚€œnostalgia-tinged 70s and 80s pop cultural pastiches‚€Ě by coolhunting. etsu blends together paint, hand drawn typography and the odd guest appearance from 80s icons like axl rose and the smurfs to create dreamy rainbow colored landscapes. her artwork has been featured in nylon magazine and art books by die gestalten.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/30987\,\version\:\1260925626\},{\id\:\95641\,\name\:\supernatural-dean\,\headerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\this is a supernatural persona\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/95641\,\version\:\1265334322\},{\id\:\64769\,\name\:\sunset over water\,\headerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\this is a personal photo i took. i have a wallpaper to match this and it can be found at\\u000d\\u000a:http://nature.desktopnexus.com/wallp...\u000d\\u000aI also made an iGoogle theme called Framed Sunset and you can use that as your theme if you use iGoogle.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/64769\}]
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.lifetimePolicy - 2
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.type - 2
FF - user.js: places.database.lastMaintenance - 1326992866
FF - user.js: places.history.expiration.transient_current_max_pages - 76949
FF - user.js: places.history.expiration.transient_optimal_database_size - 123117894
FF - user.js: places.last_vacuum - 1301663853
FF - user.js: pref.advanced.images.disable_button.view_image - false
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: print.print_printer - HP Deskjet D2600 series
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgcolor - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgimages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_command -
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_downloadfonts - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_bottom - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_left - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_right - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_top - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_evenpages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footercenter -
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerleft - &PT
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerright - &D
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headercenter -
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerleft - &T
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerright - &U
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_in_color - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_left - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_right - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_top - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_oddpages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_orientation - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_pagedelay - 500
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_data - 9
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_height - 11.00
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_type - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_unit - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_width - 8.50
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_reversed - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_scaling - 1.25
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_shrink_to_fit - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_file - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_filename -
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgcolor - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgimages - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_command -
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_left - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_right - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_top - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_evenpages - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footercenter -
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerright - &D
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headercenter -
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerleft - &T
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerright - &U
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_in_color - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_oddpages - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_orientation - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_pagedelay - 500
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_data - 6
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 1
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_reversed - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_file - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_filename -
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0
FF - user.js: print_printer - HP Deskjet D2600 series
FF - user.js: printer_HP_Deskjet_D2600_series.print_bgcolor - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_bgimages - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_colorspace -
FF - user.js: printer_HP_Deskjet_D2600_series.print_command -
FF - user.js: printer_HP_Deskjet_D2600_series.print_downloadfonts - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_bottom - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_left - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_right - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_top - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_evenpages - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_footercenter -
FF - user.js: printer_HP_Deskjet_D2600_series.print_footerleft - &PT
FF - user.js: printer_HP_Deskjet_D2600_series.print_footerright - &D
FF - user.js: printer_HP_Deskjet_D2600_series.print_headercenter -
FF - user.js: printer_HP_Deskjet_D2600_series.print_headerleft - &T
FF - user.js: printer_HP_Deskjet_D2600_series.print_headerright - &U
FF - user.js: printer_HP_Deskjet_D2600_series.print_in_color - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_left - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_right - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_top - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_oddpages - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_orientation - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_page_delay - 50
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_data - 9
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_height - 11.00
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_name -
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_type - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_unit - 1
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_width - 8.50
FF - user.js: printer_HP_Deskjet_D2600_series.print_plex_name -
FF - user.js: printer_HP_Deskjet_D2600_series.print_resolution_name -
FF - user.js: printer_HP_Deskjet_D2600_series.print_reversed - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_scaling - 1.00
FF - user.js: printer_HP_Deskjet_D2600_series.print_shrink_to_fit - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_to_file - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_to_filename -
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0
FF - user.js: privacy.cpd.siteSettings - true
FF - user.js: privacy.donottrackheader.enabled - true
FF - user.js: privacy.popups.showBrowserMessage - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 0
FF - user.js: security.disable_button.openCertManager - false
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: security.enable_ssl2 - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: signon.rememberSignons - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1325869576
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1329414084
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 30c6e44e000000000000e0469aa5cccd
FF - user.js: extensions.BabylonToolbar_i.hardId - 30c6e44e000000000000e0469aa5cccd
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15457
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe
MSConfigStartUp-Google Update - c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
MSConfigStartUp-Gtwatch - c:\windows\gtwatch.exe
MSConfigStartUp-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe
MSConfigStartUp-PSUNMain - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-19 14:34
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1957994488-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1132)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3652)
c:\windows\system32\WININET.dll
c:\program files\Iconix\OEAddOn\OEldr_7.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
.
**************************************************************************
.
Completion time: 2012-05-19 14:42:01 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 13:41
.
Pre-Run: 154,489,208,832 bytes free
Post-Run: 154,577,326,080 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 8B59B7E45875B886EA672C1544E6761A
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is online now kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-May-2012, 09:50 AM #63
No not really, I used to work offshore, had a real bad accident Dec 2004, took me 4 years to get over it and many operations to my right leg and shoulder. Started messing about with computers for soething to do...
About 2009 took interest in Malware and its effect on computers. Started traing at Geeks2Go, had to leave course midway for personal reasons, (I lost the plot due to accident and how it affected my life)
Started again at Spywarehammer and completed this time. SH is my home site, I come here to help out cos it gets really busy.
If you want to learn you have to be dedicated, it takes about a 6 months to a year, depending on you and the effort you put in..

Let me know if you`re interested, i`ll point you in the right direction...
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is online now kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-May-2012, 09:54 AM #64
I`ve got to go out, back maybe 1 to 2 hours, i`ll look at CF log then. Dont do anything with that PC...
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 10:01 AM #65
ok ill shut it down now sorry to hear about your past least you pulled though m8 and on the up hope fully what site is sh and its just very nice to know there are people still out there who help others and not just to charge them money. i would love to learn about computer but aint got much tme or any money to do that sort of stuff.
kevinf80's Avatar
kevinf80   (Kevin) kevinf80 is online now kevinf80 is authorized to help remove malware. kevinf80 has a Profile Picture
Computer Specs
Malware Removal Specialist with 9,490 posts.
 
Join Date: Mar 2006
Location: Sunderland UK
Experience: Intermediate
19-May-2012, 11:26 AM #66
Dont be sorry, I just started drinking maybe more than I should, feeling sorry for myself I guess. Came back twice as strong and more determined...

OK, Lets continue:

Step 1

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Open notepad and copy/paste the text in the Codebox below into it:

Code:
KillAll::
ClearJavaCache::
File::
c:\windows\Tasks\Qtutqqbm.job
c:\windows\system32\msconfv.dll
Folder::
c:\documents and settings\John\Application Data\Hvdnffpyhy
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}
c:\program files\Common Files\HotKey
c:\documents and settings\John\Application Data\Ywehet
c:\documents and settings\John\Application Data\Loxai
c:\documents and settings\John\Application Data\Uvohv
c:\documents and settings\John\Application Data\Babylon
c:\documents and settings\All Users\Application Data\Babylon
DirLook::
c:\documents and settings\John\Local Settings\Application Data\I Want This
c:\program files\I Want This
C:\Program1
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableRegedit"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
Firefox::
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\hjcms5ve.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=30c6e44e000000000000e0469aa5cccd&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 30c6e44e000000000000e0469aa5cccd
FF - user.js: extensions.BabylonToolbar_i.hardId - 30c6e44e000000000000e0469aa5cccd
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15457
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
Save this as CFScript.txt, and as Type: All Files (*.*) in the same location as ComboFix.exe





Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply.

Step 2

Run ESET Online Scan
  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Click on to download the ESET Smart Installer. Save it to your desktop.
  • Double click on the icon on your desktop.
  • Check
  • Click the button.
  • Accept any security warnings from your browser.
  • Check
  • Leave the tick out of remove found threats
  • Push the Start button.
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, push
  • Push , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Push the button.
  • Push
You can refer to this animation by neomage if needed.
Frequently asked questions available Here Please read them before running the scan.

Also be aware this scan can take several hours to complete depending on the size of your system.

ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt".

Let me see those two logs, also give update on current issues/concerns

Kevin
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 01:00 PM #67
how do i do screen shot m8
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 01:01 PM #68
and sh your home site what site is that please
Mark1956's Avatar
Malware Removal Specialist with 13,930 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
19-May-2012, 01:16 PM #69
Just so you can keep going while Kevin is offline this is a guide for taking a screenshot in XP: How to take a screenshot in XP

SH is SpywareHammer, it's my home site also, you will find the site here: SpywareHammer
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 01:21 PM #70
thank you
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 01:22 PM #71
step 1 results

ComboFix 12-05-19.01 - John 19/05/2012 17:59:59.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2935.2349 [GMT 1:00]
Running from: c:\documents and settings\John\Desktop\ComboFix.exe
Command switches used :: G:\CFScript.txt
.
FILE ::
"c:\windows\system32\msconfv.dll"
"c:\windows\Tasks\Qtutqqbm.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\Babylon
c:\documents and settings\John\Application Data\Babylon
c:\documents and settings\John\Application Data\Babylon\log_file.txt
c:\documents and settings\John\Application Data\Hvdnffpyhy
c:\documents and settings\John\Application Data\Loxai
c:\documents and settings\John\Application Data\Uvohv
c:\documents and settings\John\Application Data\Uvohv\usnow.fit
c:\documents and settings\John\Application Data\Ywehet
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\chrome.manifest
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\install.rdf
c:\program files\Common Files\HotKey
c:\windows\system32\msconfv.dll
c:\windows\Tasks\Qtutqqbm.job
.
.
((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 )))))))))))))))))))))))))))))))
.
.
2012-05-05 19:55 . 2012-05-05 19:55 -------- d-----w- c:\windows\ServicePackFiles
2012-05-05 19:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll
2012-05-05 18:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys
2012-05-05 18:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-05-05 18:35 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-05-05 18:35 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-05-05 18:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-05-05 18:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-05-05 18:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-05-05 18:35 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll
2012-05-05 18:35 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-05-05 18:35 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-05-05 18:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-05-05 18:35 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-05-05 18:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-05-05 18:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-05-05 18:33 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-05-05 18:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys
2012-05-05 18:33 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-05-05 18:31 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll
2012-05-05 18:30 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-05-05 17:30 . 2012-05-05 17:30 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-05-05 17:29 . 2012-05-05 17:29 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2012-05-05 17:29 . 2012-05-05 17:29 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2012-05-05 16:36 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-05-05 16:36 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-05-05 16:36 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-05-05 16:36 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-05-05 16:36 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-05-05 15:48 . 2012-05-05 15:48 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-05-05 15:03 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-05-05 15:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-05-05 15:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\windows\system32\wbem\Repository
2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\program files\Common Files\Java
2012-05-05 13:46 . 2012-05-06 13:38 -------- dc-h--w- c:\windows\ie8
2012-05-04 16:11 . 2012-05-04 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG
2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\I Want This
2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\program files\I Want This
2012-04-27 09:12 . 2011-10-04 21:42 86016 ----a-w- c:\windows\system32\custmon32i.dll
2012-04-27 09:11 . 2012-04-27 09:12 -------- d-----w- c:\program files\GPLGS
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Babylon
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- C:\Program1
2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\program files\PDFCreator
2012-04-21 16:34 . 2012-04-21 16:34 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com
2012-04-21 16:33 . 2012-04-29 12:24 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-04-21 16:33 . 2012-04-21 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-25 17:51 . 2010-06-02 13:20 81920 -c--a-w- c:\windows\ALCFDRTM.VER
2012-03-30 13:13 . 2012-03-30 13:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-03-30 13:13 . 2011-06-05 12:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll
2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2012-02-29 14:10 . 2010-04-26 19:18 148480 ----a-w- c:\windows\system32\imagehlp.dll
2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2012-05-05 17:29 . 2011-04-30 10:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\documents and settings\John\Local Settings\Application Data\I Want This ----
.
2012-02-29 13:21 . 2012-02-29 13:21 90207 ----a-w- c:\documents and settings\John\Local Settings\Application Data\I Want This\Chrome\I Want This.crx
.
---- Directory of c:\program files\I Want This ----
.
2012-04-27 09:16 . 2012-04-27 09:16 7729 ----a-w- c:\program files\I Want This\I Want ThisInstaller.log
2012-04-27 09:16 . 2012-04-27 09:16 137 ----a-w- c:\program files\I Want This\I Want This.ini
2012-04-27 09:16 . 2012-04-27 09:16 463627 ----a-w- c:\program files\I Want This\Uninstall.exe
2012-02-28 00:51 . 2012-02-28 00:51 35792 ----a-w- c:\program files\I Want This\appAPIinternalWrapper.js
2012-02-28 00:51 . 2012-02-28 00:51 15711 ----a-w- c:\program files\I Want This\fb.js
2012-02-28 00:51 . 2012-02-28 00:51 475480 ----a-w- c:\program files\I Want This\I Want This.dll
2012-02-28 00:51 . 2012-02-28 00:51 336216 ----a-w- c:\program files\I Want This\I Want This.exe
2012-02-28 00:51 . 2012-02-28 00:51 9662 ----a-w- c:\program files\I Want This\I Want This.ico
2012-02-28 00:51 . 2012-02-28 00:51 2096984 ----a-w- c:\program files\I Want This\I Want ThisGui.exe
2012-02-28 00:51 . 2012-02-28 00:51 166313 ----a-w- c:\program files\I Want This\jquery.js
2012-02-28 00:51 . 2012-02-28 00:51 10790 ----a-w- c:\program files\I Want This\json.js
.
---- Directory of C:\Program1 ----
.
2012-04-27 09:11 . 2005-10-25 08:36 116 ----a-w- c:\program1\PDFWrite.rsp
2012-04-27 09:11 . 2011-02-22 23:05 32768 ----a-w- c:\program1\Preferences.exe
2012-04-27 09:11 . 2011-02-22 08:28 53248 ----a-w- c:\program1\uninstpw.exe
2012-04-27 09:11 . 2011-02-22 08:27 126976 ----a-w- c:\program1\CPWriter2.exe
2012-04-27 09:11 . 2011-10-03 21:56 40960 ----a-w- c:\program1\pdfwriter.exe
2012-04-27 09:11 . 2008-01-28 18:23 4928 ----a-w- c:\program1\README.HTM
2012-04-27 09:11 . 2012-03-28 19:07 296 ----a-w- c:\program1\setup.inf
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-19_13.34.10 )))))))))))))))))))))))))))))))))))))))))
.
- 2012-05-19 13:28 . 2012-04-11 13:53 30208 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\u pdate\w32ksign.dll
- 2012-05-19 13:28 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\u pdate\spcustom.dll
- 2012-05-19 13:28 . 2012-04-11 13:53 16896 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\u pdate\mpsyschk.dll
- 2012-05-19 13:28 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\s pmsg.dll
- 2012-05-19 13:28 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\u pdate\updspapi.dll
- 2012-05-19 13:28 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\u pdate\update.exe
- 2012-05-19 13:28 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\s puninst.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\71d83054-7dbe-45c3-a453-719bb81c5f99.com" [2012-04-28 3905920]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976]
"IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-08-17 342872]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016]
"AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-1-10 565248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableRegedit"= 1 (0x1)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 1 (0x1)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk
backup=c:\windows\pss\NETGEAR WN111v2 Smart Wizard.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Watch.lnk
backup=c:\windows\pss\Watch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\documents and settings\John\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceConnect]
2010-01-28 13:48 10035448 ----a-w- c:\program files\3 Mobile Broadband\3Connect\Wilog.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2009-11-18 16:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IconixOEAddOn]
2010-08-17 19:32 342872 ----a-w- c:\program files\Iconix\OEAddOn\OEdmn_6.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater]
2011-02-02 13:15 1085952 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSNUpd]
2010-07-14 13:51 152896 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\psnupd.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2010-06-02 13:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
2009-01-30 17:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher]
2010-09-24 13:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"ZuneNetworkSvc"=2 (0x2)
"ZuneBusEnum"=2 (0x2)
"WMZuneComm"=3 (0x3)
"YahooAUService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664]
R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608]
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176]
R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648]
R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [14/12/2010 11:15 1737464]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624]
R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [22/08/2010 22:59 283992]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776]
R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [10/01/2012 18:39 167936]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16:45 57440]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 584680]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 209512]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496]
S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 14:13 253600]
S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [10/01/2012 18:39 1759584]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664]
S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [10/01/2012 18:39 360529]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15/09/2010 12:14 9216]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [05/05/2012 18:30 129976]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14/01/2009 02:23 458752]
S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [24/09/2010 14:19 268528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
getPlusHelper REG_MULTI_SZ getPlusHelper
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
S7oppilx
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:13]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48]
.
2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48]
.
2012-05-19 c:\windows\Tasks\SDMsgUpdate (TE).job
- c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-03-10 18:22]
.
2012-05-19 c:\windows\Tasks\User_Feed_Synchronization-{C4DFAE7E-416B-4244-8132-23CA1C0E809F}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Supplementary Scan -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 194.168.4.100 194.168.8.100
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\hjcms5ve.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - prefs.js: network.proxy.type - 2
# Mozilla User Preferences
/* Do not edit this file.
*
* If you make changes to this file while the application is running,
* the changes will be overwritten when the application exits.
*
* To make a manual change to preferences, you can visit the URL about:config
* For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs
*/
FF - user.js: CT2438727.AboutPrivacyUrl - hxxp://www.conduit.com/privacy/Default.aspx
FF - user.js: CT2438727.CTID - CT2438727
FF - user.js: CT2438727.CommunitiesChangesLastCheckTime - 0
FF - user.js: CT2438727.CurrentServerDate - 15-2-2011
FF - user.js: CT2438727.DialogsAlignMode - LTR
FF - user.js: CT2438727.DownloadReferralCookieData -
FF - user.js: CT2438727.FirstServerDate - 20-9-2010
FF - user.js: CT2438727.FirstTime - true
FF - user.js: CT2438727.FirstTimeFF3 - true
FF - user.js: CT2438727.FirstTimeSettingsDone - true
FF - user.js: CT2438727.FixPageNotFoundErrors - true
FF - user.js: CT2438727.GroupingInvalidateCache - false
FF - user.js: CT2438727.GroupingLastCheckTime - 0
FF - user.js: CT2438727.GroupingLastServerUpdateTime - 0
FF - user.js: CT2438727.GroupingServerCheckInterval - 1440
FF - user.js: CT2438727.GroupingServiceUrl - hxxp://grouping.services.conduit.com/
FF - user.js: CT2438727.Initialize - true
FF - user.js: CT2438727.InitializeCommonPrefs - true
FF - user.js: CT2438727.InstallationAndCookieDataSentCount - 3
FF - user.js: CT2438727.InstalledDate - Mon Sep 20 2010 01:25 GMT+0100 (GMT Daylight Time)
FF - user.js: CT2438727.InvalidateCache - false
FF - user.js: CT2438727.IsGrouping - false
FF - user.js: CT2438727.IsMulticommunity - false
FF - user.js: CT2438727.IsOpenThankYouPage - true
FF - user.js: CT2438727.IsOpenUninstallPage - true
FF - user.js: CT2438727.LanguagePackLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.LanguagePackReloadIntervalMM - 1440
FF - user.js: CT2438727.LanguagePackServiceUrl - hxxp://translation.users.conduit.com/Translation.ashx
FF - user.js: CT2438727.LastLogin_2.7.1.3 - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.LatestVersion - 2.7.1.3
FF - user.js: CT2438727.Locale - en
FF - user.js: CT2438727.LoginCache - 4
FF - user.js: CT2438727.MCDetectTooltipHeight - 83
FF - user.js: CT2438727.MCDetectTooltipUrl - hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1
FF - user.js: CT2438727.MCDetectTooltipWidth - 295
FF - user.js: CT2438727.RadioLastCheckTime - 0
FF - user.js: CT2438727.RadioLastUpdateIPServer - 0
FF - user.js: CT2438727.RadioLastUpdateServer - 0
FF - user.js: CT2438727.SHRINK_TOOLBAR - 1
FF - user.js: CT2438727.SearchEngine - Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&Search Source=1
FF - user.js: CT2438727.SearchFromAddressBarIsInit - true
FF - user.js: CT2438727.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q=
FF - user.js: CT2438727.SearchInNewTabEnabled - true
FF - user.js: CT2438727.SearchInNewTabIntervalMM - 1440
FF - user.js: CT2438727.SearchInNewTabLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.SearchInNewTabServiceUrl - hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID
FF - user.js: CT2438727.SearchInNewTabUsageUrl - hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID
FF - user.js: CT2438727.SettingsCheckIntervalMin - 120
FF - user.js: CT2438727.SettingsLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.SettingsLastUpdate - 1297721424
FF - user.js: CT2438727.ThirdPartyComponentsInterval - 504
FF - user.js: CT2438727.ThirdPartyComponentsLastCheck - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CT2438727.ThirdPartyComponentsLastUpdate - 1246790578
FF - user.js: CT2438727.TrusteLinkUrl - hxxp://trust.conduit.com/EB_ORIGINAL_CTID
FF - user.js: CT2438727.UserID - UN14965108183067577
FF - user.js: CT2438727.ValidationData_Search - 0
FF - user.js: CT2438727.ValidationData_Toolbar - 2
FF - user.js: CT2438727.alertChannelId - 832836
FF - user.js: CT2438727.clientLogIsEnabled - false
FF - user.js: CT2438727.clientLogServiceUrl - hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent
FF - user.js: CT2438727.myStuffEnabled - true
FF - user.js: CT2438727.myStuffPublihserMinWidth - 400
FF - user.js: CT2438727.myStuffSearchUrl - hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIG INAL_CTID
FF - user.js: CT2438727.myStuffServiceIntervalMM - 1440
FF - user.js: CT2438727.myStuffServiceUrl - hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_L UT
FF - user.js: CT2438727.uninstallLogServiceUrl - hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation
FF - user.js: CommunityToolbar.SearchFromAddressBarSavedUrl - chrome://browser-region/locale/region.properties
FF - user.js: CommunityToolbar.ToolbarsList - CT2438727
FF - user.js: CommunityToolbar.ToolbarsList2 - CT2438727
FF - user.js: CommunityToolbar.alert.alertInfoInterval - 1440
FF - user.js: CommunityToolbar.alert.alertInfoLastCheckTime - Tue Feb 15 2011 19:52 GMT+0000 (GMT Standard Time)
FF - user.js: CommunityToolbar.alert.clientsServerUrl - hxxp://alert.client.conduit.com
FF - user.js: CommunityToolbar.alert.locale - en
FF - user.js: CommunityToolbar.alert.loginIntervalMin - 1440
FF - user.js: CommunityToolbar.alert.loginLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time)
FF - user.js: CommunityToolbar.alert.loginLastUpdateTime - 1291052234
FF - user.js: CommunityToolbar.alert.messageShowTimeSec - 20
FF - user.js: CommunityToolbar.alert.servicesServerUrl - hxxp://alert.services.conduit.com
FF - user.js: CommunityToolbar.alert.showTrayIcon - false
FF - user.js: CommunityToolbar.alert.userCloseIntervalMin - 300
FF - user.js: CommunityToolbar.alert.userId - {029615fa-cf91-40f4-9072-93950c5fb5f8}
FF - user.js: accessibility.browsewithcaret - true
FF - user.js: accessibility.typeaheadfind - true
FF - user.js: accessibility.typeaheadfind.casesensitive - 1
FF - user.js: accessibility.typeaheadfind.flashBar - 0
FF - user.js: app.update.disable_button.showUpdateHistory - false
FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1326979408
FF - user.js: app.update.lastUpdateTime.background-update-timer - 1326979287
FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1326979528
FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313360628
FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304117503
FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1326987885
FF - user.js: browser.anchor_color - #0000FF
FF - user.js: browser.cache.disk.capacity - 1048576
FF - user.js: browser.cache.disk.smart_size.first_run - false
FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576
FF - user.js: browser.display.background_color - #C0C0C0
FF - user.js: browser.display.use_document_fonts - 0
FF - user.js: browser.display.use_system_colors - true
FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\John\\Desktop
FF - user.js: browser.download.manager.alertOnEXEOpen - false
FF - user.js: browser.download.manager.retention - 0
FF - user.js: browser.download.save_converter_index - 3
FF - user.js: browser.feeds.showFirstRunUI - false
FF - user.js: browser.formfill.enable - false
FF - user.js: browser.history_expire_days.mirror - 180
FF - user.js: browser.migration.version - 5
FF - user.js: browser.offline - false
FF - user.js: browser.places.smartBookmarksVersion - 2
FF - user.js: browser.preferences.advanced.selectedTabIndex - 3
FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true
FF - user.js: browser.rights.3.shown - true
FF - user.js: browser.search.selectedEngine - Bing
FF - user.js: browser.search.useDBForOrder - true
FF - user.js: browser.shell.checkDefaultBrowser - false
FF - user.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp
FF - user.js: browser.startup.homepage_override.buildID - 20111220165912
FF - user.js: browser.startup.homepage_override.mstone - rv:9.0.1
FF - user.js: browser.syncPromoViewsLeft - 0
FF - user.js: browser.tabs.loadInBackground - false
FF - user.js: browser.urlbar.default.behavior - 1
FF - user.js: browser.visited_color - #800080
FF - user.js: dom.disable_open_during_load - false
FF - user.js: dom.event.contextmenu.enabled - false
FF - user.js: dom.max_script_run_time - 0
FF - user.js: extensions.MicrosoftCG.lastRunTime - Mon, 01 Nov 2010 22:13 GMT
FF - user.js: extensions.blocklist.pingCountTotal - 237
FF - user.js: extensions.blocklist.pingCountVersion - 9
FF - user.js: extensions.bootstrappedAddons - {}
FF - user.js: extensions.databaseSchema - 6
FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:9.0.1
FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17
FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\ \\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1277663450843},\smartwebpri nting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031},\jqs@sun.com\:{\descripto r\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1288081481343} }},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1326272142546},\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\,\mtime\:1326329926656}}},{\name\:\winreg-app-user\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031}}},{\name\:\app-profile\,\addons\:{\firefox@zoodles.com\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \firefox@zoodles.com.xpi\,\mtime\:1314085773315},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1280323145296},\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \{7b13ec3e-999a-4b70-b9cb-2617b8323822}\,\mtime\:1326224466051}}}]
FF - user.js: extensions.lastAppVersion - 9.0.1
FF - user.js: extensions.lastPlatformVersion - 9.0.1
FF - user.js: extensions.pendingOperations - false
FF - user.js: extensions.update.notifyUser - false
FF - user.js: extensions.zoodles.account_created - true
FF - user.js: extensions.zoodles.toolbar_installed - true
FF - user.js: font.name.serif.x-western - Verdana
FF - user.js: general.useragent.extra.microsoftdotnet - ( .NET CLR 3.5.30729)
FF - user.js: general.useragent.extra.zoodles -
FF - user.js: general.useragent.extra.zoodles_parent - InquisitiveMindsAddon
FF - user.js: gfx.blacklist.direct2d - 2
FF - user.js: gfx.blacklist.layers.direct3d10 - 2
FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2
FF - user.js: idle.lastDailyNotification - 1326992866
FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-8, UTF-8, ISO-8859-2, windows-1252, ISO-8859-15
FF - user.js: lightweightThemes.isThemeSelected - false
FF - user.js: lightweightThemes.persisted.footerURL - true
FF - user.js: lightweightThemes.persisted.headerURL - true
FF - user.js: lightweightThemes.usedThemes - [{\id\:\30987\,\name\:\endless possibilities by etsu\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/7/30987/etsu_v2_header.jpg?1260925626\,\footerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\etsu meusy’s work has been described as “sunny and clean” by giant robot and “nostalgia-tinged 70s and 80s pop cultural pastiches” by coolhunting. etsu blends together paint, hand drawn typography and the odd guest appearance from 80s icons like axl rose and the smurfs to create dreamy rainbow colored landscapes. her artwork has been featured in nylon magazine and art books by die gestalten.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/30987\,\version\:\1260925626\},{\id\:\95641\,\name\:\supernatural-dean\,\headerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\this is a supernatural persona\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/95641\,\version\:\1265334322\},{\id\:\64769\,\name\:\sunset over water\,\headerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\this is a personal photo i took. i have a wallpaper to match this and it can be found at\\u000d\\u000a:http://nature.desktopnexus.com/wallp...\u000d\\u000aI also made an iGoogle theme called Framed Sunset and you can use that as your theme if you use iGoogle.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/64769\}]
FF - user.js: microsoft.CLR.auto_install - false
FF - user.js: network.cookie.lifetimePolicy - 2
FF - user.js: network.cookie.prefsMigrated - true
FF - user.js: network.proxy.type - 2
FF - user.js: places.database.lastMaintenance - 1326992866
FF - user.js: places.history.expiration.transient_current_max_pages - 76949
FF - user.js: places.history.expiration.transient_optimal_database_size - 123117894
FF - user.js: places.last_vacuum - 1301663853
FF - user.js: pref.advanced.images.disable_button.view_image - false
FF - user.js: pref.advanced.javascript.disable_button.advanced - false
FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false
FF - user.js: pref.privacy.disable_button.view_cookies - false
FF - user.js: print.print_printer - HP Deskjet D2600 series
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgcolor - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgimages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_command -
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_downloadfonts - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_bottom - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_left - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_right - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_top - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_evenpages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footercenter -
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerleft - &PT
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerright - &D
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headercenter -
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerleft - &T
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerright - &U
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_in_color - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_left - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_right - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_top - 0.5
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_oddpages - true
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_orientation - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_pagedelay - 500
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_data - 9
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_height - 11.00
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_type - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_unit - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_width - 8.50
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_reversed - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_scaling - 1.25
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_shrink_to_fit - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_file - false
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_filename -
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0
FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgcolor - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgimages - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_command -
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_left - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_right - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_top - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_evenpages - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footercenter -
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerright - &D
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headercenter -
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerleft - &T
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerright - &U
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_in_color - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_oddpages - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_orientation - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_pagedelay - 500
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_data - 6
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 1
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_reversed - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_file - false
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_filename -
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0
FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0
FF - user.js: print_printer - HP Deskjet D2600 series
FF - user.js: printer_HP_Deskjet_D2600_series.print_bgcolor - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_bgimages - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_colorspace -
FF - user.js: printer_HP_Deskjet_D2600_series.print_command -
FF - user.js: printer_HP_Deskjet_D2600_series.print_downloadfonts - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_bottom - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_left - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_right - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_top - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_evenpages - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_footercenter -
FF - user.js: printer_HP_Deskjet_D2600_series.print_footerleft - &PT
FF - user.js: printer_HP_Deskjet_D2600_series.print_footerright - &D
FF - user.js: printer_HP_Deskjet_D2600_series.print_headercenter -
FF - user.js: printer_HP_Deskjet_D2600_series.print_headerleft - &T
FF - user.js: printer_HP_Deskjet_D2600_series.print_headerright - &U
FF - user.js: printer_HP_Deskjet_D2600_series.print_in_color - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_left - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_right - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_top - 0.5
FF - user.js: printer_HP_Deskjet_D2600_series.print_oddpages - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_orientation - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_page_delay - 50
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_data - 9
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_height - 11.00
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_name -
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_type - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_unit - 1
FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_width - 8.50
FF - user.js: printer_HP_Deskjet_D2600_series.print_plex_name -
FF - user.js: printer_HP_Deskjet_D2600_series.print_resolution_name -
FF - user.js: printer_HP_Deskjet_D2600_series.print_reversed - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_scaling - 1.00
FF - user.js: printer_HP_Deskjet_D2600_series.print_shrink_to_fit - true
FF - user.js: printer_HP_Deskjet_D2600_series.print_to_file - false
FF - user.js: printer_HP_Deskjet_D2600_series.print_to_filename -
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0
FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0
FF - user.js: privacy.cpd.siteSettings - true
FF - user.js: privacy.donottrackheader.enabled - true
FF - user.js: privacy.popups.showBrowserMessage - false
FF - user.js: privacy.sanitize.migrateFx3Prefs - true
FF - user.js: privacy.sanitize.timeSpan - 0
FF - user.js: security.disable_button.openCertManager - false
FF - user.js: security.disable_button.openDeviceManager - false
FF - user.js: security.enable_ssl2 - true
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: services.sync.clients.lastSync - 0
FF - user.js: services.sync.clients.lastSyncLocal - 0
FF - user.js: services.sync.migrated - true
FF - user.js: services.sync.tabs.lastSync - 0
FF - user.js: services.sync.tabs.lastSyncLocal - 0
FF - user.js: signon.rememberSignons - false
FF - user.js: storage.vacuum.last.index - 1
FF - user.js: storage.vacuum.last.places.sqlite - 1325869576
FF - user.js: toolkit.telemetry.prompted - 2
FF - user.js: toolkit.telemetry.rejected - true
FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1329414084
FF - user.js: xpinstall.whitelist.add -
FF - user.js: xpinstall.whitelist.add.36 -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-05-19 18:08
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1085031214-1957994488-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1096)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll
.
- - - - - - - > 'explorer.exe'(3084)
c:\windows\system32\WININET.dll
c:\program files\Iconix\OEAddOn\OEldr_7.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\acs.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\wscntfy.exe
c:\windows\SOUNDMAN.EXE
c:\windows\ALCWZRD.EXE
.
**************************************************************************
.
Completion time: 2012-05-19 18:17:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-19 17:17
ComboFix2.txt 2012-05-19 13:42
.
Pre-Run: 154,587,893,760 bytes free
Post-Run: 154,569,039,872 bytes free
.
- - End Of File - - 2AE5735BA08F1AE546315C6EA770B401
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 01:30 PM #72
took a screen shot how do i get it in the text box now please
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 01:53 PM #73
was going to do step 2 but comp wont recognise my wreless adapter now but it worked before
Mark1956's Avatar
Malware Removal Specialist with 13,930 posts.
 
Join Date: May 2011
Location: Spain
Experience: Advanced
19-May-2012, 02:15 PM #74
If you have not rebooted after running Combofix please do so, this may bring back your internet connection, if not please wait for further instructions from Kevin.

How to post a screenshot.
  • Below the Message Box click on Go Advanced.
  • Then scroll down until you see a button, Manage Attachments. Click on that and a new window opens.
  • Click on the Browse button, find the screenshot you made earlier and doubleclick on it.
  • Now click on the Upload button. When done, click on the Close this window button at the bottom of the page.
  • Enter your message-text in the message box, then click on Submit Message/Reply.
jam1980uk's Avatar
jam1980uk jam1980uk is offline
Computer Specs
Member with 129 posts.
THREAD STARTER
 
Join Date: May 2012
Location: Bolton
Experience: Beginner
19-May-2012, 02:27 PM #75
hope fully you can see picture my misses has lots of collage work saved and the files or pics say locked how do i get them back plz
Attachment Blocked
Attachments in the HJT forum are often designed to solve a specific issue and not meant to be used without instructions specific to your computer. If you want help specific to your computer, please post a HiJackThis Log. If you started this thread, please make sure you are logged in to be able to view attachments.
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑