Advertisement
Advertisement
 Search | |
| |
19-May-2012, 09:45 AM
#62 | |||||||
| here you go lol ComboFix 12-05-19.01 - John 19/05/2012 14:20:59.1.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2935.2552 [GMT 1:00] Running from: c:\documents and settings\John\Desktop\ComboFix.exe . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Iconix c:\documents and settings\All Users\Application Data\Iconix\John.usr c:\documents and settings\All Users\Application Data\Iconix\SYSTEM.usr c:\documents and settings\All Users\Application Data\MPK c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\Help topics.lnk c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\KGB Employee Monitor on the Web.url c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\KGB Employee Monitor.lnk c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\Order now!.url c:\documents and settings\All Users\Application Data\MPK\KGB Employee Monitor\Uninstall KGB Employee Monitor.lnk c:\documents and settings\All Users\Application Data\MPK\mpk.db c:\documents and settings\All Users\Application Data\MPK\S0000 c:\documents and settings\All Users\Application Data\TEMP c:\documents and settings\John\Favorites\locked- Golden Hat Exclusive Bingo Offer.URL.wvqk c:\documents and settings\John\Favorites\locked- Posh Bingo.URL.phma c:\documents and settings\John\Favorites\locked-( I.F.F) im ****ed foundation.URL.gzol c:\documents and settings\John\Favorites\locked-0845 Numbers, 0845 Number, Free 0845 Numbers, Cheap 0845 Numbers - Just 0845 Numbers - Free Local Rate 0845 Numbers, No Set-up Fee.URL.dwsf c:\documents and settings\John\Favorites\locked-1 Hour Loan Cash 1 Hour Cash in 1 Hour Frequently Asked Questions.URL.mqkl c:\documents and settings\John\Favorites\locked-101 Halloween Ideas.URL.froy c:\documents and settings\John\Favorites\locked-6 Laminate Floor Underlay Tips.URL.nlju c:\documents and settings\John\Favorites\locked-76mm Bolt Through Tubular Mortice Latch - Door Hardware from Next Day Diy UK.url.laly c:\documents and settings\John\Favorites\locked-AA Route Planner Routes, maps and directions - The AA.URL.froy c:\documents and settings\John\Favorites\locked-About us - Index Books Recruitment.url.sqal c:\documents and settings\John\Favorites\locked-Acai Optimum.URL.wvqk c:\documents and settings\John\Favorites\locked-Advanced Colon.URL.bdvi c:\documents and settings\John\Favorites\locked-aha - SupaPrice.co.uk.URL.htgn c:\documents and settings\John\Favorites\locked-All About Weight Consultants.URL.dhtg c:\documents and settings\John\Favorites\locked-amazon.co.uk PSP Accessories.url.ineb c:\documents and settings\John\Favorites\locked-AOL.URL.lrfe c:\documents and settings\John\Favorites\locked-Apple (United Kingdom) - iTunes - Affiliates - Download iTunes.URL.mrxr c:\documents and settings\John\Favorites\locked-Apply Online Forbes Rentals.url.fedy c:\documents and settings\John\Favorites\locked-Arch Pain - Arch Pain Products.URL.jrzy c:\documents and settings\John\Favorites\locked-BBC - CBeebies - Big and Small House.URL.umgn c:\documents and settings\John\Favorites\locked-BBC - KS3 Bitesize Maths - Algebra.url.eqcn c:\documents and settings\John\Favorites\locked-Ben & Jerry's Ice Cream - Ben & Jerry's - Halloween Crafts.URL.vtps c:\documents and settings\John\Favorites\locked-Ben & Jerry's Ice Cream - Spooky Halloween Site.URL.bnpz c:\documents and settings\John\Favorites\locked-Bing.url.gfkl c:\documents and settings\John\Favorites\locked-bonprix.co.uk My Personal Account.URL.vqkl c:\documents and settings\John\Favorites\locked-Boxes and Packaging Online.URL.zzpp c:\documents and settings\John\Favorites\locked-BranchOut.url.fdez c:\documents and settings\John\Favorites\locked-Browse our list of 456 fantastic freebies sourced from the best UK web sites.URL.ztgr c:\documents and settings\John\Favorites\locked-BSmart! Home.URL.vscu c:\documents and settings\John\Favorites\locked-Business for Sale - Buy Sell Commercial Businesses FREE - RightBiz UK.URL.iyin c:\documents and settings\John\Favorites\locked-Buy a Business.URL.oanp c:\documents and settings\John\Favorites\locked-Buy My House - Home Buyers - Buy My Home - Homebuyers.URL.kpnj c:\documents and settings\John\Favorites\locked-CEOP website.url.yqkl c:\documents and settings\John\Favorites\locked-Cheap Mobile Phones @ OneStopPhoneShop (From Firefox).URL.qdez c:\documents and settings\John\Favorites\locked-Cheap Mobile Phones @ OneStopPhoneShop.URL.rmgn c:\documents and settings\John\Favorites\locked-Child Maintenance and Enforcement Commission - managing child support.url.lfed c:\documents and settings\John\Favorites\locked-Children Charity Donate Barnardo's Believe In Children Campaign Commission Children Services.URL.ldvs c:\documents and settings\John\Favorites\locked-Chiquito Mexican restaurant, Trafford Centre Restaurants in Manchester.URL.fomr c:\documents and settings\John\Favorites\locked-Chiquito Restaurants Website.URL.fhyv c:\documents and settings\John\Favorites\locked-Choosing a Business Name - Help & ideas for new company names.URL.raqk c:\documents and settings\John\Favorites\locked-Cinema Bolton Vue Cinema Bolton Films Showing at Bolton Cinema.URL.zwvq c:\documents and settings\John\Favorites\locked-Classified adverts, Manchester classified adverts online.URL.xfed c:\documents and settings\John\Favorites\locked-Collections Advisor jobs in Farnworth with Irwin Mitchell Solicitors.URL.hqan c:\documents and settings\John\Favorites\locked-Coloring Pages - Free Coloring Book Pages for Children - Coloring Printouts - Free Printable Coloring Pages to Print Out Coloring Pages.URL.dgtc c:\documents and settings\John\Favorites\locked-Company information, credit checks and Companies House documents on UK businesses - TY Listing - Page Number 1.URL.aolr c:\documents and settings\John\Favorites\locked-Consumer Contact.url.gsqa c:\documents and settings\John\Favorites\locked-Customer Support.URL.npzo c:\documents and settings\John\Favorites\locked-cybermentors.URL.boli c:\documents and settings\John\Favorites\locked-Digital Printing - Digital Printing Services, Digital Print UK, Digital Print Blackburn.URL.dfkl c:\documents and settings\John\Favorites\locked-Discount & Cheap Laminate Flooring, Cheap Paint, DIY Supplies.url.vqvi c:\documents and settings\John\Favorites\locked-Discover Bing.url.icax c:\documents and settings\John\Favorites\locked-distribution CD-Rom ISO download page.URL.stps c:\documents and settings\John\Favorites\locked-Do-it - Volunteering made easy.url.avik c:\documents and settings\John\Favorites\locked-Domain Name Suggestions.URL.faly c:\documents and settings\John\Favorites\locked-DoomsDayKillers chat group - Were Gonna Kill Em All.URL.fanp c:\documents and settings\John\Favorites\locked-Dr Foot- For all your foot pain needs.URL.komr c:\documents and settings\John\Favorites\locked-drfoot.co.uk has been registered.URL.ooyi c:\documents and settings\John\Favorites\locked-Dynamic Demand.URL.tmrx c:\documents and settings\John\Favorites\locked-eHow How To Do Just About Everything! How To Videos & Articles.URL.olrf c:\documents and settings\John\Favorites\locked-Elite Credit Repair Services.URL.rlik c:\documents and settings\John\Favorites\locked-Eminem’s family « Eminemisgod.URL.vcuj c:\documents and settings\John\Favorites\locked-Events and What's On.URL.gfkl c:\documents and settings\John\Favorites\locked-Farnworth BL4 9JP - Google Maps.url.lylf c:\documents and settings\John\Favorites\locked-Farnworth BL4 9JP, UK to Swinton M27 5WQ, UK - Google Maps.url.qqcn c:\documents and settings\John\Favorites\locked-Film and movie quotes.URL.fgng c:\documents and settings\John\Favorites\locked-Find a local Business in your area.URL.sful c:\documents and settings\John\Favorites\locked-Find iTunes voucher codes, iTunes cashback, iTunes discount codes & iTunes promotional codes at Quidco.URL.uxyh c:\documents and settings\John\Favorites\locked-FindaParty.co.uk - Find a home party plan consultant or business near you.url.nmhm c:\documents and settings\John\Favorites\locked-Fire International Xploder Movie Player and Media Centre (PSP) Amazon.co.uk PC & Video Games.url.ryvq c:\documents and settings\John\Favorites\locked-FlyingShare - Flying Share.URL.adws c:\documents and settings\John\Favorites\locked-FoxTab PDF Creator.url.yypt c:\documents and settings\John\Favorites\locked-Fragrance Finder.url.rnez c:\documents and settings\John\Favorites\locked-Free Halloween Backgrounds - Free Clipart.URL.drzy c:\documents and settings\John\Favorites\locked-Free iTunes Voucher Codes FreebieJeebies - Free Gadgets.URL.hgtc c:\documents and settings\John\Favorites\locked-Free Kids Crafts - More Halloween Crafts.URL.ebwl c:\documents and settings\John\Favorites\locked-Free Kids Games, Coloring & Jigsaw Puzzles for Children.URL.poyi c:\documents and settings\John\Favorites\locked-free unlock code generator software by imei number Resources and Information. This website is for sale!.URL.rhtg c:\documents and settings\John\Favorites\locked-Freedom of information statistics on implementation in central government.url.banp c:\documents and settings\John\Favorites\locked-Friends Reunited.URL.maxp c:\documents and settings\John\Favorites\locked-Full Halloween.URL.caxy c:\documents and settings\John\Favorites\locked-funny joke text messages information news, videos, photos and comments about funny joke text messages from the best web sites and blogs.URL.qqkl c:\documents and settings\John\Favorites\locked-Gatekey Lending UK.URL.maxp c:\documents and settings\John\Favorites\locked-Genes Reunited Tree.URL.yzol c:\documents and settings\John\Favorites\locked-Get Bookmark Add-ons.URL.lrfe c:\documents and settings\John\Favorites\locked-Golden Hat Bingo Online Bingo Free Bingo Bingo Games No Deposit Bingo Free UK Bingo Sites.URL.nfed c:\documents and settings\John\Favorites\locked-HBO True Blood Homepage.URL.mpsc c:\documents and settings\John\Favorites\locked-Hi-Life Diners Club, 2 4 1 restaurants in Manchester, Liverpool, Leeds, Preston, Newcastle, Belfast, Dublin and throughout the UK & Ireland.URL.whqa c:\documents and settings\John\Favorites\locked-HM Revenue & Customs Childcare vouchers and tax credits - better off calculator.URL.fmhq c:\documents and settings\John\Favorites\locked-Home - All About You Features - Sell Your Story To Women's Magazines.URL.ulkl c:\documents and settings\John\Favorites\locked-Home - Toys R Us - Britain's greatest toy store.URL.ulyv c:\documents and settings\John\Favorites\locked-Home Phil Collins.URL.eebw c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (2).url.ldvs c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (3).url.mgnp c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK (4).url.gmgn c:\documents and settings\John\Favorites\locked-Hotmail, Messenger, Latest news, Sport, Music, Movies, Cars - MSN UK.url.gfkl c:\documents and settings\John\Favorites\locked-http--businessinyou.bis.gov.uk-.url.nphm c:\documents and settings\John\Favorites\locked-http--www.adelante.co.uk-product%20pdfs-MobilePOS.pdf.url.vqcn c:\documents and settings\John\Favorites\locked-http--www.cmoptions.org-en-faqs-index.asp.url.forh c:\documents and settings\John\Favorites\locked-http www.medavia.co.uk .URL.bbdv c:\documents and settings\John\Favorites\locked-Internet Safety & Security Links.url.xxal c:\documents and settings\John\Favorites\locked-Internet Safety.url.ylyc c:\documents and settings\John\Favorites\locked-Intuit® Website Building Software & Website Design.URL.qcnj c:\documents and settings\John\Favorites\locked-iPhone 4 now available on Orange.url.jwsw c:\documents and settings\John\Favorites\locked-Isle of Man Classifieds - manx.net.url.nphm c:\documents and settings\John\Favorites\locked-Isle of Man classifieds - ManxAds.url.oyin c:\documents and settings\John\Favorites\locked-Isle of Man Steam Packet Company.url.ygnf c:\documents and settings\John\Favorites\locked-iTunes GB Discount Codes, Voucher Codes & Printable Discount Vouchers!.URL.ubwv c:\documents and settings\John\Favorites\locked-iTunes voucher codes, iTunes discount vouchers, iTunes discount codes, iTunes promotional codes, iTunes money off vouchers, iTunes coupon codes.URL.ccuj c:\documents and settings\John\Favorites\locked-iTunes Voucher Codes,iTunes Promotional Codes and Discount Codes - CouponSnapshot UK.URL.tgrf c:\documents and settings\John\Favorites\locked-J2 Bar Nightclb Bolton Tickets.URL.dyif c:\documents and settings\John\Favorites\locked-Jason Manford Concert Tickets - O2 Apollo Manchester Manchester,United Kingdom.URL.qanc c:\documents and settings\John\Favorites\locked-Jobs at Insurance Jobs Board UK recruitment site.url.nezy c:\documents and settings\John\Favorites\locked-Jobs in Bl4 Bl4 Vacancies Fish4 Manchester.url.froy c:\documents and settings\John\Favorites\locked-Karndean Flooring, Quickstep, Pergo Laminate Flooring, Bamboo, Vinyl and Wood Flooring.URL.xmgn c:\documents and settings\John\Favorites\locked-Laminate Underlay.URL.qgtc c:\documents and settings\John\Favorites\locked-Laptop Covers skins UK - Laptop Covers vinyl covers - Laptop Covers vinyl stickers UK.URL.vscu c:\documents and settings\John\Favorites\locked-Learn How to Play Bingo Playing Bingo Online at Mecca Bingo.url.kujw c:\documents and settings\John\Favorites\locked-Learning to Read - Ideas and Activities to Learn to Spell and Write Words.url.ptmh c:\documents and settings\John\Favorites\locked-Legal And Copyright Vertex.url.mgnp c:\documents and settings\John\Favorites\locked-Little Rascals Kids Club Bolton Marketplace Shopping Centre.url.yiki c:\documents and settings\John\Favorites\locked-Lose 2 Stone In 30Days WeeklyHealthNewsUK.URL.froy c:\documents and settings\John\Favorites\locked-Lovefilmbook.URL.ezyl c:\documents and settings\John\Favorites\locked-lovehome.co.uk Interior design ideas and easy how to guides for decorating, DIY and the garden.url.nezy c:\documents and settings\John\Favorites\locked-Magic Competitions - Competitions, Comps, Freebies & Offers For The UK.URL.prom c:\documents and settings\John\Favorites\locked-Magic Freebies UK - UK Freebies, Free Samples and Free Stuff.URL.wnpz c:\documents and settings\John\Favorites\locked-Magic Price Comparison - compare prices dvd, blu-ray, wii, ds, xbox 360, ps3, ps2, consoles.URL.htpt c:\documents and settings\John\Favorites\locked-Magic Promotions - Marketing Made Easier.URL.bfed c:\documents and settings\John\Favorites\locked-Make sure your CV is an attention grabber! Worklife - Jobsite.url.yvqv c:\documents and settings\John\Favorites\locked-Makeup Artist Supplies, Beauty Supplies, Cosmetic Cases, Makeup Cases, Train Cases, Airbrush Makeup Kits, Makeup Brush Sets and Makeup Palettes.URL.tcnx c:\documents and settings\John\Favorites\locked-Manchester's 106.6 - Home.URL.rdws c:\documents and settings\John\Favorites\locked-Manchester.fish4jobs.co.uk Jobs in Manchester, Top Manchester Vacancies & Recruitment Site.url.pscs c:\documents and settings\John\Favorites\locked-Math is Fun - Maths Resources.URL.ujws c:\documents and settings\John\Favorites\locked-Mecca Bingo Bolton Find Bingo Halls in Bolton.url.sqal c:\documents and settings\John\Favorites\locked-MobilePOS mobile phone based credit card payments system.url.snfb c:\documents and settings\John\Favorites\locked-Mobsters 2 Vendetta on Facebook - Online Item Equipment Manager - Location Selection.URL.lqvi c:\documents and settings\John\Favorites\locked-MOBSTERS ADDS 200 FREE ENERGY EMAIL QUICK ADDS STATS INFO.URL.ebwl c:\documents and settings\John\Favorites\locked-Money Transfer & Online Payment NETELLER - Free Account Registration.URL.qklj c:\documents and settings\John\Favorites\locked-mumandbabyonline - Home RA.URL.ikxr c:\documents and settings\John\Favorites\locked-My Old House - Every house has a story to tell, what's yours .URL.ntik c:\documents and settings\John\Favorites\locked-Namesco - Get a professional Website Completly Free.URL.ylrp c:\documents and settings\John\Favorites\locked-News 6 Daily - Work at home mum makes £4,397-month working part-time from home.url.mruj c:\documents and settings\John\Favorites\locked-Nouvatan Spray Tan Solutions, Spray Tanning Retail Products, Spray Tanning Equipment and nationwide Spray Tanning Training - 07932 508084 - Training & Info.URL.pdvm c:\documents and settings\John\Favorites\locked-O2 Mobile Phones, Broadband & Sims From The UK's Leading Provider.URL.bpti c:\documents and settings\John\Favorites\locked-ODEON - The Trafford Centre, Manchester.URL.hlfn c:\documents and settings\John\Favorites\locked-Online Photo! Enhancement Platform can be embedded on your website to create an online photo editor.URL.gklr c:\documents and settings\John\Favorites\locked-OpenOffice.org.url.uxbw c:\documents and settings\John\Favorites\locked-Oriflame Consultant Registration Form.url.npdv c:\documents and settings\John\Favorites\locked-Oriflame – Natural Swedish Cosmetics.url.nedh c:\documents and settings\John\Favorites\locked-Party Plan Together - Sharing the Secrets of Success.url.pyzy c:\documents and settings\John\Favorites\locked-Party Plan Together » Links - Sharing the Secrets of Success.url.qdey c:\documents and settings\John\Favorites\locked-Payday Loans Cheque Cashing Payday Advance Pawnbroking Second hand goods from Cash Converters.URL.lcne c:\documents and settings\John\Favorites\locked-People we've helped - Child Maintenance Options.url.rwsg c:\documents and settings\John\Favorites\locked-Pepsi Max - Win a Flip every 10 minutes.URL.nufn c:\documents and settings\John\Favorites\locked-Play Online Bingo at Gone Bingo UK - Get £15 free Sign-Up Bonus!.URL.rxbw c:\documents and settings\John\Favorites\locked-pogo.URL.kxrw c:\documents and settings\John\Favorites\locked-Radio Station Guide.url.yxbw c:\documents and settings\John\Favorites\locked-Rally Point - Play Free Online Games at Games.co.uk.URL.cngn c:\documents and settings\John\Favorites\locked-Rebus Puzzles (Pictogram Puzzles).URL.vxbw c:\documents and settings\John\Favorites\locked-RewardTV.URL.jlos c:\documents and settings\John\Favorites\locked-Royal Mail - Products and Services for Personal Customers.URL.afbp c:\documents and settings\John\Favorites\locked-Salford - Manchester Before the Bench April 12, 2012.url.hlfn c:\documents and settings\John\Favorites\locked-Serif Product Registration.url.nedh c:\documents and settings\John\Favorites\locked-Sexy MySpace layouts & backgrounds created by CoolChasers - CoolChaser.URL.fnpd c:\documents and settings\John\Favorites\locked-Short Term Loans - Wonga Cash on demand.URL.bpti c:\documents and settings\John\Favorites\locked-Small Business UK Guides & tips for small business start ups and small companies.URL.tkia c:\documents and settings\John\Favorites\locked-Smithills Farm - March 2012 on PhotoPeach - Fresh slideshows to go!.url.cney c:\documents and settings\John\Favorites\locked-Smithills Farm (2) March 2012 on PhotoPeach - Fresh slideshows to go!.url.lcne c:\documents and settings\John\Favorites\locked-Sony Ericsson XPERIA X10 mini pro review & compare deals on contract.url.jtik c:\documents and settings\John\Favorites\locked-Sourz cocktails – cocktail recipes from Sourz Sourz.URL.iaxb c:\documents and settings\John\Favorites\locked-Sourz shots, cocktails and flavours Sourz.URL.mfup c:\documents and settings\John\Favorites\locked-Spanish Customs and Traditions.URL.pyia c:\documents and settings\John\Favorites\locked-Spanish Traditions - An Overview of Culture and Traditions in Spain.URL.upzv c:\documents and settings\John\Favorites\locked-Speedtest.net - The Global Broadband Speed Test.url.vmru c:\documents and settings\John\Favorites\locked-Starfall's Learn to Read with phonics.url.iaxb c:\documents and settings\John\Favorites\locked-Super Hub.url.rwsg c:\documents and settings\John\Favorites\locked-Tarosophy.URL.pdvm c:\documents and settings\John\Favorites\locked-Tea Tree Oil - Travel - Recreation.URL.bpti c:\documents and settings\John\Favorites\locked-Thank you for downloading Opera.url.dhmf c:\documents and settings\John\Favorites\locked-Thank you for registering - www.energysavingplug.co.uk.URL.eyhl c:\documents and settings\John\Favorites\locked-The Beauty Biz - Categories.URL.cney c:\documents and settings\John\Favorites\locked-The Party Plan Guru.url.bpti c:\documents and settings\John\Favorites\locked-the swarm.url.zvqr c:\documents and settings\John\Favorites\locked-Thinkuknow.url.tikx c:\documents and settings\John\Favorites\locked-TrialPay Online Payment and Promotions Platform for Leading Software and Social Apps Publishers.URL.rujz c:\documents and settings\John\Favorites\locked-UK Office Direct.URL.yfnp c:\documents and settings\John\Favorites\locked-Ultimate Handyman Laminate flooring underlay.URL.vmru c:\documents and settings\John\Favorites\locked-Underlay.URL.hlfn c:\documents and settings\John\Favorites\locked-Unlock your party potential! The Party Plan Guru.url.oscn c:\documents and settings\John\Favorites\locked-Using and Maxing Out Speeds With uTorrent - AfterDawn Guides.url.cdhm c:\documents and settings\John\Favorites\locked-Virtual Global Taskforce.url.bpti c:\documents and settings\John\Favorites\locked-vision2learn - Register for an online course.url.gyol c:\documents and settings\John\Favorites\locked-Weight Loss surgery - BMI Healthcare.URL.yqaf c:\documents and settings\John\Favorites\locked-Welcome to BrightHouse.URL.vmru c:\documents and settings\John\Favorites\locked-Welcome to Isle Of Man Homes - Failt! - Save Yourself Money.url.afbp c:\documents and settings\John\Favorites\locked-WELL ESTABLISHED NAIL AND BEAUTY BUSINESS FOR SALE FOR SALE.URL.mdhm c:\documents and settings\John\Favorites\locked-Willow Wellbeing Torquay Beauty Counselling Massage Stress Depression.URL.miax c:\documents and settings\John\Favorites\locked-zmovie - insidious.url.yqaf c:\documents and settings\John\System c:\documents and settings\John\System\locked-win_qs8.jqx.rnxp c:\program files\Complitly c:\program files\Complitly\chrome\ComplitlyChrome.crx c:\program files\Complitly\FireFoxExtensionWithFF8Fix.exe c:\program files\Complitly\FireFoxUninstaller.exe c:\program files\Complitly\InstTracker.exe c:\program files\Complitly\support@Complitly.com\chrome.manifest c:\program files\Complitly\support@Complitly.com\chrome\content\appIcon.png c:\program files\Complitly\support@Complitly.com\chrome\content\browserOverlay.xul c:\program files\Complitly\support@Complitly.com\chrome\content\options.js c:\program files\Complitly\support@Complitly.com\chrome\content\options.xul c:\program files\Complitly\support@Complitly.com\chrome\content\utils.js c:\program files\Complitly\support@Complitly.com\defaults\preferences\predictad.js c:\program files\Complitly\support@Complitly.com\install.rdf c:\program files\Complitly\System.Data.SQLite.dll c:\program files\Complitly\unins000.dat c:\program files\Complitly\unins000.exe c:\program files\Internet Explorer\SET10.tmp c:\program files\Internet Explorer\SET12C.tmp c:\program files\Internet Explorer\SET12D.tmp c:\program files\Internet Explorer\SET130.tmp c:\program files\Internet Explorer\SET131.tmp c:\program files\Internet Explorer\SET2.tmp c:\program files\Internet Explorer\SET3.tmp c:\program files\Internet Explorer\SET380.tmp c:\program files\Internet Explorer\SET381.tmp c:\program files\Internet Explorer\SET3B.tmp c:\program files\Internet Explorer\SET3C.tmp c:\program files\Internet Explorer\SET3DA.tmp c:\program files\Internet Explorer\SET3DB.tmp c:\program files\Internet Explorer\SET4.tmp c:\program files\Internet Explorer\SET5.tmp c:\program files\Internet Explorer\SET6.tmp c:\program files\Internet Explorer\SET7.tmp c:\program files\Internet Explorer\SET9C.tmp c:\program files\Internet Explorer\SET9D.tmp c:\program files\Internet Explorer\SETCA.tmp c:\program files\Internet Explorer\SETCB.tmp c:\program files\Internet Explorer\SETF.tmp c:\program files\Internet Explorer\SETF8.tmp c:\program files\Internet Explorer\SETF9.tmp c:\windows\$NtUninstallKB64146$ c:\windows\$NtUninstallKB64146$\1428729786\@ c:\windows\$NtUninstallKB64146$\1428729786\cfg.ini c:\windows\$NtUninstallKB64146$\1428729786\Desktop.ini c:\windows\$NtUninstallKB64146$\1428729786\L\pqpygwuk c:\windows\$NtUninstallKB64146$\1428729786\U\00000001.@ c:\windows\$NtUninstallKB64146$\1428729786\U\00000002.@ c:\windows\$NtUninstallKB64146$\1428729786\U\00000004.@ c:\windows\$NtUninstallKB64146$\1428729786\U\80000000.@ c:\windows\$NtUninstallKB64146$\1428729786\U\80000004.@ c:\windows\$NtUninstallKB64146$\1428729786\U\80000032.@ c:\windows\$NtUninstallKB64146$\1428729786\version c:\windows\$NtUninstallKB64146$\2031495861 c:\windows\system32\dds_trash_log.cmd c:\windows\system32\dllcache\dlimport.exe c:\windows\system32\drivers\etc\hosts.ics c:\windows\system32\SET10.tmp c:\windows\system32\SET100.tmp c:\windows\system32\SET101.tmp c:\windows\system32\SET102.tmp c:\windows\system32\SET103.tmp c:\windows\system32\SET104.tmp c:\windows\system32\SET105.tmp c:\windows\system32\SET106.tmp c:\windows\system32\SET107.tmp c:\windows\system32\SET109.tmp c:\windows\system32\SET10A.tmp c:\windows\system32\SET10B.tmp c:\windows\system32\SET10C.tmp c:\windows\system32\SET10D.tmp c:\windows\system32\SET10E.tmp c:\windows\system32\SET10F.tmp c:\windows\system32\SET11.tmp c:\windows\system32\SET110.tmp c:\windows\system32\SET111.tmp c:\windows\system32\SET112.tmp c:\windows\system32\SET113.tmp c:\windows\system32\SET114.tmp c:\windows\system32\SET115.tmp c:\windows\system32\SET116.tmp c:\windows\system32\SET117.tmp c:\windows\system32\SET118.tmp c:\windows\system32\SET119.tmp c:\windows\system32\SET11A.tmp c:\windows\system32\SET11B.tmp c:\windows\system32\SET11C.tmp c:\windows\system32\SET11D.tmp c:\windows\system32\SET11E.tmp c:\windows\system32\SET11F.tmp c:\windows\system32\SET120.tmp c:\windows\system32\SET121.tmp c:\windows\system32\SET122.tmp c:\windows\system32\SET123.tmp c:\windows\system32\SET124.tmp c:\windows\system32\SET12F.tmp c:\windows\system32\SET13.tmp c:\windows\system32\SET130.tmp c:\windows\system32\SET131.tmp c:\windows\system32\SET132.tmp c:\windows\system32\SET133.tmp c:\windows\system32\SET134.tmp c:\windows\system32\SET135.tmp c:\windows\system32\SET136.tmp c:\windows\system32\SET137.tmp c:\windows\system32\SET138.tmp c:\windows\system32\SET139.tmp c:\windows\system32\SET13A.tmp c:\windows\system32\SET13B.tmp c:\windows\system32\SET13C.tmp c:\windows\system32\SET13D.tmp c:\windows\system32\SET13E.tmp c:\windows\system32\SET13F.tmp c:\windows\system32\SET14.tmp c:\windows\system32\SET141.tmp c:\windows\system32\SET142.tmp c:\windows\system32\SET143.tmp c:\windows\system32\SET144.tmp c:\windows\system32\SET145.tmp c:\windows\system32\SET146.tmp c:\windows\system32\SET147.tmp c:\windows\system32\SET148.tmp c:\windows\system32\SET149.tmp c:\windows\system32\SET14A.tmp c:\windows\system32\SET14B.tmp c:\windows\system32\SET14C.tmp c:\windows\system32\SET14D.tmp c:\windows\system32\SET14E.tmp c:\windows\system32\SET14F.tmp c:\windows\system32\SET15.tmp c:\windows\system32\SET150.tmp c:\windows\system32\SET151.tmp c:\windows\system32\SET152.tmp c:\windows\system32\SET153.tmp c:\windows\system32\SET154.tmp c:\windows\system32\SET155.tmp c:\windows\system32\SET156.tmp c:\windows\system32\SET157.tmp c:\windows\system32\SET158.tmp c:\windows\system32\SET159.tmp c:\windows\system32\SET15A.tmp c:\windows\system32\SET15B.tmp c:\windows\system32\SET15C.tmp c:\windows\system32\SET15D.tmp c:\windows\system32\SET15E.tmp c:\windows\system32\SET15F.tmp c:\windows\system32\SET16.tmp c:\windows\system32\SET161.tmp c:\windows\system32\SET162.tmp c:\windows\system32\SET163.tmp c:\windows\system32\SET164.tmp c:\windows\system32\SET165.tmp c:\windows\system32\SET166.tmp c:\windows\system32\SET167.tmp c:\windows\system32\SET168.tmp c:\windows\system32\SET169.tmp c:\windows\system32\SET16A.tmp c:\windows\system32\SET16B.tmp c:\windows\system32\SET16C.tmp c:\windows\system32\SET16D.tmp c:\windows\system32\SET16E.tmp c:\windows\system32\SET16F.tmp c:\windows\system32\SET17.tmp c:\windows\system32\SET170.tmp c:\windows\system32\SET171.tmp c:\windows\system32\SET172.tmp c:\windows\system32\SET173.tmp c:\windows\system32\SET174.tmp c:\windows\system32\SET175.tmp c:\windows\system32\SET176.tmp c:\windows\system32\SET18.tmp c:\windows\system32\SET19.tmp c:\windows\system32\SET1A.tmp c:\windows\system32\SET1B.tmp c:\windows\system32\SET1C.tmp c:\windows\system32\SET1D.tmp c:\windows\system32\SET1E.tmp c:\windows\system32\SET1F.tmp c:\windows\system32\SET20.tmp c:\windows\system32\SET21.tmp c:\windows\system32\SET22.tmp c:\windows\system32\SET23.tmp c:\windows\system32\SET24.tmp c:\windows\system32\SET25.tmp c:\windows\system32\SET26.tmp c:\windows\system32\SET27.tmp c:\windows\system32\SET28.tmp c:\windows\system32\SET29.tmp c:\windows\system32\SET2A.tmp c:\windows\system32\SET2B.tmp c:\windows\system32\SET2C.tmp c:\windows\system32\SET2D.tmp c:\windows\system32\SET2D8.tmp c:\windows\system32\SET2E.tmp c:\windows\system32\SET2F.tmp c:\windows\system32\SET2F9.tmp c:\windows\system32\SET2FA.tmp c:\windows\system32\SET2FB.tmp c:\windows\system32\SET2FF.tmp c:\windows\system32\SET30.tmp c:\windows\system32\SET300.tmp c:\windows\system32\SET301.tmp c:\windows\system32\SET305.tmp c:\windows\system32\SET307.tmp c:\windows\system32\SET31.tmp c:\windows\system32\SET32.tmp c:\windows\system32\SET33.tmp c:\windows\system32\SET34.tmp c:\windows\system32\SET35.tmp c:\windows\system32\SET37.tmp c:\windows\system32\SET38.tmp c:\windows\system32\SET383.tmp c:\windows\system32\SET384.tmp c:\windows\system32\SET385.tmp c:\windows\system32\SET386.tmp c:\windows\system32\SET387.tmp c:\windows\system32\SET388.tmp c:\windows\system32\SET389.tmp c:\windows\system32\SET38A.tmp c:\windows\system32\SET38B.tmp c:\windows\system32\SET38C.tmp c:\windows\system32\SET38D.tmp c:\windows\system32\SET38E.tmp c:\windows\system32\SET38F.tmp c:\windows\system32\SET39.tmp c:\windows\system32\SET391.tmp c:\windows\system32\SET392.tmp c:\windows\system32\SET393.tmp c:\windows\system32\SET394.tmp c:\windows\system32\SET395.tmp c:\windows\system32\SET396.tmp c:\windows\system32\SET397.tmp c:\windows\system32\SET398.tmp c:\windows\system32\SET399.tmp c:\windows\system32\SET39A.tmp c:\windows\system32\SET39B.tmp c:\windows\system32\SET39C.tmp c:\windows\system32\SET39D.tmp c:\windows\system32\SET39E.tmp c:\windows\system32\SET39F.tmp c:\windows\system32\SET3A.tmp c:\windows\system32\SET3A0.tmp c:\windows\system32\SET3A1.tmp c:\windows\system32\SET3A2.tmp c:\windows\system32\SET3A3.tmp c:\windows\system32\SET3A4.tmp c:\windows\system32\SET3A5.tmp c:\windows\system32\SET3A6.tmp c:\windows\system32\SET3B.tmp c:\windows\system32\SET3C.tmp c:\windows\system32\SET3D.tmp c:\windows\system32\SET3DD.tmp c:\windows\system32\SET3DE.tmp c:\windows\system32\SET3DF.tmp c:\windows\system32\SET3E.tmp c:\windows\system32\SET3E0.tmp c:\windows\system32\SET3E1.tmp c:\windows\system32\SET3E2.tmp c:\windows\system32\SET3E3.tmp c:\windows\system32\SET3E4.tmp c:\windows\system32\SET3E5.tmp c:\windows\system32\SET3E6.tmp c:\windows\system32\SET3E7.tmp c:\windows\system32\SET3E8.tmp c:\windows\system32\SET3E9.tmp c:\windows\system32\SET3EB.tmp c:\windows\system32\SET3EC.tmp c:\windows\system32\SET3ED.tmp c:\windows\system32\SET3EE.tmp c:\windows\system32\SET3EF.tmp c:\windows\system32\SET3F.tmp c:\windows\system32\SET3F0.tmp c:\windows\system32\SET3F1.tmp c:\windows\system32\SET3F2.tmp c:\windows\system32\SET3F3.tmp c:\windows\system32\SET3F4.tmp c:\windows\system32\SET3F5.tmp c:\windows\system32\SET3F6.tmp c:\windows\system32\SET3F7.tmp c:\windows\system32\SET3F8.tmp c:\windows\system32\SET3F9.tmp c:\windows\system32\SET3FA.tmp c:\windows\system32\SET3FB.tmp c:\windows\system32\SET3FC.tmp c:\windows\system32\SET3FD.tmp c:\windows\system32\SET3FE.tmp c:\windows\system32\SET3FF.tmp c:\windows\system32\SET40.tmp c:\windows\system32\SET400.tmp c:\windows\system32\SET41.tmp c:\windows\system32\SET42.tmp c:\windows\system32\SET43.tmp c:\windows\system32\SET44.tmp c:\windows\system32\SET45.tmp c:\windows\system32\SET46.tmp c:\windows\system32\SET461.tmp c:\windows\system32\SET46A.tmp c:\windows\system32\SET46B.tmp c:\windows\system32\SET47.tmp c:\windows\system32\SET473.tmp c:\windows\system32\SET48.tmp c:\windows\system32\SET488.tmp c:\windows\system32\SET49.tmp c:\windows\system32\SET4A.tmp c:\windows\system32\SET4B.tmp c:\windows\system32\SET4C.tmp c:\windows\system32\SET4D.tmp c:\windows\system32\SET4E.tmp c:\windows\system32\SET4F.tmp c:\windows\system32\SET5.tmp c:\windows\system32\SET50.tmp c:\windows\system32\SET51.tmp c:\windows\system32\SET52.tmp c:\windows\system32\SET53.tmp c:\windows\system32\SET54.tmp c:\windows\system32\SET55.tmp c:\windows\system32\SET56.tmp c:\windows\system32\SET57.tmp c:\windows\system32\SET58.tmp c:\windows\system32\SET59.tmp c:\windows\system32\SET5B.tmp c:\windows\system32\SET5C.tmp c:\windows\system32\SET5D.tmp c:\windows\system32\SET5E.tmp c:\windows\system32\SET5F.tmp c:\windows\system32\SET6.tmp c:\windows\system32\SET60.tmp c:\windows\system32\SET61.tmp c:\windows\system32\SET62.tmp c:\windows\system32\SET63.tmp c:\windows\system32\SET64.tmp c:\windows\system32\SET65.tmp c:\windows\system32\SET66.tmp c:\windows\system32\SET67.tmp c:\windows\system32\SET68.tmp c:\windows\system32\SET69.tmp c:\windows\system32\SET6A.tmp c:\windows\system32\SET6B.tmp c:\windows\system32\SET6C.tmp c:\windows\system32\SET6D.tmp c:\windows\system32\SET6E.tmp c:\windows\system32\SET6F.tmp c:\windows\system32\SET7.tmp c:\windows\system32\SET70.tmp c:\windows\system32\SET71.tmp c:\windows\system32\SET72.tmp c:\windows\system32\SET73.tmp c:\windows\system32\SET74.tmp c:\windows\system32\SET75.tmp c:\windows\system32\SET76.tmp c:\windows\system32\SET77.tmp c:\windows\system32\SET78.tmp c:\windows\system32\SET79.tmp c:\windows\system32\SET7A.tmp c:\windows\system32\SET7B.tmp c:\windows\system32\SET7C.tmp c:\windows\system32\SET7D.tmp c:\windows\system32\SET7F.tmp c:\windows\system32\SET8.tmp c:\windows\system32\SET80.tmp c:\windows\system32\SET81.tmp c:\windows\system32\SET82.tmp c:\windows\system32\SET83.tmp c:\windows\system32\SET84.tmp c:\windows\system32\SET85.tmp c:\windows\system32\SET86.tmp c:\windows\system32\SET87.tmp c:\windows\system32\SET88.tmp c:\windows\system32\SET89.tmp c:\windows\system32\SET8A.tmp c:\windows\system32\SET8B.tmp c:\windows\system32\SET8C.tmp c:\windows\system32\SET8D.tmp c:\windows\system32\SET8E.tmp c:\windows\system32\SET8F.tmp c:\windows\system32\SET9.tmp c:\windows\system32\SET90.tmp c:\windows\system32\SET91.tmp c:\windows\system32\SET92.tmp c:\windows\system32\SET93.tmp c:\windows\system32\SET94.tmp c:\windows\system32\SET95.tmp c:\windows\system32\SET96.tmp c:\windows\system32\SET97.tmp c:\windows\system32\SET98.tmp c:\windows\system32\SET99.tmp c:\windows\system32\SET9A.tmp c:\windows\system32\SET9B.tmp c:\windows\system32\SET9C.tmp c:\windows\system32\SET9D.tmp c:\windows\system32\SET9E.tmp c:\windows\system32\SET9F.tmp c:\windows\system32\SETA.tmp c:\windows\system32\SETA0.tmp c:\windows\system32\SETA1.tmp c:\windows\system32\SETA2.tmp c:\windows\system32\SETA3.tmp c:\windows\system32\SETA4.tmp c:\windows\system32\SETA5.tmp c:\windows\system32\SETA6.tmp c:\windows\system32\SETA7.tmp c:\windows\system32\SETA8.tmp c:\windows\system32\SETA9.tmp c:\windows\system32\SETAA.tmp c:\windows\system32\SETAB.tmp c:\windows\system32\SETAD.tmp c:\windows\system32\SETAE.tmp c:\windows\system32\SETAF.tmp c:\windows\system32\SETB.tmp c:\windows\system32\SETB0.tmp c:\windows\system32\SETB1.tmp c:\windows\system32\SETB2.tmp c:\windows\system32\SETB3.tmp c:\windows\system32\SETB4.tmp c:\windows\system32\SETB5.tmp c:\windows\system32\SETB6.tmp c:\windows\system32\SETB7.tmp c:\windows\system32\SETB8.tmp c:\windows\system32\SETB9.tmp c:\windows\system32\SETBA.tmp c:\windows\system32\SETBB.tmp c:\windows\system32\SETBC.tmp c:\windows\system32\SETBD.tmp c:\windows\system32\SETBE.tmp c:\windows\system32\SETBF.tmp c:\windows\system32\SETC.tmp c:\windows\system32\SETC0.tmp c:\windows\system32\SETC1.tmp c:\windows\system32\SETC2.tmp c:\windows\system32\SETC3.tmp c:\windows\system32\SETC4.tmp c:\windows\system32\SETC5.tmp c:\windows\system32\SETC7.tmp c:\windows\system32\SETC8.tmp c:\windows\system32\SETC9.tmp c:\windows\system32\SETCA.tmp c:\windows\system32\SETCB.tmp c:\windows\system32\SETCC.tmp c:\windows\system32\SETCD.tmp c:\windows\system32\SETCE.tmp c:\windows\system32\SETCF.tmp c:\windows\system32\SETD.tmp c:\windows\system32\SETD0.tmp c:\windows\system32\SETD1.tmp c:\windows\system32\SETD2.tmp c:\windows\system32\SETD3.tmp c:\windows\system32\SETD4.tmp c:\windows\system32\SETD5.tmp c:\windows\system32\SETD6.tmp c:\windows\system32\SETD7.tmp c:\windows\system32\SETD8.tmp c:\windows\system32\SETD9.tmp c:\windows\system32\SETDB.tmp c:\windows\system32\SETDC.tmp c:\windows\system32\SETDD.tmp c:\windows\system32\SETDE.tmp c:\windows\system32\SETDF.tmp c:\windows\system32\SETE.tmp c:\windows\system32\SETE0.tmp c:\windows\system32\SETE1.tmp c:\windows\system32\SETE2.tmp c:\windows\system32\SETE3.tmp c:\windows\system32\SETE4.tmp c:\windows\system32\SETE5.tmp c:\windows\system32\SETE6.tmp c:\windows\system32\SETE7.tmp c:\windows\system32\SETE8.tmp c:\windows\system32\SETE9.tmp c:\windows\system32\SETEA.tmp c:\windows\system32\SETEB.tmp c:\windows\system32\SETEC.tmp c:\windows\system32\SETED.tmp c:\windows\system32\SETEE.tmp c:\windows\system32\SETEF.tmp c:\windows\system32\SETF.tmp c:\windows\system32\SETF0.tmp c:\windows\system32\SETF1.tmp c:\windows\system32\SETF2.tmp c:\windows\system32\SETF3.tmp c:\windows\system32\SETF4.tmp c:\windows\system32\SETF5.tmp c:\windows\system32\SETF6.tmp c:\windows\system32\SETF7.tmp c:\windows\system32\SETF8.tmp c:\windows\system32\SETF9.tmp c:\windows\system32\SETFA.tmp c:\windows\system32\SETFB.tmp c:\windows\system32\SETFC.tmp c:\windows\system32\SETFD.tmp c:\windows\system32\SETFE.tmp c:\windows\system32\SETFF.tmp c:\windows\system32\winsh320 c:\windows\system32\winsh321 c:\windows\system32\winsh322 c:\windows\system32\winsh323 c:\windows\system32\winsh324 . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_AMSERVICE . . ((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 ))))))))))))))))))))))))))))))) . . 2012-05-19 00:27 . 2008-04-13 19:19 75264 -c--a-w- c:\windows\system32\dllcache\ipsec.sys 2012-05-19 00:27 . 2008-04-13 19:19 75264 ----a-w- c:\windows\system32\drivers\ipsec.sys 2012-05-17 03:10 . 2012-05-17 03:10 -------- d-----w- c:\windows\Microsoft Antimalware 2012-05-09 21:22 . 2012-05-17 06:43 -------- d-----w- c:\documents and settings\John\Application Data\Hvdnffpyhy 2012-05-09 21:21 . 2012-05-09 21:21 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26} 2012-05-09 21:20 . 2012-05-17 04:33 -------- d-----w- c:\program files\Common Files\HotKey 2012-05-09 21:19 . 2012-05-17 04:33 -------- d-----w- c:\documents and settings\John\Application Data\Ywehet 2012-05-09 21:19 . 2012-05-09 22:39 -------- d-----w- c:\documents and settings\John\Application Data\Loxai 2012-05-09 21:19 . 2012-05-09 21:19 -------- d-----w- c:\documents and settings\John\Application Data\Uvohv 2012-05-06 13:22 . 2010-09-18 06:53 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll 2012-05-06 13:21 . 2010-08-23 16:12 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll 2012-05-06 13:20 . 2010-11-02 15:17 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys 2012-05-06 13:18 . 2011-04-21 13:37 105472 -c----w- c:\windows\system32\dllcache\mup.sys 2012-05-06 13:16 . 2011-07-08 14:02 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys 2012-05-06 13:12 . 2010-10-11 14:59 45568 -c----w- c:\windows\system32\dllcache\wab.exe 2012-05-05 19:55 . 2012-05-05 19:55 -------- d-----w- c:\windows\ServicePackFiles 2012-05-05 19:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll 2012-05-05 18:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys 2012-05-05 18:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2012-05-05 18:35 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2012-05-05 18:35 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2012-05-05 18:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2012-05-05 18:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2012-05-05 18:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2012-05-05 18:35 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2012-05-05 18:35 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll 2012-05-05 18:35 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2012-05-05 18:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2012-05-05 18:35 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2012-05-05 18:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2012-05-05 18:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2012-05-05 18:33 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-05-05 18:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2012-05-05 18:33 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2012-05-05 18:31 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2012-05-05 18:30 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2012-05-05 17:30 . 2012-05-05 17:30 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-05 17:29 . 2012-05-05 17:29 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-05 17:29 . 2012-05-05 17:29 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-05-05 16:36 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2012-05-05 16:36 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2012-05-05 16:36 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2012-05-05 16:36 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-05-05 16:36 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2012-05-05 16:36 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2012-05-05 16:36 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2012-05-05 16:36 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2012-05-05 15:48 . 2012-05-05 15:48 -------- d-----w- c:\program files\Microsoft Sync Framework 2012-05-05 15:03 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-05-05 15:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-05-05 15:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\program files\Common Files\Java 2012-05-05 13:46 . 2012-05-06 13:38 -------- dc-h--w- c:\windows\ie8 2012-05-04 16:11 . 2012-05-04 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\I Want This 2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\program files\I Want This 2012-04-27 09:12 . 2011-10-04 21:42 86016 ----a-w- c:\windows\system32\custmon32i.dll 2012-04-27 09:11 . 2012-04-27 09:12 -------- d-----w- c:\program files\GPLGS 2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Babylon 2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- C:\Program1 2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\John\Application Data\Babylon 2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\program files\PDFCreator 2012-04-21 16:34 . 2012-04-21 16:34 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com 2012-04-21 16:33 . 2012-04-29 12:24 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-21 16:33 . 2012-04-21 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-25 17:51 . 2010-06-02 13:20 81920 -c--a-w- c:\windows\ALCFDRTM.VER 2012-03-30 13:13 . 2012-03-30 13:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-30 13:13 . 2011-06-05 12:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2010-04-26 19:18 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-05-05 17:29 . 2011-04-30 10:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\71d83054-7dbe-45c3-a453-719bb81c5f99.com" [2012-04-28 3905920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-08-17 342872] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-1-10 565248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m] "DisableRegedit"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WN111v2 Smart Wizard.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Watch.lnk backup=c:\windows\pss\Watch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\documents and settings\John\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceConnect] 2010-01-28 13:48 10035448 ----a-w- c:\program files\3 Mobile Broadband\3Connect\Wilog.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2009-11-18 16:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IconixOEAddOn] 2010-08-17 19:32 342872 ----a-w- c:\program files\Iconix\OEAddOn\OEdmn_6.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater] 2011-02-02 13:15 1085952 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSNUpd] 2010-07-14 13:51 152896 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\psnupd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-06-02 13:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2009-01-30 17:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] 2010-09-24 13:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneNetworkSvc"=2 (0x2) "ZuneBusEnum"=2 (0x2) "WMZuneComm"=3 (0x3) "YahooAUService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648] R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [14/12/2010 11:15 1737464] R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624] R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [22/08/2010 22:59 283992] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776] R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [10/01/2012 18:39 167936] R3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [10/01/2012 18:39 1759584] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16:45 57440] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 584680] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 209512] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 14:13 253600] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [10/01/2012 18:39 360529] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15/09/2010 12:14 9216] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [05/05/2012 18:30 129976] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000] S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14/01/2009 02:23 458752] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [24/09/2010 14:19 268528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs S7oppilx . Contents of the 'Scheduled Tasks' folder . 2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:13] . 2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48] . 2012-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48] . 2012-01-29 c:\windows\Tasks\Qtutqqbm.job - c:\windows\system32\msconfv.dll [2012-01-18 19:46] . 2012-05-19 c:\windows\Tasks\SDMsgUpdate (TE).job - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-03-10 18:22] . 2012-05-19 c:\windows\Tasks\User_Feed_Synchronization-{C4DFAE7E-416B-4244-8132-23CA1C0E809F}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\hjcms5ve.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=30c6e44e000000000000e0469aa5cccd&q= FF - prefs.js: network.proxy.type - 2 # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */ FF - user.js: CT2438727.AboutPrivacyUrl - hxxp://www.conduit.com/privacy/Default.aspx FF - user.js: CT2438727.CTID - CT2438727 FF - user.js: CT2438727.CommunitiesChangesLastCheckTime - 0 FF - user.js: CT2438727.CurrentServerDate - 15-2-2011 FF - user.js: CT2438727.DialogsAlignMode - LTR FF - user.js: CT2438727.DownloadReferralCookieData - FF - user.js: CT2438727.FirstServerDate - 20-9-2010 FF - user.js: CT2438727.FirstTime - true FF - user.js: CT2438727.FirstTimeFF3 - true FF - user.js: CT2438727.FirstTimeSettingsDone - true FF - user.js: CT2438727.FixPageNotFoundErrors - true FF - user.js: CT2438727.GroupingInvalidateCache - false FF - user.js: CT2438727.GroupingLastCheckTime - 0 FF - user.js: CT2438727.GroupingLastServerUpdateTime - 0 FF - user.js: CT2438727.GroupingServerCheckInterval - 1440 FF - user.js: CT2438727.GroupingServiceUrl - hxxp://grouping.services.conduit.com/ FF - user.js: CT2438727.Initialize - true FF - user.js: CT2438727.InitializeCommonPrefs - true FF - user.js: CT2438727.InstallationAndCookieDataSentCount - 3 FF - user.js: CT2438727.InstalledDate - Mon Sep 20 2010 01:25 GMT+0100 (GMT Daylight Time) FF - user.js: CT2438727.InvalidateCache - false FF - user.js: CT2438727.IsGrouping - false FF - user.js: CT2438727.IsMulticommunity - false FF - user.js: CT2438727.IsOpenThankYouPage - true FF - user.js: CT2438727.IsOpenUninstallPage - true FF - user.js: CT2438727.LanguagePackLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CT2438727.LanguagePackReloadIntervalMM - 1440 FF - user.js: CT2438727.LanguagePackServiceUrl - hxxp://translation.users.conduit.com/Translation.ashx FF - user.js: CT2438727.LastLogin_2.7.1.3 - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CT2438727.LatestVersion - 2.7.1.3 FF - user.js: CT2438727.Locale - en FF - user.js: CT2438727.LoginCache - 4 FF - user.js: CT2438727.MCDetectTooltipHeight - 83 FF - user.js: CT2438727.MCDetectTooltipUrl - hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1 FF - user.js: CT2438727.MCDetectTooltipWidth - 295 FF - user.js: CT2438727.RadioLastCheckTime - 0 FF - user.js: CT2438727.RadioLastUpdateIPServer - 0 FF - user.js: CT2438727.RadioLastUpdateServer - 0 FF - user.js: CT2438727.SHRINK_TOOLBAR - 1 FF - user.js: CT2438727.SearchEngine - Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&Search Source=1 FF - user.js: CT2438727.SearchFromAddressBarIsInit - true FF - user.js: CT2438727.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q= FF - user.js: CT2438727.SearchInNewTabEnabled - true FF - user.js: CT2438727.SearchInNewTabIntervalMM - 1440 FF - user.js: CT2438727.SearchInNewTabLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CT2438727.SearchInNewTabServiceUrl - hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID FF - user.js: CT2438727.SearchInNewTabUsageUrl - hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID FF - user.js: CT2438727.SettingsCheckIntervalMin - 120 FF - user.js: CT2438727.SettingsLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CT2438727.SettingsLastUpdate - 1297721424 FF - user.js: CT2438727.ThirdPartyComponentsInterval - 504 FF - user.js: CT2438727.ThirdPartyComponentsLastCheck - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CT2438727.ThirdPartyComponentsLastUpdate - 1246790578 FF - user.js: CT2438727.TrusteLinkUrl - hxxp://trust.conduit.com/EB_ORIGINAL_CTID FF - user.js: CT2438727.UserID - UN14965108183067577 FF - user.js: CT2438727.ValidationData_Search - 0 FF - user.js: CT2438727.ValidationData_Toolbar - 2 FF - user.js: CT2438727.alertChannelId - 832836 FF - user.js: CT2438727.clientLogIsEnabled - false FF - user.js: CT2438727.clientLogServiceUrl - hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent FF - user.js: CT2438727.myStuffEnabled - true FF - user.js: CT2438727.myStuffPublihserMinWidth - 400 FF - user.js: CT2438727.myStuffSearchUrl - hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIG INAL_CTID FF - user.js: CT2438727.myStuffServiceIntervalMM - 1440 FF - user.js: CT2438727.myStuffServiceUrl - hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_L UT FF - user.js: CT2438727.uninstallLogServiceUrl - hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation FF - user.js: CommunityToolbar.SearchFromAddressBarSavedUrl - chrome://browser-region/locale/region.properties FF - user.js: CommunityToolbar.ToolbarsList - CT2438727 FF - user.js: CommunityToolbar.ToolbarsList2 - CT2438727 FF - user.js: CommunityToolbar.alert.alertInfoInterval - 1440 FF - user.js: CommunityToolbar.alert.alertInfoLastCheckTime - Tue Feb 15 2011 19:52 GMT+0000 (GMT Standard Time) FF - user.js: CommunityToolbar.alert.clientsServerUrl - hxxp://alert.client.conduit.com FF - user.js: CommunityToolbar.alert.locale - en FF - user.js: CommunityToolbar.alert.loginIntervalMin - 1440 FF - user.js: CommunityToolbar.alert.loginLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CommunityToolbar.alert.loginLastUpdateTime - 1291052234 FF - user.js: CommunityToolbar.alert.messageShowTimeSec - 20 FF - user.js: CommunityToolbar.alert.servicesServerUrl - hxxp://alert.services.conduit.com FF - user.js: CommunityToolbar.alert.showTrayIcon - false FF - user.js: CommunityToolbar.alert.userCloseIntervalMin - 300 FF - user.js: CommunityToolbar.alert.userId - {029615fa-cf91-40f4-9072-93950c5fb5f8} FF - user.js: accessibility.browsewithcaret - true FF - user.js: accessibility.typeaheadfind - true FF - user.js: accessibility.typeaheadfind.casesensitive - 1 FF - user.js: accessibility.typeaheadfind.flashBar - 0 FF - user.js: app.update.disable_button.showUpdateHistory - false FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1326979408 FF - user.js: app.update.lastUpdateTime.background-update-timer - 1326979287 FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1326979528 FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313360628 FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304117503 FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1326987885 FF - user.js: browser.anchor_color - #0000FF FF - user.js: browser.cache.disk.capacity - 1048576 FF - user.js: browser.cache.disk.smart_size.first_run - false FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576 FF - user.js: browser.display.background_color - #C0C0C0 FF - user.js: browser.display.use_document_fonts - 0 FF - user.js: browser.display.use_system_colors - true FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\John\\Desktop FF - user.js: browser.download.manager.alertOnEXEOpen - false FF - user.js: browser.download.manager.retention - 0 FF - user.js: browser.download.save_converter_index - 3 FF - user.js: browser.feeds.showFirstRunUI - false FF - user.js: browser.formfill.enable - false FF - user.js: browser.history_expire_days.mirror - 180 FF - user.js: browser.migration.version - 5 FF - user.js: browser.offline - false FF - user.js: browser.places.smartBookmarksVersion - 2 FF - user.js: browser.preferences.advanced.selectedTabIndex - 3 FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true FF - user.js: browser.rights.3.shown - true FF - user.js: browser.search.selectedEngine - Bing FF - user.js: browser.search.useDBForOrder - true FF - user.js: browser.shell.checkDefaultBrowser - false FF - user.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp FF - user.js: browser.startup.homepage_override.buildID - 20111220165912 FF - user.js: browser.startup.homepage_override.mstone - rv:9.0.1 FF - user.js: browser.syncPromoViewsLeft - 0 FF - user.js: browser.tabs.loadInBackground - false FF - user.js: browser.urlbar.default.behavior - 1 FF - user.js: browser.visited_color - #800080 FF - user.js: dom.disable_open_during_load - false FF - user.js: dom.event.contextmenu.enabled - false FF - user.js: dom.max_script_run_time - 0 FF - user.js: extensions.MicrosoftCG.lastRunTime - Mon, 01 Nov 2010 22:13 GMT FF - user.js: extensions.blocklist.pingCountTotal - 237 FF - user.js: extensions.blocklist.pingCountVersion - 9 FF - user.js: extensions.bootstrappedAddons - {} FF - user.js: extensions.databaseSchema - 6 FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:9.0.1 FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17 FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\ \\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1277663450843},\smartwebpri nting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031},\jqs@sun.com\:{\descripto r\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1288081481343} }},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1326272142546},\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\,\mtime\:1326329926656}}},{\name\:\winreg-app-user\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031}}},{\name\:\app-profile\,\addons\:{\firefox@zoodles.com\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \firefox@zoodles.com.xpi\,\mtime\:1314085773315},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1280323145296},\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \{7b13ec3e-999a-4b70-b9cb-2617b8323822}\,\mtime\:1326224466051}}}] FF - user.js: extensions.lastAppVersion - 9.0.1 FF - user.js: extensions.lastPlatformVersion - 9.0.1 FF - user.js: extensions.pendingOperations - false FF - user.js: extensions.update.notifyUser - false FF - user.js: extensions.zoodles.account_created - true FF - user.js: extensions.zoodles.toolbar_installed - true FF - user.js: font.name.serif.x-western - Verdana FF - user.js: general.useragent.extra.microsoftdotnet - ( .NET CLR 3.5.30729) FF - user.js: general.useragent.extra.zoodles - FF - user.js: general.useragent.extra.zoodles_parent - InquisitiveMindsAddon FF - user.js: gfx.blacklist.direct2d - 2 FF - user.js: gfx.blacklist.layers.direct3d10 - 2 FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2 FF - user.js: idle.lastDailyNotification - 1326992866 FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-8, UTF-8, ISO-8859-2, windows-1252, ISO-8859-15 FF - user.js: lightweightThemes.isThemeSelected - false FF - user.js: lightweightThemes.persisted.footerURL - true FF - user.js: lightweightThemes.persisted.headerURL - true FF - user.js: lightweightThemes.usedThemes - [{\id\:\30987\,\name\:\endless possibilities by etsu\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/7/30987/etsu_v2_header.jpg?1260925626\,\footerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\etsu meusy’s work has been described as “sunny and clean†by giant robot and “nostalgia-tinged 70s and 80s pop cultural pastiches†by coolhunting. etsu blends together paint, hand drawn typography and the odd guest appearance from 80s icons like axl rose and the smurfs to create dreamy rainbow colored landscapes. her artwork has been featured in nylon magazine and art books by die gestalten.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/30987\,\version\:\1260925626\},{\id\:\95641\,\name\:\supernatural-dean\,\headerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\this is a supernatural persona\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/95641\,\version\:\1265334322\},{\id\:\64769\,\name\:\sunset over water\,\headerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\this is a personal photo i took. i have a wallpaper to match this and it can be found at\\u000d\\u000a:http://nature.desktopnexus.com/wallp...\u000d\\u000aI also made an iGoogle theme called Framed Sunset and you can use that as your theme if you use iGoogle.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/64769\}] FF - user.js: microsoft.CLR.auto_install - false FF - user.js: network.cookie.lifetimePolicy - 2 FF - user.js: network.cookie.prefsMigrated - true FF - user.js: network.proxy.type - 2 FF - user.js: places.database.lastMaintenance - 1326992866 FF - user.js: places.history.expiration.transient_current_max_pages - 76949 FF - user.js: places.history.expiration.transient_optimal_database_size - 123117894 FF - user.js: places.last_vacuum - 1301663853 FF - user.js: pref.advanced.images.disable_button.view_image - false FF - user.js: pref.advanced.javascript.disable_button.advanced - false FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false FF - user.js: pref.privacy.disable_button.view_cookies - false FF - user.js: print.print_printer - HP Deskjet D2600 series FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgcolor - true FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgimages - true FF - user.js: print.printer_HP_Deskjet_D2600_series.print_command - FF - user.js: print.printer_HP_Deskjet_D2600_series.print_downloadfonts - false FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_bottom - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_left - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_right - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_top - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_evenpages - true FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footercenter - FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerleft - &PT FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerright - &D FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headercenter - FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerleft - &T FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerright - &U FF - user.js: print.printer_HP_Deskjet_D2600_series.print_in_color - true FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_left - 0.5 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_right - 0.5 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_top - 0.5 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_oddpages - true FF - user.js: print.printer_HP_Deskjet_D2600_series.print_orientation - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_pagedelay - 500 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_data - 9 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_height - 11.00 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_type - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_unit - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_width - 8.50 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_reversed - false FF - user.js: print.printer_HP_Deskjet_D2600_series.print_scaling - 1.25 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_shrink_to_fit - false FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_file - false FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_filename - FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgcolor - false FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgimages - false FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_command - FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_left - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_right - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_top - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_evenpages - true FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footercenter - FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerright - &D FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headercenter - FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerleft - &T FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerright - &U FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_in_color - true FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_oddpages - true FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_orientation - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_pagedelay - 500 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_data - 6 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 1 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_reversed - false FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_file - false FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_filename - FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0 FF - user.js: print_printer - HP Deskjet D2600 series FF - user.js: printer_HP_Deskjet_D2600_series.print_bgcolor - false FF - user.js: printer_HP_Deskjet_D2600_series.print_bgimages - false FF - user.js: printer_HP_Deskjet_D2600_series.print_colorspace - FF - user.js: printer_HP_Deskjet_D2600_series.print_command - FF - user.js: printer_HP_Deskjet_D2600_series.print_downloadfonts - false FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_bottom - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_left - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_right - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_top - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_evenpages - true FF - user.js: printer_HP_Deskjet_D2600_series.print_footercenter - FF - user.js: printer_HP_Deskjet_D2600_series.print_footerleft - &PT FF - user.js: printer_HP_Deskjet_D2600_series.print_footerright - &D FF - user.js: printer_HP_Deskjet_D2600_series.print_headercenter - FF - user.js: printer_HP_Deskjet_D2600_series.print_headerleft - &T FF - user.js: printer_HP_Deskjet_D2600_series.print_headerright - &U FF - user.js: printer_HP_Deskjet_D2600_series.print_in_color - true FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5 FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_left - 0.5 FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_right - 0.5 FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_top - 0.5 FF - user.js: printer_HP_Deskjet_D2600_series.print_oddpages - true FF - user.js: printer_HP_Deskjet_D2600_series.print_orientation - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_page_delay - 50 FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_data - 9 FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_height - 11.00 FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_name - FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_type - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_unit - 1 FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_width - 8.50 FF - user.js: printer_HP_Deskjet_D2600_series.print_plex_name - FF - user.js: printer_HP_Deskjet_D2600_series.print_resolution_name - FF - user.js: printer_HP_Deskjet_D2600_series.print_reversed - false FF - user.js: printer_HP_Deskjet_D2600_series.print_scaling - 1.00 FF - user.js: printer_HP_Deskjet_D2600_series.print_shrink_to_fit - true FF - user.js: printer_HP_Deskjet_D2600_series.print_to_file - false FF - user.js: printer_HP_Deskjet_D2600_series.print_to_filename - FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0 FF - user.js: privacy.cpd.siteSettings - true FF - user.js: privacy.donottrackheader.enabled - true FF - user.js: privacy.popups.showBrowserMessage - false FF - user.js: privacy.sanitize.migrateFx3Prefs - true FF - user.js: privacy.sanitize.timeSpan - 0 FF - user.js: security.disable_button.openCertManager - false FF - user.js: security.disable_button.openDeviceManager - false FF - user.js: security.enable_ssl2 - true FF - user.js: security.warn_viewing_mixed - false FF - user.js: services.sync.clients.lastSync - 0 FF - user.js: services.sync.clients.lastSyncLocal - 0 FF - user.js: services.sync.migrated - true FF - user.js: services.sync.tabs.lastSync - 0 FF - user.js: services.sync.tabs.lastSyncLocal - 0 FF - user.js: signon.rememberSignons - false FF - user.js: storage.vacuum.last.index - 1 FF - user.js: storage.vacuum.last.places.sqlite - 1325869576 FF - user.js: toolkit.telemetry.prompted - 2 FF - user.js: toolkit.telemetry.rejected - true FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1329414084 FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 30c6e44e000000000000e0469aa5cccd FF - user.js: extensions.BabylonToolbar_i.hardId - 30c6e44e000000000000e0469aa5cccd FF - user.js: extensions.BabylonToolbar_i.instlDay - 15457 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:12 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9 FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file) MSConfigStartUp-Adobe Reader Speed Launcher - c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe MSConfigStartUp-Google Update - c:\documents and settings\John\Local Settings\Application Data\Google\Update\GoogleUpdate.exe MSConfigStartUp-Gtwatch - c:\windows\gtwatch.exe MSConfigStartUp-jswtrayutil - c:\program files\NETGEAR\WN111v2\jswtrayutil.exe MSConfigStartUp-PSUNMain - c:\program files\Panda Security\Panda Cloud Antivirus\PSUNMain.exe AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-19 14:34 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1085031214-1957994488-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1132) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3652) c:\windows\system32\WININET.dll c:\program files\Iconix\OEAddOn\OEldr_7.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\acs.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\wscntfy.exe c:\windows\SOUNDMAN.EXE c:\windows\ALCWZRD.EXE . ************************************************************************** . Completion time: 2012-05-19 14:42:01 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-19 13:41 . Pre-Run: 154,489,208,832 bytes free Post-Run: 154,577,326,080 bytes free . WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons UnsupportedDebug="do not select this" /debug multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect . - - End Of File - - 8B59B7E45875B886EA672C1544E6761A |
19-May-2012, 09:50 AM
#63 | |||||||
| No not really, I used to work offshore, had a real bad accident Dec 2004, took me 4 years to get over it and many operations to my right leg and shoulder. Started messing about with computers for soething to do... About 2009 took interest in Malware and its effect on computers. Started traing at Geeks2Go, had to leave course midway for personal reasons, (I lost the plot due to accident and how it affected my life) Started again at Spywarehammer and completed this time. SH is my home site, I come here to help out cos it gets really busy. If you want to learn you have to be dedicated, it takes about a 6 months to a year, depending on you and the effort you put in.. Let me know if you`re interested, i`ll point you in the right direction... |
19-May-2012, 10:01 AM
#65 | |||||||
| ok ill shut it down now sorry to hear about your past least you pulled though m8 and on the up hope fully what site is sh and its just very nice to know there are people still out there who help others and not just to charge them money. i would love to learn about computer but aint got much tme or any money to do that sort of stuff. |
19-May-2012, 11:26 AM
#66 | |||||||
| Dont be sorry, I just started drinking maybe more than I should, feeling sorry for myself I guess. Came back twice as strong and more determined... OK, Lets continue: Step 1 1. Close any open browsers. 2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix. 3. Open notepad and copy/paste the text in the Codebox below into it: Code: KillAll::
ClearJavaCache::
File::
c:\windows\Tasks\Qtutqqbm.job
c:\windows\system32\msconfv.dll
Folder::
c:\documents and settings\John\Application Data\Hvdnffpyhy
c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}
c:\program files\Common Files\HotKey
c:\documents and settings\John\Application Data\Ywehet
c:\documents and settings\John\Application Data\Loxai
c:\documents and settings\John\Application Data\Uvohv
c:\documents and settings\John\Application Data\Babylon
c:\documents and settings\All Users\Application Data\Babylon
DirLook::
c:\documents and settings\John\Local Settings\Application Data\I Want This
c:\program files\I Want This
C:\Program1
Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m]
"DisableRegedit"= 0 (0x0)
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegedit"= 0 (0x0)
Firefox::
FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\hjcms5ve.default\
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=110819&babsrc=KW_ss&mntrId=30c6e44e000000000000e0469aa5cccd&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=110819
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 30c6e44e000000000000e0469aa5cccd
FF - user.js: extensions.BabylonToolbar_i.hardId - 30c6e44e000000000000e0469aa5cccd
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15457
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1710:12
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst   Refering to the picture above, drag CFScript into ComboFix.exe When finished, it shall produce a log for you at C:\ComboFix.txt which I will require in your next reply. Step 2 Run ESET Online Scan
Frequently asked questions available Here Please read them before running the scan. Also be aware this scan can take several hours to complete depending on the size of your system. ESET log can be found here "C:\Program Files\ESET\EsetOnlineScanner\log.txt". Let me see those two logs, also give update on current issues/concerns Kevin |
19-May-2012, 01:16 PM
#69 | ||||||
| Just so you can keep going while Kevin is offline this is a guide for taking a screenshot in XP: How to take a screenshot in XP SH is SpywareHammer, it's my home site also, you will find the site here: SpywareHammer |
19-May-2012, 01:22 PM
#71 | |||||||
| step 1 results ComboFix 12-05-19.01 - John 19/05/2012 17:59:59.2.1 - x86 Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.2935.2349 [GMT 1:00] Running from: c:\documents and settings\John\Desktop\ComboFix.exe Command switches used :: G:\CFScript.txt . FILE :: "c:\windows\system32\msconfv.dll" "c:\windows\Tasks\Qtutqqbm.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\Babylon c:\documents and settings\John\Application Data\Babylon c:\documents and settings\John\Application Data\Babylon\log_file.txt c:\documents and settings\John\Application Data\Hvdnffpyhy c:\documents and settings\John\Application Data\Loxai c:\documents and settings\John\Application Data\Uvohv c:\documents and settings\John\Application Data\Uvohv\usnow.fit c:\documents and settings\John\Application Data\Ywehet c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26} c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\chrome.manifest c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\chrome\content\browser.xul c:\documents and settings\John\Local Settings\Application Data\{E5C50E8F-9A1C-11E1-826E-B8AC6F996F26}\install.rdf c:\program files\Common Files\HotKey c:\windows\system32\msconfv.dll c:\windows\Tasks\Qtutqqbm.job . . ((((((((((((((((((((((((( Files Created from 2012-04-19 to 2012-05-19 ))))))))))))))))))))))))))))))) . . 2012-05-05 19:55 . 2012-05-05 19:55 -------- d-----w- c:\windows\ServicePackFiles 2012-05-05 19:03 . 2008-04-14 00:11 61440 ------w- c:\windows\system32\kmsvc.dll 2012-05-05 18:37 . 2011-02-17 13:18 357888 -c----w- c:\windows\system32\dllcache\srv.sys 2012-05-05 18:36 . 2010-06-14 14:31 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe 2012-05-05 18:35 . 2010-08-27 08:02 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll 2012-05-05 18:35 . 2009-10-15 16:28 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll 2012-05-05 18:35 . 2009-03-06 14:22 284160 -c----w- c:\windows\system32\dllcache\pdh.dll 2012-05-05 18:35 . 2009-02-09 12:10 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll 2012-05-05 18:35 . 2009-02-06 11:11 110592 -c----w- c:\windows\system32\dllcache\services.exe 2012-05-05 18:35 . 2010-12-20 17:26 730112 -c----w- c:\windows\system32\dllcache\lsasrv.dll 2012-05-05 18:35 . 2010-12-09 15:15 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll 2012-05-05 18:35 . 2009-02-09 12:10 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll 2012-05-05 18:35 . 2009-02-09 12:10 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll 2012-05-05 18:35 . 2009-02-09 12:10 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll 2012-05-05 18:35 . 2009-02-06 10:10 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe 2012-05-05 18:33 . 2008-05-08 14:02 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys 2012-05-05 18:33 . 2008-06-13 11:05 272128 -c----w- c:\windows\system32\dllcache\bthport.sys 2012-05-05 18:33 . 2008-06-13 11:05 272128 ------w- c:\windows\system32\drivers\bthport.sys 2012-05-05 18:33 . 2009-11-21 15:51 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll 2012-05-05 18:31 . 2008-10-15 16:34 337408 -c----w- c:\windows\system32\dllcache\netapi32.dll 2012-05-05 18:30 . 2010-07-12 12:55 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe 2012-05-05 17:30 . 2012-05-05 17:30 -------- d-----w- c:\program files\Mozilla Maintenance Service 2012-05-05 17:29 . 2012-05-05 17:29 157352 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe 2012-05-05 17:29 . 2012-05-05 17:29 129976 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe 2012-05-05 16:36 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll 2012-05-05 16:36 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll 2012-05-05 16:36 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll 2012-05-05 16:36 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll 2012-05-05 16:36 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll 2012-05-05 16:36 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll 2012-05-05 16:36 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll 2012-05-05 16:36 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll 2012-05-05 15:48 . 2012-05-05 15:48 -------- d-----w- c:\program files\Microsoft Sync Framework 2012-05-05 15:03 . 2012-01-09 16:20 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys 2012-05-05 15:03 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll 2012-05-05 15:03 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll 2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\windows\system32\wbem\Repository 2012-05-05 13:47 . 2012-05-05 13:47 -------- d-----w- c:\program files\Common Files\Java 2012-05-05 13:46 . 2012-05-06 13:38 -------- dc-h--w- c:\windows\ie8 2012-05-04 16:11 . 2012-05-04 16:11 -------- d-----w- c:\documents and settings\All Users\Application Data\WEBREG 2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\I Want This 2012-04-27 09:16 . 2012-04-27 09:16 -------- d-----w- c:\program files\I Want This 2012-04-27 09:12 . 2011-10-04 21:42 86016 ----a-w- c:\windows\system32\custmon32i.dll 2012-04-27 09:11 . 2012-04-27 09:12 -------- d-----w- c:\program files\GPLGS 2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\documents and settings\John\Local Settings\Application Data\Babylon 2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- C:\Program1 2012-04-27 09:11 . 2012-04-27 09:11 -------- d-----w- c:\program files\PDFCreator 2012-04-21 16:34 . 2012-04-21 16:34 -------- d-----w- c:\documents and settings\John\Application Data\SUPERAntiSpyware.com 2012-04-21 16:33 . 2012-04-29 12:24 -------- d-----w- c:\program files\SUPERAntiSpyware 2012-04-21 16:33 . 2012-04-21 16:33 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-04-25 17:51 . 2010-06-02 13:20 81920 -c--a-w- c:\windows\ALCFDRTM.VER 2012-03-30 13:13 . 2012-03-30 13:13 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-30 13:13 . 2011-06-05 12:07 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-03-01 11:01 . 2004-08-04 12:00 916992 ----a-w- c:\windows\system32\wininet.dll 2012-03-01 11:01 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll 2012-03-01 11:01 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl 2012-02-29 14:10 . 2010-04-26 19:18 148480 ----a-w- c:\windows\system32\imagehlp.dll 2012-02-29 14:10 . 2004-08-04 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll 2012-02-29 12:17 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec 2012-05-05 17:29 . 2011-04-30 10:18 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\documents and settings\John\Local Settings\Application Data\I Want This ---- . 2012-02-29 13:21 . 2012-02-29 13:21 90207 ----a-w- c:\documents and settings\John\Local Settings\Application Data\I Want This\Chrome\I Want This.crx . ---- Directory of c:\program files\I Want This ---- . 2012-04-27 09:16 . 2012-04-27 09:16 7729 ----a-w- c:\program files\I Want This\I Want ThisInstaller.log 2012-04-27 09:16 . 2012-04-27 09:16 137 ----a-w- c:\program files\I Want This\I Want This.ini 2012-04-27 09:16 . 2012-04-27 09:16 463627 ----a-w- c:\program files\I Want This\Uninstall.exe 2012-02-28 00:51 . 2012-02-28 00:51 35792 ----a-w- c:\program files\I Want This\appAPIinternalWrapper.js 2012-02-28 00:51 . 2012-02-28 00:51 15711 ----a-w- c:\program files\I Want This\fb.js 2012-02-28 00:51 . 2012-02-28 00:51 475480 ----a-w- c:\program files\I Want This\I Want This.dll 2012-02-28 00:51 . 2012-02-28 00:51 336216 ----a-w- c:\program files\I Want This\I Want This.exe 2012-02-28 00:51 . 2012-02-28 00:51 9662 ----a-w- c:\program files\I Want This\I Want This.ico 2012-02-28 00:51 . 2012-02-28 00:51 2096984 ----a-w- c:\program files\I Want This\I Want ThisGui.exe 2012-02-28 00:51 . 2012-02-28 00:51 166313 ----a-w- c:\program files\I Want This\jquery.js 2012-02-28 00:51 . 2012-02-28 00:51 10790 ----a-w- c:\program files\I Want This\json.js . ---- Directory of C:\Program1 ---- . 2012-04-27 09:11 . 2005-10-25 08:36 116 ----a-w- c:\program1\PDFWrite.rsp 2012-04-27 09:11 . 2011-02-22 23:05 32768 ----a-w- c:\program1\Preferences.exe 2012-04-27 09:11 . 2011-02-22 08:28 53248 ----a-w- c:\program1\uninstpw.exe 2012-04-27 09:11 . 2011-02-22 08:27 126976 ----a-w- c:\program1\CPWriter2.exe 2012-04-27 09:11 . 2011-10-03 21:56 40960 ----a-w- c:\program1\pdfwriter.exe 2012-04-27 09:11 . 2008-01-28 18:23 4928 ----a-w- c:\program1\README.HTM 2012-04-27 09:11 . 2012-03-28 19:07 296 ----a-w- c:\program1\setup.inf . . ((((((((((((((((((((((((((((( SnapShot@2012-05-19_13.34.10 ))))))))))))))))))))))))))))))))))))))))) . - 2012-05-19 13:28 . 2012-04-11 13:53 30208 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\u pdate\w32ksign.dll - 2012-05-19 13:28 . 2010-07-05 13:15 26488 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\u pdate\spcustom.dll - 2012-05-19 13:28 . 2012-04-11 13:53 16896 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\u pdate\mpsyschk.dll - 2012-05-19 13:28 . 2010-07-05 13:15 17272 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\s pmsg.dll - 2012-05-19 13:28 . 2010-07-05 13:16 382840 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\u pdate\updspapi.dll - 2012-05-19 13:28 . 2010-07-05 13:15 755576 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\u pdate\update.exe - 2012-05-19 13:28 . 2010-07-05 13:15 231288 c:\windows\SoftwareDistribution\Download\888bd630a02581b550845dde5f47a0ee\s puninst.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\71d83054-7dbe-45c3-a453-719bb81c5f99.com" [2012-04-28 3905920] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-11-02 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-11-02 126976] "IconixOEAddOn"="c:\program files\Iconix\OEAddOn\OEdmn_6.exe" [2010-08-17 342872] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240] "SoundMan"="SOUNDMAN.EXE" [2005-09-21 86016] "AlcWzrd"="ALCWZRD.EXE" [2005-09-21 2807808] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ NETGEAR WNDA3200 Smart Wizard.lnk - c:\program files\NETGEAR\WNDA3200\WNDA3200WPSMgr.exe [2012-1-10 565248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\syste m] "DisableRegedit"= 1 (0x1) . [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableRegedit"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\Shell ExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2011-07-19 113024] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon] 2011-05-04 17:54 551296 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^NETGEAR WN111v2 Smart Wizard.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\NETGEAR WN111v2 Smart Wizard.lnk backup=c:\windows\pss\NETGEAR WN111v2 Smart Wizard.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Watch.lnk] path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Watch.lnk backup=c:\windows\pss\Watch.lnkCommon Startup . [HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk] path=c:\documents and settings\John\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup . [HKLM\~\startupfolder\C:^Documents and Settings^John^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk] path=c:\documents and settings\John\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk backup=c:\windows\pss\OpenOffice.org 3.3.lnkStartup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-01-03 13:10 843712 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AliceConnect] 2010-01-28 13:48 10035448 ----a-w- c:\program files\3 Mobile Broadband\3Connect\Wilog.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update] 2009-11-18 16:13 54576 ----a-w- c:\program files\HP\HP Software Update\hpwuschd2.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IconixOEAddOn] 2010-08-17 19:32 342872 ----a-w- c:\program files\Iconix\OEAddOn\OEdmn_6.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InstallIQUpdater] 2011-02-02 13:15 1085952 ----a-w- c:\program files\W3i\InstallIQUpdater\InstallIQUpdater.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2010-09-01 07:32 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] 2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr] 2010-04-16 22:12 3872080 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSNUpd] 2010-07-14 13:51 152896 ----a-w- c:\program files\Panda Security\Panda Cloud Antivirus\psnupd.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-06-02 13:05 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG] 2009-01-30 17:46 204288 ------w- c:\program files\Windows Media Player\wmpnscfg.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Zune Launcher] 2010-09-24 13:19 159472 ----a-w- c:\program files\Zune\ZuneLauncher.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "ZuneNetworkSvc"=2 (0x2) "ZuneBusEnum"=2 (0x2) "WMZuneComm"=3 (0x3) "YahooAUService"=2 (0x2) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\Auth orizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= . R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [22/07/2011 17:27 12880] R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [12/07/2011 22:55 67664] R2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCore.exe [12/08/2011 00:38 116608] R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [21/10/2011 15:23 196176] R2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [13/10/2011 17:21 249648] R2 BecHelperService;BecHelperService;c:\program files\3 Mobile Broadband\3Connect\BecHelperService.exe [14/12/2010 11:15 1737464] R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [04/01/2012 14:22 822624] R2 IconixService;Iconix Update Service;c:\program files\Common Files\Iconix\IconixService.exe [22/08/2010 22:59 283992] R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [01/10/2011 08:30 508776] R2 WDCS_WNDA3200;NETGEAR WNDA3200 Device Checking Service;c:\program files\NETGEAR\WNDA3200\WifiDevChkSvc.exe [10/01/2012 18:39 167936] R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [01/10/2008 16:45 57440] R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02/12/2009 22:23 584680] R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02/12/2009 22:23 209512] R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02/12/2009 22:23 20584] R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02/12/2009 22:23 18280] R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [01/10/2011 08:30 219496] S2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [30/03/2012 14:13 253600] S3 AR9271;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\drivers\athuw.sys [10/01/2012 18:39 1759584] S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [24/07/2003 12:10 17149] S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [26/06/2010 12:48 135664] S3 jswpsapi;JumpStart Wi-Fi Protected Setup;c:\program files\NETGEAR\WNDA3200\jswpsapi.exe [10/01/2012 18:39 360529] S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [15/09/2010 12:14 9216] S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [05/05/2012 18:30 129976] S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09/01/2010 22:37 4640000] S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [14/01/2009 02:23 458752] S4 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [24/09/2010 14:19 268528] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs S7oppilx . Contents of the 'Scheduled Tasks' folder . 2012-05-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 13:13] . 2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48] . 2012-05-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-06-26 11:48] . 2012-05-19 c:\windows\Tasks\SDMsgUpdate (TE).job - c:\progra~1\SMARTD~1\Messages\SDNotify.exe [2012-03-10 18:22] . 2012-05-19 c:\windows\Tasks\User_Feed_Synchronization-{C4DFAE7E-416B-4244-8132-23CA1C0E809F}.job - c:\windows\system32\msfeedssync.exe [2009-03-08 03:31] . . ------- Supplementary Scan ------- . uStart Page = uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 194.168.4.100 194.168.8.100 FF - ProfilePath - c:\documents and settings\John\Application Data\Mozilla\Firefox\Profiles\hjcms5ve.default\ FF - prefs.js: browser.search.selectedEngine - Bing FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp FF - prefs.js: network.proxy.type - 2 # Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see hxxp://www.mozilla.org/unix/customizing.html#prefs */ FF - user.js: CT2438727.AboutPrivacyUrl - hxxp://www.conduit.com/privacy/Default.aspx FF - user.js: CT2438727.CTID - CT2438727 FF - user.js: CT2438727.CommunitiesChangesLastCheckTime - 0 FF - user.js: CT2438727.CurrentServerDate - 15-2-2011 FF - user.js: CT2438727.DialogsAlignMode - LTR FF - user.js: CT2438727.DownloadReferralCookieData - FF - user.js: CT2438727.FirstServerDate - 20-9-2010 FF - user.js: CT2438727.FirstTime - true FF - user.js: CT2438727.FirstTimeFF3 - true FF - user.js: CT2438727.FirstTimeSettingsDone - true FF - user.js: CT2438727.FixPageNotFoundErrors - true FF - user.js: CT2438727.GroupingInvalidateCache - false FF - user.js: CT2438727.GroupingLastCheckTime - 0 FF - user.js: CT2438727.GroupingLastServerUpdateTime - 0 FF - user.js: CT2438727.GroupingServerCheckInterval - 1440 FF - user.js: CT2438727.GroupingServiceUrl - hxxp://grouping.services.conduit.com/ FF - user.js: CT2438727.Initialize - true FF - user.js: CT2438727.InitializeCommonPrefs - true FF - user.js: CT2438727.InstallationAndCookieDataSentCount - 3 FF - user.js: CT2438727.InstalledDate - Mon Sep 20 2010 01:25 GMT+0100 (GMT Daylight Time) FF - user.js: CT2438727.InvalidateCache - false FF - user.js: CT2438727.IsGrouping - false FF - user.js: CT2438727.IsMulticommunity - false FF - user.js: CT2438727.IsOpenThankYouPage - true FF - user.js: CT2438727.IsOpenUninstallPage - true FF - user.js: CT2438727.LanguagePackLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CT2438727.LanguagePackReloadIntervalMM - 1440 FF - user.js: CT2438727.LanguagePackServiceUrl - hxxp://translation.users.conduit.com/Translation.ashx FF - user.js: CT2438727.LastLogin_2.7.1.3 - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CT2438727.LatestVersion - 2.7.1.3 FF - user.js: CT2438727.Locale - en FF - user.js: CT2438727.LoginCache - 4 FF - user.js: CT2438727.MCDetectTooltipHeight - 83 FF - user.js: CT2438727.MCDetectTooltipUrl - hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1 FF - user.js: CT2438727.MCDetectTooltipWidth - 295 FF - user.js: CT2438727.RadioLastCheckTime - 0 FF - user.js: CT2438727.RadioLastUpdateIPServer - 0 FF - user.js: CT2438727.RadioLastUpdateServer - 0 FF - user.js: CT2438727.SHRINK_TOOLBAR - 1 FF - user.js: CT2438727.SearchEngine - Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2438727&octid=EB_ORIGINAL_CTID&Search Source=1 FF - user.js: CT2438727.SearchFromAddressBarIsInit - true FF - user.js: CT2438727.SearchFromAddressBarUrl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2438727&q= FF - user.js: CT2438727.SearchInNewTabEnabled - true FF - user.js: CT2438727.SearchInNewTabIntervalMM - 1440 FF - user.js: CT2438727.SearchInNewTabLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CT2438727.SearchInNewTabServiceUrl - hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID FF - user.js: CT2438727.SearchInNewTabUsageUrl - hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID FF - user.js: CT2438727.SettingsCheckIntervalMin - 120 FF - user.js: CT2438727.SettingsLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CT2438727.SettingsLastUpdate - 1297721424 FF - user.js: CT2438727.ThirdPartyComponentsInterval - 504 FF - user.js: CT2438727.ThirdPartyComponentsLastCheck - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CT2438727.ThirdPartyComponentsLastUpdate - 1246790578 FF - user.js: CT2438727.TrusteLinkUrl - hxxp://trust.conduit.com/EB_ORIGINAL_CTID FF - user.js: CT2438727.UserID - UN14965108183067577 FF - user.js: CT2438727.ValidationData_Search - 0 FF - user.js: CT2438727.ValidationData_Toolbar - 2 FF - user.js: CT2438727.alertChannelId - 832836 FF - user.js: CT2438727.clientLogIsEnabled - false FF - user.js: CT2438727.clientLogServiceUrl - hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent FF - user.js: CT2438727.myStuffEnabled - true FF - user.js: CT2438727.myStuffPublihserMinWidth - 400 FF - user.js: CT2438727.myStuffSearchUrl - hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIG INAL_CTID FF - user.js: CT2438727.myStuffServiceIntervalMM - 1440 FF - user.js: CT2438727.myStuffServiceUrl - hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_L UT FF - user.js: CT2438727.uninstallLogServiceUrl - hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation FF - user.js: CommunityToolbar.SearchFromAddressBarSavedUrl - chrome://browser-region/locale/region.properties FF - user.js: CommunityToolbar.ToolbarsList - CT2438727 FF - user.js: CommunityToolbar.ToolbarsList2 - CT2438727 FF - user.js: CommunityToolbar.alert.alertInfoInterval - 1440 FF - user.js: CommunityToolbar.alert.alertInfoLastCheckTime - Tue Feb 15 2011 19:52 GMT+0000 (GMT Standard Time) FF - user.js: CommunityToolbar.alert.clientsServerUrl - hxxp://alert.client.conduit.com FF - user.js: CommunityToolbar.alert.locale - en FF - user.js: CommunityToolbar.alert.loginIntervalMin - 1440 FF - user.js: CommunityToolbar.alert.loginLastCheckTime - Tue Feb 15 2011 18:52 GMT+0000 (GMT Standard Time) FF - user.js: CommunityToolbar.alert.loginLastUpdateTime - 1291052234 FF - user.js: CommunityToolbar.alert.messageShowTimeSec - 20 FF - user.js: CommunityToolbar.alert.servicesServerUrl - hxxp://alert.services.conduit.com FF - user.js: CommunityToolbar.alert.showTrayIcon - false FF - user.js: CommunityToolbar.alert.userCloseIntervalMin - 300 FF - user.js: CommunityToolbar.alert.userId - {029615fa-cf91-40f4-9072-93950c5fb5f8} FF - user.js: accessibility.browsewithcaret - true FF - user.js: accessibility.typeaheadfind - true FF - user.js: accessibility.typeaheadfind.casesensitive - 1 FF - user.js: accessibility.typeaheadfind.flashBar - 0 FF - user.js: app.update.disable_button.showUpdateHistory - false FF - user.js: app.update.lastUpdateTime.addon-background-update-timer - 1326979408 FF - user.js: app.update.lastUpdateTime.background-update-timer - 1326979287 FF - user.js: app.update.lastUpdateTime.blocklist-background-update-timer - 1326979528 FF - user.js: app.update.lastUpdateTime.microsummary-generator-update-timer - 1313360628 FF - user.js: app.update.lastUpdateTime.places-maintenance-timer - 1304117503 FF - user.js: app.update.lastUpdateTime.search-engine-update-timer - 1326987885 FF - user.js: browser.anchor_color - #0000FF FF - user.js: browser.cache.disk.capacity - 1048576 FF - user.js: browser.cache.disk.smart_size.first_run - false FF - user.js: browser.cache.disk.smart_size_cached_value - 1048576 FF - user.js: browser.display.background_color - #C0C0C0 FF - user.js: browser.display.use_document_fonts - 0 FF - user.js: browser.display.use_system_colors - true FF - user.js: browser.download.lastDir - c:\\Documents and Settings\\John\\Desktop FF - user.js: browser.download.manager.alertOnEXEOpen - false FF - user.js: browser.download.manager.retention - 0 FF - user.js: browser.download.save_converter_index - 3 FF - user.js: browser.feeds.showFirstRunUI - false FF - user.js: browser.formfill.enable - false FF - user.js: browser.history_expire_days.mirror - 180 FF - user.js: browser.migration.version - 5 FF - user.js: browser.offline - false FF - user.js: browser.places.smartBookmarksVersion - 2 FF - user.js: browser.preferences.advanced.selectedTabIndex - 3 FF - user.js: browser.privatebrowsing.dont_prompt_on_enter - true FF - user.js: browser.rights.3.shown - true FF - user.js: browser.search.selectedEngine - Bing FF - user.js: browser.search.useDBForOrder - true FF - user.js: browser.shell.checkDefaultBrowser - false FF - user.js: browser.startup.homepage - hxxp://www.facebook.com/home.php?ref=hp FF - user.js: browser.startup.homepage_override.buildID - 20111220165912 FF - user.js: browser.startup.homepage_override.mstone - rv:9.0.1 FF - user.js: browser.syncPromoViewsLeft - 0 FF - user.js: browser.tabs.loadInBackground - false FF - user.js: browser.urlbar.default.behavior - 1 FF - user.js: browser.visited_color - #800080 FF - user.js: dom.disable_open_during_load - false FF - user.js: dom.event.contextmenu.enabled - false FF - user.js: dom.max_script_run_time - 0 FF - user.js: extensions.MicrosoftCG.lastRunTime - Mon, 01 Nov 2010 22:13 GMT FF - user.js: extensions.blocklist.pingCountTotal - 237 FF - user.js: extensions.blocklist.pingCountVersion - 9 FF - user.js: extensions.bootstrappedAddons - {} FF - user.js: extensions.databaseSchema - 6 FF - user.js: extensions.enabledAddons - {972ce4c6-7e08-4474-a285-3208198ce6fd}:9.0.1 FF - user.js: extensions.enabledItems - {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17 FF - user.js: extensions.installCache - [{\name\:\winreg-app-global\,\addons\:{\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\WINDOWS\\\\Microsoft.NET\\\\Framework\\ \\v3.5\\\\Windows Presentation Foundation\\\\DotNetAssistantExtension\,\mtime\:1277663450843},\smartwebpri nting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031},\jqs@sun.com\:{\descripto r\:\c:\\\\Program Files\\\\Java\\\\jre6\\\\lib\\\\deploy\\\\jqs\\\\ff\,\mtime\:1288081481343} }},{\name\:\app-global\,\addons\:{\{972ce4c6-7e08-4474-a285-3208198ce6fd}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\,\mtime\:1326272142546},\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\:{\descriptor\:\c:\\\\Program Files\\\\Mozilla Firefox\\\\extensions\\\\{F7CB456D-D310-4572-8C28-A6D45F6F8F10}\,\mtime\:1326329926656}}},{\name\:\winreg-app-user\,\addons\:{\smartwebprinting@hp.com\:{\descriptor\:\c:\\\\Program Files\\\\HP\\\\Digital Imaging\\\\Smart Web Printing\\\\MozillaAddOn3\,\mtime\:1300649420031}}},{\name\:\app-profile\,\addons\:{\firefox@zoodles.com\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \firefox@zoodles.com.xpi\,\mtime\:1314085773315},\{20a82645-c095-46ed-80e3-08825760534b}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \{20a82645-c095-46ed-80e3-08825760534b}\,\mtime\:1280323145296},\{7b13ec3e-999a-4b70-b9cb-2617b8323822}\:{\descriptor\:\c:\\\\Documents and Settings\\\\John\\\\Application Data\\\\Mozilla\\\\Firefox\\\\Profiles\\\\hjcms5ve.default\\\\extensions\\\ \{7b13ec3e-999a-4b70-b9cb-2617b8323822}\,\mtime\:1326224466051}}}] FF - user.js: extensions.lastAppVersion - 9.0.1 FF - user.js: extensions.lastPlatformVersion - 9.0.1 FF - user.js: extensions.pendingOperations - false FF - user.js: extensions.update.notifyUser - false FF - user.js: extensions.zoodles.account_created - true FF - user.js: extensions.zoodles.toolbar_installed - true FF - user.js: font.name.serif.x-western - Verdana FF - user.js: general.useragent.extra.microsoftdotnet - ( .NET CLR 3.5.30729) FF - user.js: general.useragent.extra.zoodles - FF - user.js: general.useragent.extra.zoodles_parent - InquisitiveMindsAddon FF - user.js: gfx.blacklist.direct2d - 2 FF - user.js: gfx.blacklist.layers.direct3d10 - 2 FF - user.js: gfx.blacklist.layers.direct3d10-1 - 2 FF - user.js: idle.lastDailyNotification - 1326992866 FF - user.js: intl.charsetmenu.browser.cache - ISO-8859-8, UTF-8, ISO-8859-2, windows-1252, ISO-8859-15 FF - user.js: lightweightThemes.isThemeSelected - false FF - user.js: lightweightThemes.persisted.footerURL - true FF - user.js: lightweightThemes.persisted.headerURL - true FF - user.js: lightweightThemes.usedThemes - [{\id\:\30987\,\name\:\endless possibilities by etsu\,\headerURL\:\hxxp://getpersonas-cdn.mozilla.net/static/8/7/30987/etsu_v2_header.jpg?1260925626\,\footerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\etsu meusy’s work has been described as “sunny and clean” by giant robot and “nostalgia-tinged 70s and 80s pop cultural pastiches” by coolhunting. etsu blends together paint, hand drawn typography and the odd guest appearance from 80s icons like axl rose and the smurfs to create dreamy rainbow colored landscapes. her artwork has been featured in nylon magazine and art books by die gestalten.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/30987\,\version\:\1260925626\},{\id\:\95641\,\name\:\supernatural-dean\,\headerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\this is a supernatural persona\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/95641\,\version\:\1265334322\},{\id\:\64769\,\name\:\sunset over water\,\headerURL\:\http://getpersonas-cdn.mozilla.net/s...ription\:\this is a personal photo i took. i have a wallpaper to match this and it can be found at\\u000d\\u000a:http://nature.desktopnexus.com/wallp...\u000d\\u000aI also made an iGoogle theme called Framed Sunset and you can use that as your theme if you use iGoogle.\,\updateURL\:\https://www.getpersonas.com/en-us/update_check/64769\}] FF - user.js: microsoft.CLR.auto_install - false FF - user.js: network.cookie.lifetimePolicy - 2 FF - user.js: network.cookie.prefsMigrated - true FF - user.js: network.proxy.type - 2 FF - user.js: places.database.lastMaintenance - 1326992866 FF - user.js: places.history.expiration.transient_current_max_pages - 76949 FF - user.js: places.history.expiration.transient_optimal_database_size - 123117894 FF - user.js: places.last_vacuum - 1301663853 FF - user.js: pref.advanced.images.disable_button.view_image - false FF - user.js: pref.advanced.javascript.disable_button.advanced - false FF - user.js: pref.browser.homepage.disable_button.bookmark_page - false FF - user.js: pref.privacy.disable_button.view_cookies - false FF - user.js: print.print_printer - HP Deskjet D2600 series FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgcolor - true FF - user.js: print.printer_HP_Deskjet_D2600_series.print_bgimages - true FF - user.js: print.printer_HP_Deskjet_D2600_series.print_command - FF - user.js: print.printer_HP_Deskjet_D2600_series.print_downloadfonts - false FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_bottom - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_left - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_right - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_edge_top - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_evenpages - true FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footercenter - FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerleft - &PT FF - user.js: print.printer_HP_Deskjet_D2600_series.print_footerright - &D FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headercenter - FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerleft - &T FF - user.js: print.printer_HP_Deskjet_D2600_series.print_headerright - &U FF - user.js: print.printer_HP_Deskjet_D2600_series.print_in_color - true FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_left - 0.5 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_right - 0.5 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_margin_top - 0.5 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_oddpages - true FF - user.js: print.printer_HP_Deskjet_D2600_series.print_orientation - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_pagedelay - 500 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_data - 9 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_height - 11.00 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_type - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_size_unit - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_paper_width - 8.50 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_reversed - false FF - user.js: print.printer_HP_Deskjet_D2600_series.print_scaling - 1.25 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_shrink_to_fit - false FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_file - false FF - user.js: print.printer_HP_Deskjet_D2600_series.print_to_filename - FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0 FF - user.js: print.printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgcolor - false FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_bgimages - false FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_command - FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_downloadfonts - false FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_bottom - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_left - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_right - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_edge_top - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_evenpages - true FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footercenter - FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerleft - &PT FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_footerright - &D FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headercenter - FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerleft - &T FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_headerright - &U FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_in_color - true FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_bottom - 0.5 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_left - 0.5 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_right - 0.5 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_margin_top - 0.5 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_oddpages - true FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_orientation - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_pagedelay - 500 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_data - 6 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_height - 11.00 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_type - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_size_unit - 1 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_paper_width - 8.50 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_reversed - false FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_scaling - 1.00 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_shrink_to_fit - true FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_file - false FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_to_filename - FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_bottom - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_left - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_right - 0 FF - user.js: print.printer_Microsoft_XPS_Document_Writer.print_unwriteable_margin_top - 0 FF - user.js: print_printer - HP Deskjet D2600 series FF - user.js: printer_HP_Deskjet_D2600_series.print_bgcolor - false FF - user.js: printer_HP_Deskjet_D2600_series.print_bgimages - false FF - user.js: printer_HP_Deskjet_D2600_series.print_colorspace - FF - user.js: printer_HP_Deskjet_D2600_series.print_command - FF - user.js: printer_HP_Deskjet_D2600_series.print_downloadfonts - false FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_bottom - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_left - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_right - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_edge_top - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_evenpages - true FF - user.js: printer_HP_Deskjet_D2600_series.print_footercenter - FF - user.js: printer_HP_Deskjet_D2600_series.print_footerleft - &PT FF - user.js: printer_HP_Deskjet_D2600_series.print_footerright - &D FF - user.js: printer_HP_Deskjet_D2600_series.print_headercenter - FF - user.js: printer_HP_Deskjet_D2600_series.print_headerleft - &T FF - user.js: printer_HP_Deskjet_D2600_series.print_headerright - &U FF - user.js: printer_HP_Deskjet_D2600_series.print_in_color - true FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_bottom - 0.5 FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_left - 0.5 FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_right - 0.5 FF - user.js: printer_HP_Deskjet_D2600_series.print_margin_top - 0.5 FF - user.js: printer_HP_Deskjet_D2600_series.print_oddpages - true FF - user.js: printer_HP_Deskjet_D2600_series.print_orientation - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_page_delay - 50 FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_data - 9 FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_height - 11.00 FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_name - FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_type - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_size_unit - 1 FF - user.js: printer_HP_Deskjet_D2600_series.print_paper_width - 8.50 FF - user.js: printer_HP_Deskjet_D2600_series.print_plex_name - FF - user.js: printer_HP_Deskjet_D2600_series.print_resolution_name - FF - user.js: printer_HP_Deskjet_D2600_series.print_reversed - false FF - user.js: printer_HP_Deskjet_D2600_series.print_scaling - 1.00 FF - user.js: printer_HP_Deskjet_D2600_series.print_shrink_to_fit - true FF - user.js: printer_HP_Deskjet_D2600_series.print_to_file - false FF - user.js: printer_HP_Deskjet_D2600_series.print_to_filename - FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_bottom - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_left - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_right - 0 FF - user.js: printer_HP_Deskjet_D2600_series.print_unwriteable_margin_top - 0 FF - user.js: privacy.cpd.siteSettings - true FF - user.js: privacy.donottrackheader.enabled - true FF - user.js: privacy.popups.showBrowserMessage - false FF - user.js: privacy.sanitize.migrateFx3Prefs - true FF - user.js: privacy.sanitize.timeSpan - 0 FF - user.js: security.disable_button.openCertManager - false FF - user.js: security.disable_button.openDeviceManager - false FF - user.js: security.enable_ssl2 - true FF - user.js: security.warn_viewing_mixed - false FF - user.js: services.sync.clients.lastSync - 0 FF - user.js: services.sync.clients.lastSyncLocal - 0 FF - user.js: services.sync.migrated - true FF - user.js: services.sync.tabs.lastSync - 0 FF - user.js: services.sync.tabs.lastSyncLocal - 0 FF - user.js: signon.rememberSignons - false FF - user.js: storage.vacuum.last.index - 1 FF - user.js: storage.vacuum.last.places.sqlite - 1325869576 FF - user.js: toolkit.telemetry.prompted - 2 FF - user.js: toolkit.telemetry.rejected - true FF - user.js: urlclassifier.keyupdatetime.hxxps://sb-ssl.google.com/safebrowsing/newkey - 1329414084 FF - user.js: xpinstall.whitelist.add - FF - user.js: xpinstall.whitelist.add.36 - . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2012-05-19 18:08 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1085031214-1957994488-725345543-1004\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(1096) c:\program files\SUPERAntiSpyware\SASWINLO.DLL c:\windows\system32\WININET.dll . - - - - - - - > 'explorer.exe'(3084) c:\windows\system32\WININET.dll c:\program files\Iconix\OEAddOn\OEldr_7.dll c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.6195_x-ww_44262b86\MSVCR80.dll c:\windows\system32\ieframe.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\windows\system32\acs.exe c:\program files\Bonjour\mDNSResponder.exe c:\windows\system32\wscntfy.exe c:\windows\SOUNDMAN.EXE c:\windows\ALCWZRD.EXE . ************************************************************************** . Completion time: 2012-05-19 18:17:55 - machine was rebooted ComboFix-quarantined-files.txt 2012-05-19 17:17 ComboFix2.txt 2012-05-19 13:42 . Pre-Run: 154,587,893,760 bytes free Post-Run: 154,569,039,872 bytes free . - - End Of File - - 2AE5735BA08F1AE546315C6EA770B401 |
19-May-2012, 02:15 PM
#74 | ||||||
| If you have not rebooted after running Combofix please do so, this may bring back your internet connection, if not please wait for further instructions from Kevin. How to post a screenshot.
|
Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.
If you're not already familiar with forums, watch our Welcome Guide to get started.
| |
| Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
| Thread Tools | |
| |
button.
to download the ESET Smart Installer. Save it to your desktop.
icon on your desktop.
button.
, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
button.