Jump to content

dhp78us

Members
 View Profile  See their activity

  • Posts

    6

  • Joined

  • Last visited

 Content Type 

Everything posted by dhp78us

  1. dhp78us
    Deleted: # AdwCleaner v2.105 - Logfile created 01/12/2013 at 08:25:59 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Christine - CHRISTINE-PC # Boot Mode : Normal # Running from : C:\Users\Christine\Downloads\adwcleaner.exe # Option [Delete] ***** [services] ***** ***** [Files / Folders] ***** File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Askcom.xml File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Conduit.xml Folder Deleted : C:\Program Files (x86)\AppGraffiti Folder Deleted : C:\Program Files (x86)\Ask.com Folder Deleted : C:\Program Files (x86)\Freecorder Folder Deleted : C:\Program Files (x86)\Inbox Toolbar Folder Deleted : C:\Program Files (x86)\RebateInformer Folder Deleted : C:\ProgramData\Ask Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer Folder Deleted : C:\ProgramData\Partner Folder Deleted : C:\Users\Christine\AppData\Local\OpenCandy Folder Deleted : C:\Users\Christine\AppData\LocalLow\AskToolbar Folder Deleted : C:\Users\Christine\AppData\LocalLow\Conduit Folder Deleted : C:\Users\Christine\AppData\LocalLow\Freecorder Folder Deleted : C:\Users\Christine\AppData\LocalLow\Inbox Toolbar Folder Deleted : C:\Users\Christine\AppData\LocalLow\PriceGong Folder Deleted : C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Conduit Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\ConduitCommon Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT1060933 Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT2786678 Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\AppGraffiti@AppGraffiti.com Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\inboxcomtoolbar@inbox.com Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\toolbar@ask.com Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Inbox Toolbar Folder Deleted : C:\Users\Christine\AppData\Roaming\OpenCandy Folder Deleted : C:\Windows\Freecorder ***** [Registry] ***** Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar Key Deleted : HKCU\Software\AppDataLow\Toolbar Key Deleted : HKCU\Software\Ask&Record Key Deleted : HKCU\Software\Conduit Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C723818-7C90-4B95-AC60-30CAC92FAD51} Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933 Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Deleted : HKLM\Software\Conduit Key Deleted : HKLM\Software\Freecorder Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C723818-7C90-4B95-AC60-30CAC92FAD51} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7C723818-7C90-4B95-AC60-30CAC92FAD51} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0DFA453-9F4D-41EC-8E43-518A8FD7C749} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612} Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}] Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\prefs.js Deleted : user_pref("CT1060933..clientLogIsEnabled", false); Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_1000515", true); Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true); Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true); Deleted : user_pref("CT1060933.CTID", "CT1060933"); Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern S[...] Deleted : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...] Deleted : user_pref("CT1060933.CommunityChanged", true); Deleted : user_pref("CT1060933.CurrentServerDate", "6-1-2013"); Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR"); Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern Standa[...] Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168"); Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern [...] Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983"); Deleted : user_pref("CT1060933.DownloadReferralCookieData", ""); Deleted : user_pref("CT1060933.FirstServerDate", "5-10-2011"); Deleted : user_pref("CT1060933.FirstTime", true); Deleted : user_pref("CT1060933.FirstTimeFF3", true); Deleted : user_pref("CT1060933.FixPageNotFoundErrors", true); Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT1060933.HasUserGlobalKeys", true); Deleted : user_pref("CT1060933.Initialize", true); Deleted : user_pref("CT1060933.InitializeCommonPrefs", true); Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT1060933.InstalledDate", "Tue Oct 04 2011 19:26:00 GMT-0400 (Eastern Daylight Time)"); Deleted : user_pref("CT1060933.InvalidateCache", false); Deleted : user_pref("CT1060933.IsGrouping", false); Deleted : user_pref("CT1060933.IsMulticommunity", true); Deleted : user_pref("CT1060933.IsOpenThankYouPage", true); Deleted : user_pref("CT1060933.IsOpenUninstallPage", true); Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern Standar[...] Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:07 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Wed May 16 2012 10:36:40 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT1060933.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:28 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT1060933.LastLogin_3.14.1.0", "Sat Sep 22 2012 11:37:16 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT1060933.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:14 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT1060933.LastLogin_3.16.0.100", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern Standard Tim[...] Deleted : user_pref("CT1060933.LastLogin_3.16.0.3", "Mon Dec 31 2012 18:15:36 GMT-0500 (Eastern Standard Time)[...] Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern Daylight Time)"[...] Deleted : user_pref("CT1060933.LatestVersion", "3.16.0.100"); Deleted : user_pref("CT1060933.Locale", "en-us"); Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT1060933.RadioIsPodcast", false); Deleted : user_pref("CT1060933.RadioLastCheckTime", "Sat Oct 08 2011 07:45:47 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0"); Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000"); Deleted : user_pref("CT1060933.RadioMediaID", "21504191"); Deleted : user_pref("CT1060933.RadioMediaType", "Media Player"); Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191"); Deleted : user_pref("CT1060933.RadioStationName", "KFOG"); Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM"); Deleted : user_pref("CT1060933.SHRINK_TOOLBAR", 1); Deleted : user_pref("CT1060933.SavedHomepage", "resource:/browserconfig.properties"); Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...] Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true); Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Wed Jan 09 2013 11:51:25 GMT-0500 (Eastern Stand[...] Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Sat Jan 05 2013 23:36:33 GMT-0500 (Eastern Standard [...] Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT1060933.SettingsLastUpdate", "1357414822"); Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Tue Oct 04 2011 19:25:43 GMT-0400 (Eastern Day[...] Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586"); Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933"); Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT1060933.UserID", "UN90270965459433799"); Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2); Deleted : user_pref("CT1060933.alertChannelId", "15651"); Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423"); Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C6B6F6C756F6F6F"); Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473727175727B757575242F4B4947[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...] Deleted : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...] Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...] Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...] Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...] Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...] Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...] Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...] Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6A3F703E706B716D7A4448794A207779767B254D5221222A21[...] Deleted : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", ""); Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...] Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576"); Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...] Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6E673E3C734072747A777644477A7D764E7E212152"); Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6B6F6C756F6F6F777775"); Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A"); Deleted : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D"); Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E"); Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D70706F7674747977722A7978727875757C78"); Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443"); Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...] Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D"); Deleted : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B"); Deleted : user_pref("CT1060933.backendstorage.cbcountry_001", "5553"); Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "53756E204A616E20303620323031332030383A35393A34372[...] Deleted : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30"); Deleted : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F67656E6572616C2D6368616E67656C6[...] Deleted : user_pref("CT1060933.components.1000515", true); Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 08:09:15 GMT-0400 (Eastern [...] Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT1060933.initDone", true); Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true); Deleted : user_pref("CT1060933.myStuffEnabled", true); Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT1060933.revertSettingsEnabled", false); Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true); Deleted : user_pref("CT1060933.testingCtid", ""); Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern S[...] Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Tue Oct 04 2011 19:25:46 GMT-0400 (Eastern D[...] Deleted : user_pref("CT1060933.usagesFlag", 2); Deleted : user_pref("CT2786678..clientLogIsEnabled", false); Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Oct 10 2011 00:29:54 GMT-0400 (Eastern Daylight[...] Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true); Deleted : user_pref("CT2786678.CTID", "CT2786678"); Deleted : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0"); Deleted : user_pref("CT2786678.CurrentServerDate", "6-1-2013"); Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR"); Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern Standa[...] Deleted : user_pref("CT2786678.DownloadReferralCookieData", ""); Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Ti[...] Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 501); Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun May 15 2011 06:30:20 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10); Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15); Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5); Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5); Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15); Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10); Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5); Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5); Deleted : user_pref("CT2786678.FirstServerDate", "28-4-2011"); Deleted : user_pref("CT2786678.FirstTime", true); Deleted : user_pref("CT2786678.FirstTimeFF3", true); Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false); Deleted : user_pref("CT2786678.GroupingInvalidateCache", false); Deleted : user_pref("CT2786678.GroupingLastCheckTime", "0"); Deleted : user_pref("CT2786678.GroupingLastServerUpdateTime", "0"); Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440); Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Deleted : user_pref("CT2786678.HasUserGlobalKeys", true); Deleted : user_pref("CT2786678.Initialize", true); Deleted : user_pref("CT2786678.InitializeCommonPrefs", true); Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3); Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration"); Deleted : user_pref("CT2786678.InstalledDate", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern Daylight Time)"); Deleted : user_pref("CT2786678.InvalidateCache", false); Deleted : user_pref("CT2786678.IsGrouping", false); Deleted : user_pref("CT2786678.IsMulticommunity", false); Deleted : user_pref("CT2786678.IsOpenThankYouPage", true); Deleted : user_pref("CT2786678.IsOpenUninstallPage", false); Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern Standar[...] Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440); Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Deleted : user_pref("CT2786678.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:06 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT2786678.LastLogin_3.12.2.3", "Wed May 16 2012 16:57:34 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:29 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Fri Sep 21 2012 23:26:10 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT2786678.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:15 GMT-0400 (Eastern Daylight Time)[...] Deleted : user_pref("CT2786678.LastLogin_3.16.0.3", "Wed Jan 09 2013 11:51:25 GMT-0500 (Eastern Standard Time)[...] Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:43 GMT-0400 (Eastern Daylight Time)"[...] Deleted : user_pref("CT2786678.LatestVersion", "3.16.0.3"); Deleted : user_pref("CT2786678.Locale", "en"); Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83"); Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295"); Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true); Deleted : user_pref("CT2786678.RadioLastCheckTime", "0"); Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "0"); Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0"); Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true); Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...] Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true); Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440); Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Fri Jan 11 2013 18:25:20 GMT-0500 (Eastern Stand[...] Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Jan 09 2013 11:51:25 GMT-0500 (Eastern Standard [...] Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:20 GMT-0500 (Eastern Standard Ti[...] Deleted : user_pref("CT2786678.SettingsLastUpdate", "1357395074"); Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504); Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Sep 25 2011 11:04:19 GMT-0400 (Eastern Day[...] Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586"); Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false); Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678"); Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Deleted : user_pref("CT2786678.UserID", "UN86584854537217434"); Deleted : user_pref("CT2786678.ValidationData_Search", 2); Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2); Deleted : user_pref("CT2786678.WeatherNetwork", ""); Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Time)"); Deleted : user_pref("CT2786678.WeatherUnit", "F"); Deleted : user_pref("CT2786678.alertChannelId", "1178763"); Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "5553"); Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5468752053657020323920323031312031393A31363A31362[...] Deleted : user_pref("CT2786678.backendstorage.cbopenmamsettings", "30"); Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...] Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E676F6F676C652E636F6D2F75726[...] Deleted : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F67656E6572616C2D6368616E67656C6[...] Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333137393530313138393031"); Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 20:39:49 GMT-0400 (Eastern [...] Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true); Deleted : user_pref("CT2786678.initDone", true); Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true); Deleted : user_pref("CT2786678.myStuffEnabled", true); Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400); Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440); Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...] Deleted : user_pref("CT2786678.revertSettingsEnabled", false); Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10); Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true); Deleted : user_pref("CT2786678.testingCtid", ""); Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern S[...] Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern D[...] Deleted : user_pref("CT2786678.usagesFlag", 2); Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1060933"); Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"1-20877[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.2.1[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63453159798933[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"52a[...] Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Deleted : user_pref("CommunityToolbar.EngineOwner", ""); Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"); Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar"); Deleted : user_pref("CommunityToolbar.IsEngineShown", true); Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/gadget/video.html", "833x232")[...] Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"); Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar"); Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT1060933"); Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678,CT1060933"); Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 27 2011 18:17:10 GMT-04[...] Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Dec 03 2011 14:36:20 GMT-0500 (Easte[...] Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Deleted : user_pref("CommunityToolbar.alert.locale", "en"); Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Dec 03 2011 14:36:12 GMT-0500 (Eastern S[...] Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false); Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Deleted : user_pref("CommunityToolbar.alert.userId", "6fb688c5-3ebb-4f62-b5f4-c4753dffedc3"); Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 09 2011 10:01:20 GMT-0400 (Eas[...] Deleted : user_pref("CommunityToolbar.globalUserId", "1d9a9ef2-3b0a-49c6-866f-f82eb0a529bb"); Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933"); Deleted : user_pref("CommunityToolbar.killedEngine", true); Deleted : user_pref("CommunityToolbar.undefined", ""); Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search"); Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...] Deleted : user_pref("browser.search.selectedEngine", "Freecorder Customized Web Search"); Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q="); -\\ Google Chrome v23.0.1271.97 File : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [32297 octets] - [08/01/2013 21:08:28] AdwCleaner[s1].txt - [38361 octets] - [12/01/2013 08:25:59] ########## EOF - C:\AdwCleaner[s1].txt - [38422 octets] ##########
  2. dhp78us
    ok, here is the next log.... # AdwCleaner v2.105 - Logfile created 01/08/2013 at 21:08:28 # Updated 08/01/2013 by Xplode # Operating system : Windows 7 Home Premium (64 bits) # User : Christine - CHRISTINE-PC # Boot Mode : Normal # Running from : C:\Users\Christine\Downloads\adwcleaner.exe # Option [search] ***** [services] ***** ***** [Files / Folders] ***** File Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Askcom.xml File Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Conduit.xml Folder Found : C:\Program Files (x86)\AppGraffiti Folder Found : C:\Program Files (x86)\Ask.com Folder Found : C:\Program Files (x86)\Freecorder Folder Found : C:\Program Files (x86)\Inbox Toolbar Folder Found : C:\Program Files (x86)\RebateInformer Folder Found : C:\ProgramData\Ask Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer Folder Found : C:\ProgramData\Partner Folder Found : C:\Users\Christine\AppData\Local\OpenCandy Folder Found : C:\Users\Christine\AppData\LocalLow\AskToolbar Folder Found : C:\Users\Christine\AppData\LocalLow\Conduit Folder Found : C:\Users\Christine\AppData\LocalLow\Freecorder Folder Found : C:\Users\Christine\AppData\LocalLow\Inbox Toolbar Folder Found : C:\Users\Christine\AppData\LocalLow\PriceGong Folder Found : C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Conduit Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\ConduitCommon Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT1060933 Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT2786678 Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612} Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\AppGraffiti@AppGraffiti.com Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\inboxcomtoolbar@inbox.com Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\toolbar@ask.com Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Inbox Toolbar Folder Found : C:\Users\Christine\AppData\Roaming\OpenCandy Folder Found : C:\Windows\Freecorder ***** [Registry] ***** Key Found : HKCU\Software\AppDataLow\Software\Freecorder Key Found : HKCU\Software\AppDataLow\Software\PriceGong Key Found : HKCU\Software\AppDataLow\Software\Toolbar Key Found : HKCU\Software\AppDataLow\Toolbar Key Found : HKCU\Software\Ask&Record Key Found : HKCU\Software\Conduit Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612} Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C723818-7C90-4B95-AC60-30CAC92FAD51} Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933 Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678 Key Found : HKLM\Software\Conduit Key Found : HKLM\Software\Freecorder Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C723818-7C90-4B95-AC60-30CAC92FAD51} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612} Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7C723818-7C90-4B95-AC60-30CAC92FAD51} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0DFA453-9F4D-41EC-8E43-518A8FD7C749} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612} Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}] Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}] Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}] Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}] ***** [internet Browsers] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Registry is clean. -\\ Mozilla Firefox v17.0.1 (en-US) File : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\prefs.js Found : user_pref("CT1060933..clientLogIsEnabled", false); Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT1060933.BrowserCompStateIsOpen_1000515", true); Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true); Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true); Found : user_pref("CT1060933.CTID", "CT1060933"); Found : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern S[...] Found : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...] Found : user_pref("CT1060933.CommunityChanged", true); Found : user_pref("CT1060933.CurrentServerDate", "6-1-2013"); Found : user_pref("CT1060933.DialogsAlignMode", "LTR"); Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern Standa[...] Found : user_pref("CT1060933.DownloadDomainsCheckInterval", "168"); Found : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern [...] Found : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983"); Found : user_pref("CT1060933.DownloadReferralCookieData", ""); Found : user_pref("CT1060933.FirstServerDate", "5-10-2011"); Found : user_pref("CT1060933.FirstTime", true); Found : user_pref("CT1060933.FirstTimeFF3", true); Found : user_pref("CT1060933.FixPageNotFoundErrors", true); Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440); Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT1060933.HasUserGlobalKeys", true); Found : user_pref("CT1060933.Initialize", true); Found : user_pref("CT1060933.InitializeCommonPrefs", true); Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT1060933.InstalledDate", "Tue Oct 04 2011 19:26:00 GMT-0400 (Eastern Daylight Time)"); Found : user_pref("CT1060933.InvalidateCache", false); Found : user_pref("CT1060933.IsGrouping", false); Found : user_pref("CT1060933.IsMulticommunity", true); Found : user_pref("CT1060933.IsOpenThankYouPage", true); Found : user_pref("CT1060933.IsOpenUninstallPage", true); Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern Standar[...] Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:07 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT1060933.LastLogin_3.12.2.3", "Wed May 16 2012 10:36:40 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:28 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Sat Sep 22 2012 11:37:16 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT1060933.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:14 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT1060933.LastLogin_3.16.0.100", "Sun Jan 06 2013 08:59:20 GMT-0500 (Eastern Standard Tim[...] Found : user_pref("CT1060933.LastLogin_3.16.0.3", "Mon Dec 31 2012 18:15:36 GMT-0500 (Eastern Standard Time)[...] Found : user_pref("CT1060933.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern Daylight Time)"[...] Found : user_pref("CT1060933.LatestVersion", "3.16.0.100"); Found : user_pref("CT1060933.Locale", "en-us"); Found : user_pref("CT1060933.MCDetectTooltipHeight", "83"); Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT1060933.MCDetectTooltipWidth", "295"); Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true); Found : user_pref("CT1060933.RadioIsPodcast", false); Found : user_pref("CT1060933.RadioLastCheckTime", "Sat Oct 08 2011 07:45:47 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0"); Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000"); Found : user_pref("CT1060933.RadioMediaID", "21504191"); Found : user_pref("CT1060933.RadioMediaType", "Media Player"); Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191"); Found : user_pref("CT1060933.RadioStationName", "KFOG"); Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM"); Found : user_pref("CT1060933.SHRINK_TOOLBAR", 1); Found : user_pref("CT1060933.SavedHomepage", "resource:/browserconfig.properties"); Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true); Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...] Found : user_pref("CT1060933.SearchInNewTabEnabled", true); Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Sat Jan 05 2013 23:36:32 GMT-0500 (Eastern Stand[...] Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Sat Jan 05 2013 23:36:33 GMT-0500 (Eastern Standard [...] Found : user_pref("CT1060933.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern Standard Ti[...] Found : user_pref("CT1060933.SettingsLastUpdate", "1357414822"); Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504); Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Tue Oct 04 2011 19:25:43 GMT-0400 (Eastern Day[...] Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586"); Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933"); Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT1060933.UserID", "UN90270965459433799"); Found : user_pref("CT1060933.ValidationData_Toolbar", 2); Found : user_pref("CT1060933.alertChannelId", "15651"); Found : user_pref("CT1060933.backendstorage.cbfirsttime", "53756E204A616E20303620323031332030383A35393A34372[...] Found : user_pref("CT1060933.components.1000515", true); Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 08:09:15 GMT-0400 (Eastern [...] Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true); Found : user_pref("CT1060933.initDone", true); Found : user_pref("CT1060933.isAppTrackingManagerOn", true); Found : user_pref("CT1060933.myStuffEnabled", true); Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400); Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440); Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT1060933.revertSettingsEnabled", false); Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT1060933.searchProtectorEnableByLogin", true); Found : user_pref("CT1060933.testingCtid", ""); Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern S[...] Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Tue Oct 04 2011 19:25:46 GMT-0400 (Eastern D[...] Found : user_pref("CT1060933.usagesFlag", 2); Found : user_pref("CT2786678..clientLogIsEnabled", false); Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...] Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...] Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Found : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Oct 10 2011 00:29:54 GMT-0400 (Eastern Daylight[...] Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true); Found : user_pref("CT2786678.CTID", "CT2786678"); Found : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0"); Found : user_pref("CT2786678.CurrentServerDate", "6-1-2013"); Found : user_pref("CT2786678.DialogsAlignMode", "LTR"); Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern Standa[...] Found : user_pref("CT2786678.DownloadReferralCookieData", ""); Found : user_pref("CT2786678.EMailNotifierPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Ti[...] Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 501); Found : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun May 15 2011 06:30:20 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...] Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.FeedTTL129301619375444699", 10); Found : user_pref("CT2786678.FeedTTL129301619375444723", 15); Found : user_pref("CT2786678.FeedTTL129301619375444735", 5); Found : user_pref("CT2786678.FeedTTL129301619375444747", 5); Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15); Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10); Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5); Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5); Found : user_pref("CT2786678.FirstServerDate", "28-4-2011"); Found : user_pref("CT2786678.FirstTime", true); Found : user_pref("CT2786678.FirstTimeFF3", true); Found : user_pref("CT2786678.FixPageNotFoundErrors", false); Found : user_pref("CT2786678.GroupingInvalidateCache", false); Found : user_pref("CT2786678.GroupingLastCheckTime", "0"); Found : user_pref("CT2786678.GroupingLastServerUpdateTime", "0"); Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440); Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Found : user_pref("CT2786678.HasUserGlobalKeys", true); Found : user_pref("CT2786678.Initialize", true); Found : user_pref("CT2786678.InitializeCommonPrefs", true); Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3); Found : user_pref("CT2786678.InstallationType", "UnknownIntegration"); Found : user_pref("CT2786678.InstalledDate", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern Daylight Time)"); Found : user_pref("CT2786678.InvalidateCache", false); Found : user_pref("CT2786678.IsGrouping", false); Found : user_pref("CT2786678.IsMulticommunity", false); Found : user_pref("CT2786678.IsOpenThankYouPage", true); Found : user_pref("CT2786678.IsOpenUninstallPage", false); Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern Standar[...] Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440); Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...] Found : user_pref("CT2786678.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:06 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT2786678.LastLogin_3.12.2.3", "Wed May 16 2012 16:57:34 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT2786678.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:29 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT2786678.LastLogin_3.14.1.0", "Fri Sep 21 2012 23:26:10 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT2786678.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:15 GMT-0400 (Eastern Daylight Time)[...] Found : user_pref("CT2786678.LastLogin_3.16.0.3", "Sun Jan 06 2013 08:59:22 GMT-0500 (Eastern Standard Time)[...] Found : user_pref("CT2786678.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:43 GMT-0400 (Eastern Daylight Time)"[...] Found : user_pref("CT2786678.LatestVersion", "3.16.0.3"); Found : user_pref("CT2786678.Locale", "en"); Found : user_pref("CT2786678.MCDetectTooltipHeight", "83"); Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Found : user_pref("CT2786678.MCDetectTooltipWidth", "295"); Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true); Found : user_pref("CT2786678.RadioLastCheckTime", "0"); Found : user_pref("CT2786678.RadioLastUpdateIPServer", "0"); Found : user_pref("CT2786678.RadioLastUpdateServer", "0"); Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true); Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...] Found : user_pref("CT2786678.SearchInNewTabEnabled", true); Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440); Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Jan 05 2013 23:36:36 GMT-0500 (Eastern Stand[...] Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...] Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...] Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Jan 05 2013 23:36:33 GMT-0500 (Eastern Standard [...] Found : user_pref("CT2786678.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:20 GMT-0500 (Eastern Standard Ti[...] Found : user_pref("CT2786678.SettingsLastUpdate", "1357395074"); Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504); Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Sep 25 2011 11:04:19 GMT-0400 (Eastern Day[...] Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586"); Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false); Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678"); Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...] Found : user_pref("CT2786678.UserID", "UN86584854537217434"); Found : user_pref("CT2786678.ValidationData_Search", 2); Found : user_pref("CT2786678.ValidationData_Toolbar", 2); Found : user_pref("CT2786678.WeatherNetwork", ""); Found : user_pref("CT2786678.WeatherPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Time)"); Found : user_pref("CT2786678.WeatherUnit", "F"); Found : user_pref("CT2786678.alertChannelId", "1178763"); Found : user_pref("CT2786678.backendstorage.cbfirsttime", "5468752053657020323920323031312031393A31363A31362[...] Found : user_pref("CT2786678.backendstorage.cbopenmamsettings", "30"); Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...] Found : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E676F6F676C652E636F6D2F75726[...] Found : user_pref("CT2786678.backendstorage.url_history_time", "31333137393530313138393031"); Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...] Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 20:39:49 GMT-0400 (Eastern [...] Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true); Found : user_pref("CT2786678.initDone", true); Found : user_pref("CT2786678.isAppTrackingManagerOn", true); Found : user_pref("CT2786678.myStuffEnabled", true); Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400); Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...] Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440); Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...] Found : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...] Found : user_pref("CT2786678.revertSettingsEnabled", false); Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10); Found : user_pref("CT2786678.searchProtectorEnableByLogin", true); Found : user_pref("CT2786678.testingCtid", ""); Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern S[...] Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern D[...] Found : user_pref("CT2786678.usagesFlag", 2); Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1060933"); Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...] Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"1-20877[...] Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.2.1[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63453159798933[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...] Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"52a[...] Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...] Found : user_pref("CommunityToolbar.EngineOwner", ""); Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"); Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar"); Found : user_pref("CommunityToolbar.IsEngineShown", true); Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true); Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/gadget/video.html", "833x232")[...] Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"); Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar"); Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...] Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT1060933"); Found : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678,CT1060933"); Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 27 2011 18:17:10 GMT-04[...] Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440); Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Dec 03 2011 14:36:20 GMT-0500 (Easte[...] Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com"); Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true); Found : user_pref("CommunityToolbar.alert.locale", "en"); Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440); Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Dec 03 2011 14:36:12 GMT-0500 (Eastern S[...] Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611"); Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20); Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com"); Found : user_pref("CommunityToolbar.alert.showTrayIcon", false); Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300); Found : user_pref("CommunityToolbar.alert.userId", "6fb688c5-3ebb-4f62-b5f4-c4753dffedc3"); Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 09 2011 10:01:20 GMT-0400 (Eas[...] Found : user_pref("CommunityToolbar.globalUserId", "1d9a9ef2-3b0a-49c6-866f-f82eb0a529bb"); Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933"); Found : user_pref("CommunityToolbar.killedEngine", true); Found : user_pref("CommunityToolbar.undefined", ""); Found : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search"); Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...] Found : user_pref("browser.search.selectedEngine", "Freecorder Customized Web Search"); Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q="); -\\ Google Chrome v23.0.1271.97 File : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] File is clean. ************************* AdwCleaner[R1].txt - [32166 octets] - [08/01/2013 21:08:28] ########## EOF - C:\AdwCleaner[R1].txt - [32227 octets] ##########
  3. dhp78us
    Ok, here is the next log... ComboFix 13-01-05.01 - Christine 01/06/2013 8:22.1.2 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2581 [GMT -5:00] Running from: c:\users\Christine\Desktop\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Christine\501607876.exe c:\windows\wininit.ini . . ((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 ))))))))))))))))))))))))))))))) . . 2013-01-06 13:36 . 2013-01-06 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-01 23:20 . 2013-01-01 23:20 -------- d-----w- c:\users\Christine\AppData\Roaming\Malwarebytes 2013-01-01 23:20 . 2013-01-01 23:20 -------- d-----w- c:\programdata\Malwarebytes 2013-01-01 23:20 . 2013-01-01 23:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-01 23:20 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-30 13:34 . 2012-12-30 13:34 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\612ae5ed1cde69222\MeshBetaRemover.exe 2012-12-30 13:33 . 2012-12-30 13:33 -------- d-----w- c:\users\Christine\AppData\Local\Windows Live 2012-12-30 13:03 . 2012-12-30 22:33 -------- d-----w- c:\windows\system32\SPReview 2012-12-30 13:00 . 2012-12-30 13:00 -------- d-----w- c:\windows\system32\EventProviders 2012-12-30 12:59 . 2012-12-30 22:33 -------- d-----w- C:\c64f695e382cea0e1608554a9e787d 2012-12-30 12:58 . 2012-12-30 12:58 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-12-30 12:58 . 2012-12-30 12:58 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe 2012-12-30 12:58 . 2012-12-30 12:58 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2012-12-28 10:20 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA649C17-5065-4EC3-9110-97987310ECE2}\mpengine.dll 2012-12-21 21:11 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 21:11 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 21:11 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 21:11 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-14 21:32 . 2012-12-14 21:32 -------- d-----w- c:\program files (x86)\Common Files\Skype 2012-12-13 00:45 . 2012-10-04 17:32 425984 ----a-w- c:\windows\system32\KernelBase.dll 2012-12-13 00:37 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-13 00:37 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-13 00:31 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys 2012-12-13 00:30 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys 2012-12-13 00:03 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-13 00:03 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-13 23:50 . 2009-12-27 00:45 67413224 ----a-w- c:\windows\system32\MRT.exe 2012-11-30 11:56 . 2012-11-30 11:56 489712 ----a-w- c:\users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe 2012-10-16 21:20 . 2012-11-28 12:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20 . 2012-11-28 12:18 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34 . 2012-11-28 12:18 559104 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-11 01:24 . 2012-10-11 01:24 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2012-10-11 01:24 . 2010-10-21 01:37 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\tbFree.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] 2010-10-18 16:26 3908192 ----a-w- c:\program files (x86)\Freecorder\tbFree.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar] "{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\tbFree.dll" [2010-10-18 3908192] . [HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}] . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408] "NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648] "Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-14 1354736] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888] "EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304] "ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112] "Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568] "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424] "UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-05-27 413696] "SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096] "AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992] "AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144] "Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936] "BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-27 113664] McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536] Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gupdate1ca7e43895d74bb;Google Update Service (gupdate1ca7e43895d74bb);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 133104] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280] R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864] R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096] R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1255736] R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464] S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320] S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496] S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160] S2 UsbService;Eltima Usb to Ethernet Connector;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2009-05-05 326656] S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760] S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864] S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872] S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-12-17 47616] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - WS2IFSL . Contents of the 'Scheduled Tasks' folder . 2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 11:32] . 2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 11:32] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960] "AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208] . ------- Supplementary Scan ------- . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054 uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054 mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 FF - ProfilePath - c:\users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q= . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) Toolbar-Locked - (no file) Wow6432Node-HKCU-Run-AdobeBridge - (no file) SafeBoot-mcmscsvc SafeBoot-MCODS Toolbar-Locked - (no file) WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}] @Denied: (A 2) (Everyone) @="IFlashBroker2" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Other Running Processes ------------------------ . c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe . ************************************************************************** . Completion time: 2013-01-06 08:57:32 - machine was rebooted ComboFix-quarantined-files.txt 2013-01-06 13:57 . Pre-Run: 165,295,280,128 bytes free Post-Run: 168,034,500,608 bytes free . - - End Of File - - 3BEC27F20B355BFB40A455644BA47099
  4. dhp78us
    I got 0 detections after the 3rd scan........ Malwarebytes Anti-Rootkit 1.01.0.1011 www.malwarebytes.org Database version: v2013.01.04.01 Windows 7 x64 NTFS Internet Explorer 9.0.8112.16421 Christine :: CHRISTINE-PC [administrator] 1/4/2013 7:11:04 AM mbar-log-2013-01-04 (07-11-04).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 31812 Time elapsed: 32 minute(s), 28 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_35 File system is: NTFS Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED CPU speed: 2.100000 GHz Memory total: 4024811520, free: 2763059200 ------------ Kernel report ------------ 01/03/2013 21:03:25 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\SysWOW64\drivers\Afc.sys \??\C:\Windows\system32\drivers\UBHelper.sys \??\C:\Windows\system32\drivers\NTIDrvr.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\vuhub.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtiHdmi.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\CAXHWAZL.sys \SystemRoot\system32\DRIVERS\CAX_DPV.sys \SystemRoot\system32\DRIVERS\CAX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\XAudio64.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\system32\DRIVERS\USBSTOR.SYS \SystemRoot\system32\DRIVERS\wdcsam64.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\usp10.dll \Windows\System32\advapi32.dll \Windows\System32\msctf.dll \Windows\System32\urlmon.dll \Windows\System32\gdi32.dll \Windows\System32\ole32.dll \Windows\System32\imm32.dll \Windows\System32\ws2_32.dll \Windows\System32\user32.dll \Windows\System32\iertutil.dll \Windows\System32\Wldap32.dll \Windows\System32\imagehlp.dll \Windows\System32\rpcrt4.dll \Windows\System32\psapi.dll \Windows\System32\clbcatq.dll \Windows\System32\shell32.dll \Windows\System32\oleaut32.dll \Windows\System32\nsi.dll \Windows\System32\difxapi.dll \Windows\System32\msvcrt.dll \Windows\System32\comdlg32.dll \Windows\System32\lpk.dll \Windows\System32\kernel32.dll \Windows\System32\setupapi.dll \Windows\System32\wininet.dll \Windows\System32\shlwapi.dll \Windows\System32\sechost.dll \Windows\System32\normaliz.dll \Windows\System32\crypt32.dll \Windows\System32\wintrust.dll \Windows\System32\KernelBase.dll \Windows\System32\cfgmgr32.dll \Windows\System32\devobj.dll \Windows\System32\comctl32.dll \Windows\System32\msasn1.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk1\DR3 Upper Device Object: 0xfffffa8005b86570 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\0000008c\ Lower Device Object: 0xfffffa8005dd7b60 Lower Device Driver Name: \Driver\USBSTOR\ Driver name found: USBSTOR DriverEntry returned 0x0 Function returned 0x0 <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80049f1060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa800494a060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 No address found Downloaded database version: v2013.01.04.01 Downloaded database version: v2012.12.27.02 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80049f1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80049f04f0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80049f1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa800494a060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a00d5ec070, 0xfffffa80049f1060, 0xfffffa800717e150 Lower DeviceData: 0xfffff8a01235bd40, 0xfffffa800494a060, 0xfffffa8004f34850 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2EB82EB7 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 24576000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 24578048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 24782848 Numsec = 600357552 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Physical Sector Size: 512 Drive: 1, DevicePointer: 0xfffffa8005b86570, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80063f33a0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8005b86570, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8007752c00, DeviceName: Unknown, DriverName: \Driver\usbfilter\ DevicePointer: 0xfffffa8005dd7b60, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\ ------------ End ---------- Upper DeviceData: 0xfffff8a00fbf6c20, 0xfffffa8005b86570, 0xfffffa8003d3e340 Lower DeviceData: 0xfffff8a00cbf85d0, 0xfffffa8005dd7b60, 0xfffffa8003fc2cc0 Drive 1 Scanning MBR on drive 1... Inspecting partition table: MBR Signature: 55AA Disk Signature: 521AB Partition information: Partition 0 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 976705536 Partition 1 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 2 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 500074283008 bytes Sector size: 512 bytes Done! Performing system, memory and registry scan... Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\@ --> [Trojan.Siredef.C] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C] Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\U --> [Trojan.Siredef.C] Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\U\00000008.@ --> [Trojan.Siredef.C] Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\L --> [Trojan.Siredef.C] Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\L\00000004.@ --> [Trojan.Siredef.C] Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4 --> [Trojan.Siredef.C] Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.0Access] Done! Scan finished Creating System Restore point... Could not create restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal scheduling successful. System shutdown needed. System shutdown occurred ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_35 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.100000 GHz Memory total: 4024811520, free: 3094081536 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_35 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.100000 GHz Memory total: 4024811520, free: 2777108480 ------------ Kernel report ------------ 01/03/2013 21:41:04 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\SysWOW64\drivers\Afc.sys \??\C:\Windows\system32\drivers\UBHelper.sys \??\C:\Windows\system32\drivers\NTIDrvr.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\vuhub.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtiHdmi.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\CAXHWAZL.sys \SystemRoot\system32\DRIVERS\CAX_DPV.sys \SystemRoot\system32\DRIVERS\CAX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\System32\cdd.dll \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\XAudio64.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\urlmon.dll \Windows\System32\usp10.dll \Windows\System32\ole32.dll \Windows\System32\msctf.dll \Windows\System32\comdlg32.dll \Windows\System32\oleaut32.dll \Windows\System32\msvcrt.dll \Windows\System32\lpk.dll \Windows\System32\user32.dll \Windows\System32\gdi32.dll \Windows\System32\shell32.dll \Windows\System32\ws2_32.dll \Windows\System32\Wldap32.dll \Windows\System32\shlwapi.dll \Windows\System32\psapi.dll \Windows\System32\rpcrt4.dll \Windows\System32\kernel32.dll \Windows\System32\sechost.dll \Windows\System32\imagehlp.dll \Windows\System32\imm32.dll \Windows\System32\setupapi.dll \Windows\System32\normaliz.dll \Windows\System32\advapi32.dll \Windows\System32\nsi.dll \Windows\System32\clbcatq.dll \Windows\System32\iertutil.dll \Windows\System32\difxapi.dll \Windows\System32\wininet.dll \Windows\System32\KernelBase.dll \Windows\System32\devobj.dll \Windows\System32\wintrust.dll \Windows\System32\cfgmgr32.dll \Windows\System32\comctl32.dll \Windows\System32\crypt32.dll \Windows\System32\msasn1.dll \Windows\SysWOW64\normaliz.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa8004af2060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa8004a60060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa8004af2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa8004af2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa8004af2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa8004a60060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a00cd47a70, 0xfffffa8004af2060, 0xfffffa80040ac790 Lower DeviceData: 0xfffff8a00cd0a0a0, 0xfffffa8004a60060, 0xfffffa80040a6a40 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2EB82EB7 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 24576000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 24578048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 24782848 Numsec = 600357552 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Performing system, memory and registry scan... Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} --> [Hijack.Trojan.Siredef.C] Done! Scan finished Creating System Restore point... Could not create restore point... Scheduling clean up... <<<2>>> Device number: 0, partition: 3 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Removal successful. No system shutdown is required. ======================================= --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_35 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.100000 GHz Memory total: 4024811520, free: 3082440704 --------------------------------------- Malwarebytes Anti-Rootkit BETA 1.01.0.1011 © Malwarebytes Corporation 2011-2012 OS version: 6.1.7600 Windows 7 x64 Account is Administrative Internet Explorer version: 9.0.8112.16421 Java version: 1.6.0_35 File system is: NTFS Disk drives: C:\ DRIVE_FIXED CPU speed: 2.100000 GHz Memory total: 4024811520, free: 2811183104 ------------ Kernel report ------------ 01/04/2013 06:38:24 ------------ Loaded modules ----------- \SystemRoot\system32\ntoskrnl.exe \SystemRoot\system32\hal.dll \SystemRoot\system32\kdcom.dll \SystemRoot\system32\mcupdate_AuthenticAMD.dll \SystemRoot\system32\PSHED.dll \SystemRoot\system32\CLFS.SYS \SystemRoot\system32\CI.dll \SystemRoot\system32\drivers\Wdf01000.sys \SystemRoot\system32\drivers\WDFLDR.SYS \SystemRoot\system32\DRIVERS\ACPI.sys \SystemRoot\system32\DRIVERS\WMILIB.SYS \SystemRoot\system32\DRIVERS\msisadrv.sys \SystemRoot\system32\DRIVERS\pci.sys \SystemRoot\system32\DRIVERS\vdrvroot.sys \SystemRoot\System32\drivers\partmgr.sys \SystemRoot\system32\DRIVERS\compbatt.sys \SystemRoot\system32\DRIVERS\BATTC.SYS \SystemRoot\system32\DRIVERS\volmgr.sys \SystemRoot\System32\drivers\volmgrx.sys \SystemRoot\System32\drivers\mountmgr.sys \SystemRoot\system32\DRIVERS\atapi.sys \SystemRoot\system32\DRIVERS\ataport.SYS \SystemRoot\system32\DRIVERS\msahci.sys \SystemRoot\system32\DRIVERS\PCIIDEX.SYS \SystemRoot\system32\drivers\amdxata.sys \SystemRoot\system32\drivers\fltmgr.sys \SystemRoot\system32\drivers\fileinfo.sys \SystemRoot\System32\Drivers\Ntfs.sys \SystemRoot\System32\Drivers\msrpc.sys \SystemRoot\System32\Drivers\ksecdd.sys \SystemRoot\System32\Drivers\cng.sys \SystemRoot\System32\drivers\pcw.sys \SystemRoot\System32\Drivers\Fs_Rec.sys \SystemRoot\system32\drivers\ndis.sys \SystemRoot\system32\drivers\NETIO.SYS \SystemRoot\System32\Drivers\ksecpkg.sys \SystemRoot\system32\drivers\volsnap.sys \SystemRoot\System32\Drivers\spldr.sys \SystemRoot\System32\drivers\rdyboost.sys \SystemRoot\System32\Drivers\mup.sys \SystemRoot\System32\drivers\hwpolicy.sys \SystemRoot\System32\DRIVERS\fvevol.sys \SystemRoot\system32\DRIVERS\disk.sys \SystemRoot\system32\DRIVERS\CLASSPNP.SYS \SystemRoot\system32\DRIVERS\AtiPcie.sys \SystemRoot\system32\DRIVERS\cdrom.sys \SystemRoot\system32\DRIVERS\mwlPSDFilter.sys \SystemRoot\System32\Drivers\Null.SYS \SystemRoot\System32\Drivers\Beep.SYS \SystemRoot\System32\drivers\vga.sys \SystemRoot\System32\drivers\VIDEOPRT.SYS \SystemRoot\System32\drivers\watchdog.sys \SystemRoot\System32\DRIVERS\RDPCDD.sys \SystemRoot\system32\drivers\rdpencdd.sys \SystemRoot\system32\drivers\rdprefmp.sys \SystemRoot\System32\Drivers\Msfs.SYS \SystemRoot\System32\Drivers\Npfs.SYS \SystemRoot\System32\drivers\tcpip.sys \SystemRoot\System32\drivers\fwpkclnt.sys \SystemRoot\system32\DRIVERS\tdx.sys \SystemRoot\system32\DRIVERS\TDI.SYS \SystemRoot\system32\drivers\afd.sys \SystemRoot\System32\DRIVERS\netbt.sys \SystemRoot\system32\DRIVERS\wfplwf.sys \SystemRoot\system32\DRIVERS\pacer.sys \SystemRoot\system32\DRIVERS\vwififlt.sys \SystemRoot\system32\DRIVERS\netbios.sys \SystemRoot\system32\DRIVERS\wanarp.sys \SystemRoot\system32\DRIVERS\termdd.sys \SystemRoot\system32\DRIVERS\rdbss.sys \SystemRoot\system32\drivers\nsiproxy.sys \SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys \SystemRoot\system32\DRIVERS\mwlPSDNServ.sys \SystemRoot\system32\DRIVERS\mssmbios.sys \SystemRoot\System32\drivers\discache.sys \SystemRoot\System32\Drivers\dfsc.sys \SystemRoot\system32\DRIVERS\blbdrive.sys \SystemRoot\system32\DRIVERS\tunnel.sys \SystemRoot\system32\DRIVERS\amdppm.sys \SystemRoot\system32\DRIVERS\wmiacpi.sys \SystemRoot\system32\DRIVERS\atikmdag.sys \SystemRoot\System32\drivers\dxgkrnl.sys \SystemRoot\System32\drivers\dxgmms1.sys \SystemRoot\system32\DRIVERS\HDAudBus.sys \SystemRoot\system32\DRIVERS\k57nd60a.sys \SystemRoot\system32\DRIVERS\athrx.sys \SystemRoot\system32\DRIVERS\vwifibus.sys \SystemRoot\SysWOW64\drivers\Afc.sys \??\C:\Windows\system32\drivers\UBHelper.sys \??\C:\Windows\system32\drivers\NTIDrvr.sys \SystemRoot\system32\DRIVERS\usbohci.sys \SystemRoot\system32\DRIVERS\USBPORT.SYS \SystemRoot\system32\DRIVERS\usbfilter.sys \SystemRoot\system32\DRIVERS\usbehci.sys \SystemRoot\system32\DRIVERS\CmBatt.sys \SystemRoot\system32\DRIVERS\i8042prt.sys \SystemRoot\system32\DRIVERS\kbdclass.sys \SystemRoot\system32\DRIVERS\SynTP.sys \SystemRoot\system32\DRIVERS\USBD.SYS \SystemRoot\system32\DRIVERS\mouclass.sys \SystemRoot\system32\DRIVERS\CompositeBus.sys \SystemRoot\system32\DRIVERS\AgileVpn.sys \SystemRoot\system32\DRIVERS\rasl2tp.sys \SystemRoot\system32\DRIVERS\ndistapi.sys \SystemRoot\system32\DRIVERS\ndiswan.sys \SystemRoot\system32\DRIVERS\raspppoe.sys \SystemRoot\system32\DRIVERS\raspptp.sys \SystemRoot\system32\DRIVERS\rassstp.sys \SystemRoot\system32\DRIVERS\swenum.sys \SystemRoot\system32\DRIVERS\ks.sys \SystemRoot\system32\DRIVERS\vuhub.sys \SystemRoot\system32\DRIVERS\umbus.sys \SystemRoot\system32\DRIVERS\usbhub.sys \SystemRoot\System32\Drivers\NDProxy.SYS \SystemRoot\system32\drivers\AtiHdmi.sys \SystemRoot\system32\drivers\portcls.sys \SystemRoot\system32\drivers\drmk.sys \SystemRoot\system32\drivers\ksthunk.sys \SystemRoot\system32\drivers\RTKVHD64.sys \SystemRoot\system32\DRIVERS\CAXHWAZL.sys \SystemRoot\system32\DRIVERS\CAX_DPV.sys \SystemRoot\system32\DRIVERS\CAX_CNXT.sys \SystemRoot\system32\drivers\modem.sys \SystemRoot\system32\DRIVERS\usbccgp.sys \SystemRoot\System32\Drivers\usbvideo.sys \SystemRoot\System32\win32k.sys \SystemRoot\System32\drivers\Dxapi.sys \SystemRoot\system32\DRIVERS\monitor.sys \SystemRoot\System32\TSDDD.dll \SystemRoot\system32\DRIVERS\cdfs.sys \SystemRoot\System32\cdd.dll \SystemRoot\System32\Drivers\crashdmp.sys \SystemRoot\System32\Drivers\dump_dumpata.sys \SystemRoot\System32\Drivers\dump_msahci.sys \SystemRoot\System32\Drivers\dump_dumpfve.sys \SystemRoot\System32\ATMFD.DLL \SystemRoot\system32\drivers\luafv.sys \??\C:\Windows\system32\drivers\mbam.sys \SystemRoot\system32\DRIVERS\lltdio.sys \SystemRoot\system32\DRIVERS\nwifi.sys \SystemRoot\system32\DRIVERS\ndisuio.sys \SystemRoot\system32\DRIVERS\rspndr.sys \SystemRoot\system32\drivers\HTTP.sys \SystemRoot\system32\DRIVERS\bowser.sys \SystemRoot\system32\DRIVERS\mrxsmb.sys \SystemRoot\system32\DRIVERS\mrxsmb10.sys \SystemRoot\system32\DRIVERS\mrxsmb20.sys \SystemRoot\system32\DRIVERS\mdmxsdk.sys \SystemRoot\system32\drivers\peauth.sys \SystemRoot\System32\Drivers\secdrv.SYS \SystemRoot\System32\DRIVERS\srvnet.sys \SystemRoot\System32\drivers\tcpipreg.sys \SystemRoot\system32\DRIVERS\XAudio64.sys \SystemRoot\System32\DRIVERS\srv2.sys \SystemRoot\System32\DRIVERS\srv.sys \??\C:\Windows\system32\drivers\mbamchameleon.sys \??\C:\Windows\system32\drivers\mbamswissarmy.sys \Windows\System32\ntdll.dll \Windows\System32\smss.exe \Windows\System32\apisetschema.dll \Windows\System32\autochk.exe \Windows\System32\usp10.dll \Windows\System32\imm32.dll \Windows\System32\setupapi.dll \Windows\System32\difxapi.dll \Windows\System32\clbcatq.dll \Windows\System32\normaliz.dll \Windows\System32\kernel32.dll \Windows\System32\msvcrt.dll \Windows\System32\ole32.dll \Windows\System32\psapi.dll \Windows\System32\shell32.dll \Windows\System32\lpk.dll \Windows\System32\rpcrt4.dll \Windows\System32\msctf.dll \Windows\System32\sechost.dll \Windows\System32\iertutil.dll \Windows\System32\nsi.dll \Windows\System32\urlmon.dll \Windows\System32\user32.dll \Windows\System32\oleaut32.dll \Windows\System32\ws2_32.dll \Windows\System32\advapi32.dll \Windows\System32\shlwapi.dll \Windows\System32\gdi32.dll \Windows\System32\imagehlp.dll \Windows\System32\comdlg32.dll \Windows\System32\Wldap32.dll \Windows\System32\wininet.dll ----------- End ----------- <<<1>>> Upper Device Name: \Device\Harddisk0\DR0 Upper Device Object: 0xfffffa80046a4060 Upper Device Driver Name: \Driver\Disk\ Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\ Lower Device Object: 0xfffffa80045b9060 Lower Device Driver Name: \Driver\atapi\ Driver name found: atapi DriverEntry returned 0x0 Function returned 0x0 Initializing... Done! <<<2>>> Device number: 0, partition: 3 Physical Sector Size: 512 Drive: 0, DevicePointer: 0xfffffa80046a4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ --------- Disk Stack ------ DevicePointer: 0xfffffa80046a34b0, DeviceName: Unknown, DriverName: \Driver\partmgr\ DevicePointer: 0xfffffa80046a4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\ DevicePointer: 0xfffffa80045b9060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\ ------------ End ---------- Upper DeviceData: 0xfffff8a00b263e40, 0xfffffa80046a4060, 0xfffffa8003f4a090 Lower DeviceData: 0xfffff8a00b23f7c0, 0xfffffa80045b9060, 0xfffffa80060c1bf0 <<<3>>> Volume: C: File system type: NTFS SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes Scanning directory: C:\Windows\system32\drivers... Done! Drive 0 Scanning MBR on drive 0... Inspecting partition table: MBR Signature: 55AA Disk Signature: 2EB82EB7 Partition information: Partition 0 type is Other (0x27) Partition is NOT ACTIVE. Partition starts at LBA: 2048 Numsec = 24576000 Partition 1 type is Primary (0x7) Partition is ACTIVE. Partition starts at LBA: 24578048 Numsec = 204800 Partition file system is NTFS Partition is bootable Partition 2 type is Primary (0x7) Partition is NOT ACTIVE. Partition starts at LBA: 24782848 Numsec = 600357552 Partition 3 type is Empty (0x0) Partition is NOT ACTIVE. Partition starts at LBA: 0 Numsec = 0 Disk Size: 320072933376 bytes Sector size: 512 bytes Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)... Done! Performing system, memory and registry scan... Done! Scan finished =======================================
  5. dhp78us
    Ok, i did all those steps. Here is the "report" from roguekiller RogueKiller V8.4.2 [Dec 31 2012] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/ Website : http://tigzy.geekstogo.com/roguekiller.php Blog : http://tigzyrk.blogspot.com/ Operating System : Windows 7 (6.1.7600 ) 64 bits version Started in : Normal mode User : Christine [Admin rights] Mode : Scan -- Date : 01/02/2013 19:41:38 ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 3 ¤¤¤ [HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND [HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\n.) -> FOUND ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\@ --> FOUND [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\U --> FOUND [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\L --> FOUND ¤¤¤ Driver : [NOT LOADED] ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> C:\Windows\system32\drivers\etc\hosts 127.0.0.1 activate.adobe.com 127.0.0.1 practivate.adobe.com 127.0.0.1 ereg.adobe.com 127.0.0.1 activate.wip3.adobe.com 127.0.0.1 wip3.adobe.com 127.0.0.1 3dns-3.adobe.com 127.0.0.1 3dns-2.adobe.com 127.0.0.1 adobe-dns.adobe.com 127.0.0.1 adobe-dns-2.adobe.com 127.0.0.1 adobe-dns-3.adobe.com 127.0.0.1 ereg.wip3.adobe.com 127.0.0.1 activate-sea.adobe.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 activate-sjc0.adobe.com 127.0.0.1 adobe.activate.com 127.0.0.1 adobeereg.com 127.0.0.1 www.adobeereg.com 127.0.0.1 wwis-dubc1-vip60.adobe.com 127.0.0.1 125.252.224.90 127.0.0.1 125.252.224.91 [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++ --- User --- [MBR] d61bfa0b1c2e4d00e6142a2880d72b36 [bSP] 7102643fe513f193f096c3432feaadf3 : Windows Vista MBR Code Partition table: 0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo 1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo 2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[1]_S_01022013_02d1941.txt >> RKreport[1]_S_01022013_02d1941.txt
  6. dhp78us
    Hi. When I run the malware scan I get a bunch of infection detections. The seem to include trojan in the names and dont seem consistant. I am also noticing i am locked out of various system tools like system restore and firewall settings. I am having plenty of trouble with other things too. Anyway, here are some logs! DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_35 Run by Christine at 20:10:33 on 2013-01-01 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2181 [GMT -5:00] . SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\system32\atiesrxx.exe C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\atieclxx.exe C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe C:\Program Files (x86)\Acer\Registration\GregHSRW.exe C:\Windows\system32\taskhost.exe C:\Windows\system32\svchost.exe -k HsfXAudioService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe C:\Windows\system32\Dwm.exe C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe C:\Windows\Explorer.EXE C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files\Acer\Acer Updater\UpdaterService.exe C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe C:\Windows\System32\svchost.exe -k secsvcs C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe C:\Program Files\Synaptics\SynTP\SynTPHelper.exe C:\Windows\system32\wbem\unsecapp.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe C:\Program Files (x86)\Freecorder\FLVSrvc.exe C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe C:\Windows\system32\msiexec.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe C:\Program Files (x86)\Browny02\BrYNSvc.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe C:\Windows\system32\sppsvc.exe C:\Program Files\Windows Media Player\wmpnetwk.exe \\?\C:\Windows\system32\wbem\WMIADAP.EXE C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Windows\system32\consent.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054 uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054 mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054 mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054 uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll mWinlogon: Userinit = userinit.exe, BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned> BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent uRun: [AdobeBridge] <no file> mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe mRun: [updatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0" mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab TCP: NameServer = 192.168.1.1 TCP: Interfaces\{13A4A21A-A744-4877-BE1F-D44BDBDBED54} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03} : DHCPNameServer = 192.168.1.1 TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\14355535 : DHCPNameServer = 192.168.1.1 209.18.47.62 TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\25E20205E2027596D26496 : DHCPNameServer = 192.168.254.254 TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\54E414027457563747 : DHCPNameServer = 216.171.180.243 151.202.0.85 216.171.184.243 TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\A62727279607 : DHCPNameServer = 209.18.47.61 209.18.47.62 TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\C696E6B6379737 : DHCPNameServer = 213.109.65.28 213.109.72.203 1.1.1.1 Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll SSODL: WebCheck - <orphaned> x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054 x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054 x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned> x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-SSODL: WebCheck - <orphaned> . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search FF - prefs.js: browser.startup.homepage - www.google.com FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q= FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll FF - component: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll FF - plugin: C:\Users\Christine\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll FF - plugin: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll FF - plugin: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576] R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016] R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464] R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-2-13 401920] R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-26 203264] R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-26 844320] R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496] R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136] R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-1 398184] R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-1 682344] R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592] R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720] R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160] R2 UsbService;Eltima Usb to Ethernet Connector;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-6-2 326656] R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-10-1 245760] R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-10-26 292864] R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480] R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-1 24176] R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-26 34872] R3 vuhub;Virtual Usb Hub;C:\Windows\System32\drivers\vuhub.sys [2010-6-2 47616] R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 gupdate1ca7e43895d74bb;Google Update Service (gupdate1ca7e43895d74bb);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 133104] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-26 225280] S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864] S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312] S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864] S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096] S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736] . =============== File Associations =============== . ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional Studio 9\PortraitProfessionalStudio.exe" /P "%1" . =============== Created Last 30 ================ . 2013-01-01 23:20:54 -------- d-----w- C:\Users\Christine\AppData\Roaming\Malwarebytes 2013-01-01 23:20:44 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-01 23:20:43 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-01 23:20:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2012-12-30 13:34:23 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\612ae5ed1cde69222\MeshBetaRemover.exe 2012-12-30 13:33:10 -------- d-----w- C:\Users\Christine\AppData\Local\Windows Live 2012-12-30 13:03:08 -------- d-----w- C:\Windows\System32\SPReview 2012-12-30 13:00:03 -------- d-----w- C:\Windows\System32\EventProviders 2012-12-30 12:59:56 -------- d-----w- C:\c64f695e382cea0e1608554a9e787d 2012-12-30 12:58:33 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll 2012-12-30 12:58:29 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe 2012-12-30 12:58:29 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe 2012-12-28 10:20:57 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA649C17-5065-4EC3-9110-97987310ECE2}\mpengine.dll 2012-12-28 08:28:25 325032 ----a-w- C:\Users\Christine\501607876.exe 2012-12-21 21:11:20 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 21:11:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 21:11:18 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 21:11:18 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-13 00:45:57 425984 ----a-w- C:\Windows\System32\KernelBase.dll 2012-12-13 00:37:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-13 00:37:37 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-13 00:31:47 3147264 ----a-w- C:\Windows\System32\win32k.sys 2012-12-13 00:30:56 295792 ----a-w- C:\Windows\System32\drivers\volsnap.sys 2012-12-13 00:03:05 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-13 00:03:05 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll . ==================== Find3M ==================== . 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-11 01:24:09 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll 2012-10-11 01:24:09 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll 2012-10-04 17:38:56 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-10-04 17:38:56 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-10-04 17:38:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-10-04 17:38:24 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-10-04 17:35:22 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-10-04 16:54:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-10-04 16:54:17 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-10-04 15:19:57 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-10-04 14:49:27 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-10-04 14:49:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-10-04 14:49:22 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-10-04 14:49:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-10-04 14:44:29 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-10-04 14:44:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-10-04 14:44:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-10-04 14:44:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 20:14:14.30 =============== . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 12/15/2009 8:27:51 PM System Uptime: 1/1/2013 8:04:32 PM (0 hours ago) . Motherboard: Acer | | JV50PU Processor: AMD Athlon X2 Dual-Core QL-65 | Socket S1G2 | 2100/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 286 GiB total, 157.162 GiB free. D: is CDROM (CDFS) E: is FIXED (NTFS) - 466 GiB total, 120.792 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . No restore point in system. . ==== Installed Programs ====================== . µTorrent Acer Arcade Deluxe Acer Assist Acer Backup Manager Acer Crystal Eye webcam Ver:1.1.74.216 Acer ePower Management Acer eRecovery Management Acer Games Acer GridVista Acer Registration Acer ScreenSaver Acer Updater Acrobat.com Adobe AIR Adobe Community Help Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin 64-bit Adobe Media Player Adobe Photoshop 7.0 Adobe Photoshop CS5 Adobe Reader 9.3 Amazon Games & Software Downloader AMD USB Filter Driver Apple Software Update ArcSoft MediaImpression for Kodak ATI Catalyst Install Manager Backup Manager Basic Bejeweled 2 Deluxe BitTorrent Braid Broadcom Gigabit NetLink Controller CANON iMAGE GATEWAY Task for ZoomBrowser EX Canon Internet Library for ZoomBrowser EX Canon MOV Decoder Canon Utilities Digital Photo Professional 3.8 Canon Utilities EOS Utility Canon Utilities PhotoStitch Canon Utilities Picture Style Editor Canon Utilities WFT Utility Canon Utilities ZoomBrowser EX Canon ZoomBrowser EX Memory Card Utility Catalyst Control Center - Branding Catalyst Control Center Core Implementation Catalyst Control Center Graphics Full Existing Catalyst Control Center Graphics Full New Catalyst Control Center Graphics Light Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-core-static ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish Cogs Compatibility Pack for the 2007 Office system Conduit Engine Coupon Printer for Windows CutePDF Writer 2.8 CyberLink PhotoNow CyberLink PowerDirector Darkspore™ Digital Photo Software FotoMix 8.0 DVDFab 8.1.5.9 (20/01/2012) Qt eBay Worldwide Freecorder Freecorder Toolbar Google Chrome Google Toolbar for Internet Explorer Google Update Helper H&R Block New York 2010 H&R Block New York 2011 H&R Block Premium + Efile + State 2010 H&R Block Premium + Efile + State 2011 HDAUDIO Soft Data Fax Modem with SmartCP HL-2270DW Identity Card Java Auto Updater Java 6 Update 35 Junk Mail filter update Malwarebytes Anti-Malware version 1.70.0.1100 McAfee Security Scan Plus Microsoft .NET Framework 4 Client Profile Microsoft Application Error Reporting Microsoft Choice Guard Microsoft Office 2000 Professional Microsoft Office PowerPoint Viewer 2007 (English) Microsoft Office Suite Activation Assistant Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Works Microsoft_VC80_ATL_x86 Microsoft_VC80_ATL_x86_x64 Microsoft_VC80_CRT_x86 Microsoft_VC80_CRT_x86_x64 Microsoft_VC80_MFC_x86 Microsoft_VC80_MFC_x86_x64 Microsoft_VC80_MFCLOC_x86 Microsoft_VC80_MFCLOC_x86_x64 Microsoft_VC90_ATL_x86 Microsoft_VC90_ATL_x86_x64 Microsoft_VC90_CRT_x86 Microsoft_VC90_CRT_x86_x64 Microsoft_VC90_MFC_x86 Microsoft_VC90_MFC_x86_x64 Move Media Player Mozilla Firefox 17.0.1 (x86 en-US) Mozilla Maintenance Service MSVCRT MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MyWinLocker Norton Online Backup NTI Media Maker 8 PDF Settings CS5 Pocket RAR documentation Portrait Professional Studio 9.0 QuickTime Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Skype Click to Call Skype™ 6.0 Steam Synaptics Pointing Device Driver System Requirements Lab Torchlight Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) uTorrentBar Toolbar VLC media player 1.1.8 Welcome Center Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Mail Windows Live Messenger Windows Live Movie Maker Windows Live Photo Gallery Windows Live Sign-in Assistant Windows Live Sync Windows Live Upload Tool Windows Live Writer WinRAR archiver Wondershare Scrapbook Studio(Build 2.0.0.36) World of Goo Zuma Deluxe . ==== Event Viewer Messages From Past Week ======== . 12/31/2012 1:03:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service. 12/30/2012 5:42:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect. 12/30/2012 5:42:45 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion. 12/30/2012 4:42:59 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB976422). 12/30/2012 4:30:43 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243 12/25/2012 1:49:09 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0. 1/1/2013 8:06:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool. 1/1/2013 8:06:00 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143. 1/1/2013 8:05:56 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly. 1/1/2013 8:05:06 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The specified module could not be found. 1/1/2013 7:56:17 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start. 1/1/2013 7:55:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start. 1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030} 1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39} 1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89} 1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E} 1/1/2013 7:54:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF} 1/1/2013 7:54:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC} 1/1/2013 7:54:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning. 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start. 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning. 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start. 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning. 1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning. . ==== End Of File ===========================
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.