dhp78us
-
Posts
6 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Posts posted by dhp78us
-
-
ok, here is the next log....
# AdwCleaner v2.105 - Logfile created 01/08/2013 at 21:08:28
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Christine - CHRISTINE-PC
# Boot Mode : Normal
# Running from : C:\Users\Christine\Downloads\adwcleaner.exe
# Option [search]
***** [services] *****
***** [Files / Folders] *****
File Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Askcom.xml
File Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Conduit.xml
Folder Found : C:\Program Files (x86)\AppGraffiti
Folder Found : C:\Program Files (x86)\Ask.com
Folder Found : C:\Program Files (x86)\Freecorder
Folder Found : C:\Program Files (x86)\Inbox Toolbar
Folder Found : C:\Program Files (x86)\RebateInformer
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
Folder Found : C:\ProgramData\Partner
Folder Found : C:\Users\Christine\AppData\Local\OpenCandy
Folder Found : C:\Users\Christine\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Christine\AppData\LocalLow\Conduit
Folder Found : C:\Users\Christine\AppData\LocalLow\Freecorder
Folder Found : C:\Users\Christine\AppData\LocalLow\Inbox Toolbar
Folder Found : C:\Users\Christine\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Conduit
Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\ConduitCommon
Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT1060933
Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT2786678
Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\AppGraffiti@AppGraffiti.com
Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\inboxcomtoolbar@inbox.com
Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\toolbar@ask.com
Folder Found : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Inbox Toolbar
Folder Found : C:\Users\Christine\AppData\Roaming\OpenCandy
Folder Found : C:\Windows\Freecorder
***** [Registry] *****
Key Found : HKCU\Software\AppDataLow\Software\Freecorder
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Toolbar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C723818-7C90-4B95-AC60-30CAC92FAD51}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C723818-7C90-4B95-AC60-30CAC92FAD51}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7C723818-7C90-4B95-AC60-30CAC92FAD51}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0DFA453-9F4D-41EC-8E43-518A8FD7C749}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\prefs.js
Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.BrowserCompStateIsOpen_1000515", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern S[...]
Found : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Found : user_pref("CT1060933.CommunityChanged", true);
Found : user_pref("CT1060933.CurrentServerDate", "6-1-2013");
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern Standa[...]
Found : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern [...]
Found : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "5-10-2011");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", true);
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstalledDate", "Tue Oct 04 2011 19:26:00 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsMulticommunity", true);
Found : user_pref("CT1060933.IsOpenThankYouPage", true);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern Standar[...]
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:07 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.12.2.3", "Wed May 16 2012 10:36:40 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:28 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.14.1.0", "Sat Sep 22 2012 11:37:16 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:14 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.LastLogin_3.16.0.100", "Sun Jan 06 2013 08:59:20 GMT-0500 (Eastern Standard Tim[...]
Found : user_pref("CT1060933.LastLogin_3.16.0.3", "Mon Dec 31 2012 18:15:36 GMT-0500 (Eastern Standard Time)[...]
Found : user_pref("CT1060933.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern Daylight Time)"[...]
Found : user_pref("CT1060933.LatestVersion", "3.16.0.100");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Sat Oct 08 2011 07:45:47 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504191");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Found : user_pref("CT1060933.RadioStationName", "KFOG");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Found : user_pref("CT1060933.SHRINK_TOOLBAR", 1);
Found : user_pref("CT1060933.SavedHomepage", "resource:/browserconfig.properties");
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Sat Jan 05 2013 23:36:32 GMT-0500 (Eastern Stand[...]
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Sat Jan 05 2013 23:36:33 GMT-0500 (Eastern Standard [...]
Found : user_pref("CT1060933.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT1060933.SettingsLastUpdate", "1357414822");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Tue Oct 04 2011 19:25:43 GMT-0400 (Eastern Day[...]
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN90270965459433799");
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.backendstorage.cbfirsttime", "53756E204A616E20303620323031332030383A35393A34372[...]
Found : user_pref("CT1060933.components.1000515", true);
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 08:09:15 GMT-0400 (Eastern [...]
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", true);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.revertSettingsEnabled", false);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern S[...]
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Tue Oct 04 2011 19:25:46 GMT-0400 (Eastern D[...]
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CT2786678..clientLogIsEnabled", false);
Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Oct 10 2011 00:29:54 GMT-0400 (Eastern Daylight[...]
Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Found : user_pref("CT2786678.CTID", "CT2786678");
Found : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2786678.CurrentServerDate", "6-1-2013");
Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern Standa[...]
Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Found : user_pref("CT2786678.EMailNotifierPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Ti[...]
Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
Found : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun May 15 2011 06:30:20 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Found : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Found : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Found : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2786678.FirstServerDate", "28-4-2011");
Found : user_pref("CT2786678.FirstTime", true);
Found : user_pref("CT2786678.FirstTimeFF3", true);
Found : user_pref("CT2786678.FixPageNotFoundErrors", false);
Found : user_pref("CT2786678.GroupingInvalidateCache", false);
Found : user_pref("CT2786678.GroupingLastCheckTime", "0");
Found : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Found : user_pref("CT2786678.Initialize", true);
Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Found : user_pref("CT2786678.InstalledDate", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT2786678.InvalidateCache", false);
Found : user_pref("CT2786678.IsGrouping", false);
Found : user_pref("CT2786678.IsMulticommunity", false);
Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern Standar[...]
Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2786678.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:06 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2786678.LastLogin_3.12.2.3", "Wed May 16 2012 16:57:34 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2786678.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:29 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2786678.LastLogin_3.14.1.0", "Fri Sep 21 2012 23:26:10 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2786678.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:15 GMT-0400 (Eastern Daylight Time)[...]
Found : user_pref("CT2786678.LastLogin_3.16.0.3", "Sun Jan 06 2013 08:59:22 GMT-0500 (Eastern Standard Time)[...]
Found : user_pref("CT2786678.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:43 GMT-0400 (Eastern Daylight Time)"[...]
Found : user_pref("CT2786678.LatestVersion", "3.16.0.3");
Found : user_pref("CT2786678.Locale", "en");
Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2786678.RadioLastCheckTime", "0");
Found : user_pref("CT2786678.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2786678.RadioLastUpdateServer", "0");
Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Jan 05 2013 23:36:36 GMT-0500 (Eastern Stand[...]
Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Jan 05 2013 23:36:33 GMT-0500 (Eastern Standard [...]
Found : user_pref("CT2786678.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:20 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT2786678.SettingsLastUpdate", "1357395074");
Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Sep 25 2011 11:04:19 GMT-0400 (Eastern Day[...]
Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2786678.UserID", "UN86584854537217434");
Found : user_pref("CT2786678.ValidationData_Search", 2);
Found : user_pref("CT2786678.ValidationData_Toolbar", 2);
Found : user_pref("CT2786678.WeatherNetwork", "");
Found : user_pref("CT2786678.WeatherPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT2786678.WeatherUnit", "F");
Found : user_pref("CT2786678.alertChannelId", "1178763");
Found : user_pref("CT2786678.backendstorage.cbfirsttime", "5468752053657020323920323031312031393A31363A31362[...]
Found : user_pref("CT2786678.backendstorage.cbopenmamsettings", "30");
Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E676F6F676C652E636F6D2F75726[...]
Found : user_pref("CT2786678.backendstorage.url_history_time", "31333137393530313138393031");
Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 20:39:49 GMT-0400 (Eastern [...]
Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2786678.initDone", true);
Found : user_pref("CT2786678.isAppTrackingManagerOn", true);
Found : user_pref("CT2786678.myStuffEnabled", true);
Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Found : user_pref("CT2786678.revertSettingsEnabled", false);
Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Found : user_pref("CT2786678.testingCtid", "");
Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern D[...]
Found : user_pref("CT2786678.usagesFlag", 2);
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1060933");
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"1-20877[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.2.1[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63453159798933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"52a[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/gadget/video.html", "833x232")[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678,CT1060933");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 27 2011 18:17:10 GMT-04[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Dec 03 2011 14:36:20 GMT-0500 (Easte[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Dec 03 2011 14:36:12 GMT-0500 (Eastern S[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "6fb688c5-3ebb-4f62-b5f4-c4753dffedc3");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 09 2011 10:01:20 GMT-0400 (Eas[...]
Found : user_pref("CommunityToolbar.globalUserId", "1d9a9ef2-3b0a-49c6-866f-f82eb0a529bb");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...]
Found : user_pref("browser.search.selectedEngine", "Freecorder Customized Web Search");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=");
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [32166 octets] - [08/01/2013 21:08:28]
########## EOF - C:\AdwCleaner[R1].txt - [32227 octets] ##########
-
Ok, here is the next log...
ComboFix 13-01-05.01 - Christine 01/06/2013 8:22.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2581 [GMT -5:00]
Running from: c:\users\Christine\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Christine\501607876.exe
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-12-06 to 2013-01-06 )))))))))))))))))))))))))))))))
.
.
2013-01-06 13:36 . 2013-01-06 13:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 23:20 . 2013-01-01 23:20 -------- d-----w- c:\users\Christine\AppData\Roaming\Malwarebytes
2013-01-01 23:20 . 2013-01-01 23:20 -------- d-----w- c:\programdata\Malwarebytes
2013-01-01 23:20 . 2013-01-01 23:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-01 23:20 . 2012-12-14 21:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-30 13:34 . 2012-12-30 13:34 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\612ae5ed1cde69222\MeshBetaRemover.exe
2012-12-30 13:33 . 2012-12-30 13:33 -------- d-----w- c:\users\Christine\AppData\Local\Windows Live
2012-12-30 13:03 . 2012-12-30 22:33 -------- d-----w- c:\windows\system32\SPReview
2012-12-30 13:00 . 2012-12-30 13:00 -------- d-----w- c:\windows\system32\EventProviders
2012-12-30 12:59 . 2012-12-30 22:33 -------- d-----w- C:\c64f695e382cea0e1608554a9e787d
2012-12-30 12:58 . 2012-12-30 12:58 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-12-30 12:58 . 2012-12-30 12:58 96224 ----a-w- c:\program files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-30 12:58 . 2012-12-30 12:58 157272 ----a-w- c:\program files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-28 10:20 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{FA649C17-5065-4EC3-9110-97987310ECE2}\mpengine.dll
2012-12-21 21:11 . 2012-12-16 16:52 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 21:11 . 2012-12-16 14:25 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 21:11 . 2012-12-16 14:40 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 21:11 . 2012-12-16 14:25 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-14 21:32 . 2012-12-14 21:32 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-13 00:45 . 2012-10-04 17:32 425984 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-13 00:37 . 2012-11-09 05:34 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-13 00:37 . 2012-11-09 04:49 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-13 00:31 . 2012-11-22 08:20 3147264 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 00:30 . 2012-09-06 17:38 295792 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-13 00:03 . 2012-11-02 05:27 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-13 00:03 . 2012-11-02 04:48 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 23:50 . 2009-12-27 00:45 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-30 11:56 . 2012-11-30 11:56 489712 ----a-w- c:\users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalina Marketing Corp\UninstallCouponActivator.exe
2012-10-16 21:20 . 2012-11-28 12:18 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20 . 2012-11-28 12:18 347648 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34 . 2012-11-28 12:18 559104 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-11 01:24 . 2012-10-11 01:24 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-10-11 01:24 . 2010-10-21 01:37 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\tbFree.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-10-18 16:26 3908192 ----a-w- c:\program files (x86)\Freecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files (x86)\Freecorder\tbFree.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"Steam"="c:\program files (x86)\Steam\Steam.exe" [2012-12-14 1354736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-07-02 98304]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-10-06 419112]
"Acer Assist Launcher"="c:\program files (x86)\Acer\Acer Assist\launcher.exe" [2007-11-19 1261568]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-04 218408]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2008-05-27 413696]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AmazonGSDownloaderTray"="c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe" [2009-10-23 326144]
"Freecorder FLV Service"="c:\program files (x86)\Freecorder\FLVSrvc.exe" [2010-06-26 167936]
"BrStsMon00"="c:\program files (x86)\Browny02\Brother\BrStMonW.exe" [2010-06-10 2621440]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2009-12-27 113664]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate1ca7e43895d74bb;Google Update Service (gupdate1ca7e43895d74bb);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 133104]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2009-09-02 225280]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 SwitchBoard;Adobe SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-03-30 1255736]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464]
S2 Amazon Download Agent;Amazon Download Agent;c:\program files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2009-10-23 401920]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-07-02 203264]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S2 UsbService;Eltima Usb to Ethernet Connector;c:\program files (x86)\ASUS\Printer Utilities\UsbService64.exe [2009-05-05 326656]
S3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe [2010-01-25 245760]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2009-02-13 292864]
S3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2009-06-20 317480]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-04-03 34872]
S3 vuhub;Virtual Usb Hub;c:\windows\system32\DRIVERS\vuhub.sys [2007-12-17 47616]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 11:32]
.
2013-01-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 11:32]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054
uLocal Page = c:\windows\system32\blank.htm
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
SafeBoot-mcmscsvc
SafeBoot-MCODS
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{1392B8D2-5C05-419F-A8F6-B9F15A596612} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
.
**************************************************************************
.
Completion time: 2013-01-06 08:57:32 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-06 13:57
.
Pre-Run: 165,295,280,128 bytes free
Post-Run: 168,034,500,608 bytes free
.
- - End Of File - - 3BEC27F20B355BFB40A455644BA47099
-
I got 0 detections after the 3rd scan........
Malwarebytes Anti-Rootkit 1.01.0.1011
www.malwarebytes.org
Database version: v2013.01.04.01
Windows 7 x64 NTFS
Internet Explorer 9.0.8112.16421
Christine :: CHRISTINE-PC [administrator]
1/4/2013 7:11:04 AM
mbar-log-2013-01-04 (07-11-04).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 31812
Time elapsed: 32 minute(s), 28 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_35
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, E:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 4024811520, free: 2763059200
------------ Kernel report ------------
01/03/2013 21:03:25
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\vuhub.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\CAXHWAZL.sys
\SystemRoot\system32\DRIVERS\CAX_DPV.sys
\SystemRoot\system32\DRIVERS\CAX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio64.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\DRIVERS\wdcsam64.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\advapi32.dll
\Windows\System32\msctf.dll
\Windows\System32\urlmon.dll
\Windows\System32\gdi32.dll
\Windows\System32\ole32.dll
\Windows\System32\imm32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\user32.dll
\Windows\System32\iertutil.dll
\Windows\System32\Wldap32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\psapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\shell32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\nsi.dll
\Windows\System32\difxapi.dll
\Windows\System32\msvcrt.dll
\Windows\System32\comdlg32.dll
\Windows\System32\lpk.dll
\Windows\System32\kernel32.dll
\Windows\System32\setupapi.dll
\Windows\System32\wininet.dll
\Windows\System32\shlwapi.dll
\Windows\System32\sechost.dll
\Windows\System32\normaliz.dll
\Windows\System32\crypt32.dll
\Windows\System32\wintrust.dll
\Windows\System32\KernelBase.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\devobj.dll
\Windows\System32\comctl32.dll
\Windows\System32\msasn1.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR3
Upper Device Object: 0xfffffa8005b86570
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000008c\
Lower Device Object: 0xfffffa8005dd7b60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
DriverEntry returned 0x0
Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80049f1060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa800494a060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
No address found
Downloaded database version: v2013.01.04.01
Downloaded database version: v2012.12.27.02
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80049f1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80049f04f0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80049f1060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800494a060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a00d5ec070, 0xfffffa80049f1060, 0xfffffa800717e150
Lower DeviceData: 0xfffff8a01235bd40, 0xfffffa800494a060, 0xfffffa8004f34850
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2EB82EB7
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 24576000
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 24578048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 24782848 Numsec = 600357552
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Physical Sector Size: 512
Drive: 1, DevicePointer: 0xfffffa8005b86570, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80063f33a0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8005b86570, DeviceName: \Device\Harddisk1\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8007752c00, DeviceName: Unknown, DriverName: \Driver\usbfilter\
DevicePointer: 0xfffffa8005dd7b60, DeviceName: \Device\0000008c\, DriverName: \Driver\USBSTOR\
------------ End ----------
Upper DeviceData: 0xfffff8a00fbf6c20, 0xfffffa8005b86570, 0xfffffa8003d3e340
Lower DeviceData: 0xfffff8a00cbf85d0, 0xfffffa8005dd7b60, 0xfffffa8003fc2cc0
Drive 1
Scanning MBR on drive 1...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 521AB
Partition information:
Partition 0 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 976705536
Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 500074283008 bytes
Sector size: 512 bytes
Done!
Performing system, memory and registry scan...
Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\@ --> [Trojan.Siredef.C]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} --> [Hijack.Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\U --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\U\00000008.@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\L --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\L\00000004.@ --> [Trojan.Siredef.C]
Infected: C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4 --> [Trojan.Siredef.C]
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9}\INPROCSERVER32| --> [Trojan.0Access]
Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_35
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 4024811520, free: 3094081536
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_35
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 4024811520, free: 2777108480
------------ Kernel report ------------
01/03/2013 21:41:04
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\vuhub.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\CAXHWAZL.sys
\SystemRoot\system32\DRIVERS\CAX_DPV.sys
\SystemRoot\system32\DRIVERS\CAX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio64.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\urlmon.dll
\Windows\System32\usp10.dll
\Windows\System32\ole32.dll
\Windows\System32\msctf.dll
\Windows\System32\comdlg32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\lpk.dll
\Windows\System32\user32.dll
\Windows\System32\gdi32.dll
\Windows\System32\shell32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\psapi.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\kernel32.dll
\Windows\System32\sechost.dll
\Windows\System32\imagehlp.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\normaliz.dll
\Windows\System32\advapi32.dll
\Windows\System32\nsi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\iertutil.dll
\Windows\System32\difxapi.dll
\Windows\System32\wininet.dll
\Windows\System32\KernelBase.dll
\Windows\System32\devobj.dll
\Windows\System32\wintrust.dll
\Windows\System32\cfgmgr32.dll
\Windows\System32\comctl32.dll
\Windows\System32\crypt32.dll
\Windows\System32\msasn1.dll
\Windows\SysWOW64\normaliz.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004af2060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004a60060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004af2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004af2b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004af2060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004a60060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a00cd47a70, 0xfffffa8004af2060, 0xfffffa80040ac790
Lower DeviceData: 0xfffff8a00cd0a0a0, 0xfffffa8004a60060, 0xfffffa80040a6a40
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2EB82EB7
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 24576000
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 24578048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 24782848 Numsec = 600357552
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Infected: HKCU\SOFTWARE\CLASSES\CLSID\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} --> [Hijack.Trojan.Siredef.C]
Done!
Scan finished
Creating System Restore point...
Could not create restore point...
Scheduling clean up...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Removal successful. No system shutdown is required.
=======================================
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_35
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 4024811520, free: 3082440704
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1011
© Malwarebytes Corporation 2011-2012
OS version: 6.1.7600 Windows 7 x64
Account is Administrative
Internet Explorer version: 9.0.8112.16421
Java version: 1.6.0_35
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED
CPU speed: 2.100000 GHz
Memory total: 4024811520, free: 2811183104
------------ Kernel report ------------
01/04/2013 06:38:24
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_AuthenticAMD.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\DRIVERS\ACPI.sys
\SystemRoot\system32\DRIVERS\WMILIB.SYS
\SystemRoot\system32\DRIVERS\msisadrv.sys
\SystemRoot\system32\DRIVERS\pci.sys
\SystemRoot\system32\DRIVERS\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\DRIVERS\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\atapi.sys
\SystemRoot\system32\DRIVERS\ataport.SYS
\SystemRoot\system32\DRIVERS\msahci.sys
\SystemRoot\system32\DRIVERS\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\AtiPcie.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\amdppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\k57nd60a.sys
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\SysWOW64\drivers\Afc.sys
\??\C:\Windows\system32\drivers\UBHelper.sys
\??\C:\Windows\system32\drivers\NTIDrvr.sys
\SystemRoot\system32\DRIVERS\usbohci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\usbfilter.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\vuhub.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\DRIVERS\CAXHWAZL.sys
\SystemRoot\system32\DRIVERS\CAX_DPV.sys
\SystemRoot\system32\DRIVERS\CAX_CNXT.sys
\SystemRoot\system32\drivers\modem.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\system32\DRIVERS\cdfs.sys
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\DRIVERS\mdmxsdk.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\DRIVERS\XAudio64.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\usp10.dll
\Windows\System32\imm32.dll
\Windows\System32\setupapi.dll
\Windows\System32\difxapi.dll
\Windows\System32\clbcatq.dll
\Windows\System32\normaliz.dll
\Windows\System32\kernel32.dll
\Windows\System32\msvcrt.dll
\Windows\System32\ole32.dll
\Windows\System32\psapi.dll
\Windows\System32\shell32.dll
\Windows\System32\lpk.dll
\Windows\System32\rpcrt4.dll
\Windows\System32\msctf.dll
\Windows\System32\sechost.dll
\Windows\System32\iertutil.dll
\Windows\System32\nsi.dll
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\oleaut32.dll
\Windows\System32\ws2_32.dll
\Windows\System32\advapi32.dll
\Windows\System32\shlwapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\imagehlp.dll
\Windows\System32\comdlg32.dll
\Windows\System32\Wldap32.dll
\Windows\System32\wininet.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa80046a4060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa80045b9060
Lower Device Driver Name: \Driver\atapi\
Driver name found: atapi
DriverEntry returned 0x0
Function returned 0x0
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa80046a4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa80046a34b0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa80046a4060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80045b9060, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Upper DeviceData: 0xfffff8a00b263e40, 0xfffffa80046a4060, 0xfffffa8003f4a090
Lower DeviceData: 0xfffff8a00b23f7c0, 0xfffffa80045b9060, 0xfffffa80060c1bf0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 2EB82EB7
Partition information:
Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 24576000
Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 24578048 Numsec = 204800
Partition file system is NTFS
Partition is bootable
Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 24782848 Numsec = 600357552
Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0
Disk Size: 320072933376 bytes
Sector size: 512 bytes
Scanning physical sectors of unpartitioned space on drive 0 (1-2047-625122448-625142448)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================
-
Ok, i did all those steps.
Here is the "report" from roguekiller
RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/
Operating System : Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User : Christine [Admin rights]
Mode : Scan -- Date : 01/02/2013 19:41:38
¤¤¤ Bad processes : 0 ¤¤¤
¤¤¤ Registry Entries : 3 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\n.) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\@ --> FOUND
[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\U --> FOUND
[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-646108637-2639031923-3176591568-1000\$dd47882f5df07edb308ce1632dd204f4\L --> FOUND
¤¤¤ Driver : [NOT LOADED] ¤¤¤
¤¤¤ Infection : ZeroAccess ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 adobe.activate.com
127.0.0.1 adobeereg.com
127.0.0.1 www.adobeereg.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 125.252.224.90
127.0.0.1 125.252.224.91
[...]
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD3200BEVT-22ZCT0 ATA Device +++++
--- User ---
[MBR] d61bfa0b1c2e4d00e6142a2880d72b36
[bSP] 7102643fe513f193f096c3432feaadf3 : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 12000 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 24578048 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 24782848 | Size: 293143 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1]_S_01022013_02d1941.txt >>
RKreport[1]_S_01022013_02d1941.txt
-
Hi. When I run the malware scan I get a bunch of infection detections. The seem to include trojan in the names and dont seem consistant. I am also noticing i am locked out of various system tools like system restore and firewall settings. I am having plenty of trouble with other things too. Anyway, here are some logs!
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 1.6.0_35
Run by Christine at 20:10:33 on 2013-01-01
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1033.18.3838.2181 [GMT -5:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k HsfXAudioService
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
C:\Program Files (x86)\Freecorder\FLVSrvc.exe
C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe
C:\Windows\system32\msiexec.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\Browny02\BrYNSvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\consent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054
uDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054
mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
uURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
mURLSearchHooks: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
mWinlogon: Userinit = userinit.exe,
BHO: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: uTorrentBar Toolbar: {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Freecorder Toolbar: {1392B8D2-5C05-419F-A8F6-B9F15A596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\tbuTor.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll
TB: Freecorder Toolbar: {1392b8d2-5c05-419f-a8f6-b9f15a596612} - C:\Program Files (x86)\Freecorder\tbFree.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
uRun: [NortonOnlineBackupReminder] "C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
uRun: [steam] "C:\Program Files (x86)\Steam\Steam.exe" -silent
uRun: [AdobeBridge] <no file>
mRun: [backupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [EgisTecLiveUpdate] "C:\Program Files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [ArcadeDeluxeAgent] "C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe"
mRun: [Acer Assist Launcher] C:\Program Files (x86)\Acer\Acer Assist\launcher.exe
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
mRun: [updatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
mRun: [Freecorder FLV Service] "C:\Program Files (x86)\Freecorder\FLVSrvc.exe" /run
mRun: [brStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\ADOBEG~1.LNK - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MICROS~1.LNK - C:\Program Files (x86)\Microsoft Office\Office\OSA9.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{13A4A21A-A744-4877-BE1F-D44BDBDBED54} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\14355535 : DHCPNameServer = 192.168.1.1 209.18.47.62
TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\25E20205E2027596D26496 : DHCPNameServer = 192.168.254.254
TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\54E414027457563747 : DHCPNameServer = 216.171.180.243 151.202.0.85 216.171.184.243
TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\A62727279607 : DHCPNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{6DA7358B-3ABA-436A-A1E9-7AF4C72D1B03}\C696E6B6379737 : DHCPNameServer = 213.109.65.28 213.109.72.203 1.1.1.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054
x64-mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_5536&r=27361209c216l0308z1k5t4871r054
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
x64-Run: [synTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Freecorder Customized Web Search
FF - prefs.js: browser.startup.homepage - www.google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
FF - component: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components\RadioWMPCoreGecko19.dll
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\ProgramData\NexonUS\NGM\npNxGameUS.dll
FF - plugin: C:\Users\Christine\AppData\Roaming\Move Networks\plugins\npqmp071503000010.dll
FF - plugin: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
FF - plugin: C:\Windows\SysWOW64\npdeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-2 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-2 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-2 60464]
R2 Amazon Download Agent;Amazon Download Agent;C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe [2011-2-13 401920]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2009-10-26 203264]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2009-10-26 844320]
R2 Greg_Service;GRegService;C:\Program Files (x86)\Acer\Registration\GregHSRW.exe [2009-6-4 1150496]
R2 HsfXAudioService;HsfXAudioService;C:\Windows\System32\svchost.exe -k HsfXAudioService [2009-7-13 27136]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-1 398184]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-1 682344]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe [2009-8-7 311592]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-8-20 62720]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2009-8-22 240160]
R2 UsbService;Eltima Usb to Ethernet Connector;C:\Program Files (x86)\ASUS\Printer Utilities\UsbService64.exe [2010-6-2 326656]
R3 BrYNSvc;BrYNSvc;C:\Program Files (x86)\Browny02\BrYNSvc.exe [2012-10-1 245760]
R3 CAXHWAZL;CAXHWAZL;C:\Windows\System32\drivers\CAXHWAZL.sys [2009-10-26 292864]
R3 k57nd60a;Broadcom NetLink Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2009-6-20 317480]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-1 24176]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2009-10-26 34872]
R3 vuhub;Virtual Usb Hub;C:\Windows\System32\drivers\vuhub.sys [2010-6-2 47616]
R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate1ca7e43895d74bb;Google Update Service (gupdate1ca7e43895d74bb);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2009-12-16 133104]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-1-15 227232]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2009-10-26 225280]
S3 SrvHsfHDA;SrvHsfHDA;C:\Windows\System32\drivers\VSTAZL6.SYS [2009-7-13 292864]
S3 SrvHsfV92;SrvHsfV92;C:\Windows\System32\drivers\VSTDPV6.SYS [2009-7-13 1485312]
S3 SrvHsfWinac;SrvHsfWinac;C:\Windows\System32\drivers\VSTCNXT6.SYS [2009-7-13 740864]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-3-30 1255736]
.
=============== File Associations ===============
.
ShellExec: PortraitProfessional.exe: open="C:\Program Files (x86)\Portrait Professional Studio 9\PortraitProfessionalStudio.exe" /P "%1"
.
=============== Created Last 30 ================
.
2013-01-01 23:20:54 -------- d-----w- C:\Users\Christine\AppData\Roaming\Malwarebytes
2013-01-01 23:20:44 -------- d-----w- C:\ProgramData\Malwarebytes
2013-01-01 23:20:43 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-01-01 23:20:43 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-30 13:34:23 15712 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\612ae5ed1cde69222\MeshBetaRemover.exe
2012-12-30 13:33:10 -------- d-----w- C:\Users\Christine\AppData\Local\Windows Live
2012-12-30 13:03:08 -------- d-----w- C:\Windows\System32\SPReview
2012-12-30 13:00:03 -------- d-----w- C:\Windows\System32\EventProviders
2012-12-30 12:59:56 -------- d-----w- C:\c64f695e382cea0e1608554a9e787d
2012-12-30 12:58:33 73696 ----a-w- C:\Program Files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-12-30 12:58:29 96224 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapprt-stub.exe
2012-12-30 12:58:29 157272 ----a-w- C:\Program Files (x86)\Mozilla Firefox\webapp-uninstaller.exe
2012-12-28 10:20:57 9125352 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FA649C17-5065-4EC3-9110-97987310ECE2}\mpengine.dll
2012-12-28 08:28:25 325032 ----a-w- C:\Users\Christine\501607876.exe
2012-12-21 21:11:20 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-21 21:11:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-21 21:11:18 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-21 21:11:18 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-13 00:45:57 425984 ----a-w- C:\Windows\System32\KernelBase.dll
2012-12-13 00:37:37 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-12-13 00:37:37 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-12-13 00:31:47 3147264 ----a-w- C:\Windows\System32\win32k.sys
2012-12-13 00:30:56 295792 ----a-w- C:\Windows\System32\drivers\volsnap.sys
2012-12-13 00:03:05 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-13 00:03:05 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
.
==================== Find3M ====================
.
2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-10-16 21:20:49 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 21:20:46 347648 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 20:34:37 559104 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-11 01:24:09 477168 ----a-w- C:\Windows\SysWow64\npdeployJava1.dll
2012-10-11 01:24:09 473072 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-04 17:38:56 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:38:56 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:38:56 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:38:24 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:35:22 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 16:54:18 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:54:17 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:19:57 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:49:27 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:49:24 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:49:22 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:49:22 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:44:29 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:44:29 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:44:29 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:44:29 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 20:14:14.30 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 12/15/2009 8:27:51 PM
System Uptime: 1/1/2013 8:04:32 PM (0 hours ago)
.
Motherboard: Acer | | JV50PU
Processor: AMD Athlon X2 Dual-Core QL-65 | Socket S1G2 | 2100/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 286 GiB total, 157.162 GiB free.
D: is CDROM (CDFS)
E: is FIXED (NTFS) - 466 GiB total, 120.792 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
No restore point in system.
.
==== Installed Programs ======================
.
µTorrent
Acer Arcade Deluxe
Acer Assist
Acer Backup Manager
Acer Crystal Eye webcam Ver:1.1.74.216
Acer ePower Management
Acer eRecovery Management
Acer Games
Acer GridVista
Acer Registration
Acer ScreenSaver
Acer Updater
Acrobat.com
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin 64-bit
Adobe Media Player
Adobe Photoshop 7.0
Adobe Photoshop CS5
Adobe Reader 9.3
Amazon Games & Software Downloader
AMD USB Filter Driver
Apple Software Update
ArcSoft MediaImpression for Kodak
ATI Catalyst Install Manager
Backup Manager Basic
Bejeweled 2 Deluxe
BitTorrent
Braid
Broadcom Gigabit NetLink Controller
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Internet Library for ZoomBrowser EX
Canon MOV Decoder
Canon Utilities Digital Photo Professional 3.8
Canon Utilities EOS Utility
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities WFT Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-core-static
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Cogs
Compatibility Pack for the 2007 Office system
Conduit Engine
Coupon Printer for Windows
CutePDF Writer 2.8
CyberLink PhotoNow
CyberLink PowerDirector
Darkspore™
Digital Photo Software FotoMix 8.0
DVDFab 8.1.5.9 (20/01/2012) Qt
eBay Worldwide
Freecorder
Freecorder Toolbar
Google Chrome
Google Toolbar for Internet Explorer
Google Update Helper
H&R Block New York 2010
H&R Block New York 2011
H&R Block Premium + Efile + State 2010
H&R Block Premium + Efile + State 2011
HDAUDIO Soft Data Fax Modem with SmartCP
HL-2270DW
Identity Card
Java Auto Updater
Java 6 Update 35
Junk Mail filter update
Malwarebytes Anti-Malware version 1.70.0.1100
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Office 2000 Professional
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Suite Activation Assistant
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Move Media Player
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MyWinLocker
Norton Online Backup
NTI Media Maker 8
PDF Settings CS5
Pocket RAR documentation
Portrait Professional Studio 9.0
QuickTime
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Skype Click to Call
Skype™ 6.0
Steam
Synaptics Pointing Device Driver
System Requirements Lab
Torchlight
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
uTorrentBar Toolbar
VLC media player 1.1.8
Welcome Center
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Mail
Windows Live Messenger
Windows Live Movie Maker
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
WinRAR archiver
Wondershare Scrapbook Studio(Build 2.0.0.36)
World of Goo
Zuma Deluxe
.
==== Event Viewer Messages From Past Week ========
.
12/31/2012 1:03:45 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the IPBusEnum service.
12/30/2012 5:42:45 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Steam Client Service service to connect.
12/30/2012 5:42:45 PM, Error: Service Control Manager [7000] - The Steam Client Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/30/2012 4:42:59 PM, Error: Microsoft-Windows-WindowsUpdateClient [20] - Installation Failure: Windows failed to install the following update with error 0x80242016: Update for Windows 7 for x64-based Systems (KB976422).
12/30/2012 4:30:43 PM, Error: Service Control Manager [7023] - The Windows Update service terminated with the following error: %%-2147467243
12/25/2012 1:49:09 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
1/1/2013 8:06:03 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {C97FCC79-E628-407D-AE68-A06AD6D8B4D1} and APPID {344ED43D-D086-4961-86A6-1106F4ACAD9B} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
1/1/2013 8:06:00 PM, Error: Service Control Manager [7024] - The HomeGroup Listener service terminated with service-specific error %%-2147023143.
1/1/2013 8:05:56 PM, Error: Microsoft-Windows-WMPNSS-Service [14332] - Service 'WMPNetworkSvc' did not start correctly because CoCreateInstance(CLSID_UPnPDeviceFinder) encountered error '0x80004005'. Verify that the UPnPHost service is running and that the UPnPHost component of Windows is installed properly.
1/1/2013 8:05:06 PM, Error: Service Control Manager [7023] - The IP Helper service terminated with the following error: The specified module could not be found.
1/1/2013 7:56:17 PM, Error: Service Control Manager [7001] - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 7:55:07 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
1/1/2013 7:54:53 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
1/1/2013 7:54:37 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
1/1/2013 7:54:25 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
1/1/2013 7:54:17 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD DfsC discache mwlPSDFilter mwlPSDNServ mwlPSDVDisk NetBIOS NetBT nsiproxy Psched rdbss spldr Tcpip tdx vwififlt Wanarpv6 WfpLwf
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The TCP/IP Registry Compatibility service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the TCP/IP Protocol Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
1/1/2013 7:54:16 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
.
==== End Of File ===========================
Trojan Infection?
in Resolved Malware Removal Logs
Posted
Deleted:
# AdwCleaner v2.105 - Logfile created 01/12/2013 at 08:25:59
# Updated 08/01/2013 by Xplode
# Operating system : Windows 7 Home Premium (64 bits)
# User : Christine - CHRISTINE-PC
# Boot Mode : Normal
# Running from : C:\Users\Christine\Downloads\adwcleaner.exe
# Option [Delete]
***** [services] *****
***** [Files / Folders] *****
File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\searchplugins\Conduit.xml
Folder Deleted : C:\Program Files (x86)\AppGraffiti
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Freecorder
Folder Deleted : C:\Program Files (x86)\Inbox Toolbar
Folder Deleted : C:\Program Files (x86)\RebateInformer
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\24x7 Help
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RebateInformer
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Users\Christine\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Christine\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Christine\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Christine\AppData\LocalLow\Freecorder
Folder Deleted : C:\Users\Christine\AppData\LocalLow\Inbox Toolbar
Folder Deleted : C:\Users\Christine\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Christine\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freecorder
Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Conduit
Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\ConduitCommon
Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT1060933
Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\CT2786678
Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\AppGraffiti@AppGraffiti.com
Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\inboxcomtoolbar@inbox.com
Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\Inbox Toolbar
Folder Deleted : C:\Users\Christine\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\Freecorder
***** [Registry] *****
Key Deleted : HKCU\Software\AppDataLow\Software\Freecorder
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7C723818-7C90-4B95-AC60-30CAC92FAD51}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C723818-7C90-4B95-AC60-30CAC92FAD51}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7C723818-7C90-4B95-AC60-30CAC92FAD51}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0DFA453-9F4D-41EC-8E43-518A8FD7C749}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
***** [internet Browsers] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Registry is clean.
-\\ Mozilla Firefox v17.0.1 (en-US)
File : C:\Users\Christine\AppData\Roaming\Mozilla\Firefox\Profiles\j694z97g.default\prefs.js
Deleted : user_pref("CT1060933..clientLogIsEnabled", false);
Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_1000515", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Deleted : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Deleted : user_pref("CT1060933.CommunityChanged", true);
Deleted : user_pref("CT1060933.CurrentServerDate", "6-1-2013");
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:34 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern [...]
Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.FirstServerDate", "5-10-2011");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.FixPageNotFoundErrors", true);
Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1060933.InstalledDate", "Tue Oct 04 2011 19:26:00 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsMulticommunity", true);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1060933.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:07 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.12.2.3", "Wed May 16 2012 10:36:40 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:28 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.14.1.0", "Sat Sep 22 2012 11:37:16 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:14 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.16.0.100", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern Standard Tim[...]
Deleted : user_pref("CT1060933.LastLogin_3.16.0.3", "Mon Dec 31 2012 18:15:36 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT1060933.LatestVersion", "3.16.0.100");
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Sat Oct 08 2011 07:45:47 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504191");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Deleted : user_pref("CT1060933.RadioStationName", "KFOG");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Deleted : user_pref("CT1060933.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1060933.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Wed Jan 09 2013 11:51:25 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Sat Jan 05 2013 23:36:33 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:19 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1357414822");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Tue Oct 04 2011 19:25:43 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Deleted : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT1060933.UserID", "UN90270965459433799");
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423");
Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C6B6F6C756F6F6F");
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473727175727B757575242F4B4947[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "6A3F703E706B716D7A4448794A207779767B254D5221222A21[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E424[...]
Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484779213F3E484F4E4D464[...]
Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6E673E3C734072747A777644477A7D764E7E212152");
Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6B6F6C756F6F6F777775");
Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D70706F7674747977722A7978727875757C78");
Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT1060933.backendstorage.cbfirsttime", "53756E204A616E20303620323031332030383A35393A34372[...]
Deleted : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30");
Deleted : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F67656E6572616C2D6368616E67656C6[...]
Deleted : user_pref("CT1060933.components.1000515", true);
Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 08:09:15 GMT-0400 (Eastern [...]
Deleted : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.initDone", true);
Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1060933.myStuffEnabled", true);
Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1060933.revertSettingsEnabled", false);
Deleted : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Tue Oct 04 2011 19:25:46 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1060933.usagesFlag", 2);
Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Mon Oct 10 2011 00:29:54 GMT-0400 (Eastern Daylight[...]
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2786678.CurrentServerDate", "6-1-2013");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sat Jan 05 2013 23:36:41 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sun May 15 2011 06:30:20 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sun May 15 2011 06:30:19 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Fri Oct 07 2011 16:38:44 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Fri Oct 07 2011 16:38:46 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Fri Oct 07 2011 16:38:45 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "28-4-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingInvalidateCache", false);
Deleted : user_pref("CT2786678.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2786678.InvalidateCache", false);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.12.0.7", "Thu Apr 26 2012 21:25:06 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.12.2.3", "Wed May 16 2012 16:57:34 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Sun Jul 15 2012 16:12:29 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Fri Sep 21 2012 23:26:10 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.15.1.0", "Fri Nov 02 2012 16:23:15 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.16.0.3", "Wed Jan 09 2013 11:51:25 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Fri Oct 07 2011 16:38:43 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.RadioLastCheckTime", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Fri Jan 11 2013 18:25:20 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Jan 09 2013 11:51:25 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sun Jan 06 2013 08:59:20 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1357395074");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Sep 25 2011 11:04:19 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN86584854537217434");
Deleted : user_pref("CT2786678.ValidationData_Search", 2);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Oct 07 2011 17:36:00 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "F");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.backendstorage.cbcountry_001", "5553");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "5468752053657020323920323031312031393A31363A31362[...]
Deleted : user_pref("CT2786678.backendstorage.cbopenmamsettings", "30");
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E676F6F676C652E636F6D2F75726[...]
Deleted : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F67656E6572616C2D6368616E67656C6[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333137393530313138393031");
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon Oct 10 2011 20:39:49 GMT-0400 (Eastern [...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", false);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Jan 08 2013 21:06:31 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Wed Apr 27 2011 18:17:11 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT1060933");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"1-20877[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.2.1[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.2.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63453159798933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"52a[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/gadget/video.html", "833x232")[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678,CT1060933");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Wed Apr 27 2011 18:17:10 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Dec 03 2011 14:36:20 GMT-0500 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Dec 03 2011 14:36:12 GMT-0500 (Eastern S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "6fb688c5-3ebb-4f62-b5f4-c4753dffedc3");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Oct 09 2011 10:01:20 GMT-0400 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "1d9a9ef2-3b0a-49c6-866f-f82eb0a529bb");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT1060933");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("browser.search.defaultthis.engineName", "Freecorder Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&Sea[...]
Deleted : user_pref("browser.search.selectedEngine", "Freecorder Customized Web Search");
Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1060933&q=");
-\\ Google Chrome v23.0.1271.97
File : C:\Users\Christine\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [32297 octets] - [08/01/2013 21:08:28]
AdwCleaner[s1].txt - [38361 octets] - [12/01/2013 08:25:59]
########## EOF - C:\AdwCleaner[s1].txt - [38422 octets] ##########