MB found Trojans and Now I am having DNS issues

[DougsB4U]

Hi Team,

Hoping I can get your help. I noticed an infection on March 4th and ran both MB and my antivirus. The both found something and I've attached the logs from MB and also a screenshot of what my AV found and treated. Both would not update after and I can not hit the internet with any browser. Ran troubleshooter and it's saying its a DNS issue. I ran HJT and also attached the logs for your information. Any help after perusing the logs would be deeply appreciated. Thanks.

hijackthis.log

protection-log-2013-03-04.txt

protection-log-2013-03-05.txt

[Maurice Naggar]

Hello Doug,

We do not use HijackThis as an initial report tool. Also the version you have is old & obsolete.

Uninstall Hijackthis from your system.

Then

Download DDS and save it to your desktop from http://download.bleepingcomputer.com/sUBs/dds.com here

or http://download.bleepingcomputer.com/sUBs/dds.scr or

http://www.infospyware.net/sUBs/dds

Disable any script blocker if your antivirus/antimalware has it.

On Vista/ Windows 7/ Windows 8 do a RIGHT-click on dds and select Run As Administrator

On Windows XP double click dds to run the tool.

DDS will run in a command prompt window and will take 3 to 4 minutes or so.

Follow and answer the prompts as appropriate.

• When done, DDS will open two (2) logs:
• DDS.txt
• Attach.txt
• Save both reports to your desktop.

Please Copy & Paste contents of the following logs in your next reply:
DDS.txt
Attach.txt
Download Security Check by screen317 from here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

[DougsB4U]

Thanks in advance for the help Maurice. Per your instructions, results from DDS and Security Check are listed below:

DDS.txt:

DDS (Ver_2012-11-20.01) - NTFS_AMD64

Internet Explorer: 9.0.8112.16464

Run by Doug at 8:08:28 on 2013-03-12

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.5244 [GMT -4:00]

.

AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

.

============== Running Processes ===============

.

C:\Windows\system32\lsm.exe

C:\Windows\system32\svchost.exe -k DcomLaunch

C:\Windows\system32\svchost.exe -k RPCSS

C:\Windows\system32\atiesrxx.exe

C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted

C:\Windows\system32\svchost.exe -k netsvcs

C:\Windows\system32\svchost.exe -k GPSvcGroup

C:\Windows\system32\svchost.exe -k LocalService

C:\Windows\system32\atieclxx.exe

C:\Windows\system32\svchost.exe -k NetworkService

C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe

C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe

C:\Windows\System32\spoolsv.exe

C:\Program Files (x86)\APC\PowerChute Personal Edition\mainserv.exe

C:\Program Files (x86)\Paragon Software\HFS+ for Windows 8.0\apmwinsrv.exe

C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

C:\ProgramData\WebEx\WebEx\319\atnthost.exe

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Windows\System32\svchost.exe -k LocalServiceNoNetwork

C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation

C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe

C:\ProgramData\WebEx\WebEx\319\RAAGTAPP.EXE

C:\Windows\SysWOW64\svchost.exe -k hpdevmgmt

C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe

C:\Windows\System32\svchost.exe -k HPZ12

C:\Windows\SysWOW64\PnkBstrA.exe

C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE

C:\Windows\system32\svchost.exe -k imgsvc

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe

C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe

C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe

C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe

C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

C:\Windows\system32\taskhost.exe

C:\Program Files\CheckPoint\ZAForceField\ForceField.exe

C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

C:\PROGRA~3\WebEx\WebEx\319\RaPanel.exe

C:\Windows\system32\Dwm.exe

C:\Windows\Explorer.EXE

C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe

C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

C:\Windows\system32\taskeng.exe

C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe

C:\Program Files (x86)\ASUS\AASP\1.00.81\aaCenter.exe

C:\Program Files (x86)\ASUS\AI Direct Link\AsCmd.exe

C:\Program Files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe

C:\Program Files (x86)\ASUS\AI Direct Link\AsShare.exe

C:\Program Files\360Amigo\360Amigo.exe

C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe

C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe

C:\Program Files (x86)\n52te\razerhid.exe

C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe

C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe

C:\Users\Doug\AppData\Roaming\Dropbox\bin\Dropbox.exe

C:\Program Files (x86)\APC\PowerChute Personal Edition\apcsystray.exe

C:\Program Files (x86)\Sony\Content Manager Assistant\CMAWatcher.exe

C:\Program Files (x86)\iTunes\iTunesHelper.exe

C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

C:\Program Files\Windows Media Player\wmpnetwk.exe

C:\Windows\system32\prevhost.exe

C:\Program Files\Microsoft Office 15\ClientX64\AppVShNotify.exe

C:\Program Files\Microsoft Office 15\root\office15\OUTLOOK.EXE

C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE

C:\Windows\system32\SearchIndexer.exe

C:\Program Files\Microsoft Office 15\Root\Office15\WINWORD.EXE

C:\Windows\sysWow64\SearchProtocolHost.exe

C:\Windows\system32\wbem\wmiprvse.exe

C:\Windows\System32\WUDFHost.exe

C:\Windows\system32\SearchProtocolHost.exe

C:\Windows\system32\SearchFilterHost.exe

C:\Windows\System32\cscript.exe

.

============== Pseudo HJT Report ===============

.

uStart Page = hxxp://www.google.com/

mURLSearchHooks: ZoneAlarm Security Suite Toolbar: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll

mWinlogon: Userinit = userinit.exe,

BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

BHO: Coupon Companion: {11111111-1111-1111-1111-110011441193} - C:\Program Files (x86)\Coupon Companion\Coupon Companion.dll

BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll

BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll

BHO: ZoneAlarm Security Suite Toolbar: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll

BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

BHO: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

BHO: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>

BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL

BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\office15\GROOVEEX.DLL

BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -

BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll

BHO: HP Smart BHO Class: {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: ZoneAlarm Security Suite Toolbar: {3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll

TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\yt.dll

TB: WebEx Productivity Tools: {90E2BA2E-DD1B-4cde-9134-7A8B86D33CA7} - C:\Program Files (x86)\WebEx\Productivity Tools\ptonecli.dll

TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -

TB: Search Toolbar: {9D425283-D487-4337-BAB6-AB8354A81457} - LocalServer32 - <no file>

TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll

TB: ZoneAlarm Security Suite Toolbar: {3ce45c4f-bfff-4988-9a3c-a75c1f491319} - C:\Program Files (x86)\ZoneAlarm_Security_Suite\prxtbZone.dll

TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll

EB: MasterCook Bar: {C92041C1-6D22-4069-BA0E-66246AA752B0} - C:\Windows\SysWOW64\shdocvw.dll

uRun: [ehTray.exe] C:\Windows\ehome\ehTray.exe

uRun: [360Amigo] "C:\Program files\360Amigo\360Amigo.exe" -autorun

uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart

uRun: [MobileDocuments] C:\Program Files (x86)\Common Files\Apple\Internet Services\ubd.exe

uRun: [Google Update] "C:\Users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe" /c

mRun: [hpqSRMon] C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe

mRun: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe

mRun: [Jomantha] "C:\Program Files (x86)\n52te\razerhid.exe"

mRun: [QFan Help] "C:\Program Files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe"

mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"

mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"

mRun: [AppleSyncNotifier] C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe

mRun: [Display] C:\Program Files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe

mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"

mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"

mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"

mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime

mRun: [Razer Synapse] "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

mRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun

StartupFolder: C:\Users\Doug\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Doug\AppData\Roaming\Dropbox\bin\Dropbox.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\APCUPS~1.LNK - C:\Program Files (x86)\APC\PowerChute Personal Edition\Display.exe

StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONTEN~1.LNK - C:\Program Files (x86)\Sony\Content Manager Assistant\CMA.exe

uPolicies-Explorer: NoDriveTypeAutoRun = dword:145

mPolicies-Explorer: NoActiveDesktop = dword:1

mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0

mPolicies-System: ConsentPromptBehaviorAdmin = dword:0

mPolicies-System: ConsentPromptBehaviorUser = dword:3

mPolicies-System: EnableLUA = dword:0

mPolicies-System: EnableUIADesktopToggle = dword:0

mPolicies-System: PromptOnSecureDesktop = dword:0

IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: MasterCook: Select Image - C:\Users\Doug\AppData\LocalLow\MasterCook Web Import\MCIEContext.hta

IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll

IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll

IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll

IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\office15\OCHelper.dll

IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll

IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}

IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll

IE: {E6EF5071-7647-4E85-9785-87B6CF5CB561} - {C92041C1-6D22-4069-BA0E-66246AA752B0}

DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} - hxxp://www.musicnotes.com/download/mnviewer.cab

DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.srtest.com/srl_bin/sysreqlab3.cab

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://backoffice.liveviridian.com/Associate/Reserved.ReportViewerWebControl.axd?ReportSession=etu4rfagnkcx0zmlktszw255&ControlID=8455571ca11f4dffbb4847d0da48a968&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

DPF: {680285A8-96D3-43DA-9D3D-51DD987D0B77} - hxxp://www.nero.com/doc/NeroVersionCheckerControl.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {C7DEDA04-2FFF-4B81-AE66-0A0E0EF4AD2F} - hxxp://blacklabimaging.lifepics.com/net/Uploader/LPUploader57.cab

DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab

DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} -

DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://www.creative.com/softwareupdate/su2/ocx/15106/CTPID.cab

TCP: NameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{418A611F-0E3B-481C-8ED6-4527D1E157CE} : DHCPNameServer = 68.87.64.150 68.87.75.198

TCP: Interfaces\{8DE6B9AB-10BB-4FF1-8395-3F7752C45687} : DHCPNameServer = 75.75.75.75 75.75.76.76

TCP: Interfaces\{C7135B2E-AC51-45DA-841C-4000DE37A853} : DHCPNameServer = 75.75.75.75 75.75.76.76 192.168.1.1

TCP: Interfaces\{EBC750BB-7EE7-49EC-84BE-B899B329B869} : DHCPNameServer = 198.224.185.135 198.224.184.135

Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\msosb.dll

Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll

Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll

Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll

Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll

SSODL: WebCheck - <orphaned>

x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL

x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll

x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll

x64-Run: [iSW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"

x64-Run: [soundMax] "C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe" /tray

x64-Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe

x64-Run: [saiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe

x64-Run: [intelliType Pro] "C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe"

x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll

x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll

x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll

x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab

x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>

x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll

x64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>

x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>

x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>

x64-Notify: GoToAssist - C:\Program Files (x86)\Citrix\GoToAssist\516\G2AWinLogon_x64.dll

x64-SSODL: WebCheck - <orphaned>

.

================= FIREFOX ===================

.

FF - ProfilePath - C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z178&ocid=zdhp&install_date=20111229

FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=

FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.116.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll

FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll

FF - plugin: C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll

FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll

FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll

FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll

FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\npspwrap.dll

FF - plugin: C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll

FF - plugin: C:\Users\Doug\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll

FF - plugin: C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}\plugins\np-mswmp.dll

FF - plugin: C:\Users\Doug\AppData\Roaming\Mozilla\plugins\npatgpc.dll

FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

FF - ExtSQL: 2013-02-02 15:31; crossriderapp4493@crossrider.com; C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\crossriderapp4493@crossrider.com

.

============= SERVICES / DRIVERS ===============

.

R0 apmwin;apmwin;C:\Windows\System32\drivers\apmwin.sys [2012-7-6 51504]

R0 gpt_loader;GUID Partition table support driver;C:\Windows\System32\drivers\gpt_loader.sys [2012-7-6 61232]

R0 mounthlp;Mounter helper driver for HFS+ volumes;C:\Windows\System32\drivers\mounthlp.sys [2012-7-6 46384]

R1 AmgHips;AmgHips;C:\Windows\System32\drivers\AmgHips.sys [2011-11-30 31008]

R1 ElRawDisk;ElRawDisk;C:\Windows\System32\drivers\elrawdsk.sys [2009-5-23 23464]

R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2010-10-14 11864]

R1 OxFWLF;OxFWLF;C:\Windows\System32\drivers\OxFWLF.sys [2011-11-30 24624]

R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-12-19 240640]

R2 APC Data Service;APC Data Service;C:\Program Files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-8-24 21880]

R2 apmwinsrv;Paragon APM service;C:\Program Files (x86)\Paragon Software\HFS+ for Windows 8.0\apmwinsrv.exe [2012-4-4 67376]

R2 atnthost;WebEx Remote Access Agent;C:\ProgramData\WebEx\WebEx\319\atnthost.exe [2010-7-16 21072]

R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-7-6 2304912]

R2 FreeAgentGoFlex Service;Seagate Drive Settings Service;C:\Program Files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-2-10 91432]

R2 HfsplusRec;HfsplusRec;C:\Windows\System32\drivers\hfsplusrec.sys [2012-7-6 16176]

R2 ISWKL;ZoneAlarm Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2009-10-14 33672]

R2 IswSvc;ZoneAlarm Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2009-10-14 827520]

R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-11-24 398184]

R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-11-24 682344]

R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-1-31 1854056]

R3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;C:\Windows\System32\drivers\Apowersoft_AudioDevice.sys [2012-3-22 29288]

R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-11-6 96256]

R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\Windows\System32\drivers\ffusb2audio.sys [2012-12-22 59224]

R3 LVUSBS64;Logitech USB Monitor Filter;C:\Windows\System32\drivers\LVUSBS64.sys [2007-5-11 50208]

R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2010-3-11 24176]

R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-6-10 539240]

R3 rzendpt;rzendpt;C:\Windows\System32\drivers\rzendpt.sys [2012-11-7 22016]

R3 rzudd;Razer Mouse Driver;C:\Windows\System32\drivers\rzudd.sys [2012-11-7 113664]

R3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]

R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\Windows\System32\drivers\yk62x64.sys [2009-9-28 395264]

S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]

S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]

S3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [?]

S3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;"C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe" --> C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [?]

S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-6-21 48488]

S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-3-8 1492840]

S3 Hfsplus;Hfsplus;C:\Windows\System32\drivers\hfsplus.sys [2012-7-6 201008]

S3 JmtFltr;n52te;C:\Windows\System32\drivers\JmtFltr.sys [2008-10-17 46464]

S3 lvpopf64;Logitech POP Suppression Filter;C:\Windows\System32\drivers\lvpopf64.sys [2007-5-11 1361952]

S3 LVUVC64;Logitech QuickCam Pro 5000(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2007-5-11 3612704]

S3 Netaapl;Apple Mobile Device Ethernet Service;C:\Windows\System32\drivers\netaapl64.sys [2011-5-10 22528]

S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-12-14 19456]

S3 SaiK0836;SaiK0836;C:\Windows\System32\drivers\SaiK0836.sys [2010-6-17 172040]

S3 skfiltv;skfiltv;C:\Windows\System32\drivers\skfiltv.sys [2008-9-12 24064]

S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-12-14 57856]

S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]

S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2010-11-28 1255736]

S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe --> C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [?]

S4 atashost;WebEx Service Host for Support Center;C:\Windows\SysWOW64\atashost.exe [2009-5-17 20376]

S4 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-2-28 183560]

S4 FlipShareServer;FlipShare Server;C:\Program Files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-5-6 1085440]

S4 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-13 160944]

S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]

.

=============== Created Last 30 ================

.

2013-03-01 10:14:00 9162192 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{DA3B4D44-1E86-4BE5-B85D-D7409C76372B}\mpengine.dll

2013-02-13 14:54:29 -------- d-----w- C:\Program Files (x86)\AMD AVT

2013-02-13 14:54:18 -------- d-----w- C:\Program Files (x86)\AMD APP

2013-02-13 08:06:17 996352 ----a-w- C:\Program Files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 08:06:17 768000 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 02:39:31 5553512 ----a-w- C:\Windows\System32\ntoskrnl.exe

2013-02-13 02:39:30 3967848 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe

2013-02-13 02:39:30 3913064 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe

2013-02-13 02:39:17 3153408 ----a-w- C:\Windows\System32\win32k.sys

2013-02-13 02:39:15 215040 ----a-w- C:\Windows\System32\winsrv.dll

2013-02-13 02:39:14 7680 ----a-w- C:\Windows\SysWow64\instnm.exe

2013-02-13 02:39:14 5120 ----a-w- C:\Windows\SysWow64\wow32.dll

2013-02-13 02:39:14 25600 ----a-w- C:\Windows\SysWow64\setup16.exe

2013-02-13 02:39:14 2048 ----a-w- C:\Windows\SysWow64\user.exe

2013-02-13 02:39:14 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll

2013-02-13 02:39:11 1913192 ----a-w- C:\Windows\System32\drivers\tcpip.sys

2013-02-13 02:39:10 288088 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS

.

==================== Find3M ====================

.

2013-02-08 10:03:50 829264 ----a-w- C:\Windows\System32\msvcr100.dll

2013-02-08 10:03:50 608080 ----a-w- C:\Windows\System32\msvcp100.dll

2013-01-17 06:28:58 273840 ------w- C:\Windows\System32\MpSigStub.exe

2013-01-09 01:19:09 2312704 ----a-w- C:\Windows\System32\jscript9.dll

2013-01-09 01:12:03 1392128 ----a-w- C:\Windows\System32\wininet.dll

2013-01-09 01:11:06 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl

2013-01-09 01:07:51 173056 ----a-w- C:\Windows\System32\ieUnatt.exe

2013-01-09 01:07:47 599040 ----a-w- C:\Windows\System32\vbscript.dll

2013-01-09 01:04:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb

2013-01-08 22:11:21 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll

2013-01-08 22:03:20 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll

2013-01-08 22:03:12 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl

2013-01-08 21:59:02 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe

2013-01-08 21:58:29 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll

2013-01-08 21:56:23 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb

2013-01-04 04:43:21 44032 ----a-w- C:\Windows\apppatch\acwow64.dll

2012-12-19 20:50:14 5630200 ----a-w- C:\Windows\SysWow64\atiumdag.dll

2012-12-19 20:48:48 11278336 ----a-w- C:\Windows\System32\drivers\atikmdag.sys

2012-12-19 20:45:12 222720 ----a-w- C:\Windows\System32\clinfo.exe

2012-12-19 20:44:48 76288 ----a-w- C:\Windows\System32\OpenVideo64.dll

2012-12-19 20:44:42 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll

2012-12-19 20:44:36 64000 ----a-w- C:\Windows\System32\OVDecode64.dll

2012-12-19 20:44:32 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll

2012-12-19 20:44:20 34518016 ----a-w- C:\Windows\System32\amdocl64.dll

2012-12-19 20:38:48 28732928 ----a-w- C:\Windows\SysWow64\amdocl.dll

2012-12-19 20:34:40 54784 ----a-w- C:\Windows\System32\OpenCL.dll

2012-12-19 20:34:38 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll

2012-12-19 20:29:36 23461376 ----a-w- C:\Windows\System32\atio6axx.dll

2012-12-19 20:22:50 70144 ----a-w- C:\Windows\System32\coinst_9.012.dll

2012-12-19 20:19:46 163840 ----a-w- C:\Windows\System32\atiapfxx.exe

2012-12-19 20:18:04 51200 ----a-w- C:\Windows\System32\aticalrt64.dll

2012-12-19 20:18:02 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll

2012-12-19 20:17:54 44544 ----a-w- C:\Windows\System32\aticalcl64.dll

2012-12-19 20:17:52 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll

2012-12-19 20:17:40 16082944 ----a-w- C:\Windows\System32\aticaldd64.dll

2012-12-19 20:13:24 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll

2012-12-19 20:12:44 18982400 ----a-w- C:\Windows\SysWow64\atioglxx.dll

2012-12-19 20:09:52 960512 ----a-w- C:\Windows\SysWow64\aticfx32.dll

2012-12-19 20:08:04 1151488 ----a-w- C:\Windows\System32\aticfx64.dll

2012-12-19 20:06:00 6681088 ----a-w- C:\Windows\SysWow64\atidxx32.dll

2012-12-19 19:59:44 5087744 ----a-w- C:\Windows\System32\atiumd6a.dll

2012-12-19 19:57:00 442368 ----a-w- C:\Windows\System32\atidemgy.dll

2012-12-19 19:56:46 550912 ----a-w- C:\Windows\System32\atieclxx.exe

2012-12-19 19:56:00 240640 ----a-w- C:\Windows\System32\atiesrxx.exe

2012-12-19 19:54:38 120320 ----a-w- C:\Windows\System32\atitmm64.dll

2012-12-19 19:54:22 21504 ----a-w- C:\Windows\System32\atimuixx.dll

2012-12-19 19:54:18 59392 ----a-w- C:\Windows\System32\atiedu64.dll

2012-12-19 19:54:12 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll

2012-12-19 19:49:00 7370752 ----a-w- C:\Windows\System32\atidxx64.dll

2012-12-19 19:44:28 4162048 ----a-w- C:\Windows\SysWow64\atiumdva.dll

2012-12-19 19:44:12 6786560 ----a-w- C:\Windows\System32\atiumd64.dll

2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\atimpc64.dll

2012-12-19 19:33:50 56320 ----a-w- C:\Windows\System32\amdpcom64.dll

2012-12-19 19:33:42 619008 ----a-w- C:\Windows\System32\atiadlxx.dll

2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll

2012-12-19 19:33:40 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll

2012-12-19 19:33:32 421888 ----a-w- C:\Windows\SysWow64\atiadlxy.dll

2012-12-19 19:33:18 17920 ----a-w- C:\Windows\System32\atig6pxx.dll

2012-12-19 19:33:14 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll

2012-12-19 19:33:14 14848 ----a-w- C:\Windows\System32\atiglpxx.dll

2012-12-19 19:33:10 41984 ----a-w- C:\Windows\System32\atig6txx.dll

2012-12-19 19:33:04 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll

2012-12-19 19:32:54 552960 ----a-w- C:\Windows\System32\drivers\atikmpag.sys

2012-12-19 19:31:14 130048 ----a-w- C:\Windows\System32\atiuxp64.dll

2012-12-19 19:31:08 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll

2012-12-19 19:31:00 104448 ----a-w- C:\Windows\System32\atiu9p64.dll

2012-12-19 19:30:52 83968 ----a-w- C:\Windows\SysWow64\atiu9pag.dll

2012-12-19 19:30:16 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll

2012-12-16 17:11:22 46080 ----a-w- C:\Windows\System32\atmlib.dll

2012-12-16 14:45:03 367616 ----a-w- C:\Windows\System32\atmfd.dll

2012-12-16 14:13:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll

2012-12-16 14:13:20 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll

2012-12-14 21:49:28 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys

.

============= FINISH: 8:09:38.60 ===============

Attach.txt:

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.

IF REQUESTED, ZIP IT UP & ATTACH IT

.

DDS (Ver_2012-11-20.01)

.

Microsoft Windows 7 Ultimate

Boot Device: \Device\HarddiskVolume1

Install Date: 11/27/2010 8:16:25 AM

System Uptime: 3/10/2013 2:24:45 PM (42 hours ago)

.

Motherboard: ASUSTeK Computer INC. | | P5E3 Deluxe

Processor: Intel® Core2 Duo CPU E8400 @ 3.00GHz | LGA775 | 2997/333mhz

.

==== Disk Partitions =========================

.

A: is Removable

C: is FIXED (NTFS) - 466 GiB total, 54.891 GiB free.

D: is FIXED (NTFS) - 128 GiB total, 28.018 GiB free.

E: is Removable

F: is CDROM (CDFS)

G: is FIXED (FAT32) - 75 GiB total, 33.763 GiB free.

H: is FIXED (NTFS) - 2794 GiB total, 2493.54 GiB free.

.

==== Disabled Device Manager Items =============

.

Class GUID: {4d36e96b-e325-11ce-bfc1-08002be10318}

Description: Standard PS/2 Keyboard

Device ID: ACPI\PNP0303\4&23F9C1E3&0

Manufacturer: (Standard keyboards)

Name: Standard PS/2 Keyboard

PNP Device ID: ACPI\PNP0303\4&23F9C1E3&0

Service: i8042prt

.

Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}

Description: SoundMAX Integrated Digital HD Audio

Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_198B&SUBSYS_1043829B&REV_1004\4&B3DDC6A&0&0001

Manufacturer: Analog Devices

Name: SoundMAX Integrated Digital HD Audio

PNP Device ID: HDAUDIO\FUNC_01&VEN_11D4&DEV_198B&SUBSYS_1043829B&REV_1004\4&B3DDC6A&0&0001

Service: ADIHdAudAddService

.

Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}

Description: 802.11n Network Adapter

Device ID: USB\VID_0B05&PID_1742\1.0

Manufacturer: ASUSTeK Computer Inc.

Name: 802.11n Network Adapter

PNP Device ID: USB\VID_0B05&PID_1742\1.0

Service: netr28ux

.

==== System Restore Points ===================

.

RP388: 3/10/2013 2:08:17 PM - Scheduled Checkpoint

.

==== Installed Programs ======================

.

Update for Microsoft Office 2007 (KB2508958)

360Amigo System Speedup PRO

3ivx MPEG-4 5.0.3 (remove only)

64 Bit HP CIO Components Installer

Ableton Live 8

Acrobat.com

ActiveHome Pro

Adobe AIR

Adobe Download Manager

Adobe Flash Player 10 Plugin

Adobe Flash Player 11 ActiveX 64-bit

Adobe Photoshop Lightroom 3.6 64-bit

Adobe Photoshop Lightroom 4.3 64-bit

Adobe Reader 9.5.2

AI Direct Link

AI Suite

Altitude

AMD Accelerated Video Transcoding

AMD APP SDK Runtime

AMD Catalyst Install Manager

AMD Drag and Drop Transcoding

AMD Media Foundation Decoders

AnswerWorks 5.0 English Runtime

Apple Application Support

Apple Mobile Device Support

Apple Software Update

Aria

ASIO4ALL

ASUSUpdate

Audio Terminator 1.00

Authorizer 2.0.1

Authorizer Ignition Key Support

Avery Wizard 3.1

Bass Station 1.9

Battlefield 3™

Battlefield: Bad Company 2

Battlelog Web Plugins

Bing Bar

Bing Rewards Client Installer

Bonjour

BufferChm

Bullzip PDF Printer 7.1.0.1159

Call of Duty 4: Modern Warfare

Call of Duty® 4 - Modern Warfare

Call of Duty® 4 - Modern Warfare 1.6 Patch

Call of Duty® 4 - Modern Warfare 1.7 Patch

Call of Duty: Black Ops

Call of Duty: Black Ops - Multiplayer

Call of Duty: Black Ops II

Call of Duty: Black Ops II - Multiplayer

Call of Duty: Black Ops II - Zombies

Call of Duty: Modern Warfare 2 - Multiplayer

Call of Duty: Modern Warfare 3

Call of Duty: Modern Warfare 3 - Multiplayer

Call of Duty: World at War

CANON iMAGE GATEWAY MyCamera Download Plugin

CANON iMAGE GATEWAY Task for ZoomBrowser EX

Canon MOV Decoder

Canon MOV Encoder

Canon MovieEdit Task for ZoomBrowser EX

Canon Utilities Digital Photo Professional 3.10

Canon Utilities EOS Sample Music

Canon Utilities EOS Utility

Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX

Canon Utilities Movie Uploader for YouTube

Canon Utilities PhotoStitch

Canon Utilities Picture Style Editor

Canon Utilities ZoomBrowser EX

Canon ZoomBrowser EX Memory Card Utility

Catalyst Control Center

Catalyst Control Center - Branding

Catalyst Control Center Graphics Previews Common

Catalyst Control Center InstallProxy

Catalyst Control Center Localization All

ccc-utility64

CCC Help Chinese Standard

CCC Help Chinese Traditional

CCC Help Czech

CCC Help Danish

CCC Help Dutch

CCC Help English

CCC Help Finnish

CCC Help French

CCC Help German

CCC Help Greek

CCC Help Hungarian

CCC Help Italian

CCC Help Japanese

CCC Help Korean

CCC Help Norwegian

CCC Help Polish

CCC Help Portuguese

CCC Help Russian

CCC Help Spanish

CCC Help Swedish

CCC Help Thai

CCC Help Turkish

Cisco Connect

Cisco Network Magic

Cisco WebEx Meetings

Click'N Design 3D (V5) (Help File Patch Applied)

ClubWPT

Collab

Content Manager Assistant for PlayStation®

Copy

Coupon Companion

Creative ALchemy (X-Fi Edition)

Creative Audio Control Panel

Creative MediaSource 5

Creative Software AutoUpdate

Creative System Information

Creative USB Headsets

CustomerResearchQFolder

D3DX10

Dell Driver Download Manager

Destination Component

DeviceDiscovery

DeviceManagementQFolder

Digital Combat Simulator: A-10C Warthog

DJ_AIO_03_F2200_ProductContext

DJ_AIO_03_F2200_Software

DJ_AIO_03_F2200_Software_Min

Driver Sweeper version 3.2.0

Dropbox

EaseUS Data Recovery Wizard Free Edition 5.6.1

EasyBits GO

eFax Messenger

ESN Sonar

eSupportQFolder

Express Burn

Express Gate Updater

Express Rip

Eye-Fi Center 3.4

F2200

F2200_Help

File Scavenger 4.0 (en)

FL Studio 8

FlipShare

Focusrite USB 2.0 Audio Driver 2.2

Google Chrome

Google Toolbar for Internet Explorer

Google Update Helper

GoToAssist 8.0.0.516

GPBaseService

GPL Ghostscript Lite 8.70

HDView for Internet Explorer

HijackThis 2.0.2

Host OpenAL

Host OpenAL (ADI)

HP Customer Participation Program 10.0

HP Deskjet F2200 All-In-One Driver Software 10.0 Rel .3

HP Imaging Device Functions 10.0

HP Photosmart Essential 2.5

HP Smart Web Printing

HP Solution Center 10.0

HP Update

HPProductAssistant

HPSSupply

iCloud

IL Download Manager

iTunes

Java 6 Update 18 (64-bit)

Java 6 Update 20

JMB36X Raid Configurer

Junk Mail filter update

KarAll version 1.25.0(2)

Karaoke for DirectX (remove only)

Karaoki

KRocks6-User-27032011 V6

Left 4 Dead

Left 4 Dead 2

LightScribe System Software 1.10.13.1

Line 6 Uninstaller

Live 7.0.18

Live 8.0.9

Logitech Harmony Remote Software 7

Malwarebytes Anti-Malware version 1.70.0.1100

MarketResearch

Marvell Miniport Driver

MasterCook 11

Medal of Honor Multiplayer

Medal of Honor Single Player

MediaWidget 6.0

Mesh Runtime

Messenger Companion

Microsoft .NET Framework 4 Client Profile

Microsoft .NET Framework 4 Extended

Microsoft Application Error Reporting

Microsoft Default Manager

Microsoft Mouse and Keyboard Center

Microsoft Office 2007 Service Pack 3 (SP3)

Microsoft Office Excel MUI (English) 2007

Microsoft Office Excel Viewer 2003

Microsoft Office File Validation Add-In

Microsoft Office Home and Student 2007

Microsoft Office Live Add-in 1.5

Microsoft Office Office 64-bit Components 2007

Microsoft Office OneNote MUI (English) 2007

Microsoft Office Outlook 2007

Microsoft Office Outlook Connector

Microsoft Office Outlook MUI (English) 2007

Microsoft Office PowerPoint MUI (English) 2007

Microsoft Office Professional Plus 2013 - en-us

Microsoft Office Proof (English) 2007

Microsoft Office Proof (French) 2007

Microsoft Office Proof (Spanish) 2007

Microsoft Office Proofing (English) 2007

Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)

Microsoft Office Shared 64-bit MUI (English) 2007

Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007

Microsoft Office Shared MUI (English) 2007

Microsoft Office Shared Setup Metadata MUI (English) 2007

Microsoft Office Word MUI (English) 2007

Microsoft Silverlight

Microsoft SQL Server 2005 Compact Edition [ENU]

Microsoft Store Download Manager

Microsoft UI Engine

Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

Microsoft Visual C++ 2005 Redistributable

Microsoft Visual C++ 2005 Redistributable (x64)

Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219

MiniTool Power Data Recovery

mIRC

MixPad

MobileMe Control Panel

Mozilla Firefox 19.0 (x86 en-US)

Mozilla Maintenance Service

MSVCRT

MSVCRT_amd64

MSXML 4.0 SP2 (KB936181)

MSXML 4.0 SP2 (KB941833)

MSXML 4.0 SP2 (KB954430)

MSXML 4.0 SP2 (KB973688)

mytvpal TV revolution player 5.6.0 preview

n52te Editor

NCH Toolbox

Nero 7 Essentials

neroxml

Netflix Movie Viewer

Network Magic

NVIDIA PhysX

Office 15 Click-to-Run Extensibility Component

Office 15 Click-to-Run Licensing Component

Office 15 Click-to-Run Localization Component

Origin

PandoraRecovery (Remove Only)

Paragon HFS+ for Windows™ 9.0

PC Wizard 2008.1.871

Photo Pos Pro

PoiZone

Power Audio Recorder Pro 1.70

PowerChute Personal Edition 3.0.0.1

Print Server Driver

PSSWCORE

Punch! Home and Landscape Design Suite

PunkBuster Services

Pure Networks Platform

Quicken 2010

QuickTime

Razer Synapse 2.0

Realtek 8169 8168 8101E 8102E Ethernet Driver

Reason Essentials 1.5.2

Reason Essentials Ignition Key Support

Remote Control USB Driver

Roblox

Safari

Saffire 2.7

Scan

Seagate Drive Settings Installer

Search Toolbar

SeaTools for Windows

Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)

Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)

Security Update for Microsoft .NET Framework 4 Extended (KB2487367)

Security Update for Microsoft .NET Framework 4 Extended (KB2656351)

Security Update for Microsoft .NET Framework 4 Extended (KB2736428)

Security Update for Microsoft .NET Framework 4 Extended (KB2742595)

Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition

Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition

Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition

Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition

Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition

Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition

Shop for HP Supplies

Sibelius Scorch Plugin

Skype Toolbars

Skype™ 5.10

Smart Technology Programming Software 7.0.2.7

SmartDraw VP

SmartWebPrintingOC

SolutionCenter

Sondle File Recovery Assist

SoundMAX

SPORE™

Status

Steam

Switch Sound File Converter

System Requirements Lab

Team Fortress 2

Toolbox

Toxic Biohazard

TrayApp

UnloadSupport

Unreal Tournament 3

Update for 2007 Microsoft Office System (KB967642)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217)

Update for Microsoft .NET Framework 4 Extended (KB2468871)

Update for Microsoft .NET Framework 4 Extended (KB2533523)

Update for Microsoft .NET Framework 4 Extended (KB2600217)

Update for Microsoft Office 2007 Help for Common Features (KB963673)

Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition

Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition

Update for Microsoft Office Excel 2007 Help (KB963678)

Update for Microsoft Office OneNote 2007 Help (KB963670)

Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition

Update for Microsoft Office Outlook 2007 Help (KB963677)

Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2767848) 32-Bit Edition

Update for Microsoft Office Powerpoint 2007 Help (KB963669)

Update for Microsoft Office Script Editor Help (KB963671)

Update for Microsoft Office Word 2007 Help (KB963665)

VC 9.0 Runtime

Video Download Capture V4.1.0

VideoToolkit01

Virtual Dj Studio 6.0

VirtualLab Client 6.0.24

WavePad Sound Editor

WebEx Productivity Tools

WebEx Support Manager for Internet Explorer

WebReg

Windows 7 Upgrade Advisor

Windows Driver Package - Focusrite USB 2.0 Audio Driver (09/22/2011 2.2.0.0)

Windows Live Communications Platform

Windows Live Essentials

Windows Live Family Safety

Windows Live ID Sign-in Assistant

Windows Live Installer

Windows Live Language Selector

Windows Live Mail

Windows Live Mesh

Windows Live Mesh ActiveX Control for Remote Connections

Windows Live Messenger

Windows Live Messenger Companion Core

Windows Live MIME IFilter

Windows Live Movie Maker

Windows Live Photo Common

Windows Live Photo Gallery

Windows Live PIMT Platform

Windows Live Remote Client

Windows Live Remote Client Resources

Windows Live Remote Service

Windows Live Remote Service Resources

Windows Live SOXE

Windows Live SOXE Definitions

Windows Live Sync

Windows Live UX Platform

Windows Live UX Platform Language Pack

Windows Live Writer

Windows Live Writer Resources

Yahoo! Toolbar

ZoneAlarm Antivirus

ZoneAlarm Firewall

ZoneAlarm Internet Security Suite

ZoneAlarm Security

ZoneAlarm Toolbar

.

==== Event Viewer Messages From Past Week ========

.

3/7/2013 8:43:26 AM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the MBAMService service.

3/5/2013 6:49:54 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Pure Networks Platform Service service to connect.

3/5/2013 6:49:54 PM, Error: Service Control Manager [7000] - The Pure Networks Platform Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.

3/5/2013 3:54:23 AM, Error: volsnap [36] - The shadow copies of volume C: were aborted because the shadow copy storage could not grow due to a user imposed limit.

3/10/2013 2:29:21 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891

3/10/2013 2:29:21 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891

3/10/2013 2:27:43 PM, Error: Service Control Manager [7022] - The HP CUE DeviceDiscovery Service service hung on starting.

3/10/2013 2:25:54 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.

3/10/2013 2:25:52 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.

3/10/2013 2:25:51 PM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.

3/10/2013 2:19:49 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Provider Host service which failed to start because of the following error: The dependency service or group failed to start.

3/10/2013 2:19:49 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}

3/10/2013 2:19:48 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

3/10/2013 2:19:38 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

3/10/2013 2:19:30 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}

3/10/2013 2:18:49 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: discache ElRawDisk KLIF spldr Wanarpv6

3/10/2013 2:18:46 PM, Error: Service Control Manager [7001] - The Computer Browser service depends on the Server service which failed to start because of the following error: The dependency service or group failed to start.

.

==== End Of File ===========================

Checkup.txt:

Results of screen317's Security Check version 0.99.61

Windows 7 Service Pack 1 x64 (UAC is disabled!)

Internet Explorer 9

``````````````Antivirus/Firewall Check:``````````````

Windows Security Center service is not running! This report may not be accurate!

ZoneAlarm Antivirus

Antivirus up to date!

`````````Anti-malware/Other Utilities Check:`````````

Out of date HijackThis installed!

Malwarebytes Anti-Malware version 1.70.0.1100

HijackThis 2.0.2

Java 6 Update 20

Java version out of Date!

Adobe Flash Player 10 Flash Player out of Date!

Adobe Reader 9 Adobe Reader out of Date!

Mozilla Firefox (19.0)

Google Chrome 24.0.1312.57

Google Chrome 25.0.1364.97

````````Process Check: objlist.exe by Laurent````````

Malwarebytes Anti-Malware mbamservice.exe

Malwarebytes Anti-Malware mbamgui.exe

Seagate DriveSettings Sync SeagateDriveSettingsService.exe

Malwarebytes' Anti-Malware mbamscheduler.exe

CheckPoint ZoneAlarm vsmon.exe

CheckPoint ZoneAlarm zatray.exe

`````````````````System Health check`````````````````

Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

Waiting for your instructions on next steps. Thanks again.

[Maurice Naggar]

Question for you, please: Did you purchase Checkpoint ZoneAlarm and if so, is the license current?

If you did not buy it, I will recommend alternates.

Checkpoint's ZA products have been known to be problematic, at least to me & several of us here, in the past couple of years.

User Account Control is off and needs to be ON for the protection of your system.

For Windows 7

Go to Control Panel>> All Control Panel Items >>User Accounts

Click on Change User account control settings

Also see http://windows.microsoft.com/en-US/windows7/products/features/user-account-control

The setting does not need to be at the highest level. Just one-level below highest.

Some preliminary cleanups as well and security housekeeping:

The version of HijackThis on this system is badly out-of-date AND the tool is rarely used these days.

Uninstall HijackThis 2.0.2

Java 6 Update 20

& Java 6 Update 18 (64-bit)

Older versions of Java pose a security risk.

And if you do not need Java for the programs that you use, keep Java off your system .

How to disable Java in various browsers : http://blog.eset.com/2012/08/29/disabling-java-a-safer-way-to-browse

Also see No, Seriously, Just Disable Java in Your Browser Right Now

As noted by Brian Krebs,

Most consumers can get by without Java installed, or least not plugged into the browser. Because of the prevalence of threats targeting Java installations, I’d urge these users to remove Java or unplug it from the browser. If this is too much trouble, consider adopting a dual-browser approach, keeping Java unplugged from your main browser, and plugged in to a secondary browser that you only use to visit sites that require the plugin.

Your system has an old version (also insecure) of Adobe Reader. You need to uninstall Adobe Reader.

Consider getting an alternate tool like Sumatra PDF as mentioned by Corrine on her Security Garden blog.

http://securitygarden.blogspot.com/2013/02/replacing-adobe-reader-with-sumatra-pdf.html

To de-install Flash Player

Use Programs and Features (Windows 7 & Vista) or Add-or-Remove Programs (Windows XP) to de-install older versions of Flash Player.

For stubborn cases,

Download and save the Flash Player uninstaller >> uninstall Flash Player for 32-bit Windows<<

If you have Windows 64-bit, use this Flash Player uninstaller >> uninstall Flash Player for 64-bit Windows<<

Close all browsers and instant messenger (IM) programs.

Run the uninstaller.

To get latest Flash Player

Go to http://www.adobe.com/go/getflash

and get the latest Flash Player

Un-Check any checkbox for Google Chrome, or McAfee Security Scan Plus, or any other widget or toolbar or add-on!!!

Reference: How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

http://support.microsoft.com/kb/827218

Let me know after you have completed these tasks.

Edited March 12, 2013 by Maurice Naggar
updated note re Java old versions

[DougsB4U]

Thanks Maurice. I have not attachment to ZA and will uninstall. I run MBAM and any recommendations for another AV would be appreciated. Should I uninstall this now?

Clean up:

- User Account Control - Now on

- Hijack This - Found the .exe and deleted - Was not listed in the Program list on "Progs and Features"

- Both Java 6 Programs uninstalled via Progs and Feature

- Acrobat Reader - Uninstalled via Progs and Feature

- Adobe Flash - Uninstalled via Progs and Feature

- New Adobe Flash - Not installed, as I have no access to the internet, will do that after we fix the issues

Waiting for you next instructions. Thanks.

[Maurice Naggar]

If you have removed ZoneAlarm, then we need to run a follow-up "cleanup" tool.

Get and SAVE and then run this

http://download.zonealarm.com/bin/free/support/download/clean.exe

Then when done, Logoff and Restart Windows fresh.

Then go to Control Panel >> Action Center

Make sure the Windows firewall is ON.

The windows firewall along with the use of a harware-router will be fine to cover your needs.

Download and install an antivirus program, and make sure that you keep it updated

New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.

Two good antivirus programs free for non-commercial home use are Avira Free Antivirus and Microsoft Security Essentials

Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.

[DougsB4U]

Thanks Maurice. Completed your steps and I am now getting connectivity. Looks like one of the programs we uninstalled was a potential offender. Any next steps in the process?

[Maurice Naggar]

My thinking is that ZA was involved in whatever connectivity issue you had.

Please proceed forward with these:

Step 1

1. Go >> Here << and download ERUNT

(ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed.)

2. Install ERUNT by following the prompts

(use the default install settings but say no to the portion that asks you to add ERUNT to the start-up folder, if you like you can enable this option later)

3. Start ERUNT

(either by double clicking on the desktop icon or choosing to start the program at the end of the setup)

4. Choose a location for the backup

(the default location is C:\WINDOWS\ERDNT which is acceptable).

5. Make sure that at least the first two check boxes are ticked

6. Press OK

7. Press YES to create the folder.

Step 2

To show all files:

• Press Windows-key +R key on your keyboard to get RUN option.
  
• Type in

  explorer.exe

  and press Enter to start Windows Explorer.
  

• From the menu options, Select Tools, then Folder Options.
  
• Next click the View tab.
  
• Locate and uncheck Hide file extensions for known file types.
  
• Locate and uncheck Hide protected operating system files (Recommended).
  
• Locate and click Show hidden files and folders and drives.
  
• Click Apply > OK.

Step 3

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

For directions on how, see How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Do NOT turn off the firewall

Please download AdwCleaner © Xplode from >>here<< and save it on your Desktop.

If your are running Windows XP, double click adwcleaner.exe to start it.

Otherwise, Right-click on adwcleaner.exe and select Run As Administrator to launch the application.

Now click on the Search tab.

Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\AdwCleaner[XX].txt where XX Denotes the number of times the application has been ran, so in this should be something like R1.

Step 4

Please read carefully and follow these steps.

• Download TDSSKiller and save it to your Desktop.
  
• Double-Click on TDSSKiller.exe to run the application, then on Start Scan.
  If running Vista or Windows 7, do a RIGHT-Click and select Run as Administrator to start TDSSKILLER.exe.
  
• If an infected file is detected, the default action will be Cure, click on Continue.
  
  
• If a suspicious file is detected, the default action will be Skip, click on Continue.
  
• If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
  Skip and click on Continue
  
• It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  
  
• If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  
• If a reboot is required, the report can also be found in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here.
  

Step 5

• Download & SAVE to your Desktop >> Tigzy's RogueKillerfrom here << or
  >> from here <<
  
• Quit all programs that you may have started.
  
• Please disconnect any USB or external drives from the computer before you run this scan!
  
• For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.
  For Windows XP, double-click to start.
  
• Wait until Prescan has finished ...
  
• Then Click on Scan button at upper right of screen.
  
• Wait until the Status box shows "Scan Finished"
  
• Click on Report and copy/paste the content of the Notepad into your next reply.
  
• The log should be found in RKreport[1].txt on your Desktop
  
• Exit/Close RogueKiller

Do NOT click any FIX buttons !

Step 6

RE-Enable your antivirus program.

Then copy/paste the following into your post (in order):

• the contents of C:\AdwCleaner[R1].txt;
  
• the contents of TDSSKILLER log;
  
• the contents of RKReport log;
  

Be sure to do a Preview prior to pressing Submit because all reports may not fit into 1 single reply. You may have to do more than 1 reply.

Do not use the attachment feature to place any of your reports. Always put them in-line inside the body of reply.

[DougsB4U]

Thanks Maurice.

AdwCleaner Log:

# AdwCleaner v2.114 - Logfile created 03/12/2013 at 13:14:51

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Doug - OFFICE

# Boot Mode : Normal

# Running from : C:\Users\Doug\Downloads\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Users\Doug\AppData\Local\Temp\Uninstall.exe

Folder Found : C:\Program Files (x86)\Coupon Companion

Folder Found : C:\Program Files (x86)\Search Toolbar

Folder Found : C:\Users\Doug\AppData\Local\Coupon Companion

Folder Found : C:\Users\Doug\AppData\LocalLow\Conduit

Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\ConduitCommon

Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\CT3015261

Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}

Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\crossriderapp4493@crossrider.com

Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\crossriderapp4493@crossrider.com

Folder Found : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\staged

Folder Found : C:\Users\Jack\AppData\LocalLow\Conduit

Folder Found : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\extensions\crossriderapp4493@crossrider.com

Folder Found : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\extensions\crossriderapp4493@crossrider.com

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider

Key Found : HKCU\Software\AppDataLow\Software\Toolbar

Key Found : HKCU\Software\Cr_Installer

Key Found : HKCU\Software\InstalledBrowserExtensions

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Found : HKCU\Software\Zugo

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox

Key Found : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3015261

Key Found : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441193}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442293}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445593}

Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446693}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}

Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Found : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Found : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}

Key Found : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}

Key Found : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Found : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Key Found : HKU\S-1-5-21-3185252367-1272832353-3625531396-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\prefs.js

Found : user_pref("CT3015261..clientLogIsEnabled", false);

Found : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT3015261.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT3015261.AppTrackingLastCheckTime", "Sun Jun 24 2012 00:03:18 GMT-0400 (Eastern Daylight[...]

Found : user_pref("CT3015261.BrowserCompStateIsOpen_129958911685785597", true);

Found : user_pref("CT3015261.CTID", "CT3015261");

Found : user_pref("CT3015261.CurrentServerDate", "2-3-2013");

Found : user_pref("CT3015261.DialogsAlignMode", "LTR");

Found : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sun Mar 10 2013 13:43:20 GMT-0400 (Eastern Daylig[...]

Found : user_pref("CT3015261.DownloadReferralCookieData", "");

Found : user_pref("CT3015261.EMailNotifierPollDate", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Ti[...]

Found : user_pref("CT3015261.EnableSearchHistory", false);

Found : user_pref("CT3015261.EnableSearchSuggest", false);

Found : user_pref("CT3015261.FirstServerDate", "11-8-2011");

Found : user_pref("CT3015261.FirstTime", true);

Found : user_pref("CT3015261.FirstTimeFF3", true);

Found : user_pref("CT3015261.FixPageNotFoundErrors", true);

Found : user_pref("CT3015261.GroupingServerCheckInterval", 1440);

Found : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT3015261.HasUserGlobalKeys", true);

Found : user_pref("CT3015261.HomePageProtectorEnabled", false);

Found : user_pref("CT3015261.Initialize", true);

Found : user_pref("CT3015261.InitializeCommonPrefs", true);

Found : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe");

Found : user_pref("CT3015261.InstallationType", "ConduitIntegration");

Found : user_pref("CT3015261.InstalledDate", "Wed Aug 10 2011 22:13:50 GMT-0400 (Eastern Daylight Time)");

Found : user_pref("CT3015261.IsAlertDBUpdated", true);

Found : user_pref("CT3015261.IsGrouping", false);

Found : user_pref("CT3015261.IsInitSetupIni", true);

Found : user_pref("CT3015261.IsMulticommunity", false);

Found : user_pref("CT3015261.IsOpenThankYouPage", false);

Found : user_pref("CT3015261.IsOpenUninstallPage", false);

Found : user_pref("CT3015261.LanguagePackLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Dayligh[...]

Found : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT3015261.LastLogin_3.10.0.1", "Thu May 10 2012 11:07:52 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT3015261.LastLogin_3.12.2.3", "Mon Jun 11 2012 12:15:38 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT3015261.LastLogin_3.13.0.6", "Tue Aug 07 2012 15:54:41 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT3015261.LastLogin_3.14.1.0", "Fri Sep 28 2012 06:27:31 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT3015261.LastLogin_3.15.1.0", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT3015261.LastLogin_3.5.1.1", "Tue Aug 16 2011 09:15:11 GMT-0400 (Eastern Daylight Time)"[...]

Found : user_pref("CT3015261.LastLogin_3.6.0.10", "Mon Oct 03 2011 05:59:25 GMT-0400 (Eastern Daylight Time)[...]

Found : user_pref("CT3015261.LastLogin_3.7.0.6", "Sun Nov 13 2011 13:42:36 GMT-0500 (Eastern Standard Time)"[...]

Found : user_pref("CT3015261.LastLogin_3.8.0.8", "Thu Dec 15 2011 08:10:25 GMT-0500 (Eastern Standard Time)"[...]

Found : user_pref("CT3015261.LastLogin_3.8.1.0", "Mon Jan 16 2012 18:39:28 GMT-0500 (Eastern Standard Time)"[...]

Found : user_pref("CT3015261.LastLogin_3.9.0.3", "Sat Mar 10 2012 08:03:25 GMT-0500 (Eastern Standard Time)"[...]

Found : user_pref("CT3015261.LatestVersion", "3.18.0.7");

Found : user_pref("CT3015261.Locale", "en");

Found : user_pref("CT3015261.MCDetectTooltipHeight", "83");

Found : user_pref("CT3015261.MCDetectTooltipShow", false);

Found : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT3015261.MCDetectTooltipWidth", "295");

Found : user_pref("CT3015261.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1");

Found : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Found : user_pref("CT3015261.SearchFromAddressBarIsInit", true);

Found : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]

Found : user_pref("CT3015261.SearchInNewTabEnabled", true);

Found : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Dayli[...]

Found : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Found : user_pref("CT3015261.SearchProtectorEnabled", false);

Found : user_pref("CT3015261.SearchProtectorToolbarDisabled", false);

Found : user_pref("CT3015261.ServiceMapLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight [...]

Found : user_pref("CT3015261.SettingsLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Ti[...]

Found : user_pref("CT3015261.SettingsLastUpdate", "1362211242");

Found : user_pref("CT3015261.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Thu Feb 28 2013 18:22:05 GMT-0500 (Eastern Sta[...]

Found : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1331805997");

Found : user_pref("CT3015261.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261");

Found : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT3015261.UserID", "UN29103747223576673");

Found : user_pref("CT3015261.ValidationData_Toolbar", 2);

Found : user_pref("CT3015261.alertChannelId", "1406927");

Found : user_pref("CT3015261.approveUntrustedApps", false);

Found : user_pref("CT3015261.backendstorage.extensions.alexa.lastshowprivacy", "31333539373732303436363936")[...]

Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Found : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Found : user_pref("CT3015261.components.129506578327572375", false);

Found : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Mon Mar 11 2013 08:57:35 GMT-0400 (Eastern [...]

Found : user_pref("CT3015261.homepageProtectorEnableByLogin", true);

Found : user_pref("CT3015261.initDone", true);

Found : user_pref("CT3015261.isAppTrackingManagerOn", false);

Found : user_pref("CT3015261.myStuffEnabled", true);

Found : user_pref("CT3015261.myStuffPublihserMinWidth", 400);

Found : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT3015261.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...]

Found : user_pref("CT3015261.revertSettingsEnabled", false);

Found : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT3015261.searchProtectorEnableByLogin", true);

Found : user_pref("CT3015261.testingCtid", "");

Found : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern D[...]

Found : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Thu Feb 28 2013 18:22:08 GMT-0500 (Eastern S[...]

Found : user_pref("CT3015261.usagesFlag", 2);

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3015261/CT3015261[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/US", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ef6[...]

Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Doug\\AppData\\Roaming\\Mozilla\\Fi[...]

Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Found : user_pref("CommunityToolbar.ToolbarsList", "CT3015261");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261");

Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261");

Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jan 25 2012 10:15:36 GMT-0500 (Eas[...]

Found : user_pref("CommunityToolbar.globalUserId", "7e3c7ae0-607a-40d5-90f4-9d902fa8dad7");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261");

Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Mar 10 2013 13:43:2[...]

Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);

Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Mar 11 2013 08:57:31 GMT-040[...]

Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.notifications.locale", "");

Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);

Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (E[...]

Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");

Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.notifications.userId", "7057cd71-1cdb-4d27-b7ed-cf0161cd8546");

Found : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);

Found : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1359837071);

Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...]

Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);

Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);

Found : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);

Found : user_pref("extensions.crossriderapp4493.4493.active", true);

Found : user_pref("extensions.crossriderapp4493.4493.addressbar", "");

Found : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");

Found : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");

Found : user_pref("extensions.crossriderapp4493.4493.backgroundver", 37);

Found : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);

Found : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");

Found : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);

Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1359837071");

Found : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1359837071");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1360549318");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1363103595");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221361906535%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221359648585%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1359863575343");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221322%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%2214019%22");

Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]

Found : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1359863536709");

Found : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");

Found : user_pref("extensions.crossriderapp4493.4493.domain", "");

Found : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);

Found : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");

Found : user_pref("extensions.crossriderapp4493.4493.group", 0);

Found : user_pref("extensions.crossriderapp4493.4493.homepage", "");

Found : user_pref("extensions.crossriderapp4493.4493.iframe", false);

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "83");

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]

Found : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]

Found : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]

Found : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");

Found : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");

Found : user_pref("extensions.crossriderapp4493.4493.newtab", "");

Found : user_pref("extensions.crossriderapp4493.4493.opensearch", "");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 34);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 5);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");

Found : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);

Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]

Found : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");

Found : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Found : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 59);

Found : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");

Found : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);

Found : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);

Found : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");

Found : user_pref("extensions.crossriderapp4493.4493.thankyou", "");

Found : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);

Found : user_pref("extensions.crossriderapp4493.4493.ver", 83);

Found : user_pref("extensions.crossriderapp4493.adsOldValue", -1);

Found : user_pref("extensions.crossriderapp4493.apps", "4493");

Found : user_pref("extensions.crossriderapp4493.bic", "13c9e2e9bc2a1b729e444423d18b7a86");

Found : user_pref("extensions.crossriderapp4493.cid", 4493);

Found : user_pref("extensions.crossriderapp4493.firstrun", false);

Found : user_pref("extensions.crossriderapp4493.hadappinstalled", true);

Found : user_pref("extensions.crossriderapp4493.installationdate", 1359863520);

Found : user_pref("extensions.crossriderapp4493.lastcheck", 22716778);

Found : user_pref("extensions.crossriderapp4493.lastcheckitem", 22716778);

Found : user_pref("extensions.crossriderapp4493.modetype", "production");

Found : user_pref("extensions.crossriderapp4493.reportInstall", true);

Found : user_pref("extensions.crossriderapp4493.updating", true);

Found : user_pref("extensions.enabledAddons", "%7B3ce45c4f-bfff-4988-9a3c-a75c1f491319%7D:3.15.1.0,crossride[...]

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=[...]

File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\prefs.js

Found : user_pref("extensions.crossriderapp4493.adsOldValue", -1);

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [33340 octets] - [12/03/2013 13:14:51]

########## EOF - C:\AdwCleaner[R1].txt - [33401 octets] ##########

TDS Killer:

14:25:30.0412 6732 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys

14:25:30.0413 6732 WinUsb - ok

14:25:30.0466 6732 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll

14:25:30.0471 6732 Wlansvc - ok

14:25:30.0601 6732 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe

14:25:30.0602 6732 wlcrasvc - ok

14:25:30.0732 6732 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE

14:25:30.0741 6732 wlidsvc - ok

14:25:30.0778 6732 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys

14:25:30.0778 6732 WmiAcpi - ok

14:25:30.0821 6732 [ 4DF841632B62A7CF19A79A05046A8AB1 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe

14:25:30.0822 6732 wmiApSrv - ok

14:25:30.0856 6732 WMPNetworkSvc - ok

14:25:30.0868 6732 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll

14:25:30.0870 6732 WPCSvc - ok

14:25:30.0905 6732 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll

14:25:30.0907 6732 WPDBusEnum - ok

14:25:31.0050 6732 WPFFontCache_v0400 - ok

14:25:31.0058 6732 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys

14:25:31.0058 6732 ws2ifsl - ok

14:25:31.0060 6732 WSearch - ok

14:25:31.0137 6732 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll

14:25:31.0148 6732 wuauserv - ok

14:25:31.0192 6732 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys

14:25:31.0193 6732 WudfPf - ok

14:25:31.0245 6732 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys

14:25:31.0246 6732 WUDFRd - ok

14:25:31.0280 6732 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll

14:25:31.0282 6732 wudfsvc - ok

14:25:31.0322 6732 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll

14:25:31.0325 6732 WwanSvc - ok

14:25:31.0417 6732 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~2\COMMON~1\X10\Common\X10nets.exe

14:25:31.0418 6732 x10nets - ok

14:25:31.0464 6732 [ A4B2A8751A8F96134BE6063B8A759116 ] XUIF C:\Windows\system32\Drivers\x10ufx2.sys

14:25:31.0465 6732 XUIF - ok

14:25:31.0523 6732 [ 64F88AF327AA74E03658AE32B48CCB8B ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys

14:25:31.0525 6732 yukonw7 - ok

14:25:31.0537 6732 ================ Scan global ===============================

14:25:31.0566 6732 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll

14:25:31.0598 6732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

14:25:31.0605 6732 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll

14:25:31.0648 6732 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll

14:25:31.0694 6732 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe

14:25:31.0697 6732 [Global] - ok

14:25:31.0697 6732 ================ Scan MBR ==================================

14:25:31.0699 6732 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1

14:25:31.0857 6732 \Device\Harddisk1\DR1 - ok

14:25:31.0859 6732 [ 7A94F4AB18D032050B74319E6245786F ] \Device\Harddisk2\DR2

14:25:31.0862 6732 \Device\Harddisk2\DR2 - ok

14:25:31.0873 6732 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk0\DR0

14:25:31.0876 6732 \Device\Harddisk0\DR0 - ok

14:25:31.0879 6732 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk3\DR3

14:25:31.0882 6732 \Device\Harddisk3\DR3 - ok

14:25:31.0886 6732 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk4\DR4

14:25:31.0892 6732 \Device\Harddisk4\DR4 - ok

14:25:31.0902 6732 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk5\DR5

14:25:31.0913 6732 \Device\Harddisk5\DR5 - ok

14:25:31.0913 6732 ================ Scan VBR ==================================

14:25:31.0915 6732 [ 23CF7D0CE8FC71F96A098AF9864797F2 ] \Device\Harddisk1\DR1\Partition1

14:25:31.0916 6732 \Device\Harddisk1\DR1\Partition1 - ok

14:25:31.0917 6732 [ 4263DE27E40459E85CFB1E086BAF5459 ] \Device\Harddisk2\DR2\Partition1

14:25:31.0918 6732 \Device\Harddisk2\DR2\Partition1 - ok

14:25:31.0931 6732 [ 43588491E0F30094D42ECB794A8A77A5 ] \Device\Harddisk0\DR0\Partition1

14:25:31.0933 6732 \Device\Harddisk0\DR0\Partition1 - ok

14:25:31.0934 6732 [ 2A90819FD9F51ACF6AAD10E734A5C4B7 ] \Device\Harddisk3\DR3\Partition1

14:25:31.0935 6732 \Device\Harddisk3\DR3\Partition1 - ok

14:25:31.0938 6732 [ 345FF1C32A03DBED0C3DE54F5FEAAF77 ] \Device\Harddisk3\DR3\Partition2

14:25:31.0939 6732 \Device\Harddisk3\DR3\Partition2 - ok

14:25:31.0942 6732 [ C86464E30A702047DA22C48DDA5DC3E5 ] \Device\Harddisk4\DR4\Partition1

14:25:31.0943 6732 \Device\Harddisk4\DR4\Partition1 - ok

14:25:31.0946 6732 [ 56A94F02C80039E90636552A3370E776 ] \Device\Harddisk5\DR5\Partition1

14:25:31.0948 6732 \Device\Harddisk5\DR5\Partition1 - ok

14:25:31.0948 6732 ============================================================

14:25:31.0948 6732 Scan finished

14:25:31.0948 6732 ============================================================

14:25:31.0953 6456 Detected object count: 0

14:25:31.0953 6456 Actual detected object count: 0

Rogue Killer:

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Doug [Admin rights]

Mode : Scan -- Date : 03/12/2013 14:30:31

| ARK || FAK || MBR |

¤¤¤ Bad processes : 6 ¤¤¤

[sUSP PATH] atnthost.exe -- C:\ProgramData\WebEx\WebEx\319\atnthost.exe [7] -> KILLED [TermProc]

[sUSP PATH] raagtapp.exe -- C:\ProgramData\WebEx\WebEx\319\raagtapp.exe [7] -> KILLED [TermProc]

[sUSP PATH] rapanel.exe -- C:\ProgramData\WebEx\WebEx\319\rapanel.exe [7] -> KILLED [TermProc]

[Microsoft][HJNAME] notepad.exe -- C:\Windows\SysWOW64\notepad.exe [7] -> KILLED [TermProc]

[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

[sUSP PATH] tdsskiller.exe -- C:\Users\Doug\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TV5R3SU9\tdsskiller.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 9 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Raagtx (C:\ProgramData\WebEx\WebEx\319\raagtx.exe) [x] -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\n.) [x] -> FOUND

[HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\n.) [x] -> FOUND

[RUN][HJNAME] [ON_D:Chuck]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND

[RUN][HJNAME] [ON_D:Guest]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND

[RUN][HJNAME] [ON_D:Jack]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND

[RUN][HJNAME] [ON_D:Kayla]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\@ [-] --> FOUND

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\@ [-] --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\U --> FOUND

[ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\U --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\L --> FOUND

[ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\L --> FOUND

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\Documents and Settings\Admin\NTUSER.DAT

-> D:\Documents and Settings\All Users\NTUSER.DAT

-> D:\Documents and Settings\Chuck\NTUSER.DAT

-> D:\Documents and Settings\Default User\NTUSER.DAT

-> D:\Documents and Settings\Guest\NTUSER.DAT

-> D:\Documents and Settings\Jack\NTUSER.DAT

-> D:\Documents and Settings\Kayla\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++

--- User ---

[MBR] 25fa57c908a4c1694443993f6b5aeadb

[bSP] 463382accf8021881acc9074f0119ecc : MBR Code unknown

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor 6 Y160P0 SCSI Disk Device +++++

--- User ---

[MBR] c529b8f3b9eb62aa9204993501bef13a

[bSP] 678773cd8b953f2944434ede1bc558d9 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131069 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD80 0BB-00BS SCSI Disk Device +++++

--- User ---

[MBR] 7abdda59174bb09fe18e8b631807b7ea

[bSP] 0547ea5b19154764850b4367bc802266 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[1]_S_03122013_02d1430.txt >>

RKreport[1]_S_03122013_02d1430.txt

Waiting for your next instructions.

[Maurice Naggar]

Backdoor trojan warning:ZeroAccess / Sirefef

This system has some serious backdoor trojans. ZeroAccess / Sirefef

This is a point where you need to decide about whether to make a clean start.

According to the information provided in logs, one or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information, and download and execute files.

You are strongly advised to do the following immediately.

1. Contact your banks, credit card companies, financial institutions and inform them that you may be a victim of identity theft and ask them to put a watch on your accounts or change all your account numbers.

2. From a clean computer, change ALL your online passwords -- for email, for banks, financial accounts, PayPal, eBay, online companies, any online forums or groups.

3. Do NOT change passwords or do any transactions while using the infected computer because the attacker will get the new passwords and transaction information.These trojans leave a backdoor open on the system that can allow a hacker total and complete access to your computer. (Remote access trojan) Hackers can operate your computer just as if they were sitting in front of it. Hackers can watch everything you are doing on the computer, play tricks, do screenshots, log passwords, start and stop programs.

See this article on creating strong passwords http://www.microsoft.com/security/online-privacy/passwords-create.aspx

* Take any other steps you think appropriate for an attempted identity theft.

You should also understand that once a system has been compromised by a Trojan backdoor, it can never really be trusted again unless you completely reformat the hard drives and reinstall Windows fresh.

While we usually can successfully remove malware like this, we cannot guarantee that it is totally gone, and that your system is completely safe to use for future financial information and/or transactions.

Here is some additional information: What Is A Backdoor Trojan? http://www.geekstogo...backdoor-trojan

Danger: Remote Access Trojans http://www.microsoft...o/virusrat.mspx

Consumers – Identity Theft http://www.ftc.gov/b...mers/index.html

When should I re-format? How should I reinstall? http://www.dslreports.com/faq/10063

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? http://www.dslreports.com/faq/10451

Let me know what you decide.

It appears that this system at some recent time has a Zero Access { Serifef } infection.

In addition this system has a Crossrider pest, Conduit pest, and a bunch of adwares.

To continue our hunt here & removal of remainders, please carefully read all my instructions, and do as much as you can.

Treat this system as if it were in isolation quarantine

Do not use it for online banking, nor any websurfing, no game playing.

Only go to this forum and the sites I guide you to for tools

Don't let this list overwhem you. It's all managable. You can step away from pc, if you wish, as a task is running.

Have inifinite patience.

Task 1

• Close any open documents/programs & all internet browsers you have running.
  
• Please start AdwCleaner
  
• Click on Delete button.
  
• Confirm each time with OK.
  
• Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
  
• Note: You can find the logfile at C:\AdwCleaner[s1]

Task 2

• Disable your anti-virus program, How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
  
• Please disconnect any USB storage external drives from the computer before you run this scan! Also any CD or DVD from the drive.
  
• Right-Click RogueKiller and select Run as Administrator.
  
• Wait until Prescan finishes.
  
• On the RogueKiller console, click the Registry tab.
  Put a check next to all of these and uncheck the rest: (if found)
  [RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Raagtx (C:\ProgramData\WebEx\WebEx\319\raagtx.exe) [x] -> FOUND
  [HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\n.) [x] -> FOUND
  [HJ INPROC][ZeroAccess] HKLM\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\n.) [x] -> FOUND
  [RUN][HJNAME] [ON_D:Chuck]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND
  [RUN][HJNAME] [ON_D:Guest]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND
  [RUN][HJNAME] [ON_D:Jack]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND
  [RUN][HJNAME] [ON_D:Kayla]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> FOUND
  
  
• Then click on Delete on the right hand column under Options.
  
• Now click the Files/Folders tab.
  If possible, put a checkmark next to these items
  
  [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\@ [-] --> FOUND
  [ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\@ [-] --> FOUND
  [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\U --> FOUND
  [ZeroAccess][FOLDER] U : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\U --> FOUND
  [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\L --> FOUND
  [ZeroAccess][FOLDER] L : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\L --> FOUND
  
• Then click on Delete on the right hand column under Options.
  
• When done, logoff & Restart the system.
• The log will be found as RKreport
  Copy & Paste the contents into next reply.

Task 3

Close any open work documents, if any, saving your work.

Make sure to close any other programs that you started before.

Please download Junkware Removal Tool by Thisisu to your Desktop.

• Please close your security software to avoid potential conflicts.
  
• Run the tool by double-clicking it. If you are using Windows Vista or 7 or 8, right-mouse click JRT.exe and select Run as administrator.
  
• The tool will open and display information and disclaimer in a Command prompt window.
  
• I'd suggest you close all internet browsers at this point.
  
• Press a key on keyboard to start scanning your system.
  
• Please be very patient as this will take several minutes to complete, depending on your system's specifications.
  
• There are approximatly 12 phases or so in this tool. You will see each phase listed in the Command prompt window.
  
• On completion, a log (JRT.txt) is saved to your Desktop and will automatically open. And the command prompt will have been closed.
  
• Please post the contents of JRT.txt into a new reply.
  

Task 4

Download TFC by OldTimer to your desktop

• Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator).
  
• It will close all programs when run, so make sure you have saved all your work before you begin.
  
• Click the Start button to begin the process. Depending on how often you clean temp files, execution time should be anywhere from a few seconds to a minute or two. Let it run uninterrupted to completion.
  
• IF prompted to Reboot, reply "Yes".

Task 5

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

If you have the PRO license, then do this too: Click the Protection tab. Make sure all option lines have a checkmark.

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan.

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Re-enable your antivirus program.

Re-enable your security software.

[DougsB4U]

Wow.......sounds like major trouble. Unplugged the computer from the network. Given the PC has been down since the initial scans showed it found issues in the original logs, can we isolate that this happened on the 4th of March? Also, can we safely remove the issue? I am not sure if I got that impression from your last email.

[DougsB4U]

Given the balance between a complete reformat and programs that I don't have install software for, I will repair this and look to uninstall any financial related software onto a clean new system. Once cleaned up, I will keep my gaming and media/music/ect on this PC. Can that be done safely?

[Maurice Naggar]

Wow.......sounds like major trouble. Unplugged the computer from the network. Given the PC has been down since the initial scans showed it found issues in the original logs, can we isolate that this happened on the 4th of March? Also, can we safely remove the issue? I am not sure if I got that impression from your last email.

Do not let the list overwhelm you. It is cureable. Only you can tell if 4th of March was the start of infection.

Given the balance between a complete reformat and programs that I don't have install software for, I will repair this and look to uninstall any financial related software onto a clean new system. Once cleaned up, I will keep my gaming and media/music/ect on this PC. Can that be done safely?

I you are electing to do a nuke / "wipe" and a clean-fresh installation of Windows, the point to do it is now.

It would be the long-term safest.

Understand that a clean install implies a deletion of the current Windows partition. That means the loss of all personal files & documents and any programs you installed ever since your Windows was first new.

So if you do -do that- you will want to stop now and backup / copy all personal files and documents to Offline storage media.

I can give you some tips on a clean install. But you will be doing it on your own.

On the other hand, I have a very good record of cleaning out this type of infection. So if you want to proceed with cleaning, do the steps I outlined.

IF you do financial or personnel related work with insurance information (other folks information) then a wipe & clean install is the way to go.

[DougsB4U]

OK, here we go.

Step One and Two logs:

Step One - ADW Cleaner Log

# AdwCleaner v2.114 - Logfile created 03/12/2013 at 20:52:32

# Updated 05/03/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (64 bits)

# User : Doug - OFFICE

# Boot Mode : Normal

# Running from : C:\Users\Doug\Downloads\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

File Deleted : C:\Users\Doug\AppData\Local\Temp\Uninstall.exe

Folder Deleted : C:\Program Files (x86)\Coupon Companion

Folder Deleted : C:\Program Files (x86)\Search Toolbar

Folder Deleted : C:\Users\Doug\AppData\Local\Coupon Companion

Folder Deleted : C:\Users\Doug\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\ConduitCommon

Folder Deleted : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\CT3015261

Folder Deleted : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\{3ce45c4f-bfff-4988-9a3c-a75c1f491319}

Folder Deleted : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\crossriderapp4493@crossrider.com

Folder Deleted : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\staged

Folder Deleted : C:\Users\Jack\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\extensions\crossriderapp4493@crossrider.com

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Toolbar

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\InstalledBrowserExtensions

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011441193}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011441193}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKCU\Software\Zugo

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.BHO.1

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox

Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0004493.Sandbox.1

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3015261

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044444493}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011441193}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{11111111-1111-1111-1111-110011441193}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{22222222-2222-2222-2222-220022442293}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{55555555-5555-5555-5555-550055445593}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66666666-6666-6666-6666-660066446693}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011441193}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{21111111-1111-1111-1111-110011441193}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011441193}

Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D425283-D487-4337-BAB6-AB8354A81457}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1C888195-0160-4883-91B7-294C0CE2F277}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055445593}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066446693}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{99ACA0F7-D864-45CB-8C40-FD42A077E7CA}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E65F40C8-3CEB-47C2-9E01-BF73323DF4E7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9D425283-D487-4337-BAB6-AB8354A81457}]

***** [internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16464

[OK] Registry is clean.

-\\ Mozilla Firefox v19.0 (en-US)

File : C:\Users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\prefs.js

Deleted : user_pref("CT3015261..clientLogIsEnabled", false);

Deleted : user_pref("CT3015261..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3015261..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3015261.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3015261.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3015261.AppTrackingLastCheckTime", "Sun Jun 24 2012 00:03:18 GMT-0400 (Eastern Daylight[...]

Deleted : user_pref("CT3015261.BrowserCompStateIsOpen_129958911685785597", true);

Deleted : user_pref("CT3015261.CTID", "CT3015261");

Deleted : user_pref("CT3015261.CurrentServerDate", "2-3-2013");

Deleted : user_pref("CT3015261.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3015261.DialogsGetterLastCheckTime", "Sun Mar 10 2013 13:43:20 GMT-0400 (Eastern Daylig[...]

Deleted : user_pref("CT3015261.DownloadReferralCookieData", "");

Deleted : user_pref("CT3015261.EMailNotifierPollDate", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref("CT3015261.EnableSearchHistory", false);

Deleted : user_pref("CT3015261.EnableSearchSuggest", false);

Deleted : user_pref("CT3015261.FirstServerDate", "11-8-2011");

Deleted : user_pref("CT3015261.FirstTime", true);

Deleted : user_pref("CT3015261.FirstTimeFF3", true);

Deleted : user_pref("CT3015261.FixPageNotFoundErrors", true);

Deleted : user_pref("CT3015261.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3015261.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3015261.HasUserGlobalKeys", true);

Deleted : user_pref("CT3015261.HomePageProtectorEnabled", false);

Deleted : user_pref("CT3015261.Initialize", true);

Deleted : user_pref("CT3015261.InitializeCommonPrefs", true);

Deleted : user_pref("CT3015261.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT3015261.InstallationId", "CT3015261_ZoneAlarm_Security_Suite.exe");

Deleted : user_pref("CT3015261.InstallationType", "ConduitIntegration");

Deleted : user_pref("CT3015261.InstalledDate", "Wed Aug 10 2011 22:13:50 GMT-0400 (Eastern Daylight Time)");

Deleted : user_pref("CT3015261.IsAlertDBUpdated", true);

Deleted : user_pref("CT3015261.IsGrouping", false);

Deleted : user_pref("CT3015261.IsInitSetupIni", true);

Deleted : user_pref("CT3015261.IsMulticommunity", false);

Deleted : user_pref("CT3015261.IsOpenThankYouPage", false);

Deleted : user_pref("CT3015261.IsOpenUninstallPage", false);

Deleted : user_pref("CT3015261.LanguagePackLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Dayligh[...]

Deleted : user_pref("CT3015261.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3015261.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3015261.LastLogin_3.10.0.1", "Thu May 10 2012 11:07:52 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT3015261.LastLogin_3.12.2.3", "Mon Jun 11 2012 12:15:38 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT3015261.LastLogin_3.13.0.6", "Tue Aug 07 2012 15:54:41 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT3015261.LastLogin_3.14.1.0", "Fri Sep 28 2012 06:27:31 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT3015261.LastLogin_3.15.1.0", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT3015261.LastLogin_3.5.1.1", "Tue Aug 16 2011 09:15:11 GMT-0400 (Eastern Daylight Time)"[...]

Deleted : user_pref("CT3015261.LastLogin_3.6.0.10", "Mon Oct 03 2011 05:59:25 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT3015261.LastLogin_3.7.0.6", "Sun Nov 13 2011 13:42:36 GMT-0500 (Eastern Standard Time)"[...]

Deleted : user_pref("CT3015261.LastLogin_3.8.0.8", "Thu Dec 15 2011 08:10:25 GMT-0500 (Eastern Standard Time)"[...]

Deleted : user_pref("CT3015261.LastLogin_3.8.1.0", "Mon Jan 16 2012 18:39:28 GMT-0500 (Eastern Standard Time)"[...]

Deleted : user_pref("CT3015261.LastLogin_3.9.0.3", "Sat Mar 10 2012 08:03:25 GMT-0500 (Eastern Standard Time)"[...]

Deleted : user_pref("CT3015261.LatestVersion", "3.18.0.7");

Deleted : user_pref("CT3015261.Locale", "en");

Deleted : user_pref("CT3015261.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3015261.MCDetectTooltipShow", false);

Deleted : user_pref("CT3015261.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3015261.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3015261.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT3015261.OriginalFirstVersion", "3.5.1.1");

Deleted : user_pref("CT3015261.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");

Deleted : user_pref("CT3015261.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3015261.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT301[...]

Deleted : user_pref("CT3015261.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3015261.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3015261.SearchInNewTabLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Dayli[...]

Deleted : user_pref("CT3015261.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3015261.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT3015261.SearchProtectorEnabled", false);

Deleted : user_pref("CT3015261.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT3015261.ServiceMapLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight [...]

Deleted : user_pref("CT3015261.SettingsLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref("CT3015261.SettingsLastUpdate", "1362211242");

Deleted : user_pref("CT3015261.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT3015261.ThirdPartyComponentsLastCheck", "Thu Feb 28 2013 18:22:05 GMT-0500 (Eastern Sta[...]

Deleted : user_pref("CT3015261.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT3015261.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3015261.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3015261");

Deleted : user_pref("CT3015261.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3015261.UserID", "UN29103747223576673");

Deleted : user_pref("CT3015261.ValidationData_Toolbar", 2);

Deleted : user_pref("CT3015261.alertChannelId", "1406927");

Deleted : user_pref("CT3015261.approveUntrustedApps", false);

Deleted : user_pref("CT3015261.backendstorage.extensions.alexa.lastshowprivacy", "31333539373732303436363936")[...]

Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Deleted : user_pref("CT3015261.backendstorage.hxxp://s3_amazonaws_com/com_alexa_toolbar/cnd/1_0/toolbar.extens[...]

Deleted : user_pref("CT3015261.components.129506578327572375", false);

Deleted : user_pref("CT3015261.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3015261.globalFirstTimeInfoLastCheckTime", "Mon Mar 11 2013 08:57:35 GMT-0400 (Eastern [...]

Deleted : user_pref("CT3015261.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3015261.initDone", true);

Deleted : user_pref("CT3015261.isAppTrackingManagerOn", false);

Deleted : user_pref("CT3015261.myStuffEnabled", true);

Deleted : user_pref("CT3015261.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3015261.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3015261.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3015261.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3015261.oldAppsList", "129506578324945315,129506578325335957,111,129506578326068408,129[...]

Deleted : user_pref("CT3015261.revertSettingsEnabled", false);

Deleted : user_pref("CT3015261.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3015261.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3015261.testingCtid", "");

Deleted : user_pref("CT3015261.toolbarAppMetaDataLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT3015261.toolbarContextMenuLastCheckTime", "Thu Feb 28 2013 18:22:08 GMT-0500 (Eastern S[...]

Deleted : user_pref("CT3015261.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3015261/CT3015261[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1406927/1402585/US", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3015261", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3015261",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3015261&octid=[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/61/301/CT3015261/Images/6340849608501725[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ef6[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Doug\\AppData\\Roaming\\Mozilla\\Fi[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3015261");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3015261");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3015261");

Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jan 25 2012 10:15:36 GMT-0500 (Eas[...]

Deleted : user_pref("CommunityToolbar.globalUserId", "7e3c7ae0-607a-40d5-90f4-9d902fa8dad7");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3015261");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Mar 10 2013 13:43:2[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Mar 11 2013 08:57:31 GMT-040[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Mar 12 2013 11:53:16 GMT-0400 (E[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "7057cd71-1cdb-4d27-b7ed-cf0161cd8546");

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationThankYouPage", true);

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationTime", 1359837071);

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.searchUserConifrmation", false[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setHomepage", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setNewTab", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.InstallationUserSettings.setSearch", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.active", true);

Deleted : user_pref("extensions.crossriderapp4493.4493.addressbar", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.addressbarenhanced", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundjs", "\n\n//\n");

Deleted : user_pref("extensions.crossriderapp4493.4493.backgroundver", 37);

Deleted : user_pref("extensions.crossriderapp4493.4493.can_run_bg_code", true);

Deleted : user_pref("extensions.crossriderapp4493.4493.certdomaininstaller", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.changeprevious", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallationTime.value", "1359837071");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 [...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_aoi.value", "1359837071");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.expiration", "Fri Feb 01 2030 00:00:[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_cf_bu1.value", "1360549318");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 [...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_crr.value", "1363103595");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_currenttime.value", "%221361906535%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 [...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_hotfix20111102645.value", "%221%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.expiration", "Fri Feb 01 2[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installer_params.value", "%7B%22source_id%2[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_installtime.value", "%221359648585%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_parent_zoneid.value", "%2214019%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 0[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_pc_20120828.value", "1359863575343");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_product_id.value", "%221322%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie._GPL_zoneid.value", "%2214019%22");

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GM[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.cookie.dbtest.value", "1359863536709");

Deleted : user_pref("extensions.crossriderapp4493.4493.description", "Coupon Companion");

Deleted : user_pref("extensions.crossriderapp4493.4493.domain", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.enablesearch", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.fbremoteurl", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.group", 0);

Deleted : user_pref("extensions.crossriderapp4493.4493.homepage", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.iframe", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.expiration", "Fri Feb 0[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.InstallerIdentifiers.value", "%7B%22installe[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_appVer.value", "83");

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.expiration", "Fri Feb [...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_lastVersion.value", "0");

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.expiration", "Fri Feb 01 2030[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_meta.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.expiration", "Fri Feb 01 203[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_queue.value", "%7B%7D");

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.expiration", "Fri[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.Resources_remote_resources.value", "%7B%22re[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.expiration", "Fri Feb 01 20[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.internaldb.SoftwareDetected.value", "%7B%22AnySoftware%[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GP[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.manifesturl", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.name", "Coupon Companion");

Deleted : user_pref("extensions.crossriderapp4493.4493.newtab", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.opensearch", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.code", "appAPI._cr_config={appID:funct[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.name", "base");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1.ver", 4);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.code", "Array.prototype.indexOf|[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.name", "GPL Plugin (Loader)");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000014.ver", 15);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.code", "var a=appAPI.db.getList([...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.name", "GPL Background (BG)");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_1000015.ver", 34);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.code", "(function(a){a.selectedText=f[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.name", "CrossriderAppUtils");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_13.ver", 2);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefin[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.name", "CrossriderUtils");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_14.ver", 2);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.code", "if((typeof isBackground===\"u[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.name", "FFAppAPIWrapper");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_16.ver", 5);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.code", "if(typeof window!==\"undefine[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.name", "jQuery");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_17.ver", 3);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.code", "var CrossriderDebugManager=(f[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.name", "debug");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_21.ver", 3);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.code", "(function(a){appAPI.queueMana[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.name", "resources");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_22.ver", 2);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.code", "var CrossriderInitializerPlug[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.name", "initializer");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_28.ver", 2);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.code", "var jQuery = $jquery_171 = $jq[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.name", "jquery_1_7_1");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_4.ver", 3);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.code", "(function(){appAPI.ready=func[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.name", "resources_background");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_47.ver", 1);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.code", "(function(){var h=\"__CR_EMPT[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.name", "appApiMessage");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_64.ver", 1);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.code", "if(appAPI.__should_activate_v[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.name", "appApiValidation");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_72.ver", 1);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.code", "if(typeof jQuery!==\"undefine[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.name", "CrossriderInfo");

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins.plugin_78.ver", 2);

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_0", "4,14,78,16,64,47,72,1000015"[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,22,[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");

Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsurl", "hxxp://app-static.crossrider.com/plugin/a[...]

Deleted : user_pref("extensions.crossriderapp4493.4493.pluginsversion", 59);

Deleted : user_pref("extensions.crossriderapp4493.4493.publisher", "215 Apps");

Deleted : user_pref("extensions.crossriderapp4493.4493.searchstatus", 0);

Deleted : user_pref("extensions.crossriderapp4493.4493.setnewtab", false);

Deleted : user_pref("extensions.crossriderapp4493.4493.settingsurl", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.thankyou", "");

Deleted : user_pref("extensions.crossriderapp4493.4493.updateinterval", 360);

Deleted : user_pref("extensions.crossriderapp4493.4493.ver", 83);

Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1);

Deleted : user_pref("extensions.crossriderapp4493.apps", "4493");

Deleted : user_pref("extensions.crossriderapp4493.bic", "13c9e2e9bc2a1b729e444423d18b7a86");

Deleted : user_pref("extensions.crossriderapp4493.cid", 4493);

Deleted : user_pref("extensions.crossriderapp4493.firstrun", false);

Deleted : user_pref("extensions.crossriderapp4493.hadappinstalled", true);

Deleted : user_pref("extensions.crossriderapp4493.installationdate", 1359863520);

Deleted : user_pref("extensions.crossriderapp4493.lastcheck", 22716778);

Deleted : user_pref("extensions.crossriderapp4493.lastcheckitem", 22716778);

Deleted : user_pref("extensions.crossriderapp4493.modetype", "production");

Deleted : user_pref("extensions.crossriderapp4493.reportInstall", true);

Deleted : user_pref("extensions.crossriderapp4493.updating", true);

Deleted : user_pref("extensions.enabledAddons", "%7B3ce45c4f-bfff-4988-9a3c-a75c1f491319%7D:3.15.1.0,crossride[...]

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3015261&SearchSource=2&q=[...]

File : C:\Users\Jack\AppData\Roaming\Mozilla\Firefox\Profiles\4z5zdc3b.default\prefs.js

Deleted : user_pref("extensions.crossriderapp4493.adsOldValue", -1);

-\\ Google Chrome v25.0.1364.97

File : C:\Users\Doug\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [33455 octets] - [12/03/2013 13:14:51]

AdwCleaner[s1].txt - [33680 octets] - [12/03/2013 20:52:32]

########## EOF - C:\AdwCleaner[s1].txt - [33741 octets] ##########

Step 2 - Rogue Killer

RogueKiller V8.5.2 [Mar 9 2013] by Tigzy

mail : tigzyRK<at>gmail<dot>com

Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/

Website : http://tigzy.geekstogo.com/roguekiller.php

Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version

Started in : Normal mode

User : Doug [Admin rights]

Mode : Remove -- Date : 03/12/2013 21:17:27

| ARK || FAK || MBR |

¤¤¤ Bad processes : 4 ¤¤¤

[sUSP PATH] atnthost.exe -- C:\ProgramData\WebEx\WebEx\319\atnthost.exe [7] -> KILLED [TermProc]

[sUSP PATH] raagtapp.exe -- C:\ProgramData\WebEx\WebEx\319\raagtapp.exe [7] -> KILLED [TermProc]

[sUSP PATH] rapanel.exe -- C:\ProgramData\WebEx\WebEx\319\rapanel.exe [7] -> KILLED [TermProc]

[Microsoft][HJNAME] notepad.exe -- C:\Windows\System32\notepad.exe [7] -> KILLED [TermProc]

¤¤¤ Registry Entries : 8 ¤¤¤

[RUN][sUSP PATH] HKLM\[...]\Wow6432Node\Run : Raagtx (C:\ProgramData\WebEx\WebEx\319\raagtx.exe) [x] -> DELETED

[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NOT SELECTED

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NOT SELECTED

[HJ INPROC][ZeroAccess] HKCR\[...]\InprocServer32 : (C:\$Recycle.Bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\n.) [x] -> REPLACED (C:\Windows\system32\wbem\fastprox.dll)

[RUN][HJNAME] [ON_D:Chuck]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> DELETED

[RUN][HJNAME] [ON_D:Guest]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> DELETED

[RUN][HJNAME] [ON_D:Jack]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> DELETED

[RUN][HJNAME] [ON_D:Kayla]HKCU[...]\Run : ctfmon.exe (C:\WINDOWS\system32\ctfmon.exe) [7] -> DELETED

¤¤¤ Particular Files / Folders: ¤¤¤

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\@ [-] --> REMOVED

[ZeroAccess][FILE] @ : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\@ [-] --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\U --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-18\$bb8a10ffe11655d0551cca486a22d89b\L --> REMOVED

[ZeroAccess][FOLDER] ROOT : C:\$recycle.bin\S-1-5-21-3185252367-1272832353-3625531396-1000\$bb8a10ffe11655d0551cca486a22d89b\L --> REMOVED

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ Extern Hives: ¤¤¤

-> D:\Documents and Settings\Admin\NTUSER.DAT

-> D:\Documents and Settings\All Users\NTUSER.DAT

-> D:\Documents and Settings\Chuck\NTUSER.DAT

-> D:\Documents and Settings\Default User\NTUSER.DAT

-> D:\Documents and Settings\Guest\NTUSER.DAT

-> D:\Documents and Settings\Jack\NTUSER.DAT

-> D:\Documents and Settings\Kayla\NTUSER.DAT

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

::1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: WDC WD5000AACS-00ZUB0 ATA Device +++++

--- User ---

[MBR] 25fa57c908a4c1694443993f6b5aeadb

[bSP] 463382accf8021881acc9074f0119ecc : MBR Code unknown

Partition table:

0 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 476938 Mo

User = LL1 ... OK!

User = LL2 ... OK!

+++++ PhysicalDrive1: Maxtor 6 Y160P0 SCSI Disk Device +++++

--- User ---

[MBR] c529b8f3b9eb62aa9204993501bef13a

[bSP] 678773cd8b953f2944434ede1bc558d9 : Windows 7/8 MBR Code

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 131069 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

+++++ PhysicalDrive2: WDC WD80 0BB-00BS SCSI Disk Device +++++

--- User ---

[MBR] 7abdda59174bb09fe18e8b631807b7ea

[bSP] 0547ea5b19154764850b4367bc802266 : Windows XP MBR Code

Partition table:

0 - [XXXXXX] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 76316 Mo

User = LL1 ... OK!

Error reading LL2 MBR!

Finished : << RKreport[3]_D_03122013_02d2117.txt >>

RKreport[1]_S_03122013_02d1430.txt ; RKreport[2]_S_03122013_02d2114.txt ; RKreport[3]_D_03122013_02d2117.txt

[DougsB4U]

Step 3 Logs:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.7.1 (03.12.2013:1)

OS: Windows 7 Ultimate x64

Ran by Doug on Tue 03/12/2013 at 21:38:01.54

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Registry Values

Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL

~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ef99bd32-c1fb-11d2-892f-0090271d4f88}

~~~ Files

~~~ Folders

~~~ FireFox

Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\bing.xml.old"

Successfully deleted: [File] C:\Users\Doug\AppData\Roaming\mozilla\firefox\profiles\z81p876x.default\searchplugins\bing-zugo.xml

Successfully deleted the following from C:\Users\Doug\AppData\Roaming\mozilla\firefox\profiles\z81p876x.default\prefs.js

user_pref("extensions.crossrider.bic", "13c9e2e9bc2a1b729e444423d18b7a86");

~~~ Chrome

Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pbkdpahkifcigckmhiafindmaflfifgm

~~~ Event Viewer Logs were cleared

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 03/12/2013 at 21:45:36.67

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

[DougsB4U]

Last Step: MBAM

Malwarebytes Anti-Malware (PRO) 1.70.0.1100

www.malwarebytes.org

Database version: v2013.03.12.06

Windows 7 Service Pack 1 x64 NTFS

Internet Explorer 9.0.8112.16421

Doug :: OFFICE [administrator]

Protection: Enabled

3/12/2013 10:06:30 PM

mbam-log-2013-03-12 (22-06-30).txt

Scan type: Full scan (C:\|D:\|G:\|)

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 1052682

Time elapsed: 2 hour(s), 55 minute(s), 46 second(s)

Memory Processes Detected: 0

(No malicious items detected)

Memory Modules Detected: 0

(No malicious items detected)

Registry Keys Detected: 0

(No malicious items detected)

Registry Values Detected: 0

(No malicious items detected)

Registry Data Items Detected: 0

(No malicious items detected)

Folders Detected: 0

(No malicious items detected)

Files Detected: 0

(No malicious items detected)

(end)

Behaviour looks stable, although start up times are longer for some reason.

Waiting for your next instructions.

[Maurice Naggar]

You should create a "system repair disc" for your Windows 7 either to a CD, DVD, or new USB-flash-thumb drive {if your hardware can boot from USB}.

The following is a reference page at Microsoft and also has a link to a how-to-video.

Create a Windows 7 system repair disc

This "repair disc" is a very handy tool that one may use when and IF you are not able to start Windows 7 normally.

This "repair disc" or "rescue disc" is not intended as a replacement for having the Windows 7 operating system DVD.

Make a rescue disc, put a label on it, store it away for a "rainy day".

You will want to print out or copy these instructions to Notepad for offline reference!

These steps are for member DougsB4U only. If you are a casual viewer, do NOT try this on your system!

If you are not DougsB4U and have a similar problem, do NOT post here; start your own topic

Do not run or start any other programs while these utilities and tools are in use!

Do NOT run any other tools on your own or do any fixes other than what is listed here.

If you have questions, please ask before you do something on your own.

But it is important that you get going on these following steps.

=

Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere. How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Have infinite patience during the run & scan by Combofix. It has many phases: some 50+ stages

It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.

You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.

Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power (AC power)or a UPS system

Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

Right- click on Combo-Fix.exe on your Desktop and select "Run as Administrator".

• A window may open with a warning or prompts. Accept the EULA and follow the prompts during the start phase of Combofix.
  When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.
  

A caution - Do not run Combofix more than once.

Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.

If this occurs, please reboot to restore the desktop.

A file will be created at => C:\Combofix.txt.

Notes:

[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.

That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh

Reply & Copy & Paste contents of the C:\Combofix.txt log and tell me, How is the system now ?

Re-enable your antivirus program.

[DougsB4U]

Hey Maurice,

Things are running faster. Here is the log file from the Combofix:

ComboFix 13-03-12.02 - Doug 03/13/2013 10:49:09.1.2 - x64

Microsoft Windows 7 Ultimate 6.1.7601.1.1252.1.1033.18.8191.4869 [GMT -4:00]

Running from: c:\users\Doug\Downloads\ComboFix.exe

AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}

FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}

SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}

* Created a new restore point

.

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\users\Doug\GoToAssistDownloadHelper.exe

c:\users\Doug\ResourceReader.dll

.

.

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Service_OxFWLF

.

.

((((((((((((((((((((((((( Files Created from 2013-02-13 to 2013-03-13 )))))))))))))))))))))))))))))))

.

.

2013-03-13 11:29 . 2013-02-07 20:28 9162192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{44AE827F-313A-48FF-9495-1299C2D89F78}\mpengine.dll

2013-03-13 01:37 . 2013-03-13 01:37 -------- d-----w- c:\windows\ERUNT

2013-03-13 01:37 . 2013-03-13 01:37 -------- d-----w- C:\JRT

2013-03-12 17:09 . 2013-03-12 17:09 -------- d-----w- c:\program files (x86)\ERUNT

2013-03-12 16:07 . 2013-03-12 16:07 -------- d-----w- c:\program files (x86)\Microsoft Security Client

2013-03-12 16:07 . 2013-03-12 16:08 -------- d-----w- c:\program files\Microsoft Security Client

2013-03-01 10:14 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DA3B4D44-1E86-4BE5-B85D-D7409C76372B}\mpengine.dll

2013-02-25 16:30 . 2013-02-25 16:30 150600 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE

2013-02-25 16:30 . 2013-02-25 16:30 1274456 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\OFFICE15\Office Setup Controller\pidgenx.dll

2013-02-22 09:13 . 2013-02-22 09:13 773968 ----a-w- c:\windows\SysWow64\msvcr100.dll

2013-02-22 09:13 . 2013-02-22 09:13 421200 ----a-w- c:\windows\SysWow64\msvcp100.dll

2013-02-14 01:45 . 2013-02-14 01:45 -------- d-----w- c:\programdata\ATI

2013-02-13 14:54 . 2013-02-13 14:54 -------- d-----w- c:\program files (x86)\AMD AVT

2013-02-13 14:54 . 2013-02-13 14:54 -------- d-----w- c:\program files (x86)\AMD APP

2013-02-13 08:06 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 08:06 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll

2013-02-13 02:39 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe

2013-02-13 02:39 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe

2013-02-13 02:39 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe

2013-02-13 02:39 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys

2013-02-13 02:39 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll

2013-02-13 02:39 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll

2013-02-13 02:39 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe

2013-02-13 02:39 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe

2013-02-13 02:39 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe

2013-02-13 02:39 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll

2013-02-13 02:39 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys

2013-02-13 02:39 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS

.

.

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-03-13 01:24 . 2011-01-01 17:56 72013344 ----a-w- c:\windows\system32\MRT.exe

2013-03-13 01:11 . 2013-02-01 01:57 563312 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe

2013-02-12 05:45 . 2013-03-13 01:05 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 01:05 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 01:05 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 01:05 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 01:05 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 01:05 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll

2013-01-30 10:53 . 2009-10-02 21:49 273840 ------w- c:\windows\system32\MpSigStub.exe

2013-01-20 19:59 . 2013-01-20 19:59 230320 ----a-w- c:\windows\system32\drivers\MpFilter.sys

2013-01-20 19:59 . 2013-01-20 19:59 130008 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys

2013-01-04 04:43 . 2013-02-13 02:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll

2012-12-19 20:50 . 2012-07-28 04:09 5630200 ----a-w- c:\windows\SysWow64\atiumdag.dll

2012-12-19 20:48 . 2012-12-19 20:48 11278336 ----a-w- c:\windows\system32\drivers\atikmdag.sys

2012-12-19 20:45 . 2012-12-19 20:45 222720 ----a-w- c:\windows\system32\clinfo.exe

2012-12-19 20:44 . 2012-12-19 20:44 76288 ----a-w- c:\windows\system32\OpenVideo64.dll

2012-12-19 20:44 . 2012-12-19 20:44 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll

2012-12-19 20:44 . 2012-12-19 20:44 64000 ----a-w- c:\windows\system32\OVDecode64.dll

2012-12-19 20:44 . 2012-12-19 20:44 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll

2012-12-19 20:44 . 2012-12-19 20:44 34518016 ----a-w- c:\windows\system32\amdocl64.dll

2012-12-19 20:38 . 2012-12-19 20:38 28732928 ----a-w- c:\windows\SysWow64\amdocl.dll

2012-12-19 20:34 . 2012-12-19 20:34 54784 ----a-w- c:\windows\system32\OpenCL.dll

2012-12-19 20:34 . 2012-12-19 20:34 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll

2012-12-19 20:29 . 2012-12-19 20:29 23461376 ----a-w- c:\windows\system32\atio6axx.dll

2012-12-19 20:22 . 2012-12-19 20:22 70144 ----a-w- c:\windows\system32\coinst_9.012.dll

2012-12-19 20:19 . 2012-12-19 20:19 163840 ----a-w- c:\windows\system32\atiapfxx.exe

2012-12-19 20:18 . 2012-12-19 20:18 51200 ----a-w- c:\windows\system32\aticalrt64.dll

2012-12-19 20:18 . 2012-12-19 20:18 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll

2012-12-19 20:17 . 2012-12-19 20:17 44544 ----a-w- c:\windows\system32\aticalcl64.dll

2012-12-19 20:17 . 2012-12-19 20:17 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll

2012-12-19 20:17 . 2012-12-19 20:17 16082944 ----a-w- c:\windows\system32\aticaldd64.dll

2012-12-19 20:13 . 2012-12-19 20:13 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll

2012-12-19 20:12 . 2012-12-19 20:12 18982400 ----a-w- c:\windows\SysWow64\atioglxx.dll

2012-12-19 20:09 . 2012-07-28 02:15 960512 ----a-w- c:\windows\SysWow64\aticfx32.dll

2012-12-19 20:08 . 2011-09-08 17:32 1151488 ----a-w- c:\windows\system32\aticfx64.dll

2012-12-19 20:06 . 2012-07-28 02:07 6681088 ----a-w- c:\windows\SysWow64\atidxx32.dll

2012-12-19 19:59 . 2012-07-28 01:41 5087744 ----a-w- c:\windows\system32\atiumd6a.dll

2012-12-19 19:57 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll

2012-12-19 19:56 . 2012-12-19 19:56 550912 ----a-w- c:\windows\system32\atieclxx.exe

2012-12-19 19:56 . 2012-12-19 19:56 240640 ----a-w- c:\windows\system32\atiesrxx.exe

2012-12-19 19:54 . 2012-12-19 19:54 120320 ----a-w- c:\windows\system32\atitmm64.dll

2012-12-19 19:54 . 2012-12-19 19:54 21504 ----a-w- c:\windows\system32\atimuixx.dll

2012-12-19 19:54 . 2012-12-19 19:54 59392 ----a-w- c:\windows\system32\atiedu64.dll

2012-12-19 19:54 . 2012-12-19 19:54 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll

2012-12-19 19:49 . 2011-09-08 17:16 7370752 ----a-w- c:\windows\system32\atidxx64.dll

2012-12-19 19:44 . 2012-07-28 01:32 4162048 ----a-w- c:\windows\SysWow64\atiumdva.dll

2012-12-19 19:44 . 2012-07-28 01:25 6786560 ----a-w- c:\windows\system32\atiumd64.dll

2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\atimpc64.dll

2012-12-19 19:33 . 2012-12-19 19:33 56320 ----a-w- c:\windows\system32\amdpcom64.dll

2012-12-19 19:33 . 2012-07-28 01:15 619008 ----a-w- c:\windows\system32\atiadlxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll

2012-12-19 19:33 . 2012-12-19 19:33 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll

2012-12-19 19:33 . 2012-12-19 19:33 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll

2012-12-19 19:33 . 2012-12-19 19:33 17920 ----a-w- c:\windows\system32\atig6pxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 14848 ----a-w- c:\windows\system32\atiglpxx.dll

2012-12-19 19:33 . 2012-12-19 19:33 41984 ----a-w- c:\windows\system32\atig6txx.dll

2012-12-19 19:33 . 2012-12-19 19:33 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll

2012-12-19 19:32 . 2012-12-19 19:32 552960 ----a-w- c:\windows\system32\drivers\atikmpag.sys

2012-12-19 19:31 . 2011-09-08 16:52 130048 ----a-w- c:\windows\system32\atiuxp64.dll

2012-12-19 19:31 . 2012-07-28 01:13 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll

2012-12-19 19:31 . 2012-07-28 01:13 104448 ----a-w- c:\windows\system32\atiu9p64.dll

2012-12-19 19:30 . 2012-07-28 01:13 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll

2012-12-19 19:30 . 2012-12-19 19:30 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll

2012-12-16 17:11 . 2012-12-21 08:01 46080 ----a-w- c:\windows\system32\atmlib.dll

2012-12-16 14:45 . 2012-12-21 08:01 367616 ----a-w- c:\windows\system32\atmfd.dll

2012-12-16 14:13 . 2012-12-21 08:01 295424 ----a-w- c:\windows\SysWow64\atmfd.dll

2012-12-16 14:13 . 2012-12-21 08:01 34304 ----a-w- c:\windows\SysWow64\atmlib.dll

2012-12-14 21:49 . 2010-03-12 02:24 24176 ----a-w- c:\windows\system32\drivers\mbam.sys

.

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-03-13 01:12 1722976 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-03-13 01:12 1722976 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-03-13 01:12 1722976 ----a-w- c:\program files\Microsoft Office 15\root\office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 129272 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2010-11-20 163328]

"360Amigo"="c:\program files\360Amigo\360Amigo.exe" [2011-11-30 5328672]

"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-09-13 3341464]

"MobileDocuments"="c:\program files (x86)\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2007-08-22 80896]

"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]

"Jomantha"="c:\program files (x86)\n52te\razerhid.exe" [2007-12-12 163840]

"QFan Help"="c:\program files (x86)\ASUS\AI Suite\QFan3\QFanHelp.exe" [2008-05-06 594432]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-09-27 59240]

"Display"="c:\program files (x86)\APC\PowerChute Personal Edition\DataCollectionLauncher.exe" [2011-08-24 284024]

"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-10 421776]

"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-10-25 421888]

"Razer Synapse"="c:\program files (x86)\Razer\Synapse\RzSynapse.exe" [2012-12-11 338864]

"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-19 642808]

.

c:\users\Doug\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\

Dropbox.lnk - c:\users\Doug\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]

ERUNT AutoBackup.lnk - c:\program files (x86)\ERUNT\AUTOBACK.EXE [2005-10-20 38912]

.

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\

APC UPS Status.lnk - c:\program files (x86)\APC\PowerChute Personal Edition\Display.exe [2011-8-24 271736]

Content Manager Assistant for PlayStation®.lnk - c:\program files (x86)\Sony\Content Manager Assistant\CMA.exe [2012-11-13 3359712]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

@="Service"

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\setup\disabledrunkeys]

"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe"

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R3 Creative ALchemy AL1 Licensing Service;Creative ALchemy AL1 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL1Licensing.exe [x]

R3 Creative HOAL Licensing Service;Creative HOAL Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTHOALLicensing.exe [x]

R3 dc3d;MS Hardware Device Detection Driver (USB);c:\windows\system32\DRIVERS\dc3d.sys [2011-05-18 47616]

R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;c:\windows\system32\DRIVERS\ffusb2audio.sys [2011-09-22 59224]

R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys [2012-04-04 201008]

R3 JmtFltr;n52te;c:\windows\system32\drivers\JmtFltr.sys [2007-09-29 46464]

R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [2007-05-11 1361952]

R3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [2007-05-11 50208]

R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2007-05-11 3612704]

R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-05-10 22528]

R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 130008]

R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2013-01-27 379360]

R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]

R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]

R3 SaiK0836;SaiK0836;c:\windows\system32\DRIVERS\SaiK0836.sys [2010-06-17 172040]

R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]

R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]

R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]

R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]

R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]

R3 vsdatant7;vsdatant7;c:\windows\system32\drivers\vsdatant.win7.sys [x]

R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-28 1255736]

R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]

R4 atashost;WebEx Service Host for Support Center;c:\windows\SysWOW64\atashost.exe [2009-03-06 20376]

R4 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]

R4 FlipShareServer;FlipShare Server;c:\program files (x86)\Flip Video\FlipShareServer\FlipShareServer.exe [2011-05-06 1085440]

R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]

R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys [2012-04-04 51504]

S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys [2012-04-04 61232]

S0 mounthlp;Mounter helper driver for HFS+ volumes;c:\windows\system32\DRIVERS\mounthlp.sys [2012-04-04 46384]

S1 AmgHips;AmgHips;c:\windows\System32\Drivers\AmgHips.sys [2011-11-30 31008]

S1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\elrawdsk.sys [2009-09-08 23464]

S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-19 240640]

S2 APC Data Service;APC Data Service;c:\program files (x86)\APC\PowerChute Personal Edition\dataserv.exe [2011-08-24 21880]

S2 apmwinsrv;Paragon APM service;c:\program files (x86)\Paragon Software\HFS+ for Windows 8.0\apmwinsrv.exe [2012-04-04 67376]

S2 atnthost;WebEx Remote Access Agent;c:\programdata\WebEx\WebEx\319\atnthost.exe [2012-11-18 21072]

S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe [2011-07-06 2304912]

S2 FreeAgentGoFlex Service;Seagate Drive Settings Service;c:\program files (x86)\Seagate\DriveSettings\Sync\SeagateDriveSettingsService.exe [2011-02-10 91432]

S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys [2012-04-04 16176]

S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]

S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]

S2 OfficeSvc;Microsoft Office Service;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-02-25 1861288]

S3 Apowersoft_AudioDevice;Apowersoft_AudioDevice;c:\windows\system32\drivers\Apowersoft_AudioDevice.sys [2010-12-24 29288]

S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-11-06 96256]

S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]

S3 rzendpt;rzendpt;c:\windows\system32\DRIVERS\rzendpt.sys [2012-11-07 22016]

S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys [2012-11-07 113664]

S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-09-28 395264]

.

.

--- Other Services/Drivers In Memory ---

.

*NewlyCreated* - WS2IFSL

*Deregistered* - KL1

*Deregistered* - Vsdatant

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]

Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

.

Contents of the 'Scheduled Tasks' folder

.

2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 00:24]

.

2013-03-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-10-14 00:24]

.

2013-03-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3185252367-1272832353-3625531396-1000Core.job

- c:\users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-03 16:00]

.

2013-03-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3185252367-1272832353-3625531396-1000UA.job

- c:\users\Doug\AppData\Local\Google\Update\GoogleUpdate.exe [2009-01-03 16:00]

.

2013-03-13 c:\windows\Tasks\SDMsgUpdate (TE).job

- c:\progra~2\SMARTD~1\Messages\SDNotify.exe [2011-05-09 17:29]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]

@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"

[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]

2013-03-13 01:12 2325624 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]

@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"

[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]

2013-03-13 01:12 2325624 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]

@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"

[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]

2013-03-13 01:12 2325624 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]

@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]

@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]

@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]

@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"

[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]

2012-11-13 23:32 162552 ----a-w- c:\users\Doug\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272]

"SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208]

"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]

"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]

.

------- Supplementary Scan -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = hxxp://www.google.com/

uInternet Settings,ProxyOverride = *.local

IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000

IE: MasterCook: Select Image - c:\users\Doug\AppData\LocalLow\MasterCook Web Import\MCIEContext.hta

IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105

TCP: DhcpNameServer = 75.75.75.75 75.75.76.76

DPF: {5554DCB0-700B-498D-9B58-4E40E5814405} - hxxps://backoffice.liveviridian.com/Associate/Reserved.ReportViewerWebControl.axd?ReportSession=etu4rfagnkcx0zmlktszw255&ControlID=8455571ca11f4dffbb4847d0da48a968&Culture=1033&UICulture=1033&ReportStack=1&OpType=PrintCab

FF - ProfilePath - c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\

FF - prefs.js: browser.search.selectedEngine - Bing

FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/?pc=Z178&ocid=zdhp&install_date=20111229

FF - ExtSQL: 2013-02-02 15:31; crossriderapp4493@crossrider.com; c:\users\Doug\AppData\Roaming\Mozilla\Firefox\Profiles\z81p876x.default\extensions\crossriderapp4493@crossrider.com

.

- - - - ORPHANS REMOVED - - - -

.

Wow6432Node-HKLM-Run-<NO NAME> - (no file)

Wow6432Node-HKLM-Run-Raagtx - c:\programdata\WebEx\WebEx\319\raagtx.exe

WebBrowser-{3CE45C4F-BFFF-4988-9A3C-A75C1F491319} - (no file)

.

.

.

--------------------- LOCKED REGISTRY KEYS ---------------------

.

[HKEY_USERS\S-1-5-21-3185252367-1272832353-3625531396-1000\Software\SecuROM\License information*]

"datasecu"=hex:46,63,3b,45,73,19,11,40,8d,ee,e9,7e,00,34,d8,d2,d0,29,ec,b3,0b,

78,e2,e3,2b,a3,ad,de,60,66,d7,19,4e,94,b8,65,6e,d4,ae,d9,2c,a8,54,ee,43,25,\

"rkeysecu"=hex:cb,bd,f2,61,5a,4e,c6,95,f2,29,8b,82,ba,6b,3d,44

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]

@Denied: (A) (Everyone)

"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]

@Denied: (A) (Everyone)

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]

"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

"Key"="ActionsPane3"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]

@Denied: (A) (Users)

@Denied: (A) (Everyone)

@Allowed: (B 1 2 3 4 5) (S-1-5-20)

"BlindDial"=dword:00000000

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Other Running Processes ------------------------

.

c:\program files (x86)\APC\PowerChute Personal Edition\mainserv.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe

c:\windows\SysWOW64\PnkBstrA.exe

c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE

c:\progra~2\COMMON~1\X10\Common\X10nets.exe

c:\progra~3\WebEx\WebEx\319\RaPanel.exe

c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe

c:\program files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe

c:\program files (x86)\ASUS\AASP\1.00.81\aaCenter.exe

c:\program files (x86)\ASUS\AI Suite\EnergySaving\PwSave.exe

c:\program files (x86)\ASUS\AI Direct Link\AsShare.exe

c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe

.

**************************************************************************

.

Completion time: 2013-03-13 11:30:03 - machine was rebooted

ComboFix-quarantined-files.txt 2013-03-13 15:29

.

Pre-Run: 62,097,162,240 bytes free

Post-Run: 61,408,722,944 bytes free

.

- - End Of File - - 3CC2B5592CD436C2A70D6B4459BD7C76

[Maurice Naggar]

Hello,

Glad to know things are running faster.

We can wrap this up now. I see that you are clear of your original issues.

If you have a problem with these steps, or something does not quite work here, do let me know.

The following few steps will remove tools we used. Advise me after you have completed the cleanups.

We have to remove Combofix and all its associated folders. By whichever name you named it, ( you had named it ComboFix ),

put that name in the RUN box stated just below.

The "/uninstall" in the Run line below is to start Combofix for it's cleanup & removal function.

Note the space before the slash mark.

The utility must be removed to prevent any un-intentional or accidental usage, PLUS, to free up much space on your hard disk.

• Highlight the line in this CODEBOX.
  Select & Copy the entire line within this codebox (so that it is in Windows clipboard memory)
  

  c:\users\Doug\Downloads\ComboFix.exe /uninstall

  
  

• Start >> type in cmd >> press the Ctrl+Shift+Enter keyboard combination and cmd.exe will be launched as if you selected Run as Administrator. You will then see a User Account Control prompt asking if you would like to allow the Command Prompt to be able to make changes on your computer. Click on the Yes button and you will now be at the Elevated Command Prompt.
  Do a Right click within the command prompt window and select Paste. This must show the line from Codebox above.
  Then tap Enter
  

IF in the case Combofix un-install has an issue, skip that step.

NEXT

• Download OTC to your desktop and run it
  
• Click Yes to beginning the Cleanup process and remove these components, including this application.
  
• You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.
  

ERUNT you should keep and use periodically to backup Windows registry.

Delete the following if still present:

Securitycheck.exe

adwcleaner.exe

Tdsskiller.exe

roguekiller.exe

jrt.exe

Safer practices & malware prevention

• Have a hardware router between the incoming internet-modem and your computer.
  
• Use a Standard user account rather than an administrator-rights account when "surfing" the web.
  
• Configure your Antivirus software to check for updates daily, at a time in which you are sure the computer will be on.
  
• Check in at Windows Update and install any Important Updates offered.
  
• Make certain that Automatic Updates is enabled.
  How to configure and use Automatic Updates in Windows
  http://support.microsoft.com/kb/306525
  
• Check on other update issues as well, by getting, installing and using Secunia Personal Software Inspector (OSI) on a monthly basis.
  See How to detect vulnerable and out-dated programs using Secunia Personal Software Inspector
  
• Download, install, and keep updated Spyware Blaster (free): http://www.javacoolsoftware.com/spywareblaster.html (all Protections should be enabled at all times)
  Tutorial for Spywareblaster: Using SpywareBlaster to protect your computer from Spyware, Hijackers, and Malware
  
• I'd recommend that you get and use MVP Mike Burgess' custom hosts file http://mvps.org/winhelp2002/hosts.htm
  See the FAQ page http://mvps.org/winhelp2002/hostsfaq.htm
  That would help to keep your browser away from known spyware/malware sites.
  Get notified when the MVPS HOSTS file is updated
  http://winhelp2002.mvps.org/updates.htm
  
• Make regular backups of your system to removable media: DVD, USB external hard drive, etc.
  Having a total image backup of your system stored on DVD/CD is highly important.
  Get and make use of imaging-backup utilities and save them to offline media. That way you have something to fall back to if a disaster hits.
  
  How to create a Windows system image in Windows 7 and Windows 8
  http://www.bleepingcomputer.com/tutorials/create-system-image-in-windows-7-8/
  How to use System Image Recovery in the Windows 7 and Windows 8 Recovery Environment
  http://www.bleepingcomputer.com/tutorials/system-image-recovery-in-windows-7-8/
  
  
• Consider using Web of Trust WOT add-on for your browser(s)
  http://www.mywot.com/en/download
  http://www.mywot.com/en/faq/add-on
  
• Take extreme care if you share USB-flash/thumb drives from other people {even from friends, roommates, relatives}
  Don't plug in an unknown flash/thumb drive into your PC.
  IF you must do so, hold down the SHIFT-key when you insert the drive.
  Scan any file with your Antivirus prior to opening or using.
  On some regular schedule, it is a good idea to do an online scan for viruses and malware. Here is a very short list of sites where this may be done:
  
  ESET Online Scanner
  BitDefender Quickscan
  Trend Micro Housecall
  F-Secure Online Scanner
  Microsoft Safety Scanner
  Panda ActiveScan
  
  
• See Six tips to help you stay safer online
  
• Never, ever download free games, free tools, videos, mutli-media files or anything free unless you can be absolutely sure the source is safe !
  

We are finished here. Best regards.

[DougsB4U]

Thanks for all the help Maurice. Deeply appreciated.

[Maurice Naggar]

You are very welcome Cheers.