Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

yet another "i used combofix without supervision"


  • Please log in to reply
10 replies to this topic

#1 wes286

wes286

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 18 December 2012 - 05:18 PM

as the topic says, i used combofix and now my computer is "messed up"

the first thing i noticed was that i couldnt use the internet. after trying to reconnect to the internet, i noticed that my default wireless network name was "FBI"something.. (i used wireless network setup wizard to get back to my original wireless network and now cannot locate the "FBI" network to give you exact name)
now that my network is back i have "limited or no connectivity" and cannot use my internet.

i then noticed that my windows firewall was off, and it wouldnot let me turn it on citing being unable to "access Sharedservice."

also it doesnot show my antivirus

i am stil unable to use the internet on that PC so i dont know how this will work because i cannot get download stuff from the internet on that computer..

thanx in advance for any help you can give me.

wes

BC AdBot (Login to Remove)

 


#2 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 20 December 2012 - 07:15 PM

Welcome to Bleeping Computer wes286,

In order for us to effect repairs, you will need to use a USB/flash/thumb drive, or worst scenario, burn files to disks to transfer them.

When exactly did you run ComboFix on this system? Post back on that, but also I will need some scan log info to work with.


If the system is Vista/Windows7, when running any of the scan files we use, be sure to right click the file, then select "Run as administrator" to start the scan/tool.

And To make sure you have an accurate view of files there, make sure you can View Hidden Files. Also uncheck "Hide Extensions for Known File Types"


To keep them from interfering with the repairs, be sure to temporarily disable all antivirus/anti-spyware softwares while these steps are being completed. This can usually be done through right clicking the software's Taskbar icons, or accessing each software through Start - Programs. Here are some antivirus disable tips if needed.

-------

Click here and download OldTimer's OTL to your desktop, then click that to open the scan display. At the top click "Scan All Users", then click "Run Scan". Make no other changes at this time.

When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are also saved in the same location as OTL.exe. Post the contents of those back here please.

-----------

Click here and download the installer for Gmer to your desktop, then click that file to run Gmer.


Once the opening scan finishes, click on Scan (again, before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while this scan completes. Also do not use your computer during the scan).

When completed, click on the Copy button and rightclick on your Desktop, choose "New" > Text document. Once the file is created, open it and rightclick again and choose Paste. Copy the information and post it here please.

-----------

Download aswMBR ( 511KB ) to your desktop.
  • Double click the aswMBR.exe icon to run it
  • If you can have an open Internet connection, and allow it to download the latest Avast engine detections.
  • If avast! antivirus is already installed, just do the next step.
  • Click the Scan button to start the scan
  • On completion of the scan, click the save log button, save it to your desktop and post it in your next reply.


A lot, but comprehensive, and will make sure we get a good view of everything.
Ad eundum quo no duck ante iit

#3 wes286

wes286
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 27 December 2012 - 11:08 PM

i am running windows XP home edition.

i used combofix on the 14th or 15th of dec. so about 2 weeks ago

here is the OTL.Txt log

OTL logfile created on: 12/27/2012 6:41:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.85% Memory free
4.83 Gb Paging File | 4.17 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): C:\pagefile.sys 3057 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.13 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive G: | 983.72 Mb Total Space | 983.06 Mb Free Space | 99.93% Space Free | Partition Type: FAT

Computer Name: WESLEY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/12/27 18:38:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2012/11/23 16:50:34 | 000,296,096 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2012/11/07 00:43:20 | 000,312,168 | ---- | M] (Skillbrains) -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Skillbrains\lightshot\3.2.0.0\Lightshot.exe
PRC - [2012/09/24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/06/22 14:34:12 | 002,673,624 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012/06/22 14:34:12 | 001,118,680 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012/06/22 13:21:50 | 000,402,368 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2011/09/02 01:15:40 | 000,227,712 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
PRC - [2011/04/18 07:14:27 | 000,789,392 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2011/04/18 07:14:26 | 001,181,328 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2008/04/14 06:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/09/27 19:33:44 | 000,125,168 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\VPTray.exe
PRC - [2006/09/27 19:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe
PRC - [2006/07/19 18:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2006/07/19 18:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2006/07/19 18:26:04 | 000,052,896 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
PRC - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
PRC - [2005/01/08 17:42:54 | 000,315,392 | R--- | M] () -- C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
PRC - [2001/08/17 16:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe


========== Modules (No Company Name) ==========

MOD - [2012/06/22 14:34:06 | 000,157,656 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\NetworkLayer\PCTCFHook.dll
MOD - [2012/06/22 14:33:48 | 000,091,608 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2011/04/18 07:14:39 | 000,163,728 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\ShellExt.dll
MOD - [2011/04/18 07:14:35 | 000,327,000 | ---- | M] () -- C:\Program Files\Lavasoft\Ad-Aware\RPAPI.dll
MOD - [2011/02/06 17:46:32 | 000,140,288 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2006/08/30 11:51:07 | 000,196,608 | ---- | M] () -- C:\WINDOWS\system32\nvapi.dll
MOD - [2005/01/08 17:42:54 | 000,315,392 | R--- | M] () -- C:\Program Files\Dell Photo Printer 720\dlbcserv.exe
MOD - [2003/07/29 08:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\DLBCPP5C.DLL


========== Services (SafeList) ==========

SRV - [2012/12/11 17:31:10 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/06 19:29:21 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/24 23:12:59 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/06/22 14:34:12 | 001,118,680 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012/06/22 13:21:50 | 000,402,368 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/04/18 07:14:26 | 001,181,328 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2006/09/27 19:33:38 | 000,116,464 | ---- | M] (symantec) [On_Demand | Stopped] -- C:\Program Files\Symantec AntiVirus\SavRoam.exe -- (SavRoam)
SRV - [2006/09/27 19:33:32 | 001,813,232 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe -- (Symantec AntiVirus)
SRV - [2006/09/27 19:33:22 | 000,031,472 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Symantec AntiVirus\DefWatch.exe -- (DefWatch)
SRV - [2006/09/02 15:36:33 | 002,528,960 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE -- (LiveUpdate)
SRV - [2006/08/07 15:03:02 | 000,214,720 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2006/07/19 18:26:12 | 000,169,632 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2006/07/19 18:26:06 | 000,192,160 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2006/04/11 16:13:38 | 001,160,848 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2001/08/17 16:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | Boot | Stopped] -- system32\DRIVERS\nielprt.sys -- (nielprt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\nielgfx.sys -- (NielGfx)
DRV - File not found [Kernel | Auto | Stopped] -- -- (MCSTRM)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lmimirr.sys -- (lmimirr)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\bfastfao.sys -- (bfastfao)
DRV - [2012/11/14 10:24:06 | 001,601,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121214.003\NAVEX15.SYS -- (NAVEX15)
DRV - [2012/11/14 10:24:06 | 000,092,704 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20121214.003\NAVENG.SYS -- (NAVENG)
DRV - [2012/07/31 18:34:46 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2012/07/31 18:34:45 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)
DRV - [2012/06/22 14:34:52 | 000,203,120 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012/06/22 10:39:14 | 000,070,768 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012/04/23 11:36:50 | 000,383,368 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012/02/28 10:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2008/04/14 06:00:00 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/14 06:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2008/04/14 06:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2007/11/30 21:18:42 | 000,651,712 | ---- | M] (VIA - IC Ensemble, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Envy24HF.sys -- (Envy24HFS)
DRV - [2006/09/18 16:55:28 | 000,109,744 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2006/09/06 13:41:20 | 000,337,592 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\savrt.sys -- (SAVRT)
DRV - [2006/09/06 13:41:20 | 000,054,968 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys -- (SAVRTPEL)
DRV - [2006/08/07 15:02:26 | 000,195,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\symtdi.sys -- (SYMTDI)
DRV - [2006/08/07 15:02:22 | 000,024,768 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\symredrv.sys -- (SYMREDRV)
DRV - [2006/04/11 16:13:34 | 000,389,776 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/11/04 02:27:28 | 000,043,392 | R--- | M] (Windows ® 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Athfmwdl.sys -- (ATHFMWDL)
DRV - [2004/11/04 02:27:24 | 000,283,904 | R--- | M] (D-Link Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\A5AGU.sys -- (A5AGU)
DRV - [2004/09/17 08:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2001/08/17 07:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 07:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 07:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 07:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {E627DC4B-8C04-4234-A2D4-1D634EE01C41}
IE - HKLM\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://fastestwebsearch.com/search?q={searchterms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?affID=110014&babsrc=HP_ss&mntrId=0c8ea502000000000000001195d20794
IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\..\SearchScopes,DefaultScope = {E627DC4B-8C04-4234-A2D4-1D634EE01C41}
IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\..\SearchScopes\{6A37E392-5E55-4478-8C1C-1A0ECEBDB6D1}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=1I7ADFA_en
IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = http://isearch.avg.com/search?cid={4DB4159C-E09C-4EAE-8EE8-5AEE10EAAC5F}&mid=&lang=&ds=&pr=&d=&v=&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3072253
IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\..\SearchScopes\{E627DC4B-8C04-4234-A2D4-1D634EE01C41}: "URL" = http://fastestwebsearch.com/search?q={searchterms}
IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\..\SearchScopes\{FCB10E4A-12E3-47E2-B088-42492BAA4CE8}: "URL" = http://www.fastbrowsersearch.com/results/results.aspx?q={searchTerms}&c=web&s=DSP&v=18&tid={406BC363-B1B3-47f6-9329-3F1793B59F4F}
IE - HKU\S-1-5-21-1214440339-436374069-1177238915-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..CT3244149.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Fastest"
FF - prefs.js..browser.search.defaulturl: "http://fastestwebsearch.com/search?q={searchTerms}"
FF - prefs.js..browser.search.order.1: "http://fastestwebsearch.com/search?q={searchTerms}"
FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"
FF - prefs.js..browser.search.param.yahoo-type: "${8}"
FF - prefs.js..browser.search.selectedEngine: "Fastest"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT3244149&SearchSource=13"
FF - prefs.js..extensions.enabledAddons: adapter%40babylontc.com:1.0.0.1
FF - prefs.js..extensions.enabledAddons: andpoufywj%40andpoufywj.org:2.5
FF - prefs.js..extensions.enabledAddons: ocr%40babylon.com:1.1
FF - prefs.js..extensions.enabledAddons: playbryte%40playbryte.com:1.1
FF - prefs.js..extensions.enabledAddons: plugin%40videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: %7B1e87a6c4-87c3-48eb-98a9-2444015642a7%7D:3.15.1.0
FF - prefs.js..extensions.enabledAddons: %7B687578b9-7132-4a7a-80e4-30ee31099e03%7D:3.15.1.0
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:13.0.0
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.5
FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {9ECF3758-62E7-4429-BEDF-6F5B9E5D327A}:1.9.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.1.0
FF - prefs.js..extensions.enabledItems: {ce18769b-c7fa-42d2-860d-17c4662c70ad}:2.7.2.0
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.7.1.3
FF - prefs.js..extensions.enabledItems: textlinks@gamevance.com:1.0.0
FF - prefs.js..extensions.enabledItems: {888d99e7-e8b5-46a3-851e-1ec45da1e644}:3.6.3
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655
FF - prefs.js..extensions.enabledItems: {8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}:2.1.0
FF - prefs.js..extensions.enabledItems: LogMeInClient@logmein.com:1.0.0.608
FF - prefs.js..keyword.URL: "http://fastestwebsearch.com/search?q="


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nielsen/FirefoxTracker: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\npfirefoxtracker.dll File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{9ECF3758-62E7-4429-BEDF-6F5B9E5D327A}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{9ECF3758-62E7-4429-BEDF-6F5B9E5D327A} [2010/01/31 20:16:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netsight@nielsen.com: C:\Program Files\NetRatingsNetSight\NetSight\meter2\FirefoxAddOns\netsight@nielsen.xpi
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/11/23 16:51:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/12/06 19:29:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/12/06 19:29:01 | 000,000,000 | ---D | M]

[2010/09/21 22:22:33 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/11/08 09:05:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2012/11/21 13:54:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions
[2012/08/22 20:05:27 | 000,000,000 | ---D | M] (ChoozOn Deal Scout Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{1e87a6c4-87c3-48eb-98a9-2444015642a7}
[2012/08/30 00:06:47 | 000,000,000 | ---D | M] (WhiteSmoke US New) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
[2012/10/15 11:20:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012/08/27 17:33:50 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/08/22 09:15:41 | 000,000,000 | ---D | M] (Zynga Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
[2012/08/22 09:16:32 | 000,000,000 | ---D | M] (Babylon-EnglishBB Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
[2010/09/22 20:32:34 | 000,000,000 | ---D | M] (Facemoods) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\ffxtlbr@Facemoods.com
[2011/02/15 14:23:46 | 000,000,000 | ---D | M] (LogMeIn, Inc. Remote Access Plugin) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\LogMeInClient@logmein.com
[2012/04/24 15:29:59 | 000,000,000 | ---D | M] (PlayBryte) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\playbryte@playbryte.com
[2012/07/10 02:26:11 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\plugin@videofiledownload.com
[2012/04/26 23:07:57 | 000,021,707 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\adapter@babylontc.com.xpi
[2008/04/14 06:00:00 | 000,004,839 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\andpoufywj@andpoufywj.org.xpi
[2012/04/26 23:07:57 | 000,007,972 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\ocr@babylon.com.xpi
[2012/02/01 12:45:43 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2012/06/08 21:57:27 | 000,030,312 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2012/11/21 13:54:15 | 000,243,496 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2010/06/29 08:18:16 | 000,004,669 | ---- | M] () (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\ffxtlbr@Facemoods.com\content\xpiInstallLgc.js
[2012/08/30 00:08:17 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\searchplugins\conduit.xml
[2012/12/06 19:28:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2012/11/23 16:51:33 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2012/12/06 19:29:27 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/11/23 16:50:48 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll
[2012/07/09 22:52:31 | 000,003,659 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/04/24 15:32:34 | 000,002,313 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2012/08/28 19:15:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/25 17:09:20 | 000,005,859 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fastestwebsearch.xml
[2010/03/28 10:56:18 | 000,002,035 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrchFxt.xml
[2012/10/19 01:40:03 | 000,002,058 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Bing (Enabled)
CHR - default_search_provider: search_url = http://www.bing.com/search?setmkt=en-US&q={searchTerms}
CHR - default_search_provider: suggest_url = http://api.bing.com/osjson.aspx?query={searchTerms}&language={language}
CHR - homepage: http://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: RealPlayer™ G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprpplugin.dll
CHR - plugin: RealPlayer™ HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: RealNetworks™ Chrome Background Extension Plug-In (32-bit) (Enabled) = C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MI1933~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll
CHR - plugin: Java™ Platform SE 7 U7 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\WINDOWS\system32\npDeployJava1.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: ChoozOn - Deal Scout = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cddmeilcgjecgghnhopomglpjclopipg\2.3.10.3_0\
CHR - Extension: Google Search = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: PlayBryte = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hkohdlmeghicnacklkgmlcmaleocmjhj\1.1_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: VideoFileDownload = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl\1.0_0\
CHR - Extension: uTorrentControl2 = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\2.3.18.20_0\
CHR - Extension: Gmail = C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\

O1 HOSTS File: ([2012/12/15 00:35:19 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKU\S-1-5-21-1214440339-436374069-1177238915-500\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [ccApp] C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\\vptray.exe ()
O4 - HKU\S-1-5-21-1214440339-436374069-1177238915-500..\Run: [LightShot] C:\Documents and Settings\Administrator\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe ()
O4 - HKU\S-1-5-21-1214440339-436374069-1177238915-500..\RunOnce: [AutoLaunch] C:\Program Files\Lavasoft\Ad-Aware\AutoLaunch.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OneNote 2010 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ZooskMessenger.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1214440339-436374069-1177238915-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1214440339-436374069-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1214440339-436374069-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1214440339-436374069-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1245789842203 (WUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/23 14:24:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/12/27 18:40:59 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/12/15 10:45:44 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2012/12/14 23:20:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2012/12/14 23:15:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2012/12/14 23:15:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2012/12/14 23:15:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2012/12/14 23:15:21 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2012/12/14 23:12:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/12/14 23:11:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2012/12/14 22:47:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\TikGames
[2012/12/14 22:46:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Hasbro
[2012/12/14 21:31:51 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Pro
[2012/12/14 21:14:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\DAEMON Tools Images
[2012/12/13 21:00:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Dream Tale - The Golden Keys
[2012/12/13 20:55:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\The Game of Life
[2012/12/13 20:55:17 | 000,000,000 | ---D | C] -- C:\Program Files\Foxy Games
[2012/12/13 20:55:15 | 000,000,000 | ---D | C] -- C:\Downloads
[2012/12/06 19:28:54 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012/12/06 16:13:42 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\javaw.exe
[2012/12/06 16:13:42 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\java.exe
[2012/12/06 16:13:42 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\WINDOWS\System32\WindowsAccessBridge.dll
[2011/02/19 23:22:07 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[38 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/12/27 18:39:54 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-436374069-1177238915-500.job
[2012/12/27 18:38:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2012/12/27 18:29:00 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/12/27 18:20:43 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/27 18:00:11 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/27 17:00:01 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/27 15:59:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-S-1-5-21-1214440339-436374069-1177238915-500.job
[2012/12/27 15:16:00 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\update-sys.job
[2012/12/27 14:14:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2012/12/27 08:14:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 1).job
[2012/12/27 02:14:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2012/12/26 20:14:01 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2012/12/25 12:49:46 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-436374069-1177238915-500.job
[2012/12/25 12:38:56 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/12/25 12:35:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/12/25 12:33:59 | 000,085,878 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012/12/25 12:31:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/12/15 00:35:19 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2012/12/14 23:20:27 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2012/12/14 22:46:52 | 000,000,918 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Monopoly by Parker Brothers.lnk
[2012/12/14 11:39:21 | 000,115,030 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\bugss.jpg
[2012/12/13 20:55:41 | 000,001,821 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\The Game of Life.lnk
[2012/12/13 03:27:00 | 000,882,011 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\agletshot.png
[2012/12/12 17:33:43 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2012/12/11 17:31:08 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/12/11 17:31:07 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[38 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/12/15 13:25:22 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2012/12/15 13:25:15 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 4).job
[2012/12/14 23:43:04 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/12/14 23:20:27 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2012/12/14 23:20:21 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2012/12/14 23:15:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2012/12/14 23:15:21 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2012/12/14 23:15:21 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2012/12/14 23:15:21 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2012/12/14 23:15:21 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2012/12/14 22:46:52 | 000,000,918 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Monopoly by Parker Brothers.lnk
[2012/12/14 11:39:13 | 000,115,030 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\bugss.jpg
[2012/12/13 20:55:41 | 000,001,821 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\The Game of Life.lnk
[2012/12/13 03:26:55 | 000,882,011 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\agletshot.png
[2012/12/13 02:16:54 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 3).job
[2012/12/13 02:16:53 | 000,000,472 | ---- | C] () -- C:\WINDOWS\tasks\Ad-Aware Update (Daily 2).job
[2012/11/17 15:40:03 | 000,000,861 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\UserProducts.xml
[2012/10/25 21:25:41 | 000,000,067 | ---- | C] () -- C:\WINDOWS\oregon.ini
[2012/08/13 17:44:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2012/08/01 13:05:30 | 000,767,960 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2012/07/10 13:25:22 | 000,000,596 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2012/04/24 15:30:00 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2011/02/19 23:31:37 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2011/02/19 23:31:36 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2011/02/19 23:31:15 | 000,810,496 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/02/19 23:31:15 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/02/19 23:31:14 | 000,080,896 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2011/02/19 23:22:07 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2011/02/19 23:22:07 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2011/02/19 23:22:07 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2009/10/05 17:08:25 | 000,870,128 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\mcs.rma
[2009/08/02 12:51:20 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2010/12/09 09:15:09 | 000,002,048 | -HS- | M] () -- C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\@
[2012/08/01 12:50:22 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\L
[2010/12/09 09:15:09 | 000,000,000 | -HSD | M] -- C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\U
[2012/08/01 12:48:27 | 000,000,804 | ---- | M] () -- C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\L\00000004.@
[2012/08/01 12:48:28 | 000,013,312 | ---- | M] () -- C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\U\80000000.@
[2012/08/01 11:56:24 | 000,092,672 | ---- | M] () -- C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\U\80000032.@
[2012/08/09 20:31:18 | 000,002,048 | -HS- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\@
[2010/12/09 09:15:09 | 000,046,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\n
[2012/08/13 23:08:50 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\L
[2012/08/25 15:02:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\U
[2012/08/15 06:41:54 | 000,000,673 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\L\00000004.@
[2009/06/23 16:21:51 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[2012/08/13 23:35:12 | 000,005,120 | -HS- | M] () -- C:\WINDOWS\assembly\GAC\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2009/04/28 22:46:52 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 06:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/04/14 06:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

========== Alternate Data Streams ==========

@Alternate Data Stream - 161 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >







The Extras.Txt log

OTL Extras logfile created on: 12/27/2012 6:41:47 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 1.25 Gb Available Physical Memory | 62.85% Memory free
4.83 Gb Paging File | 4.17 Gb Available in Paging File | 86.33% Paging File free
Paging file location(s): C:\pagefile.sys 3057 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.13 Gb Free Space | 14.94% Space Free | Partition Type: NTFS
Drive G: | 983.72 Mb Total Space | 983.06 Mb Free Space | 99.93% Space Free | Partition Type: FAT

Computer Name: WESLEY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1214440339-436374069-1177238915-500\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1" = lightshot-3.2.0.0
"{326957C7-83FD-4550-A59A-849B7B4297DE}" = Microsoft Easy Assist v2
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{529125EF-E3AC-4B74-97E6-F688A7C0F1BF}" = Paint.NET v3.5.10
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{889DF117-14D1-44EE-9F31-C5FB5D47F68B}" = Yontoo 1.10.02
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0015-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}_Office14.SingleImage_{DEA87BE2-FFCC-4F33-9946-FCBE55A1E998}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-002C-0409-0000-0000000FF1CE}_Office14.SingleImage_{7CA93DF4-8902-449E-A42E-4C5923CFBDE3}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}_Office14.SingleImage_{4560037C-E356-444A-A015-D21F487D809E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}_Office14.SingleImage_{6BD185A0-E67F-4F77-8BCD-E34EA6AE76DF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.4)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Ad-Aware" = Ad-Aware
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AGEIA PhysX v2.5.0" = AGEIA PhysX v2.5.0
"Dell Photo Printer 720" = Dell Photo Printer 720
"Dell Photo Printer 720 Logger" = Dell Photo Printer 720 Logger
"Geek Phase Drug Wars" = Drug Wars
"Google Chrome" = Google Chrome
"InstallShield_{7B9CC60A-9B81-46A3-A953-76B6BF9EEC97}" = Age of Empires III
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full)
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Monopoly by Parker Brothers" = Monopoly by Parker Brothers
"Mozilla Firefox 17.0.1 (x86 en-US)" = Mozilla Firefox 17.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MS Access 97 SP2" = MS Access 97 SP2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Professional 2010
"OT32CD12" = The Oregon Trail
"Playbryte_playbryte" = PlayBryte
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 15.0" = RealPlayer
"The Game of Life1.0" = The Game of Life
"uTorrent" = µTorrent
"vfd-ob" = VideoFileDownload
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinRAR archiver" = WinRAR 4.00 beta 6 (32-bit)
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1214440339-436374069-1177238915-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 12/27/2012 4:31:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 4:31:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 6:02:30 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 6:02:30 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 6:04:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 6:04:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 7:38:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 7:38:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 7:53:30 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 7:53:30 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ Application Events ]
Error - 12/27/2012 4:31:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 4:31:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 6:02:30 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 6:02:30 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 6:04:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 6:04:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 7:38:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 7:38:44 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 7:53:30 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {7B849a69-220F-451E-B3FE-2CB811AF94AE}
and it will not be loaded. This is most likely caused by a faulty registration.

Error - 12/27/2012 7:53:30 PM | Computer Name = WESLEY | Source = Userenv | ID = 1041
Description = Windows cannot query DllName registry entry for {CF7639F3-ABA2-41DB-97F2-81E2C5DBFC5D}
and it will not be loaded. This is most likely caused by a faulty registration.

[ System Events ]
Error - 12/13/2012 3:32:58 AM | Computer Name = WESLEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001195D20794 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/14/2012 2:51:03 PM | Computer Name = WESLEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001195D20794 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/15/2012 1:53:46 AM | Computer Name = WESLEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 12/15/2012 1:56:40 AM | Computer Name = WESLEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 12/15/2012 7:12:45 PM | Computer Name = WESLEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 12/16/2012 4:10:54 PM | Computer Name = WESLEY | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 12/16/2012 4:48:58 PM | Computer Name = WESLEY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 12/25/2012 2:45:10 PM | Computer Name = WESLEY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 12/27/2012 8:39:31 PM | Computer Name = WESLEY | Source = PCTCore | ID = 327960
Description =

Error - 12/27/2012 8:55:29 PM | Computer Name = WESLEY | Source = PCTCore | ID = 327960
Description =

[ System Events ]
Error - 12/13/2012 3:32:58 AM | Computer Name = WESLEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001195D20794 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/14/2012 2:51:03 PM | Computer Name = WESLEY | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001195D20794 has been denied by the DHCP server 0.0.0.0 (The DHCP Server
sent a DHCPNACK message).

Error - 12/15/2012 1:53:46 AM | Computer Name = WESLEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 12/15/2012 1:56:40 AM | Computer Name = WESLEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 12/15/2012 7:12:45 PM | Computer Name = WESLEY | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service WSearch with
arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}

Error - 12/16/2012 4:10:54 PM | Computer Name = WESLEY | Source = DCOM | ID = 10010
Description = The server {E60687F7-01A1-40AA-86AC-DB1CBF673334} did not register
with DCOM within the required timeout.

Error - 12/16/2012 4:48:58 PM | Computer Name = WESLEY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 12/25/2012 2:45:10 PM | Computer Name = WESLEY | Source = DCOM | ID = 10010
Description = The server {4991D34B-80A1-4291-83B6-3328366B9097} did not register
with DCOM within the required timeout.

Error - 12/27/2012 8:39:31 PM | Computer Name = WESLEY | Source = PCTCore | ID = 327960
Description =

Error - 12/27/2012 8:55:29 PM | Computer Name = WESLEY | Source = PCTCore | ID = 327960
Description =


< End of report >



The aswMBR log

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2012-12-27 21:55:23
-----------------------------
21:55:23.109 OS Version: Windows 5.1.2600 Service Pack 3
21:55:23.109 Number of processors: 1 586 0x401
21:55:23.109 ComputerName: WESLEY UserName:
21:55:23.906 Initialize success
21:56:12.359 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
21:56:12.359 Disk 0 Vendor: HDS728080PLAT20 PF2OA27A Size: 76293MB BusType: 3
21:56:12.406 Disk 0 MBR read successfully
21:56:12.406 Disk 0 MBR scan
21:56:12.406 Disk 0 Windows XP default MBR code
21:56:12.437 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 76285 MB offset 63
21:56:12.484 Disk 0 scanning sectors +156232125
21:56:12.734 Disk 0 scanning C:\WINDOWS\system32\drivers
21:56:54.406 Service scanning
21:57:25.000 Modules scanning
21:58:54.328 Disk 0 trace - called modules:
21:58:54.375 ntoskrnl.exe CLASSPNP.SYS disk.sys PCTCore.sys atapi.sys hal.dll intelide.sys PCIIDEX.SYS
21:58:54.375 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a9c1ab8]
21:58:54.375 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> [0x8a9a4920]
21:58:54.375 5 PCTCore.sys[f7b9682d] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-3[0x8a9f7d98]
21:58:54.375 Scan finished successfully
21:59:55.968 Disk 0 MBR has been saved successfully to "G:\MBR.dat"
21:59:56.234 The log file has been saved successfully to "G:\aswMBR.txt"


and the GMER log

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-12-27 21:53:04
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 HDS728080PLAT20 rev.PF2OA27A
Running: my93lvmg.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\uxtdqpod.sys


---- System - GMER 1.0.15 ----

SSDT 8A3838E0 ZwAlertResumeThread
SSDT 8A1CAA70 ZwAlertThread
SSDT 8A1951C8 ZwAllocateVirtualMemory
SSDT 8A387118 ZwConnectPort
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateKey [0xF7BC60B8]
SSDT 8A1961C0 ZwCreateMutant
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcess [0xF7B9237C]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwCreateProcessEx [0xF7B92644]
SSDT 8A9486B8 ZwCreateThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteKey [0xF7BC6E98]
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwDeleteValueKey [0xF7BC71B0]
SSDT 8A1FF818 ZwFreeVirtualMemory
SSDT 8A3461A8 ZwImpersonateAnonymousToken
SSDT 8A192160 ZwImpersonateThread
SSDT 8A34DE08 ZwMapViewOfSection
SSDT 8A1A61D0 ZwOpenEvent
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwOpenKey [0xF7BC51FC]
SSDT 8A1C0290 ZwOpenProcessToken
SSDT 8A24FCB8 ZwOpenThreadToken
SSDT 8A1A3590 ZwQueryValueKey
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwRenameKey [0xF7BC767A]
SSDT 8A379EC0 ZwResumeThread
SSDT 8A42DD70 ZwSetContextThread
SSDT 8A1A8570 ZwSetInformationProcess
SSDT 8A1FDAB0 ZwSetInformationThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwSetValueKey [0xF7BC6418]
SSDT 8A1791F8 ZwSuspendProcess
SSDT 8A420EC0 ZwSuspendThread
SSDT PCTCore.sys (PC Tools KDS Core Driver/PC Tools) ZwTerminateProcess [0xF7B91F7A]
SSDT 8A18B3E0 ZwTerminateThread
SSDT 8A8D0528 ZwUnmapViewOfSection
SSDT 8A42AA68 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9CED360, 0x24526E, 0xE8000020]
init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xB9C44F80]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe[1960] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044CDE5 C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)
.text C:\WINDOWS\system32\SearchIndexer.exe[2900] kernel32.dll!WriteFile 7C810E27 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe[3068] kernel32.dll!CreateThread + 1A 7C8106F1 4 Bytes CALL 0044C54D C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)
.text C:\Program Files\Real\RealPlayer\update\realsched.exe[7876] kernel32.dll!SetUnhandledExceptionFilter 7C84495D 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}

---- Devices - GMER 1.0.15 ----

Device Ntfs.sys (NT File System Driver/Microsoft Corporation)

AttachedDevice SYMEVENT.SYS (Symantec Event Library/Symantec Corporation)

Device Fastfat.SYS (Fast FAT File System Driver/Microsoft Corporation)

AttachedDevice \Driver\Tcpip \Device\Ip SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp SYMTDI.SYS (Network Dispatch Driver/Symantec Corporation)

Device mrxsmb.sys (Windows NT SMB Minirdr/Microsoft Corporation)

AttachedDevice fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----


again thanx for your help.

#4 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 28 December 2012 - 06:58 PM

Not very good. You have at least two antivirus programs installed, with both Symantec AntiVirus and Ad-Aware (and I am assuming PCTools, which can be an antivirus in it's own right), is part of Symantec's install (same owners). This will have caused each antivirus program to corrupt the other, as well as corrupt the system. Both will need to be removed before we start other repairs. Which will include all the adware showing installed there, as well as what appear to be parts of a ZAccess bootkit infection.

You'll have to continue transferring files until we can correct your net access there.


Be sure to continue to temporarily disable any protective software when running the scan tools we use here.


Uninstall Symantec AntiVirus. I normally provide this link to aid with the Norton uninstall, but this appears to be their "Endpoint Protection", which is intended for businesses and institutions. I am not sure that installs using any key, but if you plan to reinstall it after we are done be sure to save any key info to do that.

--------

After the reboot uninstall Ad-Aware, and reboot again.

--------

Click here and download Kaspersky's TDSSKiller to your desktop, but as you download it, rename it to larry.com then click that file to run TDSSKiller.

In the display that opens click Start scan. Once that completes, follow any prompts to act on anything it located, including as reboot (Reboot Now) if requested.
When the scan completes it will create a log file on your C drive.

Similar in name to this:

C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt

Your copy will be different - some of those numbers will reflect the date/time it was just run by you there.

Copy/paste those contents back here please. If it does locate malware, but does not prompt for a reboot, go ahead and do reboot.

----------

Download RogueKiller (http://www.sur-la-toile.com/RogueKiller/) to your desktop. Click the RogueKiller icon next to:

(Download link) : Lien de téléchargement:).

Close all open programs
Remember to right click -> run as administrator, and click the downloaded file.
When prompted, type 1, and press Enter.
A RKreport.txt will be created in the same location as the RogueKiller file.
If the program is blocked, do not hesitate to try several times. If it really does not work (it could happen), rename it to winlogon.exe, and try again.

Please post the contents of the RKreport.txt.
Ad eundum quo no duck ante iit

#5 wes286

wes286
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 29 December 2012 - 12:34 PM

ok, here is the tdss report


11:17:49.0687 0692 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
11:17:49.0703 0692 ============================================================
11:17:49.0703 0692 Current date / time: 2012/12/29 11:17:49.0703
11:17:49.0703 0692 SystemInfo:
11:17:49.0703 0692
11:17:49.0703 0692 OS Version: 5.1.2600 ServicePack: 3.0
11:17:49.0703 0692 Product type: Workstation
11:17:49.0703 0692 ComputerName: WESLEY
11:17:49.0703 0692 UserName: Administrator
11:17:49.0703 0692 Windows directory: C:\WINDOWS
11:17:49.0703 0692 System windows directory: C:\WINDOWS
11:17:49.0703 0692 Processor architecture: Intel x86
11:17:49.0703 0692 Number of processors: 1
11:17:49.0703 0692 Page size: 0x1000
11:17:49.0703 0692 Boot type: Normal boot
11:17:49.0703 0692 ============================================================
11:17:51.0796 0692 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
11:17:51.0796 0692 Drive \Device\Harddisk1\DR2 - Size: 0x3D800000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
11:17:51.0796 0692 ============================================================
11:17:51.0796 0692 \Device\Harddisk0\DR0:
11:17:51.0796 0692 MBR partitions:
11:17:51.0796 0692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x94FE97E
11:17:51.0796 0692 \Device\Harddisk1\DR2:
11:17:51.0796 0692 MBR partitions:
11:17:51.0796 0692 \Device\Harddisk1\DR2\Partition1: MBR, Type 0xE, StartLBA 0x20, BlocksNum 0x1EBFE0
11:17:51.0796 0692 ============================================================
11:17:51.0843 0692 C: <-> \Device\Harddisk0\DR0\Partition1
11:17:51.0843 0692 ============================================================
11:17:51.0843 0692 Initialize success
11:17:51.0843 0692 ============================================================
11:18:03.0781 2680 ============================================================
11:18:03.0781 2680 Scan started
11:18:03.0781 2680 Mode: Manual;
11:18:03.0781 2680 ============================================================
11:18:04.0031 2680 ================ Scan system memory ========================
11:18:04.0031 2680 System memory - ok
11:18:04.0046 2680 ================ Scan services =============================
11:18:04.0250 2680 [ 2E3145AF30E7A54BE5AC0A7A6606EA61 ] A5AGU C:\WINDOWS\system32\DRIVERS\A5AGU.sys
11:18:04.0250 2680 A5AGU - ok
11:18:04.0265 2680 Abiosdsk - ok
11:18:04.0265 2680 abp480n5 - ok
11:18:04.0343 2680 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
11:18:04.0343 2680 ACPI - ok
11:18:04.0406 2680 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
11:18:04.0406 2680 ACPIEC - ok
11:18:04.0515 2680 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
11:18:04.0515 2680 AdobeFlashPlayerUpdateSvc - ok
11:18:04.0531 2680 adpu160m - ok
11:18:04.0593 2680 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
11:18:04.0609 2680 aec - ok
11:18:04.0671 2680 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
11:18:04.0671 2680 AFD - ok
11:18:04.0687 2680 Aha154x - ok
11:18:04.0687 2680 aic78u2 - ok
11:18:04.0703 2680 aic78xx - ok
11:18:04.0765 2680 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
11:18:04.0781 2680 Alerter - ok
11:18:04.0828 2680 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
11:18:04.0828 2680 ALG - ok
11:18:04.0828 2680 AliIde - ok
11:18:04.0843 2680 amsint - ok
11:18:04.0875 2680 [ D8849F77C0B66226335A59D26CB4EDC6 ] AppMgmt C:\WINDOWS\System32\appmgmts.dll
11:18:04.0875 2680 AppMgmt - ok
11:18:04.0890 2680 asc - ok
11:18:04.0906 2680 asc3350p - ok
11:18:04.0921 2680 asc3550 - ok
11:18:05.0140 2680 [ 0E5E4957549056E2BF2C49F4F6B601AD ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
11:18:05.0140 2680 aspnet_state - ok
11:18:05.0218 2680 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
11:18:05.0218 2680 AsyncMac - ok
11:18:05.0281 2680 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
11:18:05.0281 2680 atapi - ok
11:18:05.0296 2680 Atdisk - ok
11:18:05.0359 2680 [ 629ECFAC73E13C3832EE56419BF7CDCA ] ATHFMWDL C:\WINDOWS\system32\Drivers\ATHFMWDL.sys
11:18:05.0359 2680 ATHFMWDL - ok
11:18:05.0390 2680 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
11:18:05.0421 2680 Atmarpc - ok
11:18:05.0468 2680 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
11:18:05.0468 2680 AudioSrv - ok
11:18:05.0531 2680 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
11:18:05.0531 2680 audstub - ok
11:18:05.0609 2680 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
11:18:05.0609 2680 Beep - ok
11:18:05.0718 2680 bfastfao - ok
11:18:05.0812 2680 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
11:18:05.0859 2680 BITS - ok
11:18:05.0906 2680 [ A06CE3399D16DB864F55FAEB1F1927A9 ] Browser C:\WINDOWS\System32\browser.dll
11:18:05.0906 2680 Browser - ok
11:18:06.0171 2680 [ 7EFFCCD7B6EA4D3428F5B3ACE8DE8F5A ] Browser Defender Update Service C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
11:18:06.0171 2680 Browser Defender Update Service - ok
11:18:06.0187 2680 catchme - ok
11:18:06.0250 2680 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
11:18:06.0250 2680 cbidf2k - ok
11:18:06.0265 2680 cd20xrnt - ok
11:18:06.0312 2680 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
11:18:06.0312 2680 Cdaudio - ok
11:18:06.0375 2680 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
11:18:06.0375 2680 Cdfs - ok
11:18:06.0421 2680 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
11:18:06.0421 2680 Cdrom - ok
11:18:06.0437 2680 cerc6 - ok
11:18:06.0437 2680 Changer - ok
11:18:06.0484 2680 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
11:18:06.0484 2680 CiSvc - ok
11:18:06.0531 2680 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
11:18:06.0531 2680 ClipSrv - ok
11:18:06.0578 2680 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:18:06.0593 2680 clr_optimization_v2.0.50727_32 - ok
11:18:06.0593 2680 CmdIde - ok
11:18:06.0609 2680 COMSysApp - ok
11:18:06.0640 2680 Cpqarray - ok
11:18:06.0671 2680 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
11:18:06.0671 2680 CryptSvc - ok
11:18:06.0687 2680 dac2w2k - ok
11:18:06.0703 2680 dac960nt - ok
11:18:06.0796 2680 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
11:18:06.0796 2680 DcomLaunch - ok
11:18:06.0875 2680 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
11:18:06.0875 2680 Dhcp - ok
11:18:06.0890 2680 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
11:18:06.0906 2680 Disk - ok
11:18:06.0906 2680 dmadmin - ok
11:18:06.0984 2680 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
11:18:07.0000 2680 dmboot - ok
11:18:07.0031 2680 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
11:18:07.0046 2680 dmio - ok
11:18:07.0109 2680 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
11:18:07.0109 2680 dmload - ok
11:18:07.0156 2680 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
11:18:07.0156 2680 dmserver - ok
11:18:07.0218 2680 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
11:18:07.0218 2680 DMusic - ok
11:18:07.0281 2680 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
11:18:07.0281 2680 Dnscache - ok
11:18:07.0343 2680 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
11:18:07.0359 2680 Dot3svc - ok
11:18:07.0359 2680 dpti2o - ok
11:18:07.0390 2680 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
11:18:07.0390 2680 drmkaud - ok
11:18:07.0453 2680 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
11:18:07.0453 2680 E100B - ok
11:18:07.0531 2680 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
11:18:07.0531 2680 EapHost - ok
11:18:07.0625 2680 [ AC913B7AB3A8C69A7B341D9F69FE1D04 ] Envy24HFS C:\WINDOWS\system32\drivers\Envy24HF.sys
11:18:07.0625 2680 Envy24HFS - ok
11:18:07.0640 2680 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
11:18:07.0640 2680 ERSvc - ok
11:18:07.0703 2680 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
11:18:07.0734 2680 Eventlog - ok
11:18:07.0828 2680 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
11:18:07.0828 2680 EventSystem - ok
11:18:07.0890 2680 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
11:18:07.0906 2680 Fastfat - ok
11:18:07.0968 2680 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
11:18:07.0968 2680 FastUserSwitchingCompatibility - ok
11:18:07.0984 2680 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
11:18:07.0984 2680 Fdc - ok
11:18:08.0000 2680 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
11:18:08.0000 2680 Fips - ok
11:18:08.0078 2680 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
11:18:08.0078 2680 Flpydisk - ok
11:18:08.0140 2680 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\DRIVERS\fltMgr.sys
11:18:08.0156 2680 FltMgr - ok
11:18:08.0265 2680 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
11:18:08.0265 2680 FontCache3.0.0.0 - ok
11:18:08.0281 2680 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
11:18:08.0281 2680 Fs_Rec - ok
11:18:08.0296 2680 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
11:18:08.0296 2680 Ftdisk - ok
11:18:08.0359 2680 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
11:18:08.0359 2680 Gpc - ok
11:18:08.0546 2680 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
11:18:08.0546 2680 gupdate - ok
11:18:08.0546 2680 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
11:18:08.0562 2680 gupdatem - ok
11:18:08.0687 2680 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
11:18:08.0687 2680 helpsvc - ok
11:18:08.0750 2680 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
11:18:08.0750 2680 HidServ - ok
11:18:08.0828 2680 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] hidusb C:\WINDOWS\system32\DRIVERS\hidusb.sys
11:18:08.0828 2680 hidusb - ok
11:18:08.0890 2680 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
11:18:08.0890 2680 hkmsvc - ok
11:18:08.0906 2680 hpn - ok
11:18:08.0984 2680 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
11:18:08.0984 2680 HTTP - ok
11:18:09.0046 2680 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
11:18:09.0062 2680 HTTPFilter - ok
11:18:09.0062 2680 i2omgmt - ok
11:18:09.0078 2680 i2omp - ok
11:18:09.0156 2680 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\drivers\i8042prt.sys
11:18:09.0156 2680 i8042prt - ok
11:18:09.0265 2680 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
11:18:09.0296 2680 ialm - ok
11:18:09.0437 2680 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
11:18:09.0453 2680 IDriverT - ok
11:18:09.0546 2680 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:18:09.0578 2680 idsvc - ok
11:18:09.0609 2680 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
11:18:09.0609 2680 Imapi - ok
11:18:09.0671 2680 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
11:18:09.0671 2680 ImapiService - ok
11:18:09.0687 2680 ini910u - ok
11:18:09.0765 2680 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
11:18:09.0765 2680 IntelIde - ok
11:18:09.0843 2680 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
11:18:09.0843 2680 intelppm - ok
11:18:09.0859 2680 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
11:18:09.0859 2680 Ip6Fw - ok
11:18:09.0921 2680 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
11:18:09.0921 2680 IpFilterDriver - ok
11:18:09.0953 2680 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
11:18:09.0953 2680 IpInIp - ok
11:18:09.0968 2680 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
11:18:09.0984 2680 IpNat - ok
11:18:10.0046 2680 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
11:18:10.0046 2680 IPSec - ok
11:18:10.0078 2680 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
11:18:10.0078 2680 IRENUM - ok
11:18:10.0125 2680 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
11:18:10.0125 2680 isapnp - ok
11:18:10.0265 2680 [ B591E761161D1EF547D76EF236EAA6A5 ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
11:18:10.0265 2680 JavaQuickStarterService - ok
11:18:10.0328 2680 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
11:18:10.0328 2680 Kbdclass - ok
11:18:10.0343 2680 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
11:18:10.0343 2680 kbdhid - ok
11:18:10.0375 2680 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
11:18:10.0375 2680 kmixer - ok
11:18:10.0437 2680 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
11:18:10.0453 2680 KSecDD - ok
11:18:10.0515 2680 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] LanmanServer C:\WINDOWS\System32\srvsvc.dll
11:18:10.0515 2680 LanmanServer - ok
11:18:10.0578 2680 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
11:18:10.0593 2680 lanmanworkstation - ok
11:18:10.0593 2680 lbrtfdc - ok
11:18:10.0671 2680 [ E19C8550B4C6C67FABFFD998EACF440A ] LexBceS C:\WINDOWS\system32\LEXBCES.EXE
11:18:10.0687 2680 LexBceS - ok
11:18:10.0859 2680 [ FB3A35318CA7F6A10FA3C3826A69AFFE ] LiveUpdate C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
11:18:10.0953 2680 LiveUpdate - ok
11:18:11.0015 2680 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
11:18:11.0031 2680 LmHosts - ok
11:18:11.0031 2680 lmimirr - ok
11:18:11.0046 2680 MCSTRM - ok
11:18:11.0093 2680 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
11:18:11.0109 2680 Messenger - ok
11:18:11.0140 2680 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
11:18:11.0156 2680 mnmdd - ok
11:18:11.0234 2680 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
11:18:11.0250 2680 mnmsrvc - ok
11:18:11.0312 2680 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
11:18:11.0312 2680 Modem - ok
11:18:11.0328 2680 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
11:18:11.0328 2680 Mouclass - ok
11:18:11.0343 2680 [ B1C303E17FB9D46E87A98E4BA6769685 ] mouhid C:\WINDOWS\system32\DRIVERS\mouhid.sys
11:18:11.0343 2680 mouhid - ok
11:18:11.0359 2680 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
11:18:11.0359 2680 MountMgr - ok
11:18:11.0484 2680 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:18:11.0484 2680 MozillaMaintenance - ok
11:18:11.0500 2680 mraid35x - ok
11:18:11.0531 2680 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
11:18:11.0531 2680 MRxDAV - ok
11:18:11.0609 2680 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
11:18:11.0625 2680 MRxSmb - ok
11:18:11.0687 2680 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
11:18:11.0687 2680 MSDTC - ok
11:18:11.0734 2680 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
11:18:11.0734 2680 Msfs - ok
11:18:11.0750 2680 MSIServer - ok
11:18:11.0765 2680 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
11:18:11.0765 2680 MSKSSRV - ok
11:18:11.0796 2680 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
11:18:11.0812 2680 MSPCLOCK - ok
11:18:11.0828 2680 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
11:18:11.0828 2680 MSPQM - ok
11:18:11.0890 2680 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
11:18:11.0890 2680 mssmbios - ok
11:18:11.0953 2680 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
11:18:11.0953 2680 Mup - ok
11:18:12.0046 2680 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
11:18:12.0046 2680 napagent - ok
11:18:12.0078 2680 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
11:18:12.0078 2680 NDIS - ok
11:18:12.0171 2680 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
11:18:12.0171 2680 NdisTapi - ok
11:18:12.0234 2680 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
11:18:12.0234 2680 Ndisuio - ok
11:18:12.0265 2680 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
11:18:12.0265 2680 NdisWan - ok
11:18:12.0312 2680 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
11:18:12.0328 2680 NDProxy - ok
11:18:12.0390 2680 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
11:18:12.0390 2680 NetBIOS - ok
11:18:12.0406 2680 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
11:18:12.0406 2680 NetBT - ok
11:18:12.0468 2680 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
11:18:12.0468 2680 NetDDE - ok
11:18:12.0484 2680 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
11:18:12.0484 2680 NetDDEdsdm - ok
11:18:12.0531 2680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
11:18:12.0531 2680 Netlogon - ok
11:18:12.0593 2680 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
11:18:12.0609 2680 Netman - ok
11:18:12.0656 2680 [ D34612C5D02D026535B3095D620626AE ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:18:12.0656 2680 NetTcpPortSharing - ok
11:18:12.0671 2680 NielGfx - ok
11:18:12.0671 2680 nielprt - ok
11:18:12.0734 2680 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
11:18:12.0750 2680 Nla - ok
11:18:12.0765 2680 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
11:18:12.0765 2680 Npfs - ok
11:18:12.0843 2680 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
11:18:12.0890 2680 Ntfs - ok
11:18:12.0921 2680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
11:18:12.0921 2680 NtLmSsp - ok
11:18:12.0968 2680 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
11:18:12.0984 2680 NtmsSvc - ok
11:18:13.0000 2680 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
11:18:13.0000 2680 Null - ok
11:18:13.0250 2680 [ 5645072033C2E51386E91BC137C0BEB5 ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
11:18:13.0390 2680 nv - ok
11:18:13.0484 2680 [ 60D62603950220B51DF57E461A601659 ] NVSvc C:\WINDOWS\system32\nvsvc32.exe
11:18:13.0484 2680 NVSvc - ok
11:18:13.0562 2680 [ 2C2FD0E6B0180F94C260DD26706AA5F4 ] NWCWorkstation C:\WINDOWS\System32\nwwks.dll
11:18:13.0562 2680 NWCWorkstation - ok
11:18:13.0625 2680 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
11:18:13.0625 2680 NwlnkFlt - ok
11:18:13.0640 2680 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
11:18:13.0640 2680 NwlnkFwd - ok
11:18:13.0671 2680 [ 8B8B1BE2DBA4025DA6786C645F77F123 ] NwlnkIpx C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
11:18:13.0671 2680 NwlnkIpx - ok
11:18:13.0687 2680 [ 56D34A67C05E94E16377C60609741FF8 ] NwlnkNb C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
11:18:13.0687 2680 NwlnkNb - ok
11:18:13.0703 2680 [ C0BB7D1615E1ACBDC99757F6CEAF8CF0 ] NwlnkSpx C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
11:18:13.0703 2680 NwlnkSpx - ok
11:18:13.0734 2680 [ 36B9B950E3D2E100970A48D8BAD86740 ] NWRDR C:\WINDOWS\system32\DRIVERS\nwrdr.sys
11:18:13.0734 2680 NWRDR - ok
11:18:13.0812 2680 [ 4B83FCBBE72AF5F99D109798653E8B78 ] NwSapAgent C:\WINDOWS\System32\ipxsap.dll
11:18:13.0812 2680 NwSapAgent - ok
11:18:13.0890 2680 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:18:13.0890 2680 ose - ok
11:18:14.0421 2680 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
11:18:14.0687 2680 osppsvc - ok
11:18:14.0718 2680 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
11:18:14.0718 2680 Parport - ok
11:18:14.0734 2680 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
11:18:14.0734 2680 PartMgr - ok
11:18:14.0796 2680 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
11:18:14.0796 2680 ParVdm - ok
11:18:14.0828 2680 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
11:18:14.0828 2680 PCI - ok
11:18:14.0843 2680 PCIDump - ok
11:18:14.0859 2680 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\drivers\PCIIde.sys
11:18:14.0859 2680 PCIIde - ok
11:18:14.0906 2680 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
11:18:14.0921 2680 Pcmcia - ok
11:18:14.0968 2680 [ 5B6C11DE7E839C05248CED8825470FEF ] pcouffin C:\WINDOWS\system32\Drivers\pcouffin.sys
11:18:14.0968 2680 pcouffin - ok
11:18:15.0031 2680 [ 6C9E2F69D99C025FD5CAB2228E495FA1 ] PCTBD C:\WINDOWS\system32\Drivers\PCTBD.sys
11:18:15.0031 2680 PCTBD - ok
11:18:15.0156 2680 [ F7DA28F2AB6CD32B2F76EE96EDAD8F20 ] PCTCore C:\WINDOWS\system32\drivers\PCTCore.sys
11:18:15.0171 2680 PCTCore - ok
11:18:15.0234 2680 [ 3C9FD593E95B98C642B4486CD122C2FB ] pctDS C:\WINDOWS\system32\drivers\pctDS.sys
11:18:15.0265 2680 pctDS - ok
11:18:15.0343 2680 [ 5E11C0C1BEE956DE9EAAC7ED086D8DB9 ] PCTSD C:\WINDOWS\system32\Drivers\PCTSD.sys
11:18:15.0343 2680 PCTSD - ok
11:18:15.0359 2680 [ 0275215D01C3985E682A661B8826F371 ] Pctspk C:\WINDOWS\system32\pctspk.exe
11:18:15.0359 2680 Pctspk - ok
11:18:15.0375 2680 PDCOMP - ok
11:18:15.0390 2680 PDFRAME - ok
11:18:15.0406 2680 PDRELI - ok
11:18:15.0421 2680 PDRFRAME - ok
11:18:15.0437 2680 perc2 - ok
11:18:15.0453 2680 perc2hib - ok
11:18:15.0531 2680 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
11:18:15.0531 2680 PlugPlay - ok
11:18:15.0546 2680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
11:18:15.0546 2680 PolicyAgent - ok
11:18:15.0578 2680 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
11:18:15.0578 2680 PptpMiniport - ok
11:18:15.0593 2680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
11:18:15.0593 2680 ProtectedStorage - ok
11:18:15.0609 2680 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
11:18:15.0609 2680 PSched - ok
11:18:15.0625 2680 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
11:18:15.0625 2680 Ptilink - ok
11:18:15.0640 2680 [ ACE8FE0E920CB8FBA057C024EAD33F84 ] Ptserlp C:\WINDOWS\system32\DRIVERS\ptserlp.sys
11:18:15.0640 2680 Ptserlp - ok
11:18:15.0656 2680 ql1080 - ok
11:18:15.0671 2680 Ql10wnt - ok
11:18:15.0703 2680 ql12160 - ok
11:18:15.0718 2680 ql1240 - ok
11:18:15.0734 2680 ql1280 - ok
11:18:15.0796 2680 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
11:18:15.0796 2680 RasAcd - ok
11:18:15.0875 2680 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
11:18:15.0875 2680 RasAuto - ok
11:18:15.0890 2680 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
11:18:15.0890 2680 Rasl2tp - ok
11:18:15.0921 2680 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
11:18:15.0921 2680 RasMan - ok
11:18:15.0937 2680 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
11:18:15.0937 2680 RasPppoe - ok
11:18:15.0953 2680 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
11:18:15.0953 2680 Raspti - ok
11:18:15.0984 2680 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
11:18:15.0984 2680 Rdbss - ok
11:18:16.0000 2680 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
11:18:16.0000 2680 RDPCDD - ok
11:18:16.0078 2680 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
11:18:16.0078 2680 rdpdr - ok
11:18:16.0156 2680 [ 6589DB6E5969F8EEE594CF71171C5028 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
11:18:16.0156 2680 RDPWD - ok
11:18:16.0234 2680 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
11:18:16.0234 2680 RDSessMgr - ok
11:18:16.0296 2680 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
11:18:16.0296 2680 redbook - ok
11:18:16.0359 2680 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
11:18:16.0359 2680 RemoteAccess - ok
11:18:16.0406 2680 [ 5B19B557B0C188210A56A6B699D90B8F ] RemoteRegistry C:\WINDOWS\system32\regsvc.dll
11:18:16.0406 2680 RemoteRegistry - ok
11:18:16.0421 2680 RimUsb - ok
11:18:16.0500 2680 [ 2C4FB2E9F039287767C384E46EE91030 ] RimVSerPort C:\WINDOWS\system32\DRIVERS\RimSerial.sys
11:18:16.0500 2680 RimVSerPort - ok
11:18:16.0562 2680 [ D8B0B4ADE32574B2D9C5CC34DC0DBBE7 ] ROOTMODEM C:\WINDOWS\system32\Drivers\RootMdm.sys
11:18:16.0562 2680 ROOTMODEM - ok
11:18:16.0625 2680 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
11:18:16.0640 2680 RpcLocator - ok
11:18:16.0671 2680 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
11:18:16.0671 2680 RpcSs - ok
11:18:16.0734 2680 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
11:18:16.0734 2680 RSVP - ok
11:18:16.0750 2680 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
11:18:16.0750 2680 SamSs - ok
11:18:16.0828 2680 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
11:18:16.0843 2680 SCardSvr - ok
11:18:16.0921 2680 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
11:18:16.0921 2680 Schedule - ok
11:18:17.0000 2680 [ CFEB26A26452D5337C2F3AADD8218FC3 ] sdAuxService C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
11:18:17.0015 2680 sdAuxService - ok
11:18:17.0312 2680 [ B906C04F469060F2DD7FCB84706B4493 ] sdCoreService C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
11:18:17.0406 2680 sdCoreService - ok
11:18:17.0484 2680 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
11:18:17.0484 2680 Secdrv - ok
11:18:17.0546 2680 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
11:18:17.0546 2680 seclogon - ok
11:18:17.0640 2680 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
11:18:17.0656 2680 senfilt - ok
11:18:17.0671 2680 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
11:18:17.0687 2680 SENS - ok
11:18:17.0703 2680 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
11:18:17.0703 2680 serenum - ok
11:18:17.0718 2680 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
11:18:17.0718 2680 Serial - ok
11:18:17.0750 2680 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\DRIVERS\sfloppy.sys
11:18:17.0750 2680 Sfloppy - ok
11:18:17.0796 2680 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
11:18:17.0796 2680 SharedAccess - ok
11:18:17.0828 2680 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
11:18:17.0828 2680 ShellHWDetection - ok
11:18:17.0843 2680 Simbad - ok
11:18:17.0921 2680 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
11:18:17.0937 2680 smwdm - ok
11:18:17.0937 2680 Sparrow - ok
11:18:18.0015 2680 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
11:18:18.0015 2680 splitter - ok
11:18:18.0078 2680 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
11:18:18.0078 2680 Spooler - ok
11:18:18.0156 2680 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
11:18:18.0156 2680 sr - ok
11:18:18.0171 2680 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
11:18:18.0187 2680 srservice - ok
11:18:18.0250 2680 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
11:18:18.0250 2680 Srv - ok
11:18:18.0328 2680 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
11:18:18.0328 2680 SSDPSRV - ok
11:18:18.0406 2680 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
11:18:18.0421 2680 stisvc - ok
11:18:18.0437 2680 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
11:18:18.0437 2680 swenum - ok
11:18:18.0453 2680 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
11:18:18.0468 2680 swmidi - ok
11:18:18.0484 2680 SwPrv - ok
11:18:18.0484 2680 symc810 - ok
11:18:18.0500 2680 symc8xx - ok
11:18:18.0531 2680 sym_hi - ok
11:18:18.0546 2680 sym_u3 - ok
11:18:18.0578 2680 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
11:18:18.0578 2680 sysaudio - ok
11:18:18.0656 2680 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
11:18:18.0656 2680 SysmonLog - ok
11:18:18.0734 2680 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
11:18:18.0750 2680 TapiSrv - ok
11:18:18.0828 2680 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
11:18:18.0828 2680 Tcpip - ok
11:18:18.0890 2680 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
11:18:18.0906 2680 TDPIPE - ok
11:18:18.0921 2680 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
11:18:18.0921 2680 TDTCP - ok
11:18:18.0937 2680 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
11:18:18.0937 2680 TermDD - ok
11:18:18.0968 2680 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
11:18:18.0968 2680 TermService - ok
11:18:19.0000 2680 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
11:18:19.0000 2680 Themes - ok
11:18:19.0062 2680 [ DB7205804759FF62C34E3EFD8A4CC76A ] TlntSvr C:\WINDOWS\system32\tlntsvr.exe
11:18:19.0062 2680 TlntSvr - ok
11:18:19.0078 2680 TosIde - ok
11:18:19.0140 2680 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
11:18:19.0156 2680 TrkWks - ok
11:18:19.0203 2680 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
11:18:19.0203 2680 Udfs - ok
11:18:19.0234 2680 ultra - ok
11:18:19.0296 2680 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
11:18:19.0312 2680 Update - ok
11:18:19.0375 2680 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
11:18:19.0390 2680 upnphost - ok
11:18:19.0406 2680 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
11:18:19.0406 2680 UPS - ok
11:18:19.0484 2680 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
11:18:19.0484 2680 usbaudio - ok
11:18:19.0546 2680 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
11:18:19.0546 2680 usbccgp - ok
11:18:19.0562 2680 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
11:18:19.0562 2680 usbehci - ok
11:18:19.0578 2680 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
11:18:19.0578 2680 usbhub - ok
11:18:19.0640 2680 [ A717C8721046828520C9EDF31288FC00 ] usbprint C:\WINDOWS\system32\DRIVERS\usbprint.sys
11:18:19.0656 2680 usbprint - ok
11:18:19.0703 2680 [ A0B8CF9DEB1184FBDD20784A58FA75D4 ] usbscan C:\WINDOWS\system32\DRIVERS\usbscan.sys
11:18:19.0718 2680 usbscan - ok
11:18:19.0781 2680 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
11:18:19.0781 2680 USBSTOR - ok
11:18:19.0796 2680 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
11:18:19.0796 2680 usbuhci - ok
11:18:19.0812 2680 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
11:18:19.0812 2680 VgaSave - ok
11:18:19.0828 2680 ViaIde - ok
11:18:19.0921 2680 [ B289D19DF6103352D3C4B13C0ED79331 ] Vmodem C:\WINDOWS\system32\DRIVERS\vmodem.sys
11:18:19.0937 2680 Vmodem - ok
11:18:19.0953 2680 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
11:18:19.0953 2680 VolSnap - ok
11:18:19.0984 2680 [ 4A4448332075C5A909DF123C21616B2A ] Vpctcom C:\WINDOWS\system32\DRIVERS\vpctcom.sys
11:18:19.0984 2680 Vpctcom - ok
11:18:20.0062 2680 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
11:18:20.0078 2680 VSS - ok
11:18:20.0078 2680 [ 120E61AAC05F00C867A32DE493DAB9B4 ] Vvoice C:\WINDOWS\system32\DRIVERS\vvoice.sys
11:18:20.0093 2680 Vvoice - ok
11:18:20.0171 2680 [ 54AF4B1D5459500EF0937F6D33B1914F ] W32Time C:\WINDOWS\system32\w32time.dll
11:18:20.0171 2680 W32Time - ok
11:18:20.0234 2680 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
11:18:20.0234 2680 Wanarp - ok
11:18:20.0312 2680 [ BBCFEAB7E871CDDAC2D397EE7FA91FDC ] Wdf01000 C:\WINDOWS\system32\Drivers\wdf01000.sys
11:18:20.0328 2680 Wdf01000 - ok
11:18:20.0343 2680 WDICA - ok
11:18:20.0406 2680 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
11:18:20.0406 2680 wdmaud - ok
11:18:20.0421 2680 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
11:18:20.0421 2680 WebClient - ok
11:18:20.0562 2680 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
11:18:20.0562 2680 winmgmt - ok
11:18:20.0640 2680 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
11:18:20.0656 2680 WmdmPmSN - ok
11:18:20.0687 2680 [ E76F8807070ED04E7408A86D6D3A6137 ] Wmi C:\WINDOWS\System32\advapi32.dll
11:18:20.0703 2680 Wmi - ok
11:18:20.0781 2680 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
11:18:20.0781 2680 WmiApSrv - ok
11:18:20.0937 2680 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
11:18:20.0953 2680 WMPNetworkSvc - ok
11:18:20.0968 2680 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
11:18:20.0968 2680 WpdUsb - ok
11:18:21.0031 2680 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
11:18:21.0031 2680 WS2IFSL - ok
11:18:21.0109 2680 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
11:18:21.0109 2680 wscsvc - ok
11:18:21.0125 2680 WSearch - ok
11:18:21.0187 2680 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
11:18:21.0218 2680 wuauserv - ok
11:18:21.0265 2680 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
11:18:21.0265 2680 WudfPf - ok
11:18:21.0296 2680 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
11:18:21.0296 2680 WudfRd - ok
11:18:21.0312 2680 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
11:18:21.0312 2680 WudfSvc - ok
11:18:21.0406 2680 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
11:18:21.0421 2680 WZCSVC - ok
11:18:21.0437 2680 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
11:18:21.0453 2680 xmlprov - ok
11:18:21.0468 2680 ================ Scan global ===============================
11:18:21.0531 2680 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
11:18:21.0609 2680 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:18:21.0625 2680 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
11:18:21.0640 2680 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
11:18:21.0656 2680 [Global] - ok
11:18:21.0656 2680 ================ Scan MBR ==================================
11:18:21.0687 2680 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk0\DR0
11:18:21.0890 2680 \Device\Harddisk0\DR0 - ok
11:18:21.0906 2680 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk1\DR2
11:18:23.0000 2680 \Device\Harddisk1\DR2 - ok
11:18:23.0000 2680 ================ Scan VBR ==================================
11:18:23.0000 2680 [ 2164D1FFF428FF1A96C8730FF8E449C3 ] \Device\Harddisk0\DR0\Partition1
11:18:23.0015 2680 \Device\Harddisk0\DR0\Partition1 - ok
11:18:23.0015 2680 [ 3FA9F37E3310D7B6FF299F945361F1DA ] \Device\Harddisk1\DR2\Partition1
11:18:23.0015 2680 \Device\Harddisk1\DR2\Partition1 - ok
11:18:23.0031 2680 ============================================================
11:18:23.0031 2680 Scan finished
11:18:23.0031 2680 ============================================================
11:18:23.0046 1600 Detected object count: 0
11:18:23.0046 1600 Actual detected object count: 0



and here is the rogue killer report


RogueKiller V8.4.1 [Dec 28 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Remove -- Date : 12/29/2012 11:30:19

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 3 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : LightShot (C:\Documents and Settings\Administrator\Local Settings\Application Data\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue) -> DELETED
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> DELETED
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FILE] n : C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\n --> REMOVED
[ZeroAccess][FILE] @ : C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\@ --> REMOVED
[ZeroAccess][FILE] @ : C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\@ --> REMOVED
[Del.Parent][FILE] 80000000.@ : C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\U\80000000.@ --> REMOVED
[Del.Parent][FILE] 80000032.@ : C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\U\80000032.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\U --> REMOVED
[Del.Parent][FILE] 80000000.$ : C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\U\80000000.$ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\U --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\L\00000004.@ --> REMOVED
[Del.Parent][FILE] 201d3dde : C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\L\201d3dde --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\WINDOWS\Installer\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\L --> REMOVED
[Del.Parent][FILE] 00000004.@ : C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\L\00000004.@ --> REMOVED
[ZeroAccess][FOLDER] ROOT : C:\Documents and Settings\Administrator\Local Settings\Application Data\{5cfa9a02-ab9b-0b1a-51f0-2ed611547c80}\L --> REMOVED
[ZeroAccess][FILE] Desktop.ini : C:\WINDOWS\Assembly\GAC\Desktop.ini --> REMOVED

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 887f7668355e2643e1007c8b52e271ec
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: +++++
--- User ---
[MBR] 759e16432c3e9e75114fcd26a3666c75
[BSP] ec12177e75242e135c29369bd44a8e58 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT16-LBA (0x0e) [VISIBLE] Offset (sectors): 32 | Size: 983 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_12292012_02d1130.txt >>
RKreport[1]_S_12292012_02d1128.txt ; RKreport[2]_D_12292012_02d1130.txt

#6 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 29 December 2012 - 02:32 PM

Was Rogue Killer warning of a ZAccess bootkit by chance?

Run RogueKiller again.

•Please quit all programs
•Run RogueKiller
•Wait until the Prescan finishes
•Press: Scan


•On the RogueKiller console, click the Registry tab.
•Make sure the entries there are checked.
•Then, press the [Delete] button.

Please post the RKreport (Mode: Delete) created on the Desktop.

---------

Now let's see if ComboFix can correct the net access situation.

Delete any existing copies of ComboFix, and download ComboFix.exe from here to your desktop, then click that to run that scan. Agree to any warnings you might receive.

A caution - do not touch your mouse/keyboard until the scan has completed. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop.

Allow the scan to run. When completed a text window will appear - please copy/paste the contents back here. This log can also be found at C:\ComboFix.txt.
Ad eundum quo no duck ante iit

#7 wes286

wes286
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 30 December 2012 - 05:44 PM

i believe i pressed delete the last time i ran rogue killer because it did not find any infections when i ran it again.

"ZeroAccess...ROOT" was in there in several places..

here is the newest log from rogue killer

RogueKiller V8.4.1 [Dec 28 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Administrator [Admin rights]
Mode : Scan -- Date : 12/30/2012 15:54:01

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] 887f7668355e2643e1007c8b52e271ec
[BSP] ae203e84dcb456630d870d8f3155a2b5 : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 76285 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[3]_S_12302012_02d1554.txt >>
RKreport[1]_S_12292012_02d1128.txt ; RKreport[2]_D_12292012_02d1130.txt ; RKreport[3]_S_12302012_02d1554.txt




and here is the combofix log






ComboFix 12-12-30.01 - Administrator 12/30/2012 16:10:10.3.1 - x86
Running from: G:\ComboFix.exe
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\inst.exe
c:\program files\intellidownload\gunzip.exe
C:\torrent.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-11-28 to 2012-12-30 )))))))))))))))))))))))))))))))
.
.
2074-05-07 23:38 . 2006-11-22 01:48 203576 -c----w- c:\program files\Microsoft Games\Age of Empires III\autopatcher2.exe
2012-12-15 03:31 . 2012-12-16 20:18 -------- d-----w- c:\program files\DAEMON Tools Pro
2012-12-14 02:55 . 2012-12-14 04:05 -------- d-----w- c:\program files\Foxy Games
2012-12-14 02:55 . 2012-12-14 02:56 -------- d-----w- C:\Downloads
2012-12-06 22:13 . 2012-09-25 05:16 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-11 23:31 . 2012-09-03 06:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-11 23:31 . 2012-09-03 05:28 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-07 01:29 . 2012-12-07 01:28 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-30 7630848]
"nwiz"="nwiz.exe" [2006-08-30 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-30 86016]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 1404928]
"TkBellExe"="c:\program files\Real\RealPlayer\update\realsched.exe" [2012-11-23 296096]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
OneNote 2010 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
ZooskMessenger.lnk - c:\program files\ZooskMessenger\ZooskMessenger.exe [N/A]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
dlbcserv.lnk - c:\program files\Dell Photo Printer 720\dlbcserv.exe [2009-7-9 315392]
Windows Search.lnk - c:\program files\Windows Desktop Search\WindowsSearch.exe [2008-5-26 123904]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-25 304128]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdAuxService]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdCoreService]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
.
R0 cerc6;cerc6; [x]
R0 nielprt;Nielsen Patch Service;c:\windows\system32\DRIVERS\nielprt.sys [x]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe [x]
R3 ATHFMWDL;D-Link predator Bootloader driver;c:\windows\system32\Drivers\ATHFMWDL.sys [x]
R3 bfastfao;bfastfao;c:\docume~1\ADMINI~1\LOCALS~1\Temp\bfastfao.sys [x]
R3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 PCTBD;PC Tools Browser Defender Driver;c:\windows\system32\Drivers\PCTBD.sys [x]
R3 sdAuxService;PC Tools Auxiliary Service;c:\program files\PC Tools\PC Tools Security\pctsAuxs.exe [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [x]
S0 pctDS;PC Tools Data Store;c:\windows\system32\drivers\pctDS.sys [x]
S1 PCTSD;PC Tools Spyware Doctor Driver;c:\windows\system32\Drivers\PCTSD.sys [x]
S3 A5AGU;D-Link USB Wireless Network Adapter Service;c:\windows\system32\DRIVERS\A5AGU.sys [x]
S3 Envy24HFS;ICE Envy24 Family Audio Controller WDM;c:\windows\system32\drivers\Envy24HF.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - 73168811
*NewlyCreated* - TRUESIGHT
*Deregistered* - 73168811
*Deregistered* - TrueSight
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-30 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-03 23:31]
.
2012-12-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-23 22:48]
.
2012-12-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-23 22:48]
.
2012-12-29 c:\windows\Tasks\RealUpgradeLogonTaskS-1-5-21-1214440339-436374069-1177238915-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]
.
2012-12-28 c:\windows\Tasks\RealUpgradeScheduledTaskS-1-5-21-1214440339-436374069-1177238915-500.job
- c:\program files\Real\RealUpgrade\realupgrade.exe [2012-07-27 20:27]
.
2012-12-30 c:\windows\Tasks\update-S-1-5-21-1214440339-436374069-1177238915-500.job
- c:\program files\Skillbrains\Updater\Updater.exe [2012-11-17 04:09]
.
2012-12-30 c:\windows\Tasks\update-sys.job
- c:\program files\Skillbrains\Updater\Updater.exe [2012-11-17 04:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.babylon.com/?affID=110014&babsrc=HP_ss&mntrId=0c8ea502000000000000001195d20794
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office14\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
IE: Se&nd to OneNote - c:\progra~1\MI1933~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\
FF - prefs.js: browser.search.defaulturl - hxxp://fastestwebsearch.com/search?q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Fastest
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=13
FF - prefs.js: keyword.URL - hxxp://fastestwebsearch.com/search?q=
FF - ExtSQL: 2012-11-23 16:51; {0153E448-190B-4987-BDE1-F256CADA672F}; c:\documents and settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext
FF - ExtSQL: !HIDDEN! 2009-06-24 09:45; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extentions.y2layers.installId, e5a69600-4fe0-4782-9250-e06597b33d68
FF - user.js: extentions.y2layers.defaultEnableAppsList - ezLooker,pagerage,buzzdock,toprelatedtopics,twittube
FF - user.js: extensions.autoDisableScopes - 14);//iBryteforchangeuser_pref(extensions.BabylonToolbar_i.babTrack, affID=110014
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0c8ea502000000000000001195d20794
FF - user.js: extensions.BabylonToolbar_i.hardId - 0c8ea502000000000000001195d20794
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15454
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1716:32
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);
.
- - - - ORPHANS REMOVED - - - -
.
Notify-NavLogon - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-30 16:17
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1214440339-436374069-1177238915-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,95,93,94,e0,ce,bd,4a,b8,bc,f0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e7,95,93,94,e0,ce,bd,4a,b8,bc,f0,\
.
[HKEY_USERS\S-1-5-21-1214440339-436374069-1177238915-500\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:e3,d6,95,23,dd,c6,cd,57,d1,9e,83,10,aa,ee,71,f9,43,bd,69,3a,95,64,59,
77,17,d3,f5,ab,d3,b3,00,ea,a5,4c,5e,07,93,0b,dc,9c,a0,b7,4b,49,14,14,14,64,\
"??"=hex:41,3e,38,e6,bc,87,6d,58,71,85,60,f8,62,7e,50,dc
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(936)
c:\program files\Common Files\PC Tools\Lsp\PCTLsp.dll
.
Completion time: 2012-12-30 16:19:58
ComboFix-quarantined-files.txt 2012-12-30 22:19
ComboFix2.txt 2012-12-15 07:03
.
Pre-Run: 16,564,367,360 bytes free
Post-Run: 16,559,964,160 bytes free
.
- - End Of File - - 0A54BA032861C17BC347DC798264295D

#8 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 30 December 2012 - 06:00 PM

Have you regained Internet access yet?

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

-------

Download HijackThis from Here. Then click on the downloaded file, and install HijackThis.

In HijackThis, click Config - Misc Tools - Open Uninstall Manager.

Click on Save List, then save that to a location you can locate again (such as the desktop). Copy/paste the contents of that back here please.
Ad eundum quo no duck ante iit

#9 wes286

wes286
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 31 December 2012 - 02:08 AM

i still have "limited or no connectivity" and cannot access the internet..


here is the adwcleaner log



# AdwCleaner v2.104 - Logfile created 12/31/2012 at 01:00:34
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Administrator - WESLEY
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\adapter@babylontc.com.xpi
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\ocr@babylon.com.xpi
File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\searchplugins\Conduit.xml
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
Folder Found : C:\Documents and Settings\Administrator\Application Data\Babylon
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\Conduit
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\ConduitCommon
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\CT2438727
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\CT2720081
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\CT3072253
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\CT3221206
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\CT3244149
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{1e87a6c4-87c3-48eb-98a9-2444015642a7}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{462be121-2b54-4218-bf00-b9bf8135b23f}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\{ce18769b-c7fa-42d2-860d-17c4662c70ad}
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\ffxtlbr@Facemoods.com
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\extensions\playbryte@playbryte.com
Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\Smartbar
Folder Found : C:\Documents and Settings\Administrator\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cddmeilcgjecgghnhopomglpjclopipg
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Playbryte
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\boost_interprocess
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\All Users\Application Data\WeCareReminder
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Free Offers from Freeze.com
Folder Found : C:\Program Files\OApps
Folder Found : C:\Program Files\Playbryte

***** [Registry] *****

Key Found : HKCU\Software\AVG Secure Search
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\cddmeilcgjecgghnhopomglpjclopipg
Key Found : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\DealPly
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1BB22D38-A411-4B13-A746-C2A4F4EC7344}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9CFACCB6-2F3F-4177-94EA-0D2B72D384C1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F72841F0-4EF1-4DF5-BCE5-B3AC8ACF5478}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\wajam.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4D71-8CE1-09DEBB8CFB78}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2447E305-5E90-42A8-BD1E-0BC333B807E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2557DD3F-23A0-477C-BCD8-90FD0AECC4B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2893116C-A176-42B1-8794-DA8C9FC45564}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{30B15818-E110-4527-9C05-46ACE5A3460D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3CEB04AB-08AF-45F4-81B4-70D13C1F7B85}
Key Found : HKLM\SOFTWARE\Classes\Interface\{40CA90F3-4098-4877-AE87-23EB612B18C7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C3B62AF-CA25-4FBA-8405-32E44F83BB6F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{50D2FDCC-2707-49CB-8223-7FE0424909AA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5A635A91-C303-45C9-8DB9-F759D98A3B9D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{618AAD04-921F-44C2-BE38-C0818AF69861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{741DE825-A6F0-4497-9AA6-8023CF9B0FFF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7E335D04-2E6E-4D0E-A921-C3D9192E7121}
Key Found : HKLM\SOFTWARE\Classes\Interface\{878CE013-7BA9-4650-A78C-B2234C0C1648}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8EE46F55-1CE1-4DB9-811A-68938EC7F3DD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99CCFB8C-6380-4A14-8FDD-EF3E7E95335D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{99FDCA0C-7380-4E9C-8D99-5DC4750334EF}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A7213D71-47E1-4832-92D7-D61DFE9F231F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A87DFD99-CF81-4241-85CE-881E0026B686}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B1D9F4B1-B9FF-463F-BF15-AB9CB26160F7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B20D7ADD-989C-4BC0-A797-F6FE7998EFD7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B5D2ED96-62F9-4C2C-956D-E425B1F67337}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFC20A15-B0AC-44CC-A25A-A7039014BA9F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C96B9FAE-A032-4100-BB47-32EF05E28BE4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF54BE1C-9359-4395-8533-1657CF209CFE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CF82F350-E1C4-4916-AC12-BA73DB60AFB7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D1063603-F045-475F-AFBC-8CBA7D5797FB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D3A412E8-1E4B-47D2-9B12-F88291F5AFBB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F019AEC4-4C95-46DE-A107-E302473E3B9A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2720081
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3221206
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D518921A-4A03-425E-9873-B9A71756821E}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cddmeilcgjecgghnhopomglpjclopipg
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kincjchfokkeneeofpeefomkikfkiedl
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\facemoods
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\Software\Playbryte
Key Found : HKU\S-1-5-21-1214440339-436374069-1177238915-500\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-1214440339-436374069-1177238915-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Extensions\CmdMapping [{F72841F0-4EF1-4df5-BCE5-B3AC8ACF5478}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110014&babsrc=HP_ss&mntrId=0c8ea502000000000000001195d20794

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\e1k7b2n1.default\prefs.js

Found : user_pref("CT2438727.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2438727.CTID", "CT2438727");
Found : user_pref("CT2438727.CurrentServerDate", "1-2-2012");
Found : user_pref("CT2438727.DialogsAlignMode", "LTR");
Found : user_pref("CT2438727.DownloadReferralCookieData", "");
Found : user_pref("CT2438727.FirstServerDate", "12-11-2010");
Found : user_pref("CT2438727.FirstTime", true);
Found : user_pref("CT2438727.FirstTimeFF3", true);
Found : user_pref("CT2438727.FirstTimeSettingsDone", true);
Found : user_pref("CT2438727.FixPageNotFoundErrors", true);
Found : user_pref("CT2438727.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2438727.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2438727.Initialize", true);
Found : user_pref("CT2438727.InitializeCommonPrefs", true);
Found : user_pref("CT2438727.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2438727.InstalledDate", "Fri Nov 12 2010 07:06:35 GMT-0600 (Central Standard Time)");
Found : user_pref("CT2438727.IsGrouping", false);
Found : user_pref("CT2438727.IsMulticommunity", false);
Found : user_pref("CT2438727.IsOpenThankYouPage", true);
Found : user_pref("CT2438727.IsOpenUninstallPage", true);
Found : user_pref("CT2438727.LanguagePackLastCheckTime", "Wed Feb 01 2012 12:27:58 GMT-0600 (Central Standar[...]
Found : user_pref("CT2438727.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2438727.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2438727.LastLogin_2.7.2.0", "Wed Feb 01 2012 12:27:58 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2438727.LatestVersion", "3.9.0.3");
Found : user_pref("CT2438727.Locale", "en");
Found : user_pref("CT2438727.LoginCache", 4);
Found : user_pref("CT2438727.MCDetectTooltipHeight", "83");
Found : user_pref("CT2438727.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2438727.MCDetectTooltipWidth", "295");
Found : user_pref("CT2438727.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2438727.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2438727.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT243[...]
Found : user_pref("CT2438727.SearchInNewTabEnabled", true);
Found : user_pref("CT2438727.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2438727.SearchInNewTabLastCheckTime", "Tue Jan 31 2012 18:50:32 GMT-0600 (Central Stand[...]
Found : user_pref("CT2438727.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2438727.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2438727.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2438727.SettingsLastCheckTime", "Wed Feb 01 2012 12:27:56 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2438727.SettingsLastUpdate", "1326723880");
Found : user_pref("CT2438727.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2438727.ThirdPartyComponentsLastCheck", "Thu Jan 26 2012 18:50:32 GMT-0600 (Central Sta[...]
Found : user_pref("CT2438727.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2438727.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2438727.UserID", "UN55904056614251715");
Found : user_pref("CT2438727.ValidationData_Toolbar", 2);
Found : user_pref("CT2438727.alertChannelId", "832836");
Found : user_pref("CT2438727.backendstorage.currentgame", "7A796E6761");
Found : user_pref("CT2438727.clientLogIsEnabled", false);
Found : user_pref("CT2438727.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2438727.myStuffEnabled", true);
Found : user_pref("CT2438727.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2438727.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2438727.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2438727.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2438727.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2720081.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2720081.CTID", "CT2720081");
Found : user_pref("CT2720081.CurrentServerDate", "1-2-2012");
Found : user_pref("CT2720081.DialogsAlignMode", "LTR");
Found : user_pref("CT2720081.DownloadReferralCookieData", "");
Found : user_pref("CT2720081.EMailNotifierPollDate", "Wed Feb 01 2012 12:37:57 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2720081.FeedLastCount129248891425073064", 200);
Found : user_pref("CT2720081.FeedPollDate129225116238185771", "Wed Feb 01 2012 12:27:59 GMT-0600 (Central St[...]
Found : user_pref("CT2720081.FeedPollDate129225147492879732", "Wed Feb 01 2012 12:27:59 GMT-0600 (Central St[...]
Found : user_pref("CT2720081.FeedPollDate129245643951202078", "Wed Feb 01 2012 12:27:59 GMT-0600 (Central St[...]
Found : user_pref("CT2720081.FeedPollDate129245643951202084", "Wed Feb 01 2012 12:27:59 GMT-0600 (Central St[...]
Found : user_pref("CT2720081.FeedTTL129225116238185771", 40);
Found : user_pref("CT2720081.FeedTTL129225147492879732", 40);
Found : user_pref("CT2720081.FeedTTL129245643951202078", 40);
Found : user_pref("CT2720081.FeedTTL129245643951202084", 40);
Found : user_pref("CT2720081.FirstServerDate", "23-9-2010");
Found : user_pref("CT2720081.FirstTime", true);
Found : user_pref("CT2720081.FirstTimeFF3", true);
Found : user_pref("CT2720081.FirstTimeSettingsDone", true);
Found : user_pref("CT2720081.FixPageNotFoundErrors", true);
Found : user_pref("CT2720081.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2720081.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2720081.Initialize", true);
Found : user_pref("CT2720081.InitializeCommonPrefs", true);
Found : user_pref("CT2720081.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2720081.InstallationType", "UnknownIntegration");
Found : user_pref("CT2720081.InstalledDate", "Thu Sep 23 2010 02:04:49 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT2720081.InvalidateCache", false);
Found : user_pref("CT2720081.IsGrouping", false);
Found : user_pref("CT2720081.IsMulticommunity", false);
Found : user_pref("CT2720081.IsOpenThankYouPage", false);
Found : user_pref("CT2720081.IsOpenUninstallPage", true);
Found : user_pref("CT2720081.LanguagePackLastCheckTime", "Wed Feb 01 2012 12:27:55 GMT-0600 (Central Standar[...]
Found : user_pref("CT2720081.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2720081.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2720081.LastLogin_2.7.2.0", "Wed Feb 01 2012 12:27:55 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2720081.LatestVersion", "3.9.0.3");
Found : user_pref("CT2720081.Locale", "en");
Found : user_pref("CT2720081.LoginCache", 4);
Found : user_pref("CT2720081.MCDetectTooltipHeight", "83");
Found : user_pref("CT2720081.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2720081.MCDetectTooltipWidth", "295");
Found : user_pref("CT2720081.RadioIsPodcast", false);
Found : user_pref("CT2720081.RadioLastCheckTime", "Tue Jan 31 2012 18:52:11 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2720081.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2720081.RadioLastUpdateServer", "129248947734170000");
Found : user_pref("CT2720081.RadioMediaID", "21079850");
Found : user_pref("CT2720081.RadioMediaType", "Media Player");
Found : user_pref("CT2720081.RadioMenuSelectedID", "EBRadioMenu_CT272008121079850");
Found : user_pref("CT2720081.RadioShrinked", "shrinked");
Found : user_pref("CT2720081.RadioStationName", "AHL%20-%20Grand%20Rapids%20Griffins");
Found : user_pref("CT2720081.RadioStationURL", "hxxp://cdncon.wm.llnwd.net/cdncon_neulion1_ahl_griffins?eid=[...]
Found : user_pref("CT2720081.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2720081.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2720081.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Found : user_pref("CT2720081.SearchInNewTabEnabled", true);
Found : user_pref("CT2720081.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2720081.SearchInNewTabLastCheckTime", "Tue Jan 31 2012 18:50:22 GMT-0600 (Central Stand[...]
Found : user_pref("CT2720081.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2720081.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2720081.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2720081.SettingsLastCheckTime", "Wed Feb 01 2012 12:27:46 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2720081.SettingsLastUpdate", "1326723880");
Found : user_pref("CT2720081.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2720081.ThirdPartyComponentsLastCheck", "Thu Jan 26 2012 18:50:21 GMT-0600 (Central Sta[...]
Found : user_pref("CT2720081.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2720081.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2720081.UserID", "UN07927561824778184");
Found : user_pref("CT2720081.ValidationData_Toolbar", 2);
Found : user_pref("CT2720081.WeatherNetwork", "");
Found : user_pref("CT2720081.WeatherPollDate", "Wed Feb 01 2012 12:28:00 GMT-0600 (Central Standard Time)");
Found : user_pref("CT2720081.WeatherUnit", "F");
Found : user_pref("CT2720081.alertChannelId", "1112366");
Found : user_pref("CT2720081.backendstorage.ct2720081ads1", "25374225323261647325323225334125354225374225323[...]
Found : user_pref("CT2720081.backendstorage.ct2720081current_term", "");
Found : user_pref("CT2720081.backendstorage.ct2720081sdate", "31");
Found : user_pref("CT2720081.backendstorage.hxxp://api15_thetrafficstat_net.pid2", "386564343539386134393162[...]
Found : user_pref("CT2720081.backendstorage.hxxp://api19_thetrafficstat_net.pid2", "386564343539386134393162[...]
Found : user_pref("CT2720081.backendstorage.hxxp://api20_thetrafficstat_net.pid2", "386564343539386134393162[...]
Found : user_pref("CT2720081.clientLogIsEnabled", false);
Found : user_pref("CT2720081.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2720081.myStuffEnabled", true);
Found : user_pref("CT2720081.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2720081.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2720081.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2720081.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2720081.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT3072253..clientLogIsEnabled", false);
Found : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3072253.AppTrackingLastCheckTime", "Mon Dec 10 2012 22:12:43 GMT-0600 (Central Standard[...]
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Found : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Found : user_pref("CT3072253.CTID", "CT3072253");
Found : user_pref("CT3072253.CurrentServerDate", "15-12-2012");
Found : user_pref("CT3072253.DSInstall", false);
Found : user_pref("CT3072253.DialogsAlignMode", "LTR");
Found : user_pref("CT3072253.DialogsGetterLastCheckTime", "Fri Dec 14 2012 12:54:21 GMT-0600 (Central Standa[...]
Found : user_pref("CT3072253.DownloadReferralCookieData", "");
Found : user_pref("CT3072253.EnableClickToSearchBox", false);
Found : user_pref("CT3072253.EnableSearchHistory", false);
Found : user_pref("CT3072253.EnableSearchSuggest", false);
Found : user_pref("CT3072253.FirstServerDate", "10-7-2012");
Found : user_pref("CT3072253.FirstTime", true);
Found : user_pref("CT3072253.FirstTimeFF3", true);
Found : user_pref("CT3072253.FirstTimeHiddenVer", true);
Found : user_pref("CT3072253.FixPageNotFoundErrors", true);
Found : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3072253.HPInstall", false);
Found : user_pref("CT3072253.HasUserGlobalKeys", true);
Found : user_pref("CT3072253.HomePageProtectorEnabled", false);
Found : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://search.babylon.com/?affID=110014&babsrc=HP_ss&mn[...]
Found : user_pref("CT3072253.Initialize", true);
Found : user_pref("CT3072253.InitializeCommonPrefs", true);
Found : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3072253.InstallationId", "fft1456.tmp.exe");
Found : user_pref("CT3072253.InstallationType", "XPE");
Found : user_pref("CT3072253.InstalledDate", "Tue Jul 10 2012 03:45:39 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3072253.IsAlertDBUpdated", true);
Found : user_pref("CT3072253.IsGrouping", false);
Found : user_pref("CT3072253.IsInitSetupIni", true);
Found : user_pref("CT3072253.IsMulticommunity", false);
Found : user_pref("CT3072253.IsOpenThankYouPage", true);
Found : user_pref("CT3072253.IsOpenUninstallPage", false);
Found : user_pref("CT3072253.LanguagePackLastCheckTime", "Sun Dec 16 2012 14:03:28 GMT-0600 (Central Standar[...]
Found : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3072253.LastLogin_3.13.0.6", "Mon Jul 23 2012 19:28:25 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3072253.LastLogin_3.14.1.0", "Mon Aug 27 2012 14:42:39 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3072253.LastLogin_3.15.1.0", "Sun Dec 16 2012 14:03:28 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT3072253.LatestVersion", "3.16.0.3");
Found : user_pref("CT3072253.Locale", "en");
Found : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Found : user_pref("CT3072253.MCDetectTooltipShow", false);
Found : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Found : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3072253.OriginalFirstVersion", "3.13.0.6");
Found : user_pref("CT3072253.SearchBackToDefaultEngine", false);
Found : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Found : user_pref("CT3072253.SearchEngineBeforeUnload", "Search the web (Babylon)");
Found : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]
Found : user_pref("CT3072253.SearchInNewTabEnabled", true);
Found : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sun Dec 16 2012 14:03:26 GMT-0600 (Central Stand[...]
Found : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3072253.SearchInNewTabUserEnabled", false);
Found : user_pref("CT3072253.SearchProtectorEnabled", false);
Found : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Found : user_pref("CT3072253.ServiceMapLastCheckTime", "Sun Dec 16 2012 14:03:27 GMT-0600 (Central Standard [...]
Found : user_pref("CT3072253.SettingsLastCheckTime", "Sun Dec 16 2012 14:03:26 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT3072253.SettingsLastUpdate", "1354706882");
Found : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Found : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Thu Dec 13 2012 03:18:59 GMT-0600 (Central Sta[...]
Found : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Found : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3072253.UserID", "UN21785832420883888");
Found : user_pref("CT3072253.ValidationData_Toolbar", 1);
Found : user_pref("CT3072253.alertChannelId", "1463702");
Found : user_pref("CT3072253.approveUntrustedApps", true);
Found : user_pref("CT3072253.autoDisableScopes", 14);
Found : user_pref("CT3072253.backendstorage.bt_stats", "7B226C6173745F6C6F67223A313335353136393232342C227575[...]
Found : user_pref("CT3072253.backendstorage.cb_experience_000", "34");
Found : user_pref("CT3072253.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT3072253.backendstorage.cb_user_id_000", "43423633363633323135373032305F46697265666F78")[...]
Found : user_pref("CT3072253.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT3072253.backendstorage.cbfirsttime", "547565204A756C20313020323031322030333A34353A34362[...]
Found : user_pref("CT3072253.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3[...]
Found : user_pref("CT3072253.components.129573915102477663", false);
Found : user_pref("CT3072253.components.3562342111233572", false);
Found : user_pref("CT3072253.components.4930556174285671", false);
Found : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Sun Dec 16 2012 14:03:28 GMT-0600 (Central [...]
Found : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3072253.initDone", true);
Found : user_pref("CT3072253.isAppTrackingManagerOn", true);
Found : user_pref("CT3072253.isSearchProtectorNotifyChanges", false);
Found : user_pref("CT3072253.myStuffEnabled", true);
Found : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3072253.navigateToUrlOnSearch", false);
Found : user_pref("CT3072253.oldAppsList", "129295695672325902,129571859753931591,111,129593762370823811,129[...]
Found : user_pref("CT3072253.revertSettingsEnabled", false);
Found : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Found : user_pref("CT3072253.testingCtid", "");
Found : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sun Dec 16 2012 14:03:28 GMT-0600 (Central S[...]
Found : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Mon Dec 10 2012 11:17:08 GMT-0600 (Central S[...]
Found : user_pref("CT3072253.usageEnabled", false);
Found : user_pref("CT3072253.usagesFlag", 2);
Found : user_pref("CT3221206..clientLogIsEnabled", false);
Found : user_pref("CT3221206..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT3221206..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT3221206.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT3221206.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT3221206.AppTrackingLastCheckTime", "Mon Dec 10 2012 22:12:43 GMT-0600 (Central Standard[...]
Found : user_pref("CT3221206.BrowserCompStateIsOpen_3878116796113008528", true);
Found : user_pref("CT3221206.CTID", "CT3221206");
Found : user_pref("CT3221206.CurrentServerDate", "15-12-2012");
Found : user_pref("CT3221206.DSInstall", false);
Found : user_pref("CT3221206.DialogsAlignMode", "LTR");
Found : user_pref("CT3221206.DialogsGetterLastCheckTime", "Fri Dec 14 2012 12:54:23 GMT-0600 (Central Standa[...]
Found : user_pref("CT3221206.DownloadReferralCookieData", "");
Found : user_pref("CT3221206.FirstServerDate", "15-6-2012");
Found : user_pref("CT3221206.FirstTime", true);
Found : user_pref("CT3221206.FirstTimeFF3", true);
Found : user_pref("CT3221206.FirstTimeHiddenVer", true);
Found : user_pref("CT3221206.FixPageNotFoundErrors", true);
Found : user_pref("CT3221206.GroupingServerCheckInterval", 1440);
Found : user_pref("CT3221206.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT3221206.HPInstall", false);
Found : user_pref("CT3221206.HasUserGlobalKeys", true);
Found : user_pref("CT3221206.HomePageProtectorEnabled", false);
Found : user_pref("CT3221206.HomepageBeforeUnload", "hxxp://search.babylon.com/?affID=110014&babsrc=HP_ss&mn[...]
Found : user_pref("CT3221206.Initialize", true);
Found : user_pref("CT3221206.InitializeCommonPrefs", true);
Found : user_pref("CT3221206.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT3221206.InstallationId", "supersonicads_ct3221206");
Found : user_pref("CT3221206.InstallationType", "ConduitNSISIntegration");
Found : user_pref("CT3221206.InstalledDate", "Wed Jun 13 2012 00:38:27 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3221206.IsAlertDBUpdated", true);
Found : user_pref("CT3221206.IsGrouping", false);
Found : user_pref("CT3221206.IsInitSetupIni", true);
Found : user_pref("CT3221206.IsMulticommunity", false);
Found : user_pref("CT3221206.IsOpenThankYouPage", false);
Found : user_pref("CT3221206.IsOpenUninstallPage", true);
Found : user_pref("CT3221206.LanguagePackLastCheckTime", "Sun Dec 16 2012 14:03:29 GMT-0600 (Central Standar[...]
Found : user_pref("CT3221206.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT3221206.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT3221206.LastLogin_3.13.0.6", "Mon Jul 23 2012 19:28:25 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3221206.LastLogin_3.14.1.0", "Wed Aug 22 2012 14:11:20 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT3221206.LastLogin_3.15.1.0", "Sun Dec 16 2012 14:03:28 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT3221206.LatestVersion", "3.16.0.3");
Found : user_pref("CT3221206.Locale", "en");
Found : user_pref("CT3221206.MCDetectTooltipHeight", "83");
Found : user_pref("CT3221206.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT3221206.MCDetectTooltipWidth", "295");
Found : user_pref("CT3221206.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT3221206.OriginalFirstVersion", "3.13.0.6");
Found : user_pref("CT3221206.SearchCaption", "ChoozOn - Deal Scout Customized Web Search");
Found : user_pref("CT3221206.SearchEngineBeforeUnload", "Search the web (Babylon)");
Found : user_pref("CT3221206.SearchFromAddressBarIsInit", true);
Found : user_pref("CT3221206.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Found : user_pref("CT3221206.SearchInNewTabEnabled", true);
Found : user_pref("CT3221206.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT3221206.SearchInNewTabLastCheckTime", "Sun Dec 16 2012 14:03:28 GMT-0600 (Central Stand[...]
Found : user_pref("CT3221206.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT3221206.SearchProtectorEnabled", false);
Found : user_pref("CT3221206.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT3221206.SendProtectorDataViaLogin", true);
Found : user_pref("CT3221206.ServiceMapLastCheckTime", "Sun Dec 16 2012 14:03:27 GMT-0600 (Central Standard [...]
Found : user_pref("CT3221206.SettingsLastCheckTime", "Sun Dec 16 2012 14:03:27 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT3221206.SettingsLastUpdate", "1354706882");
Found : user_pref("CT3221206.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3221206&SearchSource=13");
Found : user_pref("CT3221206.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT3221206.ThirdPartyComponentsLastCheck", "Mon Dec 10 2012 19:23:05 GMT-0600 (Central Sta[...]
Found : user_pref("CT3221206.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT3221206.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT3221206.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3221206");
Found : user_pref("CT3221206.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT3221206.UserID", "UN23067053631670520");
Found : user_pref("CT3221206.ValidationData_Search", 1);
Found : user_pref("CT3221206.ValidationData_Toolbar", 2);
Found : user_pref("CT3221206.WeatherNetwork", "");
Found : user_pref("CT3221206.WeatherPollDate", "Sun Dec 16 2012 14:03:29 GMT-0600 (Central Standard Time)");
Found : user_pref("CT3221206.WeatherUnit", "C");
Found : user_pref("CT3221206.alertChannelId", "1649322");
Found : user_pref("CT3221206.autoDisableScopes", 14);
Found : user_pref("CT3221206.backendstorage.choozon_ctid", "435433323231323036");
Found : user_pref("CT3221206.backendstorage.choozon_daily_offersdata", "6F626A5F7B22726573756C74223A22737563[...]
Found : user_pref("CT3221206.backendstorage.choozon_dailywatched", "6E6577");
Found : user_pref("CT3221206.backendstorage.choozon_iamopened", "31333534383232393635353835");
Found : user_pref("CT3221206.backendstorage.choozon_installdate", "31333339373039363432343739");
Found : user_pref("CT3221206.backendstorage.choozon_lastshoweddailyoff", "31333534383232393631343235");
Found : user_pref("CT3221206.backendstorage.choozon_laststartedattgrabber", "31333535313139323932303137");
Found : user_pref("CT3221206.backendstorage.choozon_lastupdate", "31333438393831323335303039");
Found : user_pref("CT3221206.backendstorage.choozon_lastvisitedbrandid", "31313132");
Found : user_pref("CT3221206.backendstorage.choozon_offermode", "6461696C79");
Found : user_pref("CT3221206.backendstorage.choozon_registeredonchoozon", "66616C7365");
Found : user_pref("CT3221206.backendstorage.choozon_uid", "31333339373039363434373336");
Found : user_pref("CT3221206.backendstorage.choozon_userfavlist", "323734323439");
Found : user_pref("CT3221206.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT3221206.globalFirstTimeInfoLastCheckTime", "Sun Dec 16 2012 14:03:29 GMT-0600 (Central [...]
Found : user_pref("CT3221206.homepageProtectorEnableByLogin", true);
Found : user_pref("CT3221206.initDone", true);
Found : user_pref("CT3221206.isAppTrackingManagerOn", true);
Found : user_pref("CT3221206.myStuffEnabled", true);
Found : user_pref("CT3221206.myStuffPublihserMinWidth", 400);
Found : user_pref("CT3221206.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT3221206.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT3221206.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT3221206.navigateToUrlOnSearch", false);
Found : user_pref("CT3221206.oldAppsList", "129815734117245028,129815734118641424,111,3878116796113008528,55[...]
Found : user_pref("CT3221206.revertSettingsEnabled", false);
Found : user_pref("CT3221206.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT3221206.searchProtectorEnableByLogin", true);
Found : user_pref("CT3221206.testingCtid", "");
Found : user_pref("CT3221206.toolbarAppMetaDataLastCheckTime", "Sun Dec 16 2012 14:03:29 GMT-0600 (Central S[...]
Found : user_pref("CT3221206.toolbarContextMenuLastCheckTime", "Mon Dec 10 2012 11:16:59 GMT-0600 (Central S[...]
Found : user_pref("CT3221206.usagesFlag", 2);
Found : user_pref("CT3244149.1000082.isPlayDisplay", "true");
Found : user_pref("CT3244149.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Found : user_pref("CT3244149.CBOpenMAMSettings", "0");
Found : user_pref("CT3244149.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3244149.FirstTime", "true");
Found : user_pref("CT3244149.FirstTimeFF3", "true");
Found : user_pref("CT3244149.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Found : user_pref("CT3244149.UserID", "UN32642578349799119");
Found : user_pref("CT3244149.UserId", "1a290417-ed51-29b3-5818-e655ef45b271");
Found : user_pref("CT3244149.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3244149.autoDisableScopes", 0);
Found : user_pref("CT3244149.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3244149.cb_experience_000", "17");
Found : user_pref("CT3244149.cb_firstuse0100", "1");
Found : user_pref("CT3244149.cbcountry_001", "US");
Found : user_pref("CT3244149.cbfirsttime", "Thu Aug 30 2012 01:08:57 GMT-0500 (Central Daylight Time)");
Found : user_pref("CT3244149.defaultSearch", "true");
Found : user_pref("CT3244149.embeddedsData", "[{\"appId\":\"129895725399351616\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3244149.enableAlerts", "always");
Found : user_pref("CT3244149.enableSearchFromAddressBar", "true");
Found : user_pref("CT3244149.firstTimeDialogOpened", "true");
Found : user_pref("CT3244149.first_time_search", "1");
Found : user_pref("CT3244149.fixPageNotFoundError", "true");
Found : user_pref("CT3244149.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3244149.fixUrls", true);
Found : user_pref("CT3244149.hxxp___api15_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api16_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api18_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api19_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api20_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api21_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api22_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api25_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api26_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api28_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api29_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api30_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api31_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api32_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___api6_starwebnet_com.pid2", "ca133c75beed660b");
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.APP_WIN_FEATURES", "resizable=yes, scrollb[...]
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_cache", "[\"c822c1b63853ed273b89[...]
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui", "{\"gui\":[{\"type\[...]
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings", "{\"initUrl\":\"hxxp:[...]
Found : user_pref("CT3244149.hxxp___toolbar_jollywallet_com_tlb_2.lastAccess", "2012-9-17");
Found : user_pref("CT3244149.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "op[...]
Found : user_pref("CT3244149.installId", "119");
Found : user_pref("CT3244149.installType", "ConduitNSISIntegration");
Found : user_pref("CT3244149.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.isNewTabEnabled", false);
Found : user_pref("CT3244149.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3244149.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3244149.keyword", true);
Found : user_pref("CT3244149.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"3i (2 + 5i) = x + 6i\",\"EB_MAIN[...]
Found : user_pref("CT3244149.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3244149.openThankYouPage", "false");
Found : user_pref("CT3244149.openUninstallPage", "true");
Found : user_pref("CT3244149.search.searchAppId", "129895725399351616");
Found : user_pref("CT3244149.search.searchCount", "0");
Found : user_pref("CT3244149.searchInNewTabEnabled", "false");
Found : user_pref("CT3244149.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3244149.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3244149.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3244149.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3244149.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3244149.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3244149.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1353811499898");
Found : user_pref("CT3244149.serviceLayer_services_appTracking_lastUpdate", "1354159554840");
Found : user_pref("CT3244149.serviceLayer_services_appsMetadata_lastUpdate", "1354246077893");
Found : user_pref("CT3244149.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353950480988");
Found : user_pref("CT3244149.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354243535310");
Found : user_pref("CT3244149.serviceLayer_services_optimizer_lastUpdate", "1346737209518");
Found : user_pref("CT3244149.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353950482292");
Found : user_pref("CT3244149.serviceLayer_services_searchAPI_lastUpdate", "1354246310558");
Found : user_pref("CT3244149.serviceLayer_services_serviceMap_lastUpdate", "1354243363908");
Found : user_pref("CT3244149.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353950481568");
Found : user_pref("CT3244149.serviceLayer_services_toolbarSettings_lastUpdate", "1354243546970");
Found : user_pref("CT3244149.serviceLayer_services_translation_lastUpdate", "1354243365849");
Found : user_pref("CT3244149.settingsINI", true);
Found : user_pref("CT3244149.shouldFirstTimeDialog", "false");
Found : user_pref("CT3244149.smartbar.CTID", "CT3244149");
Found : user_pref("CT3244149.smartbar.Uninstall", "0");
Found : user_pref("CT3244149.smartbar.homepage", true);
Found : user_pref("CT3244149.smartbar.toolbarName", "WhiteSmoke US New ");
Found : user_pref("CT3244149.toolbarBornServerTime", "30-8-2012");
Found : user_pref("CT3244149.toolbarCurrentServerTime", "30-11-2012");
Found : user_pref("CT3244149.toolbarDisabled", "true");
Found : user_pref("CT3244149.url_history0001", "hxxps://www.google.com:::clickhandler:::1354237634842,,,hxxp[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3221206/CT3221206[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1649322/1642087/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3221206", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3221206",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"f47[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbart[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2720081,CT2438727,CT3221206,CT3072253");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2720081,CT2438727,CT3221206,CT3072253");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3221206,CT3072253");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Jan 31 2012 18:50:31 GMT-0600 (Cen[...]
Found : user_pref("CommunityToolbar.globalUserId", "c3e614b6-d76a-497e-a1e1-b4ff089af2b6");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Dec 12 2012 11:40:3[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jul 10 2012 00:16:35 GMT-050[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 0);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Dec 16 2012 14:03:29 GMT-0600 (C[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "de037050-eba0-423b-a668-fa4721a5f2ef");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://search.babylon.com/?affID=110014&babsrc=HP_ss[...]
Found : user_pref("CommunityToolbar.originalSearchEngine", "Search the web (Babylon)");
Found : user_pref("CommunityToolbar.twitter.user_14293310.LastCheckTime", "Wed Feb 01 2012 12:27:58 GMT-0600[...]
Found : user_pref("CommunityToolbar.twitter.user_2557521.LastCheckTime", "Wed Feb 01 2012 12:27:58 GMT-0600 [...]
Found : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Wed Feb 01 2012 12:27:58 GMT-0600 ([...]
Found : user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Wed Feb 01 2012 12:27:58 GMT-0600 ([...]
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke US New Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3244149[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.babylon.com/?babsrc=adbartrp&AF=14[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3244149");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaulturl", "hxxp://fastestwebsearch.com/search?q={searchTerms}");
Found : user_pref("browser.search.order.1", "hxxp://fastestwebsearch.com/search?q={searchTerms}");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3244149&SearchSource=13");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "0c8ea502000000000000001195d20794");
Found : user_pref("extensions.BabylonToolbar_i.id", "0c8ea502000000000000001195d20794");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15454");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=110014&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1716:32:41");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.enabledAddons", "adapter%40babylontc.com:1.0.0.1,andpoufywj%40andpoufywj.org:2[...]
Found : user_pref("extensions.facemoods.aflt", "_#fxt0");
Found : user_pref("extensions.facemoods.firstRun", false);
Found : user_pref("extensions.facemoods.lastActv", "1");
Found : user_pref("keyword.URL", "hxxp://fastestwebsearch.com/search?q=");

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [56959 octets] - [31/12/2012 01:00:34]

########## EOF - C:\AdwCleaner[R1].txt - [57020 octets] ##########






and here is the uninstall list




µTorrent
Acrobat.com
Adobe AIR
Adobe AIR
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4)
Age of Empires III
AGEIA PhysX v2.5.0
Critical Update for Windows Media Player 11 (KB959772)
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition
Dell Photo Printer 720
Dell Photo Printer 720 Logger
Drug Wars
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB2158563)
Hotfix for Windows XP (KB2443685)
Hotfix for Windows XP (KB2633952)
Hotfix for Windows XP (KB915800-v4)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB961118)
Hotfix for Windows XP (KB970653-v3)
Hotfix for Windows XP (KB976098-v2)
Hotfix for Windows XP (KB979306)
Hotfix for Windows XP (KB981793)
Intel® Extreme Graphics 2 Driver
Intel® PRO Network Adapters and Drivers
Jasc Paint Shop Photo Album
Jasc Paint Shop Pro 8 Dell Edition
Java 7 Update 9
K-Lite Codec Pack 6.9.0 (Full)
lightshot-3.2.0.0
LiveUpdate 3.1 (Symantec Corporation)
Malwarebytes' Anti-Malware
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656353)
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Easy Assist v2
Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office 2010 Service Pack 1 (SP1)
Microsoft Office Access MUI (English) 2010
Microsoft Office Access Setup Metadata MUI (English) 2010
Microsoft Office Excel MUI (English) 2010
Microsoft Office OneNote MUI (English) 2010
Microsoft Office Outlook MUI (English) 2010
Microsoft Office PowerPoint MUI (English) 2010
Microsoft Office Professional 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (Spanish) 2010
Microsoft Office Proofing (English) 2010
Microsoft Office Publisher MUI (English) 2010
Microsoft Office Shared MUI (English) 2010
Microsoft Office Shared Setup Metadata MUI (English) 2010
Microsoft Office Single Image 2010
Microsoft Office Word MUI (English) 2010
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable
Microsoft WSE 3.0 Runtime
Monopoly by Parker Brothers
Mozilla Firefox 17.0.1 (x86 en-US)
Mozilla Maintenance Service
MS Access 97 SP2
MSN
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
NVIDIA Drivers
Paint.NET v3.5.10
PlayBryte
RealNetworks - Microsoft Visual C++ 2008 Runtime
RealPlayer
RealUpgrade 1.1
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft Excel 2010 (KB2597166) 32-Bit Edition
Security Update for Microsoft InfoPath 2010 (KB2553322) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553091)
Security Update for Microsoft Office 2010 (KB2553096)
Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2589337) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598039) 32-Bit Edition
Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition
Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition
Security Update for Microsoft Visio Viewer 2010 (KB2597981) 32-Bit Edition
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB968816)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows Search 4 - KB963093
Security Update for Windows XP (KB2079403)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2121546)
Security Update for Windows XP (KB2160329)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2259922)
Security Update for Windows XP (KB2279986)
Security Update for Windows XP (KB2286198)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2296199)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2412687)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2436673)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2476687)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479628)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485376)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2503658)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2506223)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508272)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2511455)
Security Update for Windows XP (KB2524375)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570222)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2621440)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2633171)
Security Update for Windows XP (KB2639417)
Security Update for Windows XP (KB2641653)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2647518)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2660465)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2685939)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2695962)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2707511)
Security Update for Windows XP (KB2709162)
Security Update for Windows XP (KB2718523)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958869)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB969897)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB969947)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971468)
Security Update for Windows XP (KB971486)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973525)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975561)
Security Update for Windows XP (KB975562)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977165)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978037)
Security Update for Windows XP (KB978251)
Security Update for Windows XP (KB978262)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978601)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979683)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB980195)
Security Update for Windows XP (KB980218)
Security Update for Windows XP (KB980232)
Security Update for Windows XP (KB980436)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981852)
Security Update for Windows XP (KB981957)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982214)
Security Update for Windows XP (KB982665)
Security Update for Windows XP (KB982802)
SoundMAX
The Game of Life
The Oregon Trail
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft Office 2010 (KB2553065)
Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553270) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition
Update for Microsoft Office 2010 (KB2566458)
Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition
Update for Microsoft Office 2010 (KB2597091) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition
Update for Microsoft OneNote 2010 (KB2589345) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook 2010 (KB2553248) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition
Update for Windows XP (KB2141007)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2541763)
Update for Windows XP (KB2641690)
Update for Windows XP (KB2718704)
Update for Windows XP (KB898461)
Update for Windows XP (KB943729)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB971737)
Update for Windows XP (KB973687)
Update for Windows XP (KB973815)
VideoFileDownload
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows PowerShell™ 1.0
Windows Search 4.0
WinRAR 4.00 beta 6 (32-bit)
Yontoo 1.10.02

#10 wes286

wes286
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:02:41 AM

Posted 28 November 2013 - 03:18 AM

Hello?

#11 Jintan

Jintan

  • Malware Response Team
  • 531 posts
  • OFFLINE
  •  
  • Local time:04:41 AM

Posted 28 November 2013 - 07:40 PM

Hello again wes286. And it appears I missed you had posted a reply, though nearly a year ago now. Why not provide me with an update on your current situation, and let's work from there, okay?


Ad eundum quo no duck ante iit




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users