Jump to content

zalloy

Honorary Members
  • Posts

    98
  • Joined

  • Last visited

Reputation

0 Neutral
  1. Ok, I think I've got the cleanup completed. Thanks again for all your help. Computer's running awesome! Also, thanks for the tips on how to keep this kind of thing from happening again. The only other question I have is about Java. I seem to remember a while back, that both Oracle and Sun were putting out Java. Is it now just Oracle, with their lame Ask toolbar it tries to install? Or is there another vendor that supplies Java without the adware, like an Open Source kind of thing? I don't want to take any more chances on software that tries to install crapware, even when you tell it not to. I already got rid of that Weather Channel monstrosity, and I never did hear anything back from them regarding my email to them about the malware and adware their software has built-in.
  2. So far, so good. It's been running so much better since we got rid of all that crapware!
  3. Doesn't look much different from the last time I ran it. Keeps saying Flash Player is out of date. I tried updating it, but the Adobe site says it should be updated as part of the browser's updates. Results of screen317's Security Check version 0.99.79 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 11 ``````````````Antivirus/Firewall Check:`````````````` Windows Firewall Enabled! Norton Security Suite WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware version 1.75.0.1300 Java 7 Update 51 Adobe Flash Player 12.0.0.44 Flash Player out of Date! Mozilla Firefox (27.0.1) Mozilla Thunderbird (24.3.0) Google Chrome 32.0.1700.102 Google Chrome 32.0.1700.107 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Malwarebytes' Anti-Malware mbamscheduler.exe NetRatingsNetSight NetSight NielsenOnline.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: 1% ````````````````````End of Log``````````````````````
  4. Rebooted this morning, and so far everything seems to be working well. Haven't noticed anything strange going on.
  5. Looks like this one came up clean. Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.02.16.02 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16518Laurie :: ZINCS-HP [administrator] Protection: Enabled 2/16/2014 7:41:13 AMmbam-log-2014-02-16 (07-41-13).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 228664Time elapsed: 7 minute(s), 58 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  6. Have to attach the log, as it's too big. ComboFix.txt
  7. Ok. Here you go. Thanks again! SystemLook.txt
  8. Here's the log from AdwClean. It doesn't look like it cleaned much of anything. Do I need to disable the AV software for it to find everything? # AdwCleaner v3.018 - Report created 14/02/2014 at 08:40:23# Updated 28/01/2014 by Xplode# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)# Username : Laurie - ZINCS-HP# Running from : C:\Users\Laurie\Desktop\AdwCleaner.exe# Option : Clean ***** [ Services ] ***** ***** [ Files / Folders ] ***** Folder Deleted : C:\ProgramData\boost_interprocess ***** [ Shortcuts ] ***** ***** [ Registry ] ***** ***** [ Browsers ] ***** -\\ Internet Explorer v11.0.9600.16518 -\\ Mozilla Firefox v27.0.1 (en-US) [ File : C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\prefs.js ] [ File : C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\n8eu6h0m.Zalloy\prefs.js ] -\\ Google Chrome v32.0.1700.107 [ File : C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [2586 octets] - [16/11/2013 09:16:49]AdwCleaner[R1].txt - [1523 octets] - [08/02/2014 23:09:51]AdwCleaner[R2].txt - [1290 octets] - [14/02/2014 08:39:30]AdwCleaner[s0].txt - [2663 octets] - [16/11/2013 09:19:15]AdwCleaner[s1].txt - [1596 octets] - [08/02/2014 23:10:45]AdwCleaner[s2].txt - [1215 octets] - [14/02/2014 08:40:23] ########## EOF - C:\AdwCleaner\AdwCleaner[s2].txt - [1275 octets] ##########
  9. Well, lookie what we have here! Looks like there's more crapola to get rid of. Here's the SystemLook log: SystemLook 30.07.11 by jpshortstuffLog created at 23:15 on 13/02/2014 by LaurieAdministrator - Elevation successful ========== filefind ========== Searching for "*adpeak*"No files found. Searching for "*scorpion*"No files found. Searching for "*conduit*"C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1323336 bytes [07:32 07/01/2014] [07:32 07/01/2014] 3F20CCDAC6969CBB898D88BB4F5CC22EC:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\CT2801948\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_xml.xml ------- 5801 bytes [02:42 03/03/2013] [18:24 12/10/2011] CEF21C55A446C3392032D1A40A02D5EEC:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\CT3007394\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_xml.xml ------- 5801 bytes [02:42 03/03/2013] [18:49 14/08/2011] CEF21C55A446C3392032D1A40A02D5EEC:\Users\Laurie\Documents\6hkwwsku.default\CT2801948\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_xml.xml --a---- 5801 bytes [15:33 02/03/2013] [18:24 12/10/2011] CEF21C55A446C3392032D1A40A02D5EEC:\Users\Laurie\Documents\6hkwwsku.default\CT3007394\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_xml.xml --a---- 5801 bytes [15:33 02/03/2013] [18:49 14/08/2011] CEF21C55A446C3392032D1A40A02D5EEC:\Users\Laurie\Documents\firefoxProfileBackup\CT2801948\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_xml.xml --a---- 5801 bytes [14:29 01/03/2013] [18:24 12/10/2011] CEF21C55A446C3392032D1A40A02D5EEC:\Users\Laurie\Documents\firefoxProfileBackup\CT3007394\radio\Skins\http___storage_conduit_com_BankImages_RadioSkins_Tapuz_display_xml.xml --a---- 5801 bytes [14:29 01/03/2013] [18:49 14/08/2011] CEF21C55A446C3392032D1A40A02D5EEC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_3_8_0.xml --a---- 10909 bytes [18:43 13/08/2011] [18:43 13/08/2011] 1B3B574AA349758343D3C80787B9739EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=en&browserType=IE&toolbarVersion=6_5_2_8.xml --a---- 10909 bytes [18:45 13/08/2011] [18:45 13/08/2011] 1B3B574AA349758343D3C80787B9739EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_47_255_CT2559647_Images_634328991090318750_png.png --a---- 2475 bytes [18:43 13/08/2011] [18:43 13/08/2011] D2BAA3B75F0F533EE3FDDE5A01836ED2C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_47_255_CT2559647_Skins_634332317643568752_png.png --a---- 254 bytes [18:43 13/08/2011] [18:43 13/08/2011] 44262659E067191827D91AE22B66AE5CC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [18:43 13/08/2011] [18:43 13/08/2011] 99D5F75C338F2A877CBF891E0F18746EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [18:43 13/08/2011] [18:43 13/08/2011] F2291FAB46ED9291A1A2FFE9F88E9D84C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [18:43 13/08/2011] [18:43 13/08/2011] A847C5F6CE2C700048749892DD2E0619C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [18:43 13/08/2011] [18:43 13/08/2011] FED9E00C76F647EE6A0B7CC684C89F0CC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [18:43 13/08/2011] [18:43 13/08/2011] 36BD416D16391EFAAAFB2C3C54EAE986C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [18:43 13/08/2011] [18:43 13/08/2011] 943ADFD9E0DF1507F7BC419802BF4303C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [18:43 13/08/2011] [18:43 13/08/2011] 36C6FB9C84D4AF5C5D7C5B277A0E4A01C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [18:43 13/08/2011] [18:43 13/08/2011] 275C9DA2D536F18F528C80E050C3D705C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [18:43 13/08/2011] [18:43 13/08/2011] 3AD88BD8E832DA39FAAEDF07AD595F94C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [18:43 13/08/2011] [18:43 13/08/2011] 650731EEF807C292E699779B12CBE552C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [18:43 13/08/2011] [18:43 13/08/2011] 9B4D914888BCFFCBAE6757A0E450551CC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [18:43 13/08/2011] [18:43 13/08/2011] EC3C2B4E0DEC4D880BAFF88ABBF94188C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [18:43 13/08/2011] [18:43 13/08/2011] A9E001CBC00B06B121DFBC80707F5298C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [18:43 13/08/2011] [18:43 13/08/2011] 15DEF39E438E807E2F0E22D44FDC7FB7C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [18:43 13/08/2011] [18:43 13/08/2011] 995595D4C685D659E8F03CD0A287EDDFC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [18:43 13/08/2011] [18:43 13/08/2011] AA39D8A6B65E208901EBA9F3D4728D3EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [18:43 13/08/2011] [18:43 13/08/2011] 464E244E7E2F27FB85E0C3AB69D72104C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [18:43 13/08/2011] [18:43 13/08/2011] 6427565C7105DC497287866100F260BBC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [18:43 13/08/2011] [18:43 13/08/2011] AE7C9F67594A84B096D225601ACB0B2AC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [18:43 13/08/2011] [18:43 13/08/2011] C3EBA0237D68F665AF6D663906221092C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_tell_a_friend_gif.gif --a---- 392 bytes [18:43 13/08/2011] [18:43 13/08/2011] 5E7217A3357550F9749A095631F51015C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [18:43 13/08/2011] [18:43 13/08/2011] 8BE02D510B4B2E05AD2611B1E9A0BD56C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_searchengines_go_btn_new_gif.gif --a---- 891 bytes [18:43 13/08/2011] [18:43 13/08/2011] F74F91E7DF0A5A5283AB2D2F0E6E58DEC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [18:43 13/08/2011] [18:43 13/08/2011] 66018EAE0906C9831A821CAE5D1089BBC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [18:43 13/08/2011] [18:43 13/08/2011] 84896837EDB1A78C14DB6A2F3A0AEE3AC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [18:43 13/08/2011] [18:43 13/08/2011] 948781E4B6478290050ECA4423B89B1EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [18:43 13/08/2011] [18:43 13/08/2011] AE5A39669C623937C0839E079E1088D5C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif --a---- 335 bytes [18:43 13/08/2011] [18:43 13/08/2011] 766433EF38BDA83C4FD4932027A4B9D5C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 7042 bytes [18:43 13/08/2011] [18:43 13/08/2011] C159A6BEAA8E32AAEFE7172DD5C2481EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5520 bytes [18:43 13/08/2011] [18:43 13/08/2011] D2E48F631F8A9768E9BBCB0964C7878FC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6586 bytes [18:43 13/08/2011] [18:43 13/08/2011] 0DC95CF28A384D3BFBFA60244A55125AC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5519 bytes [18:43 13/08/2011] [18:43 13/08/2011] 2B856ABBDD6E033594465C4945D5C93AC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_25_300_CT3001725_Images_634086595567493750_png.png --a---- 941 bytes [18:43 13/08/2011] [18:43 13/08/2011] B04F1F3EFFFAADCE70A249759CF66CDAC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_25_300_CT3001725_Images_634086596957953750_gif.gif --a---- 147 bytes [18:43 13/08/2011] [18:43 13/08/2011] 4C4668BE684936773CE20F320E2A6117C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_36_305_CT3052036_Images_634086594036610000_png.png --a---- 782 bytes [18:43 13/08/2011] [18:43 13/08/2011] B970A2674B600DF6170DE4A936D3B58BC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_36_305_CT3052036_Images_634086594155985000_png.png --a---- 889 bytes [18:43 13/08/2011] [18:43 13/08/2011] 4A5E036F8097BE38E597B70545B4E75BC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_36_305_CT3052036_Images_634115932438380000_png.png --a---- 968 bytes [18:43 13/08/2011] [18:43 13/08/2011] A5CF17889AC8AF6DF8D4BD51348225E8C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png --a---- 821 bytes [18:43 13/08/2011] [18:43 13/08/2011] 99D5F75C338F2A877CBF891E0F18746EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png --a---- 729 bytes [18:43 13/08/2011] [18:43 13/08/2011] F2291FAB46ED9291A1A2FFE9F88E9D84C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png --a---- 531 bytes [18:43 13/08/2011] [18:43 13/08/2011] A847C5F6CE2C700048749892DD2E0619C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png --a---- 669 bytes [18:43 13/08/2011] [18:43 13/08/2011] FED9E00C76F647EE6A0B7CC684C89F0CC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png --a---- 263 bytes [18:43 13/08/2011] [18:43 13/08/2011] 36BD416D16391EFAAAFB2C3C54EAE986C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png --a---- 734 bytes [18:43 13/08/2011] [18:43 13/08/2011] 943ADFD9E0DF1507F7BC419802BF4303C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png --a---- 562 bytes [18:43 13/08/2011] [18:43 13/08/2011] 36C6FB9C84D4AF5C5D7C5B277A0E4A01C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png --a---- 493 bytes [18:43 13/08/2011] [18:43 13/08/2011] 275C9DA2D536F18F528C80E050C3D705C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png --a---- 706 bytes [18:43 13/08/2011] [18:43 13/08/2011] 3AD88BD8E832DA39FAAEDF07AD595F94C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png --a---- 674 bytes [18:43 13/08/2011] [18:43 13/08/2011] 650731EEF807C292E699779B12CBE552C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_Upgrade_png.png --a---- 607 bytes [18:43 13/08/2011] [18:43 13/08/2011] 9B4D914888BCFFCBAE6757A0E450551CC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png --a---- 705 bytes [18:43 13/08/2011] [18:43 13/08/2011] 70B83DCDF7A6FA34240E1AA1D23EE535C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png --a---- 746 bytes [18:43 13/08/2011] [18:43 13/08/2011] 2AE805114215925E00858FD2FEFF1439C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png --a---- 669 bytes [18:43 13/08/2011] [18:43 13/08/2011] 6CFEA2D0DB786FDB4D72C1C1DE036822C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png --a---- 338 bytes [18:43 13/08/2011] [18:43 13/08/2011] DB45ACA16C515F2FD8CB3B6F5E4FC386C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png --a---- 545 bytes [18:43 13/08/2011] [18:43 13/08/2011] 6EB69BFCBFD422247C103705B532BFE1C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png --a---- 514 bytes [18:43 13/08/2011] [18:43 13/08/2011] 7F396C3A400239B9B66DEC2D503D86BBC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png --a---- 3355 bytes [18:43 13/08/2011] [18:43 13/08/2011] EC261A170D34BE434129E71B9C2C0408C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png --a---- 594 bytes [18:43 13/08/2011] [18:43 13/08/2011] 62C86296694EF7F41D380804A58EF5CAC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png --a---- 415 bytes [18:43 13/08/2011] [18:43 13/08/2011] E42D284CC0436B66C1DB4AAFFCCC1957C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png --a---- 461 bytes [18:43 13/08/2011] [18:43 13/08/2011] B4AEAC6600360BC4148538F716453AACC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png --a---- 699 bytes [18:43 13/08/2011] [18:43 13/08/2011] 640E17444F44717CA5039BCB7FD3551EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_ClientImages_radio_gif.gif --a---- 419 bytes [18:43 13/08/2011] [18:43 13/08/2011] 01B83C91554738F6AFFB7895BBBA73FBC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif --a---- 403 bytes [18:43 13/08/2011] [18:43 13/08/2011] EC3C2B4E0DEC4D880BAFF88ABBF94188C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif --a---- 414 bytes [18:43 13/08/2011] [18:43 13/08/2011] A9E001CBC00B06B121DFBC80707F5298C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif --a---- 278 bytes [18:43 13/08/2011] [18:43 13/08/2011] 15DEF39E438E807E2F0E22D44FDC7FB7C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif --a---- 405 bytes [18:43 13/08/2011] [18:43 13/08/2011] 995595D4C685D659E8F03CD0A287EDDFC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif --a---- 405 bytes [18:43 13/08/2011] [18:43 13/08/2011] AA39D8A6B65E208901EBA9F3D4728D3EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif --a---- 361 bytes [18:43 13/08/2011] [18:43 13/08/2011] 464E244E7E2F27FB85E0C3AB69D72104C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif --a---- 425 bytes [18:43 13/08/2011] [18:43 13/08/2011] 6427565C7105DC497287866100F260BBC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif --a---- 381 bytes [18:43 13/08/2011] [18:43 13/08/2011] AE7C9F67594A84B096D225601ACB0B2AC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif --a---- 351 bytes [18:43 13/08/2011] [18:43 13/08/2011] C3EBA0237D68F665AF6D663906221092C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif --a---- 399 bytes [18:43 13/08/2011] [18:43 13/08/2011] 8BE02D510B4B2E05AD2611B1E9A0BD56C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif --a---- 405 bytes [18:43 13/08/2011] [18:43 13/08/2011] 66018EAE0906C9831A821CAE5D1089BBC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif --a---- 371 bytes [18:43 13/08/2011] [18:43 13/08/2011] 84896837EDB1A78C14DB6A2F3A0AEE3AC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif --a---- 322 bytes [18:43 13/08/2011] [18:43 13/08/2011] 948781E4B6478290050ECA4423B89B1EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif --a---- 606 bytes [18:43 13/08/2011] [18:43 13/08/2011] 2A1D4FB45F62D3D260F2134228FAB05EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif --a---- 240 bytes [18:43 13/08/2011] [18:43 13/08/2011] AE5A39669C623937C0839E079E1088D5C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif --a---- 335 bytes [18:43 13/08/2011] [18:43 13/08/2011] 766433EF38BDA83C4FD4932027A4B9D5C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=en.xml --a---- 7042 bytes [18:43 13/08/2011] [18:43 13/08/2011] C159A6BEAA8E32AAEFE7172DD5C2481EC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=en.xml --a---- 5520 bytes [18:43 13/08/2011] [18:43 13/08/2011] D2E48F631F8A9768E9BBCB0964C7878FC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=en.xml --a---- 6586 bytes [18:43 13/08/2011] [18:43 13/08/2011] 0DC95CF28A384D3BFBFA60244A55125AC:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=en.xml --a---- 5519 bytes [18:43 13/08/2011] [18:43 13/08/2011] 2B856ABBDD6E033594465C4945D5C93A Searching for "*BackgroundContainer*"No files found. ========== folderfind ========== Searching for "*adpeak*"No folders found. Searching for "*scorpion*"No folders found. Searching for "*conduit*"C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Conduit d------ [18:43 13/08/2011]C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine d------ [18:43 13/08/2011]C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\ConduitEngine\Repository\conduit_ConduitEngine d------ [18:45 13/08/2011]C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\Repository\conduit_CT2559647_CT2559647 d------ [18:43 13/08/2011]C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Coupons.com\Repository\conduit_CT2559647_en d------ [18:44 13/08/2011]C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\Repository\conduit_CT3052036_CT3052036 d------ [18:43 13/08/2011]C:\Windows\SysWOW64\config\systemprofile\AppData\LocalLow\Quizulous_v3b\Repository\conduit_CT3052036_en d------ [18:44 13/08/2011] Searching for "*BackgroundContainer*"No folders found. ========== regfind ========== Searching for "scorpion"No data found. Searching for "adpeak"No data found. Searching for "conduit"[HKEY_CURRENT_USER\Software\FLEXnet\Connect\db\Conduit Engine.ini][HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]"C0BC68EF3BCF85344B0B0B4AE1333BDD"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\C0BC68EF3BCF85344B0B0B4AE1333BDD]"File"="iSyncConduit.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight\NetSight\metersub\meter6\!Config\hook_blacklist]"12"="ConduitEngin.*?\.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight\NetSight\metersub\meter6\!REG\IEFF\path]"10"="2,0,HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Toolbars"[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight\NetSight\metersub\meter7\!Config\hook_blacklist]"12"="ConduitEngin.*?\.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\NetRatingsNetSight\NetSight\metersub\meter7\!REG\IEFF\path]"10"="2,0,HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Toolbars"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NetRatingsNetSight\NetSight\metersub\meter6\!Config\hook_blacklist]"12"="ConduitEngin.*?\.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NetRatingsNetSight\NetSight\metersub\meter6\!REG\IEFF\path]"10"="2,0,HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Toolbars"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NetRatingsNetSight\NetSight\metersub\meter7\!Config\hook_blacklist]"12"="ConduitEngin.*?\.dll"[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\NetRatingsNetSight\NetSight\metersub\meter7\!REG\IEFF\path]"10"="2,0,HKEY_LOCAL_MACHINE\SOFTWARE\Conduit\Toolbars"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit][HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.5.2.8][HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\conduitEngine][HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\conduitEngine\toolbar\Repository\conduit_ConduitEngine][HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar]"Server"="users.conduit.com"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar]"GroupingServerURL"="http://grouping.services.conduit.com/"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar]"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar]"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar]"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar]"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar]"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647][HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppRegisterUsage]"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppsMetaData]"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppsSettings]"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppTrackingFirstTime]"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppTrackingUsage]"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppUninstallUsage]"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\BrowserToolbarsInfo]"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ClientErrorLog]"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx?op=ReportDiagnosticsEvent"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\DynamicDialogs]"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\GottenAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\OtherAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\SearchSettings]"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\SharedAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarAppComponentUsage]"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarAppUsage]"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarComponentUsage]"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarLogin]"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarSettings]"ServiceUrl"="http://settings.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarSettingsForPublisher]"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarSettingsForSB]"ServiceUrl"="http://settings706.toolbar.conduit-services.com/ToolbarSettings/sb.ashx?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarTranslation]"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarUninstall]"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarUsage]"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\UninstallDialog]"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647_CT2559647][HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647_en][HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\1570784510]"dbname"="conduit_CT2559647_en"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\1817748795]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\1997187513]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\2081159029]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\2357467368]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\302023800]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\3297172195]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\678067538]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\932838467]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings]"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\FeatureProtector\BrowserSearch]"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\FeatureProtector\BrowserSearch]"ConduitEnabled"="TRUE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\FeatureProtector\HomePage]"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT2559647"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\FeatureProtector\HomePage]"ConduitEnabled"="TRUE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\MyStuff]"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\MyStuff]"ConduitEnable"="TRUE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\Search\Settings]"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\SearchInNewTab]"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\SearchInNewTab]"AboutTabsEnabledByConduit"="TRUE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\SearchInNewTab]"AboutTabsUsageUrl"="http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\Update]"ModuleURL"="http://ieupdate.conduit.com/ver6.3.3.3/tbedrs.dll"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Coupons.com\toolbar\settings\Upgrade]"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.3.3.3/tbedrs.dll"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"Server"="users.conduit.com"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"GroupingServerURL"="http://grouping.services.conduit.com/"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036][HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppRegisterUsage]"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppsMetaData]"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppsSettings]"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppTrackingFirstTime]"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppTrackingUsage]"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppUninstallUsage]"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\BrowserToolbarsInfo]"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ClientErrorLog]"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx?op=ReportDiagnosticsEvent"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\DynamicDialogs]"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\GottenAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\OtherAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\SearchSettings]"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\SharedAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarAppComponentUsage]"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarAppUsage]"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarComponentUsage]"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarLogin]"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarSettings]"ServiceUrl"="http://settings.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarSettingsForPublisher]"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarSettingsForSB]"ServiceUrl"="http://settings706.toolbar.conduit-services.com/ToolbarSettings/sb.ashx?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarTranslation]"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarUninstall]"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarUsage]"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\UninstallDialog]"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036_CT3052036][HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036_en][HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\1857152017]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3051000096]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3263481306]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3320074586]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3651758780]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3700054771]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3729997684]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3891600977]"dbname"="conduit_CT3052036_en"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\621089057]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\667275953]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings]"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings]"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\FeatureProtector\BrowserSearch]"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\FeatureProtector\BrowserSearch]"ConduitEnabled"="TRUE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\FeatureProtector\HomePage]"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3052036"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\FeatureProtector\HomePage]"ConduitEnabled"="TRUE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\MyStuff]"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\MyStuff]"ConduitEnable"="TRUE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\RadioPlayer]"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\Search\Settings]"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\SearchInNewTab]"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\SearchInNewTab]"AboutTabsEnabledByConduit"="TRUE"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\SearchInNewTab]"AboutTabsUsageUrl"="http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\Update]"ModuleURL"="http://ieupdate.conduit.com/ver6.5.2.8/tbedrs.dll"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\Upgrade]"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.5.2.8/tbedrs.dll"[HKEY_USERS\.DEFAULT\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\Weather]"SearchServerUrl"="http://search.conduit.com/"[HKEY_USERS\S-1-5-21-3877766120-1356258156-1109172098-1001\Software\FLEXnet\Connect\db\Conduit Engine.ini][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Conduit\Toolbar\Facebook\InfoService\http://facebook.conduit-services.com/Settings.ashx?locale=en&browserType=IE&toolbarVersion=6.5.2.8][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\conduitEngine][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\conduitEngine\toolbar\Repository\conduit_ConduitEngine][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar]"Server"="users.conduit.com"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar]"GroupingServerURL"="http://grouping.services.conduit.com/"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar]"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar]"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar]"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar]"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar]"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppRegisterUsage]"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppsMetaData]"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppsSettings]"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppTrackingFirstTime]"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppTrackingUsage]"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\AppUninstallUsage]"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\BrowserToolbarsInfo]"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ClientErrorLog]"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx?op=ReportDiagnosticsEvent"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\DynamicDialogs]"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\GottenAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\OtherAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\SearchSettings]"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\SharedAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarAppComponentUsage]"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarAppUsage]"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarComponentUsage]"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarLogin]"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarSettings]"ServiceUrl"="http://settings.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarSettingsForPublisher]"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarSettingsForSB]"ServiceUrl"="http://settings706.toolbar.conduit-services.com/ToolbarSettings/sb.ashx?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarTranslation]"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarUninstall]"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\ToolbarUsage]"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647\UninstallDialog]"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647_CT2559647][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\conduit_CT2559647_en][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\1570784510]"dbname"="conduit_CT2559647_en"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\1817748795]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\1997187513]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\2081159029]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\2357467368]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\302023800]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\3297172195]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\678067538]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\Repository\MetaData\932838467]"dbname"="conduit_CT2559647_CT2559647"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings]"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\FeatureProtector\BrowserSearch]"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2559647"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\FeatureProtector\BrowserSearch]"ConduitEnabled"="TRUE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\FeatureProtector\HomePage]"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT2559647"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\FeatureProtector\HomePage]"ConduitEnabled"="TRUE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\MyStuff]"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\MyStuff]"ConduitEnable"="TRUE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\Search\Settings]"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\SearchInNewTab]"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\SearchInNewTab]"AboutTabsEnabledByConduit"="TRUE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\SearchInNewTab]"AboutTabsUsageUrl"="http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\Update]"ModuleURL"="http://ieupdate.conduit.com/ver6.3.3.3/tbedrs.dll"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Coupons.com\toolbar\settings\Upgrade]"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.3.3.3/tbedrs.dll"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"Server"="users.conduit.com"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"GroupingServerURL"="http://grouping.services.conduit.com/"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"PrivacyPageURL"="http://www.conduit.com/privacy/Default.aspx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"DisplayTrusteSeal"="http://trust.conduit.com/EB_ORIGINAL_CTID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"UsageURL"="http://usage.users.conduit.com/UsersWebService.asmx/UsersRequests"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"ClientLogURL"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"UninstallURL"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar]"AppsDetectionUrlPattern"="http://appdownload.conduit.com/"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppRegisterUsage]"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppRegistration.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppsMetaData]"ServiceUrl"="http://appsmetadata.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppsSettings]"ServiceUrl"="http://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_COMP_ID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppTrackingFirstTime]"ServiceUrl"="http://tracking.usage.app.conduit-services.com/FirstTime.ashx?current=EB_APPTRACKING_CURRENT_STATE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppTrackingUsage]"ServiceUrl"="http://tracking.usage.app.conduit-services.com/Usage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\AppUninstallUsage]"ServiceUrl"="http://apps.usage.conduit-services.com/AppOperations/AppUninstall.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\BrowserToolbarsInfo]"ServiceUrl"="http://counting.usage.toolbar.conduit-services.com/usage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ClientErrorLog]"ServiceUrl"="http://clientlog.users.conduit.com/ClientDiagnostics.asmx?op=ReportDiagnosticsEvent"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\DynamicDialogs]"ServiceUrl"="http://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=EB_TOOLBAR_VERSION"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\GottenAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=EB_LOCALE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\OtherAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=EB_LOCALE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\SearchSettings]"ServiceUrl"="http://API.search.conduit.com/Settings/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\SharedAppsContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=EB_LOCALE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarAppComponentUsage]"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarAppUsage]"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarComponentUsage]"ServiceUrl"="http://component.usage.toolbar.conduit-services.com/ToolbarComponentUsage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarContextMenu]"ServiceUrl"="http://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=EB_LOCALE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarLogin]"ServiceUrl"="http://login.toolbar.conduit-services.com/Login.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarSettings]"ServiceUrl"="http://settings.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarSettingsForPublisher]"ServiceUrl"="http://settings.publisher.toolbar.conduit-services.com/?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarSettingsForSB]"ServiceUrl"="http://settings706.toolbar.conduit-services.com/ToolbarSettings/sb.ashx?ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarTranslation]"ServiceUrl"="http://translation.toolbar.conduit-services.com/?locale=EB_LOCALE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarUninstall]"ServiceUrl"="http://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\ToolbarUsage]"ServiceUrl"="http://usage.toolbar.conduit-services.com/ToolbarUsage.ashx"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036\UninstallDialog]"ServiceUrl"="http://UninstallDialog.conduit-services.com/view/view.aspx?ctid=EB_TOOLBAR_ID&version=EB_TOOLBAR_VERSION"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036_CT3052036][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\conduit_CT3052036_en][HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\1857152017]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3051000096]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3263481306]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3320074586]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3651758780]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3700054771]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3729997684]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\3891600977]"dbname"="conduit_CT3052036_en"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\621089057]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\Repository\MetaData\667275953]"dbname"="conduit_CT3052036_CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings]"SocialDomains"="social.conduit.com;apps.conduit.com;services.apps.conduit.com"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings]"APITrustedDomains"="conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCityToolbar.com,MyCollegeToolbar.com,MyFamilyToolbar.com,MyForumToolbar.com,MyLibraryToolbar.com,MyRadioToolbar.com,MyStoreToolbar.com,MyTownToolbar.com,MyUniversityToolbar.com,OurChurchToolbar.com,MyXangaToolbar.com,Media-Toolbar.com,LoyaltyToolbar.com,MyTeamToolbar.com,GreatToolbars.com,OurOrganizationToolbar.com,OurBusinessToolbar.com,Toolbar.fm"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\FeatureProtector\BrowserSearch]"URLFromService"="http://search.conduit.com?SearchSource=10&ctid=CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\FeatureProtector\BrowserSearch]"ConduitEnabled"="TRUE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\FeatureProtector\HomePage]"URLFromService"="http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3052036"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\FeatureProtector\HomePage]"ConduitEnabled"="TRUE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\MyStuff]"AddStuffLink"="http://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\MyStuff]"ConduitEnable"="TRUE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\RadioPlayer]"ServerUrl"="http://radio.services.conduit.com/RadioRequest.ctp"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\Search\Settings]"ContextMenuSearchUrl"="http://search.conduit.com/ResultsExt.aspx?q=MYSEARCHTERM&ctid=EB_CTID&octid=EB_ORIGINAL_CTID&SearchSource=8"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\SearchInNewTab]"AboutTabsDataUrlConduit"="http://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\SearchInNewTab]"AboutTabsEnabledByConduit"="TRUE"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\SearchInNewTab]"AboutTabsUsageUrl"="http://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\Update]"ModuleURL"="http://ieupdate.conduit.com/ver6.5.2.8/tbedrs.dll"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\Upgrade]"ModuleURL"="http://ieupgrade.conduit-download.com/IEUpgrade/ver6.5.2.8/tbedrs.dll"[HKEY_USERS\S-1-5-18\Software\AppDataLow\Software\Quizulous_v3b\toolbar\settings\Weather]"SearchServerUrl"="http://search.conduit.com/" Searching for "BackgroundContainer"No data found. -= EOF =-
  10. I keep running into that doggone Conduit thingamy! I'd like to have the guy who came up with that atrocity shot! What a nuisance! I'd sure like to know where I keep picking it up from, so I can stay away from there for good! Here's the fixlog: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-02-2014 01Ran by Laurie at 2014-02-13 19:28:28 Run:2Running from C:\Users\Laurie\DesktopBoot Mode: Normal============================================== Content of fixlist:*****************CHR Plugin: (Conduit Chrome Plugin) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll No FileCHR Plugin: (Conduit Radio Plugin) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll No FileCHR Plugin: (Java™ Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No File ***************** C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll not found.C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll not found.C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => Moved successfully.C:\Windows\SysWOW64\npDeployJava1.dll not found. ==== End of Fixlog ====
  11. Here's the latest FRST log: Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-02-2014 01 Ran by Laurie (administrator) on ZINCS-HP on 13-02-2014 08:14:41Running from C:\Users\Laurie\DesktopWindows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)Internet Explorer Version 11Boot Mode: Normal The only official download link for FRST:Download link for 32-Bit version: Download link for 64-Bit Version: Download link from any site other than Bleeping Computer is unpermitted or outdated.See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (AMD) C:\Windows\system32\atiesrxx.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe(AMD) C:\Windows\system32\atieclxx.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe(CrypKey (Canada) Ltd.) C:\Windows\system32\crypserv.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe(Gladinet, INC) C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe() C:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exe(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe(Interactive Brands Inc.) C:\Program Files (x86)\PDF Suite 2012\HelperService.exe(Interactive Brands Inc.) C:\Program Files (x86)\PDF Suite 2012\ConversionService.exe() C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe(Skype Technologies S.A.) C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE(Yahoo! Inc.) C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe(Cisco Systems, Inc.) C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exe(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exe(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe(Symantec Corporation) C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(White Sky, Inc.) C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exe(Bartels Media GmbH) C:\Program Files (x86)\PhraseExpress\phraseexpress.exe(Nicolas Kruse) C:\Program Files (x86)\Nettalk6\Nettalk.exe(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\PDF Create 7\PdfCreate7Hook.exe(Eastman Kodak Company) C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Secure By Design Inc.) C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Python Software Foundation) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe(Secure By Design Inc.) C:\Users\Laurie\AppData\Local\Temp\8e90c43c-9455-11e3-ad43-6805ca1e2e3b\Ninite.exe(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe(The Nielsen Company) C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\NielsenOnline64.exe(Plex, Inc.) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) ================== HKLM\...\Run: [hpsysdrv] - c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-20] (Hewlett-Packard)HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13662936 2013-10-24] (Realtek Semiconductor)HKLM-x32\...\Run: [NielsenOnline] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exe [91688 2013-10-30] (The Nielsen Company)HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-06] (Apple Inc.)HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [336384 2011-07-13] (Advanced Micro Devices, Inc.)HKLM-x32\...\Run: [PDF7 Registry Controller] - C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exe [138528 2011-04-29] (Nuance Communications, Inc.)HKLM-x32\...\Run: [OmniPage Preload] - C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe [2983200 2011-05-10] (Nuance Communications, Inc.)HKLM-x32\...\Run: [PDFHook] - C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exe [606496 2011-04-29] (Nuance Communications, Inc.)HKLM-x32\...\Run: [Nuance OmniPage 18-reminder] - C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe [333088 2010-10-27] (Nuance Communications, Inc.)HKLM-x32\...\Run: [EKStatusMonitor] - C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXE [2784256 2012-06-19] (Eastman Kodak Company)HKLM-x32\...\Run: [Ninite Updater] - C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe [254160 2013-01-30] (Secure By Design Inc.)HKLM-x32\...\Run: [TkBellExe] - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe [295512 2013-09-11] (RealNetworks, Inc.)HKLM-x32\...\Run: [Conime] - %windir%\system32\conime.exeHKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-06] (Apple Inc.)HKU\.DEFAULT\...\RunOnce: [KodakHomeCenter] - C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe [2234840 2012-06-18] (Eastman Kodak Company)HKU\S-1-5-21-3877766120-1356258156-1109172098-1001\...\Run: [Plex Media Server] - C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe [4277896 2013-12-23] (Plex, Inc.)HKU\S-1-5-21-3877766120-1356258156-1109172098-1001\...\Run: [GoogleDriveSync] - C:\Program Files (x86)\Google\Drive\googledrivesync.exe [21822128 2014-01-30] (Google)HKU\S-1-5-21-3877766120-1356258156-1109172098-1001\...\Run: [TWC.Win7] - C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exeHKU\S-1-5-21-3877766120-1356258156-1109172098-1001\...\Run: [GoogleChromeAutoLaunch_E76C975296F20119B357F0CF28EB7223] - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [866632 2014-02-01] (Google Inc.)Startup: C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Nettalk.lnkShortcutTarget: Nettalk.lnk -> C:\Program Files (x86)\Nettalk6\Nettalk.exe (Nicolas Kruse) ==================== Internet (Whitelisted) ==================== HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearchStartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exeSearchScopes: HKLM - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKLM - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)BHO-x32: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)BHO-x32: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\IPSBHO.DLL (Symantec Corporation)Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\coIEPlg.dll (Symantec Corporation)Toolbar: HKLM-x32 - The Weather Channel Toolbar - {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWow64\TwcToolbarIe7.dll ()Toolbar: HKLM-x32 - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No FileToolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coIEPlg.dll (Symantec Corporation)Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No FileHandler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll (Cisco Systems, Inc.)Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll (Cisco Systems, Inc.)Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76Tcpip\..\Interfaces\{4AAE8CCC-600E-457C-AA28-C0D50643B0CA}: [NameServer]208.67.222.222,208.67.220.220Tcpip\..\Interfaces\{C92ED2A1-DD1B-4AB0-ABFC-F7CBA6D0159A}: [NameServer]75.75.75.75,75.75.76.76 FireFox:========FF ProfilePath: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\n8eu6h0m.ZalloyFF SelectedSearchEngine: YahooFF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_44.dll ()FF Plugin: @microsoft.com/GENUINE - C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()FF Plugin-x32: @nielsen/FirefoxTracker - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\npfirefoxtracker.dll (Nielsen)FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)FF Plugin HKCU: @citrixonline.com/appdetectorplugin - C:\Users\Laurie\AppData\Local\Citrix\Plugins\104\npappdetector.dll (Citrix Online)FF Plugin HKCU: @hulu.com/Hulu Desktop - C:\Users\Laurie\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)FF Plugin HKCU: @millisecond.com/npInquisit,version=3.0 - C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)FF Extension: PrivDog - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\n8eu6h0m.Zalloy\Extensions\PrivDog@AdTrustMedia.com.xpi [2013-11-12]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-03]FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013-10-03]FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-11]FF HKLM-x32\...\Firefox\Extensions: [{97E22097-9A2F-45b1-8DAF-36AD648C7EF4}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-09-28]FF HKLM-x32\...\Firefox\Extensions: [{C3949AC2-4B17-43ee-B4F1-D26B9D42404D}] - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\ExtFF Extension: RealPlayer Browser Record Plugin - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011-09-28]FF HKLM-x32\...\Firefox\Extensions: [FFPDFConverter2012@ib.com] - C:\Program Files (x86)\PDF Suite 2012\firefoxextension2012FF Extension: PDF Suite 2012 Converter For Firefox - C:\Program Files (x86)\PDF Suite 2012\firefoxextension2012 [2012-08-12]FF HKLM-x32\...\Firefox\Extensions: [netsight@nielsen.com] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\netsight@nielsen.xpiFF Extension: Nielsen NetSight - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\netsight@nielsen.xpi [2014-02-12]FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-16]FF HKLM-x32\...\Firefox\Extensions: [{DF153AFF-6948-45d7-AC98-4FC4AF8A08E2}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\ExtFF Extension: RealDownloader - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013-09-11]FF HKLM-x32\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFFFF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\IPSFF [2013-11-14]FF HKLM-x32\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_21.1.0.18\coFFPlgn\ []FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-04-16] Chrome: =======CHR HomePage: CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\PepperFlash\pepflashplayer.dll ()CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewerCHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\ppGoogleNaClPluginChrome.dll ()CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\pdf.dll ()CHR Plugin: (NielsenOnline) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh\1.7.2_0\chrometracker.dll No FileCHR Plugin: (Conduit Chrome Plugin) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/ConduitChromeApiPlugin.dll No FileCHR Plugin: (Conduit Radio Plugin) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ojpijjmpahflnipadmlpgbjmagmjchkk\10.11.21.5_0\plugins/np-cwmp.dll No FileCHR Plugin: (Authorware Web Player) - C:\Program Files (x86)\Mozilla Firefox\plugins\np32asw.dll No FileCHR Plugin: (CouponNetwork Coupon Activator Netscape Plugin v. 5.0.0.0) - C:\Program Files (x86)\Mozilla Firefox\plugins\NPcol400.dll No FileCHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll No FileCHR Plugin: (Coupons Inc., Coupon Printer Manager ) - C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll No FileCHR Plugin: (RealPlayer G2 LiveConnect-Enabled Plug-In (32-bit) ) - C:\Program Files (x86)\Mozilla Firefox\plugins\nppl3260.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll No FileCHR Plugin: (QuickTime Plug-in 7.7.2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll No FileCHR Plugin: (RealJukebox NS Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprjplug.dll No FileCHR Plugin: (RealPlayer Download Plugin) - C:\Program Files (x86)\Mozilla Firefox\plugins\nprpplugin.dll No FileCHR Plugin: (Microsoft® Windows Media Player Firefox Plugin) - C:\Users\Laurie\AppData\Roaming\Mozilla\plugins\np-mswmp.dll No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL No FileCHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL No FileCHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll No FileCHR Plugin: (Java Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll No FileCHR Plugin: (Inquisit Web Edition) - C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dll (Millisecond Software)CHR Plugin: (Nielsen FirefoxTracker Plug-in) - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter1\FirefoxAddOns\npfirefoxtracker.dll No FileCHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)CHR Plugin: (Windows Live Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()CHR Plugin: (RealNetworks Chrome Background Extension Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)CHR Plugin: (RealPlayer HTML5VideoShim Plug-In (32-bit) ) - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)CHR Plugin: (Hulu Desktop) - C:\Users\Laurie\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dll (Hulu LLC)CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll No FileCHR Plugin: (Java Deployment Toolkit 7.0.70.11) - C:\Windows\SysWOW64\npDeployJava1.dll No FileCHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll No FileCHR Extension: (Your Second Phone) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\afgcliennfocnaoenlkmlhoakpaflpgo [2012-11-08]CHR Extension: (myPlex Queue Extension) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil [2012-11-08]CHR Extension: (Quttera URL Scanner) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\akakpmcaifloabilokpjlaipdkoofldh [2012-11-08]CHR Extension: (reddit companion) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\algjnflpgoopkdijmkalfcifomdhmcbe [2012-11-20]CHR Extension: (Google Docs) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-11-14]CHR Extension: (Google Drive) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2012-11-08]CHR Extension: (WOT) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2012-11-08]CHR Extension: (YouTube) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-11-08]CHR Extension: (DuckDuckGo for Chrome) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpphkkgodbfncbcpgopijlfakfgmclao [2013-12-01]CHR Extension: (Look of Disapproval) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmomlddchhdnchpieaalgkpgaafohlbn [2013-12-07]CHR Extension: (Google Search) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-11-08]CHR Extension: (HelloSign for Gmail) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dciflieigdmogpmamcgbigingaodhnil [2014-01-11]CHR Extension: (Tampermonkey) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2013-09-13]CHR Extension: (Ark Browser Plugin) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\edppjepaddkecolndfomijbbccbepinm [2014-01-07]CHR Extension: (XFINITY Constant Guard Protection Suite) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\faknfdmfmhcmgphbfjhgmomfcihmocmp [2014-01-12]CHR Extension: (AdBlock) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2012-11-08]CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2014-01-11]CHR Extension: (Who just called me) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\glhcgdibajkpglmfokkdonkhlekfepkk [2012-11-08]CHR Extension: (Rapportive) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\hihakjfhbmlmjdnnhegiciffjplmdhin [2013-12-07]CHR Extension: (Crackle) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibfamoapbmmmlknoopmmfofgladlinic [2013-12-18]CHR Extension: (Cloud Reader) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2012-11-08]CHR Extension: (RealDownloader) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2013-01-05]CHR Extension: (World Weather) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jefnaahehlimdapgicdacbgklnedgoje [2012-11-08]CHR Extension: (Nielsen) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgceplfonlgodadnpognljgdjlcnpjnh [2012-11-08]CHR Extension: (Reddit Enhancement Suite) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb [2012-12-09]CHR Extension: (The Great Suspender) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\klbibkeccnjlkjkiokjodocebajanakg [2013-10-14]CHR Extension: (WorkFlowy) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\koegeopamaoljbmhnfjbclbocehhgmkm [2014-01-11]CHR Extension: (SaferChrome) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lgpkjjingioekjianemgdobchenebhek [2012-11-08]CHR Extension: (Skype Click to Call) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2013-10-03]CHR Extension: (Norton Identity Protection) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-11-14]CHR Extension: (AutoPager Chrome) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmgagnmbebdebebbcleklifnobamjonh [2013-09-13]CHR Extension: (USA Live TV) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmmeaepdaebmaapbobonajamkacmecif [2012-11-08]CHR Extension: (Doom + Hexen + Heretic, the originals) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\negldoenmhdionjghohdjipppiicoedl [2012-11-08]CHR Extension: (Google Wallet) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-13]CHR Extension: (Advanced Scientific Calci) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\okoiphachmdeohichmbglbllbhhphhcp [2014-01-11]CHR Extension: (Gmail) - C:\Users\Laurie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-11-08]CHR HKLM-x32\...\Chrome\Extension: [idhngdhcfkoamngbedgpaokgjbnpdiji] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx [2013-08-14]CHR HKLM-x32\...\Chrome\Extension: [jgceplfonlgodadnpognljgdjlcnpjnh] - C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\extension.crx [2013-12-20]CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx [2013-09-16]CHR HKLM-x32\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\Exts\Chrome.crx [2014-01-23] ==================== Services (Whitelisted) ================= R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [361984 2011-07-13] (Advanced Micro Devices, Inc.)R2 Crypkey License; C:\Windows\system32\crypserv.exe [122880 2008-05-07] (CrypKey (Canada) Ltd.)R2 GladFileMonSvc; C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [29552 2011-05-09] (Gladinet, INC)R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)R2 N360; C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [264360 2013-10-18] (Symantec Corporation)R2 NielsenUpdate; C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2838568 2013-10-30] (The Nielsen Company)R2 PDF Suite 2012 Helper Service; C:\Program Files (x86)\PDF Suite 2012\HelperService.exe [815496 2012-07-31] (Interactive Brands Inc.)R2 PDF Suite 2012 Service; C:\Program Files (x86)\PDF Suite 2012\ConversionService.exe [724360 2012-07-31] (Interactive Brands Inc.)R2 RealNetworks Downloader Resolver Service; C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [39056 2013-08-14] ()S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [117264 2010-06-25] (CACE Technologies, Inc.)R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-10-16] (Realtek Semiconductor) ==================== Drivers (Whitelisted) ==================== R1 AntiLog32; C:\Windows\system32\drivers\AntiLog64.sys [49240 2014-01-11] (Zemana Ltd.)S3 AODDriver4.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [55424 2011-06-24] (Advanced Micro Devices)R1 BHDrvx64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [1526488 2013-12-17] (Symantec Corporation)R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1501000.012\ccSetx64.sys [162392 2013-09-25] (Symantec Corporation)R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [484952 2013-11-20] (Symantec Corporation)R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [137648 2013-11-20] (Symantec Corporation)R0 gfibto; C:\Windows\System32\drivers\gfibto.sys [14456 2013-06-08] (GFI Software)R1 IDSVia64; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140212.001\IDSvia64.sys [521944 2014-01-20] (Symantec Corporation)R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2012-06-11] (Printing Communications Assoc., Inc. (PCAUSA))S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.sys [43008 2012-06-11] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2012-06-11] (Printing Communications Assoc., Inc. (PCAUSA))S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.sys [40960 2012-06-11] (Printing Communications Assoc., Inc. (PCAUSA))R3 NAVENG; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140212.033\ENG64.SYS [126040 2013-12-18] (Symantec Corporation)R3 NAVEX15; C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\VirusDefs\20140212.033\EX64.SYS [2099288 2013-12-18] (Symantec Corporation)R1 NetworkX; C:\Windows\system32\ckldrv.sys [28664 2008-03-17] ()R1 nnfwdk; C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\nnfwdk64.sys [26664 2013-12-18] (The Nielsen Company)R2 NPF; C:\Windows\System32\drivers\npf.sys [35344 2010-06-25] (CACE Technologies, Inc.)S3 prwntdrv; C:\Windows\system32\prwntdrv.sys [16776 2010-08-25] ()S3 prwntdrv; C:\Windows\SysWOW64\prwntdrv.sys [13704 2010-08-25] ()S3 pwdrvio; C:\Windows\system32\pwdrvio.sys [19936 2010-04-09] ()S3 pwdspio; C:\Windows\system32\pwdspio.sys [13280 2010-04-09] ()S3 rspSanity; C:\Windows\System32\DRIVERS\rspSanity64.sys [29752 2010-08-23] (Resplendence Software Projects Sp.)R3 SRTSP; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSP64.SYS [858200 2013-09-26] (Symantec Corporation)R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1501000.012\SRTSPX64.SYS [36952 2013-09-09] (Symantec Corporation)R0 SymDS; C:\Windows\System32\drivers\N360x64\1501000.012\SYMDS64.SYS [493656 2013-09-09] (Symantec Corporation)R0 SymEFA; C:\Windows\System32\drivers\N360x64\1501000.012\SYMEFA64.SYS [1147480 2013-09-26] (Symantec Corporation)R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [177752 2013-11-14] (Symantec Corporation)R1 SymIRON; C:\Windows\system32\drivers\N360x64\1501000.012\Ironx64.SYS [264280 2013-09-26] (Symantec Corporation)R1 SymNetS; C:\Windows\system32\drivers\N360x64\1501000.012\SYMNETS.SYS [590936 2013-09-25] (Symantec Corporation)U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)S3 catchme; \??\C:\ComboFix\catchme.sys [X]U2 ccEvtMgr; U2 ccSetMgr; S3 keycrypt; system32\DRIVERS\KeyCrypt64.sys [X]S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]U3 navapsvc; U3 SAVRT; U1 SAVRTPEL; U3 TlntSvr; S3 WUSB54GSCv2.NTamd64; system32\DRIVERS\WUSB54GSCV2_AMD64.sys [X] ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2014-02-12 22:44 - 2013-11-26 18:29 - 05693440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll2014-02-12 22:44 - 2013-11-26 17:49 - 06573056 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll2014-02-12 16:49 - 2013-10-01 21:22 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\TsUsbFlt.sys2014-02-12 16:49 - 2013-10-01 21:11 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyControl.exe2014-02-12 16:49 - 2013-10-01 21:08 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbRedirectionGroupPolicyExtension.dll2014-02-12 16:49 - 2013-10-01 20:48 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\MsRdpWebAccess.dll2014-02-12 16:49 - 2013-10-01 20:48 - 00018944 _____ (Microsoft Corporation) C:\Windows\system32\wksprtPS.dll2014-02-12 16:49 - 2013-10-01 20:29 - 00062976 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll2014-02-12 16:49 - 2013-10-01 20:10 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\TsUsbGDCoInstaller.dll2014-02-12 16:49 - 2013-10-01 19:15 - 01057280 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll2014-02-12 16:49 - 2013-10-01 19:14 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MsRdpWebAccess.dll2014-02-12 16:49 - 2013-10-01 19:14 - 00017920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wksprtPS.dll2014-02-12 16:49 - 2013-10-01 19:08 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\TSWbPrxy.exe2014-02-12 16:49 - 2013-10-01 19:01 - 00420864 _____ (Microsoft Corporation) C:\Windows\system32\wksprt.exe2014-02-12 16:49 - 2013-10-01 18:58 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll2014-02-12 16:49 - 2013-10-01 18:31 - 01147392 _____ (Microsoft Corporation) C:\Windows\system32\mstsc.exe2014-02-12 16:49 - 2013-10-01 18:08 - 00855552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll2014-02-12 16:49 - 2013-10-01 17:34 - 01068544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstsc.exe2014-02-12 16:44 - 2013-12-21 04:53 - 00548864 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll2014-02-12 16:44 - 2013-12-21 03:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll2014-02-12 16:43 - 2014-02-06 07:16 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-02-12 16:43 - 2014-02-06 06:30 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-02-12 16:43 - 2014-02-06 06:30 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-02-12 16:43 - 2014-02-06 06:12 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-12 16:43 - 2014-02-06 06:07 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-02-12 16:43 - 2014-02-06 06:06 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-02-12 16:43 - 2014-02-06 05:57 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-12 16:43 - 2014-02-06 05:56 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-02-12 16:43 - 2014-02-06 05:52 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-02-12 16:43 - 2014-02-06 05:49 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-12 16:43 - 2014-02-06 05:48 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-02-12 16:43 - 2014-02-06 05:48 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-02-12 16:43 - 2014-02-06 05:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-12 16:43 - 2014-02-06 05:32 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-02-12 16:43 - 2014-02-06 05:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-12 16:43 - 2014-02-06 05:17 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-02-12 16:43 - 2014-02-06 05:11 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-12 16:43 - 2014-02-06 05:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-02-12 16:43 - 2014-02-06 05:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-02-12 16:43 - 2014-02-06 04:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-12 16:43 - 2014-02-06 04:57 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-12 16:43 - 2014-02-06 04:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-12 16:43 - 2014-02-06 04:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-02-12 16:43 - 2014-02-06 04:50 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-12 16:43 - 2014-02-06 04:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-02-12 16:43 - 2014-02-06 04:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-12 16:43 - 2014-02-06 04:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-02-12 16:43 - 2014-02-06 04:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-12 16:43 - 2014-02-06 04:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-02-12 16:43 - 2014-02-06 04:24 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-12 16:43 - 2014-02-06 04:22 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-12 16:43 - 2014-02-06 04:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-12 16:43 - 2014-02-06 04:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-12 16:43 - 2014-02-06 04:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-12 16:43 - 2014-02-06 03:55 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-12 16:43 - 2014-02-06 03:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-12 16:43 - 2014-02-06 03:40 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-02-12 16:43 - 2014-02-06 03:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-12 16:43 - 2014-02-06 03:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-02-12 16:42 - 2013-12-31 18:05 - 00420008 _____ () C:\Windows\SysWOW64\locale.nls2014-02-12 16:42 - 2013-12-31 18:04 - 00420008 _____ () C:\Windows\system32\locale.nls2014-02-12 16:42 - 2013-12-24 18:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10warp.dll2014-02-12 16:42 - 2013-12-24 17:48 - 02565120 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll2014-02-12 16:42 - 2013-12-05 21:30 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll2014-02-12 16:42 - 2013-12-05 21:30 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll2014-02-12 16:42 - 2013-12-05 21:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll2014-02-12 16:42 - 2013-12-05 21:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll2014-02-12 16:42 - 2013-12-03 21:27 - 00488448 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll2014-02-12 16:42 - 2013-12-03 21:27 - 00485888 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll2014-02-12 16:42 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll2014-02-12 16:42 - 2013-12-03 21:27 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll2014-02-12 16:42 - 2013-12-03 21:26 - 00528384 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll2014-02-12 16:42 - 2013-12-03 21:16 - 00658432 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe2014-02-12 16:42 - 2013-12-03 21:16 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe2014-02-12 16:42 - 2013-12-03 21:16 - 00553984 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe2014-02-12 16:42 - 2013-12-03 21:16 - 00552960 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe2014-02-12 16:42 - 2013-12-03 21:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc.dll2014-02-12 16:42 - 2013-12-03 21:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_isv.dll2014-02-12 16:42 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp_isv.dll2014-02-12 16:42 - 2013-12-03 21:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secproc_ssp.dll2014-02-12 16:42 - 2013-12-03 21:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msdrm.dll2014-02-12 16:42 - 2013-12-03 20:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_isv.exe2014-02-12 16:42 - 2013-12-03 20:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate.exe2014-02-12 16:42 - 2013-12-03 20:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp.exe2014-02-12 16:42 - 2013-12-03 20:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RMActivate_ssp_isv.exe2014-02-12 16:42 - 2013-11-26 03:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll2014-02-12 16:42 - 2013-11-22 17:48 - 03928064 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll2014-02-12 16:42 - 2013-09-24 21:23 - 01030144 _____ (Microsoft Corporation) C:\Windows\system32\TSWorkspace.dll2014-02-12 16:42 - 2013-09-24 20:57 - 00792576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSWorkspace.dll2014-02-12 08:04 - 2014-02-12 08:05 - 00448512 _____ (OldTimer Tools) C:\Users\Laurie\Desktop\TFC.exe2014-02-11 17:30 - 2014-02-11 17:30 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-11 17:29 - 2014-02-11 17:30 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-02-11 17:29 - 2014-02-11 17:30 - 00000000 ____D () C:\Program Files\iTunes2014-02-11 17:29 - 2014-02-11 17:29 - 00000000 ____D () C:\Program Files\iPod2014-02-11 17:25 - 2014-02-11 17:26 - 148896080 _____ (Apple Inc.) C:\Users\Laurie\Desktop\iTunes64Setup.exe2014-02-11 15:37 - 2014-02-11 15:37 - 00000210 _____ () C:\Users\Laurie\Desktop\esi30multi.wvx2014-02-11 08:45 - 2014-02-11 08:45 - 03175832 _____ (Microsoft Corporation) C:\Users\Laurie\Desktop\vcredist_x64.EXE2014-02-11 08:45 - 2014-02-11 08:45 - 02707352 _____ (Microsoft Corporation) C:\Users\Laurie\Desktop\vcredist_x86.EXE2014-02-11 08:43 - 2014-02-11 08:43 - 13789944 _____ (Bartels Media GmbH ) C:\Users\Laurie\Desktop\PhraseExpressSetup.exe2014-02-11 08:22 - 2014-02-11 08:22 - 00987425 _____ () C:\Users\Laurie\Desktop\SecurityCheck (1).exe2014-02-10 23:15 - 2014-02-13 07:20 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-02-10 23:15 - 2014-02-12 23:20 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-02-10 23:15 - 2014-02-10 23:15 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-02-10 23:15 - 2014-02-10 23:15 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-02-10 21:40 - 2014-02-13 08:14 - 00000000 ____D () C:\Users\Laurie\Desktop\FRST-OlderVersion2014-02-10 21:33 - 2014-02-10 21:33 - 00000000 ____D () C:\Users\Laurie\Desktop\RemoveJava2014-02-10 21:32 - 2014-02-10 21:32 - 00165483 _____ () C:\Users\Laurie\Downloads\JavaRa-1.16-28-5-13.zip2014-02-10 18:39 - 2014-02-10 18:39 - 00164147 _____ () C:\ComboFix.txt2014-02-10 15:48 - 2014-02-10 15:48 - 05180173 ____R (Swearware) C:\Users\Laurie\Desktop\ComboFix.exe2014-02-09 12:31 - 2014-02-09 12:32 - 00059751 _____ () C:\Users\Laurie\Desktop\Addition.txt2014-02-09 12:30 - 2014-02-13 08:14 - 00035459 _____ () C:\Users\Laurie\Desktop\FRST.txt2014-02-09 12:25 - 2014-02-13 08:14 - 02152448 _____ (Farbar) C:\Users\Laurie\Desktop\FRST64.exe2014-02-09 12:25 - 2014-02-13 08:14 - 00000000 ____D () C:\FRST2014-02-09 12:24 - 2014-02-09 12:24 - 00008267 _____ () C:\Users\Laurie\Desktop\eset.txt2014-02-09 10:22 - 2014-02-09 10:22 - 02347384 _____ (ESET) C:\Users\Laurie\Desktop\esetsmartinstaller_enu (1).exe2014-02-09 08:24 - 2014-02-09 08:24 - 02347384 _____ (ESET) C:\Users\Laurie\Desktop\esetsmartinstaller_enu.exe2014-02-08 23:14 - 2014-02-12 21:21 - 00000000 ____D () C:\ProgramData\boost_interprocess2014-02-08 23:06 - 2014-02-08 23:06 - 00001869 _____ () C:\Users\Laurie\Desktop\JRT.txt2014-02-08 22:34 - 2014-02-08 22:34 - 01166132 _____ () C:\Users\Laurie\Desktop\AdwCleaner.exe2014-02-08 22:34 - 2014-02-08 22:34 - 01037530 _____ (Thisisu) C:\Users\Laurie\Desktop\JRT.exe2014-02-08 22:15 - 2014-02-08 22:54 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-08 22:15 - 2014-02-08 22:33 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-08 22:15 - 2014-02-08 22:15 - 00000000 ____D () C:\Users\Laurie\Desktop\MBAM-AR2014-02-08 22:14 - 2014-02-08 22:14 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Laurie\Desktop\mbar-1.07.0.1009.exe2014-02-08 17:38 - 2014-02-08 17:38 - 00003127 _____ () C:\Users\Laurie\Desktop\RKreport[0]_S_02082014_173818.txt2014-02-08 17:34 - 2014-02-08 17:34 - 00000930 _____ () C:\Users\Laurie\Desktop\NTREGOPT.lnk2014-02-08 17:34 - 2014-02-08 17:34 - 00000911 _____ () C:\Users\Laurie\Desktop\ERUNT.lnk2014-02-08 17:34 - 2014-02-08 17:34 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-08 17:33 - 2014-02-08 17:33 - 00002740 _____ () C:\Users\Laurie\Desktop\Rkill.txt2014-02-08 16:35 - 2014-02-08 16:35 - 04403200 _____ () C:\Users\Laurie\Desktop\RogueKillerX64.exe2014-02-08 16:35 - 2014-02-08 16:35 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Laurie\Desktop\rkill.exe2014-02-08 16:35 - 2014-02-08 16:35 - 00791393 _____ (Lars Hederer ) C:\Users\Laurie\Desktop\erunt-setup.exe2014-02-07 17:50 - 2014-02-11 17:43 - 00027291 _____ () C:\Users\Laurie\Desktop\dds.txt2014-02-07 17:46 - 2014-02-07 17:46 - 00688992 ____R (Swearware) C:\Users\Laurie\Desktop\dds.com2014-02-07 17:40 - 2014-02-07 17:41 - 00065325 _____ () C:\Users\Laurie\Desktop\CheckResults.txt2014-02-07 14:42 - 2014-02-07 14:42 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Laurie\Desktop\mbam-check-2.0.0.1000.exe2014-02-07 07:52 - 2014-02-07 07:52 - 00001082 _____ () C:\Users\Public\Desktop\Google Drive.lnk2014-02-05 22:22 - 2014-02-11 13:14 - 00000000 ____D () C:\ProgramData\Cloudmark2014-02-05 17:23 - 2014-02-05 17:23 - 00599089 _____ () C:\Users\Laurie\Documents\Balance Sheet - Rent2014-02-05 13:03 - 2014-02-05 13:03 - 00000000 ____D () C:\Users\Laurie\AppData\Local\Skype2014-02-04 22:07 - 2014-02-04 22:07 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-02-04 13:41 - 2014-02-04 13:41 - 23642336 _____ (Cloudmark, Inc.) C:\Users\Laurie\Downloads\CloudmarkDesktopOne1.5.0.exe2014-01-30 15:34 - 2014-01-30 15:34 - 00000736 _____ () C:\Users\Laurie\Downloads\LeadFerret_vCard_Margaret_Castillo.vcf2014-01-28 09:05 - 2014-01-28 09:05 - 13318496 _____ (Bartels Media GmbH ) C:\Users\Laurie\Downloads\PhraseExpressSetup (5).exe2014-01-28 09:04 - 2014-02-03 18:33 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\DropboxMaster2014-01-25 11:03 - 2014-01-25 11:03 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk2014-01-25 11:02 - 2014-02-13 07:52 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3877766120-1356258156-1109172098-1001.job2014-01-25 11:02 - 2014-02-03 19:03 - 00003572 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3877766120-1356258156-1109172098-10012014-01-18 21:54 - 2014-01-18 21:54 - 00002223 _____ () C:\Users\Laurie\Desktop\HP Support Assistant.lnk2014-01-18 21:52 - 2014-01-18 21:52 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}2014-01-17 14:25 - 2014-01-17 14:25 - 00020480 _____ () C:\Users\Laurie\Downloads\vcfviewer-1.1.exe2014-01-17 14:13 - 2014-01-17 14:13 - 00000669 _____ () C:\Users\Laurie\Downloads\LeadFerret_vCard_Steve_Lagnado.vcf2014-01-17 13:07 - 2014-02-12 21:21 - 00000000 ___RD () C:\Users\Laurie\Google Drive2014-01-17 13:07 - 2014-01-17 13:07 - 00001704 _____ () C:\Users\Laurie\Desktop\Google Drive.lnk2014-01-17 13:04 - 2014-02-07 07:52 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk2014-01-17 13:04 - 2014-02-07 07:52 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk2014-01-17 13:04 - 2014-02-07 07:52 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk2014-01-17 13:03 - 2014-01-17 13:03 - 00819136 _____ (Google Inc.) C:\Users\Laurie\Downloads\googledrivesync.exe2014-01-16 20:39 - 2014-01-16 20:49 - 00000000 ____D () C:\Users\Laurie\Documents\EllaSchool2014-01-16 09:40 - 2014-01-16 09:40 - 00000000 ____D () C:\Program Files (x86)\LG Electronics2014-01-16 09:38 - 2014-01-16 09:39 - 11412680 _____ (LG Electronics) C:\Users\Laurie\Downloads\LGUnitedMobileDriver_S50MAN310AP22_ML_WHQL_Ver_3.10.1.exe2014-01-14 20:21 - 2014-01-14 20:21 - 63048176 _____ (Plex, Inc.) C:\Users\Laurie\Downloads\Plex-Media-Server-0.9.818.290-11b7fdd-en-US (1).exe2014-01-14 16:33 - 2013-11-26 20:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys2014-01-14 16:33 - 2013-11-26 20:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbport.sys2014-01-14 16:33 - 2013-11-26 20:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbccgp.sys2014-01-14 16:33 - 2013-11-26 20:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbehci.sys2014-01-14 16:33 - 2013-11-26 20:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbuhci.sys2014-01-14 16:33 - 2013-11-26 20:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbohci.sys2014-01-14 16:33 - 2013-11-26 20:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbd.sys2014-01-14 16:33 - 2013-11-26 06:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys2014-01-14 16:33 - 2013-11-26 05:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys ==================== One Month Modified Files and Folders ======= 2014-02-13 08:15 - 2014-02-09 12:30 - 00035459 _____ () C:\Users\Laurie\Desktop\FRST.txt2014-02-13 08:14 - 2014-02-10 21:40 - 00000000 ____D () C:\Users\Laurie\Desktop\FRST-OlderVersion2014-02-13 08:14 - 2014-02-09 12:25 - 02152448 _____ (Farbar) C:\Users\Laurie\Desktop\FRST64.exe2014-02-13 08:14 - 2014-02-09 12:25 - 00000000 ____D () C:\FRST2014-02-13 07:58 - 2012-05-08 10:39 - 00000830 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job2014-02-13 07:52 - 2014-01-25 11:02 - 00000540 _____ () C:\Windows\Tasks\G2MUpdateTask-S-1-5-21-3877766120-1356258156-1109172098-1001.job2014-02-13 07:20 - 2014-02-10 23:15 - 00000898 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job2014-02-13 03:41 - 2011-07-23 16:55 - 00000000 ____D () C:\Program Files (x86)\Constant Guard Protection Suite2014-02-13 03:02 - 2011-07-21 15:13 - 01442772 _____ () C:\Windows\WindowsUpdate.log2014-02-12 23:20 - 2014-02-10 23:15 - 00000894 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job2014-02-12 22:31 - 2011-07-23 16:55 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\ID Vault2014-02-12 21:59 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\rescache2014-02-12 21:22 - 2013-06-08 20:54 - 00000000 ____D () C:\ID Vault2014-02-12 21:21 - 2014-02-08 23:14 - 00000000 ____D () C:\ProgramData\boost_interprocess2014-02-12 21:21 - 2014-01-17 13:07 - 00000000 ___RD () C:\Users\Laurie\Google Drive2014-02-12 21:14 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A02014-02-12 21:14 - 2009-07-13 23:45 - 00024608 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A02014-02-12 21:07 - 2011-07-21 16:41 - 00000000 ____D () C:\ProgramData\Kodak2014-02-12 21:06 - 2013-11-20 11:01 - 00002604 _____ () C:\Windows\error.log2014-02-12 21:06 - 2013-11-20 11:01 - 00000588 _____ () C:\Windows\errord.log2014-02-12 21:06 - 2013-11-20 09:42 - 00005691 _____ () C:\Windows\setupact.log2014-02-12 21:06 - 2009-07-14 00:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT2014-02-12 21:05 - 2013-08-02 14:43 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\Nettalk2014-02-12 16:53 - 2012-02-22 12:39 - 00000000 ____D () C:\Users\Laurie\Documents\PhraseExpress2014-02-12 16:50 - 2013-07-30 11:05 - 00000000 ____D () C:\Windows\system32\MRT2014-02-12 16:50 - 2011-07-23 13:31 - 88567024 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe2014-02-12 16:45 - 2011-02-11 12:15 - 00788876 _____ () C:\Windows\SysWOW64\PerfStringBackup.INI2014-02-12 16:45 - 2009-07-14 00:13 - 00788876 _____ () C:\Windows\system32\PerfStringBackup.INI2014-02-12 15:39 - 2013-10-04 05:06 - 00000000 ____D () C:\Users\Laurie\Documents\mobileworks2014-02-12 13:10 - 2011-09-28 15:37 - 00001024 _____ () C:\Users\Laurie\Desktop\Dropbox.lnk2014-02-12 13:10 - 2011-09-28 15:35 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox2014-02-12 08:05 - 2014-02-12 08:04 - 00448512 _____ (OldTimer Tools) C:\Users\Laurie\Desktop\TFC.exe2014-02-11 17:44 - 2013-03-28 14:09 - 00011342 _____ () C:\Users\Laurie\Desktop\attach.txt2014-02-11 17:43 - 2014-02-07 17:50 - 00027291 _____ () C:\Users\Laurie\Desktop\dds.txt2014-02-11 17:30 - 2014-02-11 17:30 - 00001785 _____ () C:\Users\Public\Desktop\iTunes.lnk2014-02-11 17:30 - 2014-02-11 17:29 - 00000000 ____D () C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-02-11 17:30 - 2014-02-11 17:29 - 00000000 ____D () C:\Program Files\iTunes2014-02-11 17:30 - 2011-07-23 13:46 - 00000000 ____D () C:\Program Files (x86)\iTunes2014-02-11 17:29 - 2014-02-11 17:29 - 00000000 ____D () C:\Program Files\iPod2014-02-11 17:26 - 2014-02-11 17:25 - 148896080 _____ (Apple Inc.) C:\Users\Laurie\Desktop\iTunes64Setup.exe2014-02-11 15:37 - 2014-02-11 15:37 - 00000210 _____ () C:\Users\Laurie\Desktop\esi30multi.wvx2014-02-11 13:14 - 2014-02-05 22:22 - 00000000 ____D () C:\ProgramData\Cloudmark2014-02-11 08:47 - 2012-02-22 12:39 - 00000000 ____D () C:\Program Files (x86)\PhraseExpress2014-02-11 08:45 - 2014-02-11 08:45 - 03175832 _____ (Microsoft Corporation) C:\Users\Laurie\Desktop\vcredist_x64.EXE2014-02-11 08:45 - 2014-02-11 08:45 - 02707352 _____ (Microsoft Corporation) C:\Users\Laurie\Desktop\vcredist_x86.EXE2014-02-11 08:43 - 2014-02-11 08:43 - 13789944 _____ (Bartels Media GmbH ) C:\Users\Laurie\Desktop\PhraseExpressSetup.exe2014-02-11 08:40 - 2013-11-20 11:01 - 00298958 _____ () C:\Windows\PFRO.log2014-02-11 08:22 - 2014-02-11 08:22 - 00987425 _____ () C:\Users\Laurie\Desktop\SecurityCheck (1).exe2014-02-10 23:15 - 2014-02-10 23:15 - 00003894 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA2014-02-10 23:15 - 2014-02-10 23:15 - 00003642 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore2014-02-10 23:07 - 2012-03-06 10:21 - 00000000 ____D () C:\Program Files (x86)\The Weather Channel2014-02-10 21:35 - 2011-07-21 15:19 - 00000000 ____D () C:\Users\Laurie\AppData\Local\VirtualStore2014-02-10 21:33 - 2014-02-10 21:33 - 00000000 ____D () C:\Users\Laurie\Desktop\RemoveJava2014-02-10 21:32 - 2014-02-10 21:32 - 00165483 _____ () C:\Users\Laurie\Downloads\JavaRa-1.16-28-5-13.zip2014-02-10 18:39 - 2014-02-10 18:39 - 00164147 _____ () C:\ComboFix.txt2014-02-10 18:39 - 2013-08-15 09:36 - 00000000 ____D () C:\Qoobox2014-02-10 18:19 - 2009-07-13 21:34 - 00000215 _____ () C:\Windows\system.ini2014-02-10 15:48 - 2014-02-10 15:48 - 05180173 ____R (Swearware) C:\Users\Laurie\Desktop\ComboFix.exe2014-02-09 12:32 - 2014-02-09 12:31 - 00059751 _____ () C:\Users\Laurie\Desktop\Addition.txt2014-02-09 12:24 - 2014-02-09 12:24 - 00008267 _____ () C:\Users\Laurie\Desktop\eset.txt2014-02-09 10:22 - 2014-02-09 10:22 - 02347384 _____ (ESET) C:\Users\Laurie\Desktop\esetsmartinstaller_enu (1).exe2014-02-09 08:24 - 2014-02-09 08:24 - 02347384 _____ (ESET) C:\Users\Laurie\Desktop\esetsmartinstaller_enu.exe2014-02-08 23:23 - 2009-07-13 22:20 - 00000000 ____D () C:\Windows\system32\NDF2014-02-08 23:12 - 2012-06-01 10:32 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service2014-02-08 23:11 - 2013-11-16 09:16 - 00000000 ____D () C:\AdwCleaner2014-02-08 23:06 - 2014-02-08 23:06 - 00001869 _____ () C:\Users\Laurie\Desktop\JRT.txt2014-02-08 22:54 - 2014-02-08 22:15 - 00000000 ____D () C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-08 22:34 - 2014-02-08 22:34 - 01166132 _____ () C:\Users\Laurie\Desktop\AdwCleaner.exe2014-02-08 22:34 - 2014-02-08 22:34 - 01037530 _____ (Thisisu) C:\Users\Laurie\Desktop\JRT.exe2014-02-08 22:33 - 2014-02-08 22:15 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys2014-02-08 22:15 - 2014-02-08 22:15 - 00000000 ____D () C:\Users\Laurie\Desktop\MBAM-AR2014-02-08 22:14 - 2014-02-08 22:14 - 12589848 _____ (Malwarebytes Corp.) C:\Users\Laurie\Desktop\mbar-1.07.0.1009.exe2014-02-08 18:46 - 2012-06-30 09:41 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware2014-02-08 17:38 - 2014-02-08 17:38 - 00003127 _____ () C:\Users\Laurie\Desktop\RKreport[0]_S_02082014_173818.txt2014-02-08 17:35 - 2012-08-18 06:58 - 00000000 ____D () C:\Windows\erdnt2014-02-08 17:34 - 2014-02-08 17:34 - 00000930 _____ () C:\Users\Laurie\Desktop\NTREGOPT.lnk2014-02-08 17:34 - 2014-02-08 17:34 - 00000911 _____ () C:\Users\Laurie\Desktop\ERUNT.lnk2014-02-08 17:34 - 2014-02-08 17:34 - 00000000 ____D () C:\Program Files (x86)\ERUNT2014-02-08 17:33 - 2014-02-08 17:33 - 00002740 _____ () C:\Users\Laurie\Desktop\Rkill.txt2014-02-08 16:35 - 2014-02-08 16:35 - 04403200 _____ () C:\Users\Laurie\Desktop\RogueKillerX64.exe2014-02-08 16:35 - 2014-02-08 16:35 - 01933048 _____ (Bleeping Computer, LLC) C:\Users\Laurie\Desktop\rkill.exe2014-02-08 16:35 - 2014-02-08 16:35 - 00791393 _____ (Lars Hederer ) C:\Users\Laurie\Desktop\erunt-setup.exe2014-02-07 17:46 - 2014-02-07 17:46 - 00688992 ____R (Swearware) C:\Users\Laurie\Desktop\dds.com2014-02-07 17:41 - 2014-02-07 17:40 - 00065325 _____ () C:\Users\Laurie\Desktop\CheckResults.txt2014-02-07 14:42 - 2014-02-07 14:42 - 00353352 _____ (Malwarebytes Corporation) C:\Users\Laurie\Desktop\mbam-check-2.0.0.1000.exe2014-02-07 07:52 - 2014-02-07 07:52 - 00001082 _____ () C:\Users\Public\Desktop\Google Drive.lnk2014-02-07 07:52 - 2014-01-17 13:04 - 00002044 _____ () C:\Users\Public\Desktop\Google Slides.lnk2014-02-07 07:52 - 2014-01-17 13:04 - 00002042 _____ () C:\Users\Public\Desktop\Google Sheets.lnk2014-02-07 07:52 - 2014-01-17 13:04 - 00002032 _____ () C:\Users\Public\Desktop\Google Docs.lnk2014-02-06 07:16 - 2014-02-12 16:43 - 23170048 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll2014-02-06 06:30 - 2014-02-12 16:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb2014-02-06 06:30 - 2014-02-12 16:43 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll2014-02-06 06:12 - 2014-02-12 16:43 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll2014-02-06 06:07 - 2014-02-12 16:43 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll2014-02-06 06:06 - 2014-02-12 16:43 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll2014-02-06 05:57 - 2014-02-12 16:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll2014-02-06 05:56 - 2014-02-12 16:43 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll2014-02-06 05:52 - 2014-02-12 16:43 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll2014-02-06 05:49 - 2014-02-12 16:43 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe2014-02-06 05:48 - 2014-02-12 16:43 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll2014-02-06 05:48 - 2014-02-12 16:43 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe2014-02-06 05:38 - 2014-02-12 16:43 - 17103872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll2014-02-06 05:32 - 2014-02-12 16:43 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe2014-02-06 05:20 - 2014-02-12 16:43 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb2014-02-06 05:17 - 2014-02-12 16:43 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll2014-02-06 05:11 - 2014-02-12 16:43 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll2014-02-06 05:01 - 2014-02-12 16:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll2014-02-06 05:00 - 2014-02-12 16:43 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll2014-02-06 04:57 - 2014-02-12 16:43 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll2014-02-06 04:57 - 2014-02-12 16:43 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll2014-02-06 04:52 - 2014-02-12 16:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll2014-02-06 04:52 - 2014-02-12 16:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll2014-02-06 04:50 - 2014-02-12 16:43 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl2014-02-06 04:49 - 2014-02-12 16:43 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll2014-02-06 04:47 - 2014-02-12 16:43 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe2014-02-06 04:46 - 2014-02-12 16:43 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll2014-02-06 04:25 - 2014-02-12 16:43 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll2014-02-06 04:25 - 2014-02-12 16:43 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll2014-02-06 04:24 - 2014-02-12 16:43 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll2014-02-06 04:22 - 2014-02-12 16:43 - 13051392 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll2014-02-06 04:13 - 2014-02-12 16:43 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll2014-02-06 04:09 - 2014-02-12 16:43 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl2014-02-06 04:03 - 2014-02-12 16:43 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll2014-02-06 03:55 - 2014-02-12 16:43 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll2014-02-06 03:41 - 2014-02-12 16:43 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll2014-02-06 03:40 - 2014-02-12 16:43 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll2014-02-06 03:36 - 2014-02-12 16:43 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll2014-02-06 03:34 - 2014-02-12 16:43 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll2014-02-05 17:23 - 2014-02-05 17:23 - 00599089 _____ () C:\Users\Laurie\Documents\Balance Sheet - Rent2014-02-05 14:47 - 2013-10-03 16:42 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\Skype2014-02-05 13:03 - 2014-02-05 13:03 - 00000000 ____D () C:\Users\Laurie\AppData\Local\Skype2014-02-04 22:07 - 2014-02-04 22:07 - 00001072 _____ () C:\Users\Public\Desktop\VLC media player.lnk2014-02-04 22:07 - 2011-07-30 22:07 - 00000000 ____D () C:\Program Files (x86)\VideoLAN2014-02-04 22:06 - 2013-10-11 08:55 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird2014-02-04 22:06 - 2011-07-23 15:33 - 00002092 _____ () C:\Users\Public\Desktop\Mozilla Thunderbird.lnk2014-02-04 22:05 - 2013-06-17 18:09 - 00000000 ____D () C:\Program Files (x86)\MediaMonkey2014-02-04 22:04 - 2013-03-03 17:40 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox2014-02-04 22:04 - 2013-03-02 14:30 - 00001153 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk2014-02-04 22:04 - 2012-05-08 10:39 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe2014-02-04 22:04 - 2012-05-08 10:39 - 00003768 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater2014-02-04 22:04 - 2011-07-23 16:26 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl2014-02-04 13:41 - 2014-02-04 13:41 - 23642336 _____ (Cloudmark, Inc.) C:\Users\Laurie\Downloads\CloudmarkDesktopOne1.5.0.exe2014-02-04 03:00 - 2013-03-03 18:00 - 00000440 _____ () C:\Windows\Tasks\Defraggler Volume C Task.job2014-02-03 19:03 - 2014-01-25 11:02 - 00003572 _____ () C:\Windows\System32\Tasks\G2MUpdateTask-S-1-5-21-3877766120-1356258156-1109172098-10012014-02-03 19:03 - 2013-10-04 19:04 - 00002438 _____ () C:\Users\Laurie\Desktop\GoToMeeting Quick Connect.lnk2014-02-03 19:03 - 2013-02-13 18:48 - 00000997 _____ () C:\Users\Public\Desktop\Pidgin.lnk2014-02-03 19:03 - 2011-07-27 13:07 - 00000000 ____D () C:\Program Files (x86)\Pidgin2014-02-03 18:33 - 2014-01-28 09:04 - 00002104 _____ () C:\Users\Public\Desktop\Google Chrome.lnk2014-02-01 13:06 - 2011-09-03 11:33 - 00000000 ____D () C:\Windows\System32\Tasks\NCH Software2014-01-30 15:34 - 2014-01-30 15:34 - 00000736 _____ () C:\Users\Laurie\Downloads\LeadFerret_vCard_Margaret_Castillo.vcf2014-01-28 09:05 - 2014-01-28 09:05 - 13318496 _____ (Bartels Media GmbH ) C:\Users\Laurie\Downloads\PhraseExpressSetup (5).exe2014-01-28 09:01 - 2012-03-18 16:54 - 00000000 ____D () C:\Users\Laurie\AppData\Local\Downloaded Installations2014-01-25 11:04 - 2014-01-25 11:04 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\DropboxMaster2014-01-25 11:04 - 2011-09-28 15:34 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\Dropbox2014-01-25 11:03 - 2014-01-25 11:03 - 00002697 _____ () C:\Users\Public\Desktop\Skype.lnk2014-01-25 11:03 - 2013-10-03 16:41 - 00000000 ___RD () C:\Program Files (x86)\Skype2014-01-25 11:03 - 2013-10-03 16:41 - 00000000 ____D () C:\ProgramData\Skype2014-01-25 10:58 - 2011-07-23 13:43 - 00000000 ____D () C:\ProgramData\Apple2014-01-18 21:54 - 2014-01-18 21:54 - 00002223 _____ () C:\Users\Laurie\Desktop\HP Support Assistant.lnk2014-01-18 21:52 - 2014-01-18 21:52 - 00000000 ____D () C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}2014-01-18 21:52 - 2011-05-26 19:06 - 00000000 ____D () C:\ProgramData\Hewlett-Packard2014-01-18 21:52 - 2011-05-26 19:05 - 00000000 ____D () C:\Program Files (x86)\Hewlett-Packard2014-01-18 21:51 - 2011-09-16 06:41 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\hpqLog2014-01-18 21:51 - 2011-02-10 17:39 - 00000000 ____D () C:\swsetup2014-01-17 15:33 - 2011-07-25 21:14 - 00000000 ____D () C:\Users\Laurie\AppData\Local\CrashDumps2014-01-17 14:25 - 2014-01-17 14:25 - 00020480 _____ () C:\Users\Laurie\Downloads\vcfviewer-1.1.exe2014-01-17 14:13 - 2014-01-17 14:13 - 00000669 _____ () C:\Users\Laurie\Downloads\LeadFerret_vCard_Steve_Lagnado.vcf2014-01-17 13:07 - 2014-01-17 13:07 - 00001704 _____ () C:\Users\Laurie\Desktop\Google Drive.lnk2014-01-17 13:07 - 2011-07-21 15:14 - 00000000 ____D () C:\Users\Laurie2014-01-17 13:04 - 2011-07-23 13:30 - 00000000 ____D () C:\Users\Laurie\AppData\Local\Google2014-01-17 13:03 - 2014-01-17 13:03 - 00819136 _____ (Google Inc.) C:\Users\Laurie\Downloads\googledrivesync.exe2014-01-17 13:03 - 2011-08-17 10:53 - 00000000 ____D () C:\Program Files (x86)\Google2014-01-17 01:36 - 2011-11-11 16:48 - 00000000 _____ () C:\Windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt2014-01-17 01:36 - 2011-07-29 06:25 - 00000052 _____ () C:\Windows\SysWOW64\DOErrors.log2014-01-17 01:35 - 2011-07-29 06:24 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\HP Support Assistant2014-01-17 01:35 - 2011-07-25 15:17 - 00000000 ____D () C:\Users\Laurie\AppData\Roaming\HpUpdate2014-01-16 20:49 - 2014-01-16 20:39 - 00000000 ____D () C:\Users\Laurie\Documents\EllaSchool2014-01-16 16:42 - 2013-01-27 20:20 - 00000000 ____D () C:\Users\Laurie\Documents\My Kindle Content2014-01-16 09:40 - 2014-01-16 09:40 - 00000000 ____D () C:\Program Files (x86)\LG Electronics2014-01-16 09:40 - 2011-05-26 19:10 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information2014-01-16 09:39 - 2014-01-16 09:38 - 11412680 _____ (LG Electronics) C:\Users\Laurie\Downloads\LGUnitedMobileDriver_S50MAN310AP22_ML_WHQL_Ver_3.10.1.exe2014-01-14 20:26 - 2012-09-09 12:31 - 00000000 ____D () C:\ProgramData\Package Cache2014-01-14 20:25 - 2012-08-24 14:33 - 00000000 ____D () C:\Program Files (x86)\Plex2014-01-14 20:21 - 2014-01-14 20:21 - 63048176 _____ (Plex, Inc.) C:\Users\Laurie\Downloads\Plex-Media-Server-0.9.818.290-11b7fdd-en-US (1).exe2014-01-14 17:19 - 2009-07-13 23:45 - 04995408 _____ () C:\Windows\system32\FNTCACHE.DAT ==================== Bamital & volsnap Check ================= C:\Windows\System32\winlogon.exe => MD5 is legitC:\Windows\System32\wininit.exe => MD5 is legitC:\Windows\SysWOW64\wininit.exe => MD5 is legitC:\Windows\explorer.exe => MD5 is legitC:\Windows\SysWOW64\explorer.exe => MD5 is legitC:\Windows\System32\svchost.exe => MD5 is legitC:\Windows\SysWOW64\svchost.exe => MD5 is legitC:\Windows\System32\services.exe => MD5 is legitC:\Windows\System32\User32.dll => MD5 is legitC:\Windows\SysWOW64\User32.dll => MD5 is legitC:\Windows\System32\userinit.exe => MD5 is legitC:\Windows\SysWOW64\userinit.exe => MD5 is legitC:\Windows\System32\rpcss.dll => MD5 is legitC:\Windows\System32\Drivers\volsnap.sys => MD5 is legit LastRegBack: 2014-02-08 00:28 ==================== End Of Log ============================
  12. I ran TFC again, per your instructions. It seemed to run through kind of fast, but it said it deleted a bunch of temp files from Chrome and Firefox. I also noticed that MBAM is back to updating itself every morning at 8am, just as it should. Here's the MBAM log: Malwarebytes Anti-Malware (PRO) 1.75.0.1300www.malwarebytes.org Database version: v2014.02.12.05 Windows 7 Service Pack 1 x64 NTFSInternet Explorer 11.0.9600.16476Laurie :: ZINCS-HP [administrator] Protection: Enabled 2/12/2014 8:10:22 AMmbam-log-2014-02-12 (08-10-22).txt Scan type: Quick scanScan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2PScan options disabled: Objects scanned: 223816Time elapsed: 7 minute(s), 45 second(s) Memory Processes Detected: 0(No malicious items detected) Memory Modules Detected: 0(No malicious items detected) Registry Keys Detected: 0(No malicious items detected) Registry Values Detected: 0(No malicious items detected) Registry Data Items Detected: 0(No malicious items detected) Folders Detected: 0(No malicious items detected) Files Detected: 0(No malicious items detected) (end)
  13. And the attach: .UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.IF REQUESTED, ZIP IT UP & ATTACH IT.DDS (Ver_2012-11-20.01).Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1Install Date: 7/21/2011 4:14:38 PMSystem Uptime: 2/11/2014 5:33:23 PM (0 hours ago).Motherboard: FOXCONN | | 2AB1 Processor: AMD Phenom II X2 521 Processor | CPU 1 | 3500/200mhz.==== Disk Partitions =========================.C: is FIXED (NTFS) - 920 GiB total, 624.632 GiB free.D: is FIXED (NTFS) - 11 GiB total, 1.339 GiB free.E: is CDROM ()F: is CDROM ()G: is RemovableH: is RemovableI: is RemovableJ: is RemovableK: is CDROM ().==== Disabled Device Manager Items =============.Class GUID: {4d36e96c-e325-11ce-bfc1-08002be10318}Description: AMD High Definition Audio DeviceDevice ID: HDAUDIO\FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000\5&233C03F5&0&0001Manufacturer: Advanced Micro DevicesName: AMD High Definition Audio DevicePNP Device ID: HDAUDIO\FUNC_01&VEN_1002&DEV_791A&SUBSYS_00791A00&REV_1000\5&233C03F5&0&0001Service: AtiHDAudioService.==== System Restore Points ===================.RP401: 2/4/2014 7:41:14 PM - Scheduled CheckpointRP402: 2/5/2014 10:22:24 PM - Installed Cloudmark DesktopOne.RP403: 2/8/2014 10:32:11 PM - Malwarebytes Anti-Rootkit Restore PointRP404: 2/10/2014 9:30:19 PM - Removed Java 7 Update 51RP405: 2/10/2014 9:31:42 PM - Removed Java 7 Update 51 (64-bit)RP406: 2/11/2014 8:46:01 AM - Installed Microsoft Visual C++ 2005 Redistributable (x64)RP407: 2/11/2014 1:14:19 PM - Removed Cloudmark DesktopOne.RP408: 2/11/2014 5:28:19 PM - Installed iTunes.==== Installed Programs ======================.64 Bit HP CIO Components Installer7-Data Recovery Suite version 2.3Adobe AIRAdobe Community HelpAdobe Digital Editions 2.0Adobe Flash Player 12 ActiveXAdobe Flash Player 12 PluginAdobe Media PlayerAdobe Photoshop CS5AIO_ScanaioscnnrAmazon KindleAMD APP SDK RuntimeAMD Catalyst Install ManagerAMD FuelAMD Media Foundation DecodersAMD Problem Report WizardAMD VISION Engine Control CenterAnonymous Guest v4.20 Pro MultilanguageAntiLogger SDK version 1.6.6.296Apple Application SupportApple Mobile Device SupportApple Software UpdateAudacity 1.3.13 (Unicode)Audacity 2.0.5AutoHotkey 1.1.13.01Bejeweled 2 DeluxeBejeweled 3Bing Rewards Client InstallerBitvise Tunnelier 4.40 (remove only)BonjourBufferChmC4USelfUpdatercalibre 64bitCatalyst Control Center - BrandingCatalyst Control Center Graphics Previews CommonCatalyst Control Center InstallProxyCatalyst Control Center Localization Allccc-utility64CCC Help Chinese StandardCCC Help Chinese TraditionalCCC Help CzechCCC Help DanishCCC Help DutchCCC Help EnglishCCC Help FinnishCCC Help FrenchCCC Help GermanCCC Help GreekCCC Help HungarianCCC Help ItalianCCC Help JapaneseCCC Help KoreanCCC Help NorwegianCCC Help PolishCCC Help PortugueseCCC Help RussianCCC Help SpanishCCC Help SwedishCCC Help ThaiCCC Help TurkishCCleanercenterChrometa version 2.0.2.3.61Citrix Online LauncherClassic Doom 3 1.3.1Comcast Desktop Software (v1.2.1)Constant Guard Protection SuiteCopyCryptoPrevent v3.1.0D3DX10DefragglerDestinationsDeviceDiscoveryDJ_AIO_SoftwareDJ_AIO_Software_minDoomsday Engine 1.9.9Dragon NaturallySpeaking 11DriverIdentifier 4.2.7DriverToolkit version 8.1.1.0DropboxEaseUS Data Recovery Wizard 6.0EaseUS Partition Recovery 5.6.1Eassos PartitionGuru Professional 4.4.0EMCO UnLock IT 3.0ERUNT 1.1jESET Online Scanner v3essentialsExpress ScribeFBackup 4FLAC 1.2.1b (remove only)FTR TheRecord PlayerGoogle ChromeGoogle DriveGoogle EarthGoogle Update HelperGoToMeeting 5.9.1216 IT InstallerGoToMeeting 6.0.1259 IT InstallerGoToMeeting 6.1.0.1312GoToMeeting 6.1.1298 IT InstallerGoToMeeting 6.1.1312 IT InstallerGPBaseService2Grammarly Add-InHD Tune Pro 5.50HipChatHP AutoHP Client ServicesHP Customer Experience EnhancementsHP Customer Participation Program 13.0HP Deskjet All-In-One Driver Software 13.0 Rel. 1HP GamesHP Imaging Device Functions 13.0HP LinkUpHP MediaSmart/TouchSmart NetflixHP OdometerHP Photosmart Essential 3.5HP Product DetectionHP SetupHP Setup ManagerHP Smart Web Printing 4.51HP Solution Center 13.0HP Support AssistantHP Support InformationHP UpdateHP Vision Hardware DiagnosticsHPPhotoGadgetHPPhotoSmartDiscLabelContent1HPPhotosmartEssentialHPProductAssistantHPSSupplyHulu DesktopHydraVisioniCloudiTunesJAPJunk Mail filter updateKodak AIO PrinterKODAK AiO SoftwareLabelPrintLG United Mobile DriverLightScribe System SoftwareMagicfeaturesPlugin Release 2.11magicJackMagniPicMah Jong MedleyMalwarebytes Anti-Malware version 1.75.0.1300MarketResearchMediaMonkey 4.1Mesh RuntimeMicrosoft .NET Framework 1.1Microsoft .NET Framework 4.5.1Microsoft Application Error ReportingMicrosoft SilverlightMicrosoft SQL Server 2005 Compact Edition [ENU]Microsoft Visual C++ 2005 RedistributableMicrosoft Visual C++ 2005 Redistributable (x64)Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727Microsoft WSE 3.0 RuntimeMicrosoft_VC80_ATL_x86Microsoft_VC80_ATL_x86_x64Microsoft_VC80_CRT_x86Microsoft_VC80_CRT_x86_x64Microsoft_VC80_MFC_x86Microsoft_VC80_MFC_x86_x64Microsoft_VC80_MFCLOC_x86Microsoft_VC80_MFCLOC_x86_x64Microsoft_VC90_ATL_x86Microsoft_VC90_ATL_x86_x64Microsoft_VC90_CRT_x86Microsoft_VC90_CRT_x86_x64Microsoft_VC90_MFC_x86Microsoft_VC90_MFC_x86_x64MiniTool Partition Recovery 5.0MiniTool Partition Wizard Home Edition 8.0MiniTool Power Data RecoveryMobipocket Reader 6.2MorphyreMozilla Firefox 25.0.1 (x86 en-US)Mozilla Firefox 27.0 (x86 en-US)Mozilla Maintenance ServiceMozilla Thunderbird 24.3.0 (x86 en-US)MSVCRTMSVCRT_amd64MSXML 4.0 SP2 (KB954430)MSXML 4.0 SP2 (KB973688)MSXML 4.0 SP3 ParserMSXML 4.0 SP3 Parser (KB2721691)MSXML 4.0 SP3 Parser (KB2758694)Namco All-Stars PAC-MANNero 11 Collection 1Nero 11 Kwik Themes 3Nero 11 Kwik Themes 4Nero 11 Mini RepackNero 11 PiP Effects 1Nero 11 Video Transitions 1Nero Backup DriversNettalk 6.7NielsenNinite UpdaterNorton Security SuiteNuance Cloud ConnectorNuance OmniPage 18Nuance PDF Create 7ocroDesk TeamOntrack EasyRecovery ProfessionalOpenDNS Updater 2.2.1OpenOffice 4.0.1PDF Settings CS5PDF Suite 2012PeerBlock 1.1 (r518)PerformanceTest v7.0 (64-bit)PhraseExpressPhraseExpress v10.1.1PidginPixillion Image ConverterPlayReady PC Runtime amd64PlayReady PC Runtime x86PlexPlex Media ServerPower2GoPreReqPressReaderPrism Video File ConverterPure Networks PlatformQuickTimeRealDownloaderRealNetworks - Microsoft Visual C++ 2008 RuntimeRealNetworks - Microsoft Visual C++ 2010 RuntimeRealPlayerRealtek Ethernet Controller DriverRealtek High Definition Audio DriverRealUpgrade 1.1Recovery ManagerRecuvaRemote Graphics ReceiverRevo Uninstaller Pro 3.0.7SafariSanityCheck 2.01ScanScansoft PDF CreateSecurity Update for CAPICOM (KB931906)Shop for HP SuppliesSkype Click to CallSkype™ 6.13SmartWebPrintingSolutionCenterSony Player Plug-in for Windows Media PlayerSoulseekQtStatusStella 3.4.1Stellar Phoenix Windows Data Recovery - TechnicalSwitch Sound File ConverterThe FTW Transcriber version 2.1.0ToolboxTranscription Buddy 4.0 (build 38)TrayAppUbuntuUnloadSupportVisual C++ 9.0 Runtime for Dragon NaturallySpeaking 64bit (x64)Visual Studio 2010 x64 RedistributablesVLC media player 2.1.3VuzeWebEx Support Manager for Internet ExplorerWebRegWinampWinamp Detector Plug-inWindows Live Communications PlatformWindows Live EssentialsWindows Live ID Sign-in AssistantWindows Live InstallerWindows Live Language SelectorWindows Live MailWindows Live MeshWindows Live Mesh ActiveX Control for Remote ConnectionsWindows Live MIME IFilterWindows Live Movie MakerWindows Live Photo CommonWindows Live Photo GalleryWindows Live PIMT PlatformWindows Live Remote ClientWindows Live Remote Client ResourcesWindows Live Remote ServiceWindows Live Remote Service ResourcesWindows Live SOXEWindows Live SOXE DefinitionsWindows Live UX PlatformWindows Live UX Platform Language PackWindows Live WriterWindows Live Writer ResourcesWindows Product Key Finder Pro® 2.3WinPcap 4.1.2WinRAR 5.01 (64-bit)Wireshark 1.8.3 (64-bit)Wise Data Recovery 3.39Zinio Reader 4.==== Event Viewer Messages From Past Week ========.2/11/2014 8:40:47 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Apple Mobile Device service to connect.2/11/2014 8:40:47 AM, Error: Service Control Manager [7000] - The Apple Mobile Device service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.2/11/2014 5:39:06 PM, Error: Service Control Manager [7022] - The Windows Update service hung on starting.2/11/2014 5:37:33 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.2/11/2014 5:33:50 PM, Error: Microsoft-Windows-BitLocker-Driver [24620] - Encrypted volume check: Volume information on \\?\Volume{140a6e42-b453-11e0-af02-806e6f6e6963} cannot be read.2/10/2014 9:37:48 PM, Error: Service Control Manager [7034] - The Crypkey License service terminated unexpectedly. It has done this 1 time(s).2/10/2014 5:52:46 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.2/10/2014 5:40:45 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.2/10/2014 3:50:00 PM, Error: Service Control Manager [7034] - The Skype C2C Service service terminated unexpectedly. It has done this 1 time(s).2/10/2014 3:50:00 PM, Error: Service Control Manager [7034] - The hpqcxs08 service terminated unexpectedly. It has done this 1 time(s).2/10/2014 3:50:00 PM, Error: Service Control Manager [7034] - The HP CUE DeviceDiscovery Service service terminated unexpectedly. It has done this 1 time(s)..==== End Of File ===========================
  14. I reinstalled iTunes, rebooted, and the error's gone. Here's a copy of the new DDS log: DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 11.0.9600.16428Run by Laurie at 17:35:53 on 2014-02-11Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.12031.9260 [GMT -5:00].AV: Norton Security Suite *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}SP: Norton Security Suite *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}FW: Norton Security Suite *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}.============== Running Processes ===============.C:\Windows\system32\lsm.exeC:\Windows\system32\svchost.exe -k DcomLaunchC:\Windows\system32\svchost.exe -k RPCSSC:\Windows\system32\atiesrxx.exeC:\Windows\System32\svchost.exe -k LocalServiceNetworkRestrictedC:\Windows\System32\svchost.exe -k LocalSystemNetworkRestrictedC:\Windows\system32\svchost.exe -k LocalServiceC:\Windows\system32\svchost.exe -k netsvcsC:\Windows\system32\svchost.exe -k GPSvcGroupC:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exeC:\Program Files\Realtek\Audio\HDA\RAVBg64.exeC:\Windows\system32\atieclxx.exeC:\Windows\system32\svchost.exe -k NetworkServiceC:\Windows\System32\spoolsv.exeC:\Windows\system32\svchost.exe -k LocalServiceNoNetworkC:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exeC:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exeC:\Program Files\Bonjour\mDNSResponder.exeC:\Windows\system32\crypserv.exeC:\Program Files (x86)\Common Files\Nuance\dgnsvc.exeC:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonationC:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exeC:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exeC:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exeC:\Program Files (x86)\Nuance\Nuance Cloud Connector\WOSVSSSvr.exeC:\Windows\SysWOW64\svchost.exe -k hpdevmgmtC:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exeC:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exeC:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exeC:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exeC:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exeC:\Program Files (x86)\PDF Suite 2012\HelperService.exeC:\Program Files (x86)\PDF Suite 2012\ConversionService.exeC:\Windows\System32\svchost.exe -k HPZ12C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exeC:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exeC:\Windows\system32\svchost.exe -k imgsvcC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXEC:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exeC:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\nmsrvc.exeC:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\taskhost.exeC:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exeC:\Windows\system32\Dwm.exeC:\Windows\Explorer.EXEC:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestrictedC:\Windows\System32\WUDFHost.exeC:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exeC:\Program Files\Realtek\Audio\HDA\RAVCpl64.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exeC:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exeC:\Windows\system32\taskeng.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exeC:\Windows\system32\msiexec.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exeC:\Program Files (x86)\PhraseExpress\phraseexpress.exeC:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler64.exeC:\Program Files (x86)\Nettalk6\Nettalk.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Windows\system32\SearchIndexer.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exeC:\Program Files (x86)\NetRatingsNetSight\NetSight\nielsenonline.exeC:\Program Files (x86)\Nuance\PDF Create 7\PdfCreate7Hook.exeC:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKStatusMonitor.exeC:\Program Files (x86)\Ninite Updater\NiniteUpdater.exeC:\Program Files (x86)\Real\RealPlayer\Update\realsched.exeC:\Program Files (x86)\iTunes\iTunesHelper.exeC:\Windows\System32\svchost.exe -k WerSvcGroupC:\Windows\sysWOW64\wbem\wmiprvse.exeC:\Users\Laurie\AppData\Local\Temp\a8d5e688-936c-11e3-b7b8-6805ca1e2e3b\Ninite.exeC:\Program Files\Windows Media Player\wmpnetwk.exeC:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\NielsenOnline64.exeC:\Program Files (x86)\Google\Drive\googledrivesync.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\Google\Chrome\Application\chrome.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exeC:\Windows\system32\SearchProtocolHost.exeC:\Windows\system32\SearchFilterHost.exeC:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exeC:\Program Files\iPod\bin\iPodService.exeC:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exeC:\Windows\System32\svchost.exe -k LocalServicePeerNetC:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exeC:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exeC:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exeC:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exeC:\Program Files (x86)\Ninite Updater\NiniteUpdater.exeC:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exeC:\Users\Laurie\AppData\Local\Temp\e622d751-936c-11e3-b7b8-6805ca1e2e3b\Ninite.exeC:\Users\Laurie\AppData\Local\Temp\e6998fae-936c-11e3-b7b8-6805ca1e2e3b\Ninite.exeC:\Windows\system32\wbem\wmiprvse.exeC:\Windows\system32\sppsvc.exeC:\Windows\System32\cscript.exe.============== Pseudo HJT Report ===============.uProxyOverride = 127.0.0.1;*.localBHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dllBHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\IPS\ipsbho.dllTB: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - C:\Windows\SysWOW64\TwcToolbarIe7.dllTB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\coieplg.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dllEB: HP Smart Web Printing: {555D4D79-4BD2-4094-A395-CFC534424A05} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_bho.dlluRun: [Plex Media Server] "C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe"uRun: [GoogleChromeAutoLaunch_E76C975296F20119B357F0CF28EB7223] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-windowuRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostartuRun: [TWC.Win7] C:\Program Files (x86)\The Weather Channel\Desktop Weather\TWC.Win7.exemRun: [NielsenOnline] C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenOnline.exemRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exemRun: [startCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRunmRun: [PDF7 Registry Controller] C:\Program Files (x86)\Nuance\PDF Create 7\RegistryController.exemRun: [OmniPage Preload] C:\Program Files (x86)\Nuance\OmniPage18\OmniPage18.exe /preloadmRun: [PDFHook] C:\Program Files (x86)\Nuance\PDF Create 7\pdfcreate7hook.exemRun: [Nuance OmniPage 18-reminder] "C:\Program Files (x86)\Nuance\OmniPage18\Ereg\Ereg.exe" -r "C:\ProgramData\ScanSoft\OmniPage 18\Ereg\Ereg.ini"mRun: [EKStatusMonitor] C:\PROGRAM FILES (X86)\KODAK\AIO\STATUSMONITOR\EKStatusMonitor.EXEmRun: [Ninite Updater] "C:\Program Files (x86)\Ninite Updater\NiniteUpdater.exe" /updaterclient /stub:trayapp /autorunmRun: [TkBellExe] "C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe" -osbootmRun: [Conime] C:\Windows\System32\conime.exemRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"dRunOnce: [KodakHomeCenter] "C:\Program Files (x86)\Kodak\AiO\Center\AiOHomeCenter.exe"StartupFolder: C:\Users\Laurie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Nettalk.lnk - C:\Program Files (x86)\Nettalk6\Nettalk.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\CONSTA~1.LNK - C:\Program Files (x86)\Constant Guard Protection Suite\IDVault.exeStartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\PHRASE~1.LNK - C:\Program Files (x86)\PhraseExpress\phraseexpress.exeuPolicies-Explorer: NoDrives = dword:0mPolicies-Explorer: NoDrives = dword:0mPolicies-System: ConsentPromptBehaviorAdmin = dword:5mPolicies-System: ConsentPromptBehaviorUser = dword:3mPolicies-System: EnableUIADesktopToggle = dword:0IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.htmlIE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.htmlIE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.htmlIE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.htmlIE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000IE: Google Sidewiki... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.htmlIE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dllIE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\Hp\Digital Imaging\Smart Web Printing\hpswp_BHO.dll.INFO: HKCU has more than 50 listed domains.If you wish to scan all of them, select the 'Force scan all domains' option..TCP: NameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{4AAE8CCC-600E-457C-AA28-C0D50643B0CA} : NameServer = 208.67.222.222,208.67.220.220TCP: Interfaces\{4AAE8CCC-600E-457C-AA28-C0D50643B0CA} : DHCPNameServer = 75.75.75.75 75.75.76.76TCP: Interfaces\{C92ED2A1-DD1B-4AB0-ABFC-F7CBA6D0159A} : NameServer = 75.75.75.75,75.75.76.76TCP: Interfaces\{C92ED2A1-DD1B-4AB0-ABFC-F7CBA6D0159A} : DHCPNameServer = 75.75.75.75 75.75.76.76Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dllHandler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dllHandler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dllHandler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dllmASetup: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chromex64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dllx64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dllx64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Security Suite\Engine64\21.1.0.18\CoIEPlg.dllx64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exex64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -sx64-IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>x64-Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dllx64-Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dllx64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>.================= FIREFOX ===================.FF - ProfilePath - C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.startup.homepage - about:homeFF - prefs.js: network.proxy.type - 0FF - plugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dllFF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dllFF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrlui.dllFF - plugin: C:\Program Files (x86)\Millisecond Software\Inquisit 3.0 Mozilla Plugin\npInquisit_3050.dllFF - plugin: C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\FirefoxAddOns\npfirefoxtracker.dllFF - plugin: C:\Program Files (x86)\PDF Suite 2012\firefoxextension2012\plugins\NPPdfExt2012.dllFF - plugin: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dllFF - plugin: C:\Program Files (x86)\Winamp Detect\npwachk.dllFF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dllFF - plugin: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dllFF - plugin: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dllFF - plugin: C:\Users\Laurie\AppData\Local\Citrix\Plugins\104\npappdetector.dllFF - plugin: C:\Users\Laurie\AppData\Local\HuluDesktop\instances\0.9.14.1\nphdplg.dllFF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npAclmPlugin.dllFF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npPitPlugin.dllFF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{ab91efd4-6975-4081-8552-1b3922ed79e2}\plugins\npProductDetectPlugin.dllFF - plugin: C:\Users\Laurie\AppData\Roaming\Mozilla\Firefox\Profiles\k4qc5cj9.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}\plugins\npqscan.dllFF - plugin: C:\Windows\System32\Wat\npWatWeb.dllFF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dllFF - ExtSQL: !HIDDEN! 2013-04-16 16:57; smartwebprinting@hp.com; C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3.============= SERVICES / DRIVERS ===============.R?2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2012-9-27 86528]R0 amd_sata;amd_sata;C:\Windows\System32\drivers\amd_sata.sys [2013-3-31 82600]R0 amd_xata;amd_xata;C:\Windows\System32\drivers\amd_xata.sys [2013-3-31 42664]R0 gfibto;gfibto;C:\Windows\System32\drivers\gfibto.sys [2013-6-8 14456]R0 NBVol;Nero Backup Volume Filter Driver;C:\Windows\System32\drivers\NBVol.sys [2011-11-10 72240]R0 NBVolUp;Nero Backup Volume Upper Filter Driver;C:\Windows\System32\drivers\NBVolUp.sys [2011-11-10 15920]R0 SymDS;Symantec Data Store;C:\Windows\System32\drivers\N360x64\1501000.012\SymDS64.sys [2013-11-14 493656]R0 SymEFA;Symantec Extended File Attributes;C:\Windows\System32\drivers\N360x64\1501000.012\SymEFA64.sys [2013-11-14 1147480]R1 AntiLog32;AntiLog32;C:\Windows\System32\drivers\AntiLog64.sys [2014-1-11 49240]R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\BASHDefs\20140121.001\BHDrvx64.sys [2014-1-22 1526488]R1 ccSet_N360;N360 Settings Manager;C:\Windows\System32\drivers\N360x64\1501000.012\ccSetx64.sys [2013-11-14 162392]R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton Security Suite\NortonData\21.1.0.18\Definitions\IPSDefs\20140209.002\IDSviA64.sys [2014-2-10 521944]R1 nnfwdk;Nielsen WFP Driver;C:\Program Files (x86)\NetRatingsNetSight\NetSight\meter7\nnfwdk64.sys [2013-12-20 26664]R1 SymIRON;Symantec Iron Driver;C:\Windows\System32\drivers\N360x64\1501000.012\Ironx64.sys [2013-11-14 264280]R1 SymNetS;Symantec Network Security WFP Driver;C:\Windows\System32\drivers\N360x64\1501000.012\symnets.sys [2013-11-14 590936]R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2011-5-26 204288]R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-7-13 361984]R2 AODDriver4.01;AODDriver4.01;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]R2 DragonSvc;Dragon Service;C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe [2010-7-23 296808]R2 GladFileMonSvc;GladFileMonSvc;C:\Program Files (x86)\Nuance\Nuance Cloud Connector\GladFileMonSvc.exe [2011-5-9 29552]R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]R2 IDVaultSvc;CGPS Service;C:\Program Files (x86)\Constant Guard Protection Suite\IDVaultSvc.exe [2013-12-11 41024]R2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2012-6-18 394712]R2 Kodak AiO Status Monitor Service;Kodak AiO Status Monitor Service;C:\Program Files (x86)\Kodak\AiO\StatusMonitor\EKPrinterSDK.exe [2012-6-19 777728]R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-9-11 418376]R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-9-11 701512]R2 N360;Norton Security Suite;C:\Program Files (x86)\Norton Security Suite\Engine\21.1.0.18\N360.exe [2013-11-14 264360]R2 NielsenUpdate;Nielsen Update;C:\Program Files (x86)\NetRatingsNetSight\NetSight\NielsenUpdate.exe [2011-8-19 2838568]R2 PDF Suite 2012 Helper Service;PDF Suite 2012 Helper Service;C:\Program Files (x86)\PDF Suite 2012\HelperService.exe [2012-7-31 815496]R2 PDF Suite 2012 Service;PDF Suite 2012 Service;C:\Program Files (x86)\PDF Suite 2012\ConversionService.exe [2012-7-31 724360]R2 RealNetworks Downloader Resolver Service;RealNetworks Downloader Resolver Service;C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe [2013-8-14 39056]R2 RtkAudioService;Realtek Audio Service;C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [2013-11-20 289496]R2 Skype C2C Service;Skype C2C Service;C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-9-16 3273088]R3 amdiox64;AMD IO Driver;C:\Windows\System32\drivers\amdiox64.sys [2011-9-23 46136]R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2013-11-23 137648]R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-6-30 25928]R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2011-5-26 38456]S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-9-11 105144]S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2013-9-11 124088]S3 AODDriver4.0;AODDriver4.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2011-6-24 55424]S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-2-4 231440]S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\Windows\System32\ieetwcollector.exe [2013-12-11 111616]S3 prwntdrv;prwntdrv;C:\Windows\System32\prwntdrv.sys [2013-8-31 16776]S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2013-8-30 19936]S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2013-8-30 13280]S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-3 19456]S3 Revoflt;Revoflt;C:\Windows\System32\drivers\revoflt.sys [2013-8-23 31800]S3 rspSanity;rspSanity;C:\Windows\System32\drivers\rspSanity64.sys [2012-9-20 29752]S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2013-10-25 872152]S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-11-3 57856]S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2012-11-3 30208]S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-7-24 1255736]S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184].=============== Created Last 30 ================.2014-02-11 22:29:46 -------- d-----w- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF692014-02-11 22:29:46 -------- d-----w- C:\Program Files\iTunes2014-02-11 22:29:46 -------- d-----w- C:\Program Files\iPod2014-02-10 23:19:10 -------- d-----w- C:\$RECYCLE.BIN2014-02-09 17:25:56 -------- d-----w- C:\FRST2014-02-09 04:14:09 -------- d-----w- C:\ProgramData\boost_interprocess2014-02-09 03:15:49 -------- d-----w- C:\ProgramData\Malwarebytes' Anti-Malware (portable)2014-02-09 03:15:13 91352 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys2014-02-06 03:22:50 -------- d-----w- C:\ProgramData\Cloudmark2014-02-05 18:03:33 -------- d-----w- C:\Users\Laurie\AppData\Local\Skype2014-02-05 03:04:25 272496 ----a-w- C:\Program Files (x86)\Mozilla Firefox\browser\components\browsercomps.dll2014-01-25 16:04:16 -------- d-----w- C:\Users\Laurie\AppData\Roaming\DropboxMaster2014-01-19 02:52:29 -------- d-----w- C:\ProgramData\{18165758-115C-4DC0-9EC2-FF89F725767F}2014-01-17 18:07:39 -------- d-----r- C:\Users\Laurie\Google Drive2014-01-16 14:40:09 -------- d-----w- C:\Program Files (x86)\LG Electronics2014-01-14 21:33:38 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys2014-01-14 21:33:38 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys2014-01-14 21:33:38 53248 ----a-w- C:\Windows\System32\drivers\usbehci.sys2014-01-14 21:33:38 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys2014-01-14 21:33:38 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys2014-01-14 21:33:38 3156480 ----a-w- C:\Windows\System32\win32k.sys2014-01-14 21:33:38 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys2014-01-14 21:33:38 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys2014-01-14 21:33:37 376768 ----a-w- C:\Windows\System32\drivers\netio.sys.==================== Find3M ====================.2014-02-05 03:04:50 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl2014-02-05 03:04:50 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe2014-01-11 15:15:01 49240 ----a-w- C:\Windows\System32\drivers\AntiLog64.sys2013-11-26 10:19:07 2724864 ----a-w- C:\Windows\System32\mshtml.tlb2013-11-26 10:18:23 4096 ----a-w- C:\Windows\System32\ieetwcollectorres.dll2013-11-26 09:48:07 66048 ----a-w- C:\Windows\System32\iesetup.dll2013-11-26 09:46:25 48640 ----a-w- C:\Windows\System32\ieetwproxystub.dll2013-11-26 09:23:02 2724864 ----a-w- C:\Windows\SysWow64\mshtml.tlb2013-11-26 09:18:39 139264 ----a-w- C:\Windows\System32\ieUnatt.exe2013-11-26 09:18:09 111616 ----a-w- C:\Windows\System32\ieetwcollector.exe2013-11-26 09:16:57 708608 ----a-w- C:\Windows\System32\jscript9diag.dll2013-11-26 08:35:02 5769216 ----a-w- C:\Windows\System32\jscript9.dll2013-11-26 08:28:16 553472 ----a-w- C:\Windows\SysWow64\jscript9diag.dll2013-11-26 08:16:12 4243968 ----a-w- C:\Windows\SysWow64\jscript9.dll2013-11-26 08:02:16 1995264 ----a-w- C:\Windows\System32\inetcpl.cpl2013-11-26 07:32:06 1928192 ----a-w- C:\Windows\SysWow64\inetcpl.cpl2013-11-26 07:07:57 2334208 ----a-w- C:\Windows\System32\wininet.dll2013-11-26 06:33:33 1820160 ----a-w- C:\Windows\SysWow64\wininet.dll2013-11-23 18:26:20 417792 ----a-w- C:\Windows\SysWow64\WMPhoto.dll2013-11-23 17:47:34 465920 ----a-w- C:\Windows\System32\WMPhoto.dll2013-11-14 19:51:01 44436 ----a-w- C:\cc_20131114_145050.reg2013-11-14 13:22:15 177752 ----a-w- C:\Windows\System32\drivers\SYMEVENT64x86.SYS2012-06-13 13:23:30 893560 ----a-w- C:\Program Files (x86)\Common Files\AutoCompletePro.exe.============= FINISH: 17:43:37.93 ===============
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.