ComboFix 11-05-26.03 - gast 27/05/2011 15:20:26.2.2 - x86 Running from: c:\documents and settings\gast\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\gast\Desktop\CFScript.txt * Created a new restore point . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\documents and settings\All Users\Application Data\iM28601IbMjO28601 c:\documents and settings\All Users\Application Data\iM28601IbMjO28601\iM28601IbMjO28601 c:\documents and settings\gast\Local Settings\Application Data\Conduit c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\DialogsAPI.js c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\PIE.htc c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\settings.js c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\version.txt c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1257316_1252989_BE.xml c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_BE.xml c:\documents and settings\gast\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml c:\documents and settings\gast\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=nl&browserType=IE&toolbarVersion=6_2_7_3.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634215803994037500_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634215829629975000_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634219291587531250_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634220946896281250_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634226715423943750_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634244832697856250_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826753881225000_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826758646068750_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552376087500_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552502181250_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552614056250_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552723118750_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827565870150000_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827655684775000_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161798257141250_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161799307581250_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161801077882500_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___Storage_conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_MarketPlace_b9_e6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Appearance_634161804982048752_png.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\AccountTypes.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\aol.com.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\comcast.net.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\google.com.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\hotmail.com.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\yahoo.com.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=nl.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=nl.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=nl.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=nl.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGong_16.png c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\manifest.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Repository\conduit_CT2865317_CT2865317\AppsMetaData\data.bck.txt c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Repository\conduit_CT2865317_CT2865317\AppsMetaData\data.txt c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Repository\conduit_CT2865317_CT2865317\ToolbarLogin\data.txt c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Repository\conduit_CT2865317_CT2865317\ToolbarSettings\data.txt c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Repository\conduit_CT2865317_CT2865317\ToolbarTranslation\data.txt c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___feeds_reuters_com_reuters_topNews.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_cbc_ca_lineup_latest_xml.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_news_yahoo_com_rss_world.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_news_yahoo_com_rss_world_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___worldpress_org_feeds_topstories_xml.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\Rss\http___www_thesun_co_uk_sol_homepage_feeds_rss_article312900_ece_structured.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\SearchInNewTab\SearchInNewTabContent.xml c:\documents and settings\gast\Local Settings\Application Data\uTorrentBar_NL\ThirdPartyComponents.xml c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\AppNotification.js c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\close.png c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\like.png c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next.png c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Next_hover.png c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\powered-by.png c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev.png c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Prev_hover.png c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\settings.png c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\Images\Thumbs.db c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\initialNotification.html c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\main.html c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyle.css c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\NotificationDialogStyleIE9.css c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\AppNotificationDialog\sampleNotification.html c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\DialogsAPI.js c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\PIE.htc c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\settings.js c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Dialogs\version.txt c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_1257316_1252989_BE.xml c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\Feeds\http___alerts_conduit-services_com_root_909619_905414_BE.xml c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Community Alerts\LanguagePacks\en.xml c:\documents and settings\NetworkService\Local Settings\Application Data\Conduit\Toolbar\Facebook\http___facebook_conduit-services_com_Settings_ashx_locale=nl&browserType=IE&toolbarVersion=6_2_7_3.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634215803994037500_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634215829629975000_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634219291587531250_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634220946896281250_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634226715423943750_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_634244832697856250_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826753881225000_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633826758646068750_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552376087500_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552502181250_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552614056250_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827552723118750_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827565870150000_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d633827655684775000_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161798257141250_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161799307581250_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_b99f575c-76e9-4402-8755-330aaffa3e6d634161801077882500_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_17_286_CT2865317_Images_SearchActivationButton-go_but01_gif-General-634220918830656250_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_About_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Browse_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Contact_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Hide_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_LikeIcon_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_More_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_Conduit_com_bankImages_ConduitEngine_ContextMenu_MoreFromPublisher_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Options_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Privacy_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Refresh_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_ConduitEngine_ContextMenu_Share_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___Storage_conduit_com_BankImages_ConduitEngine_ContextMenu_Upgrade_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Events_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Friends_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Groups_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Home_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Inbox_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Logout_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Photos_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Profile_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Settings_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Share_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_bankImages_FaceBook_Status_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_about_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_clear_history_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_contact_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_help_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_home_page_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_options_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_privacy_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_refresh_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_shrink_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_main_menu_upgrade_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_SearchEngines_images_search_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_SearchEngines_news_icon_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_searchengines_search_icon_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_SearchEngines_site_search_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_searchengines_softonic_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_SearchEngines_tfd_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_images_SearchEngines_video_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___storage_conduit_com_MarketPlace_b9_e6d_b99f575c-76e9-4402-8755-330aaffa3e6d_Appearance_634161804982048752_png.png c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\CacheIcons\http___weather_conduit_com_images_weather_Default_sunny_gif.gif c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\AccountTypes.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\aol.com.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\comcast.net.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\google.com.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\hotmail.com.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\EmailNotifier\yahoo.com.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=GottenApps&locale=nl.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=OtherApps&locale=nl.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=SharedApps&locale=nl.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\ExternalComponent\http___contextmenu_toolbar_conduit-services_com__name=Toolbar&locale=nl.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Repository\conduit_CT2865317_CT2865317\AppsMetaData\data.bck.txt c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Repository\conduit_CT2865317_CT2865317\AppsMetaData\data.txt c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Repository\conduit_CT2865317_CT2865317\ToolbarLogin\data.txt c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Repository\conduit_CT2865317_CT2865317\ToolbarSettings\data.txt c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Repository\conduit_CT2865317_nl\ToolbarTranslation\data.txt c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___feeds_news_com_au_public_rss_2_0_news_breaking_news_32_xml_structured.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___feeds_reuters_com_reuters_topNews.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___feeds_reuters_com_reuters_topNews_structured.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_cf=all&ned=fr&hl=fr&topic=h&num=3&output=rss_structured.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_cf=all&ned=us&hl=en&topic=h&num=3&output=rss_structured.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___news_google_nl_news_pz=1&cf=all&ned=nl_nl&hl=nl&topic=h&num=3&output=rss_structured.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___newsrss_bbc_co_uk_rss_newsonline_world_edition_front_page_rss_xml_structured.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_cbc_ca_lineup_latest_xml.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_cbc_ca_lineup_latest_xml_structured.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_cnn_com_rss_cnn_latest_rss.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_cnn_com_rss_cnn_latest_rss_structured.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_news_yahoo_com_rss_world.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___rss_news_yahoo_com_rss_world_structured.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___worldpress_org_feeds_topstories_xml.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\Rss\http___worldpress_org_feeds_topstories_xml_structured.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\SearchInNewTab\SearchInNewTabContent.xml c:\documents and settings\NetworkService\Local Settings\Application Data\uTorrentBar_NL\ThirdPartyComponents.xml c:\program files\Conduit c:\program files\Conduit\Community Alerts\Alert.dll c:\program files\Conduit\Community Alerts\Alert0.dll c:\program files\Conduit\Community Alerts\Alert1.dll c:\program files\uTorrentBar_NL c:\program files\uTorrentBar_NL\GottenAppsContextMenu.xml c:\program files\uTorrentBar_NL\INSTALL.LOG c:\program files\uTorrentBar_NL\OtherAppsContextMenu.xml c:\program files\uTorrentBar_NL\SharedAppsContextMenu.xml c:\program files\uTorrentBar_NL\toolbar.cfg c:\program files\uTorrentBar_NL\ToolbarContextMenu.xml c:\program files\uTorrentBar_NL\UNWISE.EXE c:\program files\uTorrentBar_NL\uTorrentBar_NLToolbarHelper.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Legacy_BLANKSCR -------\Service_BlankScr . . ((((((((((((((((((((((((( Files Created from 2011-04-27 to 2011-05-27 ))))))))))))))))))))))))))))))) . . 2011-05-27 13:38 . 2011-05-27 13:38 28752 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6449EF5-FA3C-4427-81EC-5395E51AC698}\MpKsl3465434a.sys 2011-05-27 12:24 . 2011-05-18 10:37 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6449EF5-FA3C-4427-81EC-5395E51AC698}\mpengine.dll 2011-05-26 19:58 . 2011-05-26 19:58 -------- d-----w- c:\documents and settings\gast\Application Data\Malwarebytes 2011-05-26 19:58 . 2011-05-26 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2011-05-26 19:58 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2011-05-26 19:58 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2011-05-26 19:58 . 2011-05-26 19:58 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2011-05-24 17:44 . 2011-05-27 07:36 -------- d-----w- c:\program files\ConduitEngine 2011-05-24 17:44 . 2011-05-24 17:49 -------- d-----w- c:\documents and settings\gast\Local Settings\Application Data\ConduitEngine 2011-05-24 17:44 . 2011-05-24 17:44 -------- d-----w- C:\extensions 2011-05-23 17:09 . 2011-05-23 17:09 -------- d-----w- c:\documents and settings\gast\Local Settings\Application Data\PCHealth 2011-05-23 17:03 . 2011-05-23 17:03 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\PCHealth 2011-05-22 17:40 . 2011-02-02 16:11 222080 ------w- c:\windows\system32\MpSigStub.exe 2011-05-22 17:26 . 2011-05-22 17:26 -------- d-----w- c:\program files\CCleaner 2011-05-22 17:24 . 2011-05-22 17:27 -------- d-----w- c:\program files\Microsoft Security Client 2011-05-19 17:57 . 2011-05-19 17:57 -------- d-sh--w- c:\documents and settings\NetworkService\IETldCache 2011-05-02 17:05 . 2011-05-02 17:07 -------- d-----w- c:\documents and settings\gast\Application Data\Registry Mechanic 2011-04-30 22:12 . 2011-04-30 22:12 -------- d-----w- c:\documents and settings\LocalService\Application Data\McAfee 2011-04-30 22:12 . 2011-04-30 22:12 -------- d-sh--w- c:\documents and settings\LocalService\IETldCache . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2006-06-15 19:33 . 2008-12-02 10:55 233472 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll 2006-05-25 17:43 . 2008-12-02 10:55 204895 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll 2005-09-29 13:41 . 2008-12-02 10:55 77824 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll 2006-06-19 12:10 . 2008-12-02 10:55 426081 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll 2005-02-02 11:19 . 2008-12-02 10:55 458752 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll 2006-04-10 17:35 . 2008-12-02 10:55 139264 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll 2005-11-09 10:10 . 2008-12-02 10:55 204800 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll 2005-11-09 10:42 . 2008-12-02 10:55 106496 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll 2006-01-04 10:22 . 2008-12-02 10:55 212992 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll 2006-01-04 10:21 . 2008-12-02 10:55 167936 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll . . ((((((((((((((((((((((((((((( SnapShot@2011-05-27_10.59.20 ))))))))))))))))))))))))))))))))))))))))) . + 2011-05-27 13:38 . 2011-05-27 13:38 16384 c:\windows\Temp\Perflib_Perfdata_2b0.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-10-18 39408] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-28 166424] "Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-28 137752] "IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2008-08-20 1191936] "NWTRAY"="NWTRAY.EXE" [2002-03-12 28672] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408] "IntelZeroConfig"="c:\program files\Intel\WiFi\bin\ZCfgSvc.exe" [2008-08-20 1368064] "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-09-06 413696] . [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360] "DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160] . c:\documents and settings\All Users\Start Menu\Programs\Startup\ Application Explorer.lnk - c:\program files\Novell\ZENworks\NalView.exe [2006-6-13 35840] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "CompatibleRUPSecurity"= 1 (0x1) "DeleteRoamingCache"= 1 (0x1) . [HKEY_LOCAL_MACHINE\software\policies\microsoft\windows\windowsupdate\au] "NoAutoUpdate"= 1 (0x1) . [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{763370C4-268E-4308-A60C-D8DA0342BE32}"= "c:\program files\Novell\ZENworks\NalShell.dll" [2006-06-28 446464] . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\NetIdentity Notification] 2006-05-02 08:17 24576 ----a-w- c:\windows\system32\novell\xtnotify.dll . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2008-06-12 01:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update] 2010-10-19 20:02 136176 ----atw- c:\documents and settings\gast\Local Settings\Application Data\Google\Update\GoogleUpdate.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2006-10-26 23:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IgfxTray] 2008-02-28 14:00 141848 ----a-w- c:\windows\system32\igfxtray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Event Monitor] 2008-08-25 13:28 45056 ----a-w- c:\windows\system32\iprntlgn.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iPrint Tray] 2008-08-25 13:27 40960 ----a-w- c:\windows\system32\iprntctl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI] 2009-09-25 02:50 136512 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NDPS] 2004-05-17 13:27 32859 ----a-w- c:\windows\system32\dpmw32.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OEM13Mon.exe] 2008-01-07 16:00 36864 ----a-w- c:\windows\OEM13Mon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2008-09-06 14:09 413696 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RTHDCPL] 2007-11-06 09:50 16855552 ----a-w- c:\windows\RTHDCPL.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-05-14 10:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg] 2010-10-18 12:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ZENRC Tray Icon] 2005-05-18 16:04 40960 ----a-w- c:\windows\system32\zentray.exe . [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\WINDOWS\\system32\\dpmw32.exe"= "c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"= "c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"= "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"= "c:\\Documents and Settings\\gast\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"= "c:\\Program Files\\Skype\\Phone\\Skype.exe"= . R1 MpKsl8917e21c;MpKsl8917e21c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6449EF5-FA3C-4427-81EC-5395E51AC698}\MpKsl8917e21c.sys [x] R1 MpKsldd9345b1;MpKsldd9345b1;c:\windows\system32\MpEngineStore\MpKsldd9345b1.sys [x] R1 MpKslfac2d19c;MpKslfac2d19c;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{2D6DE892-D811-4614-88BB-9FA4A24BB5FD}\MpKslfac2d19c.sys [x] R2 ftbmyppu;CD-Burning Filter Monitor;c:\windows\System32\svchost.exe [2008-04-14 14336] R2 gupdate;Google Updateservice (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 136176] R3 gupdatem;Google Update-service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 136176] R3 LgBttPort;LGE Bluetooth TransPort;c:\windows\system32\DRIVERS\lgbtport.sys [x] R3 lgbusenum;LG Bluetooth Bus Enumerator;c:\windows\system32\DRIVERS\lgbtbus.sys [x] R3 LGVMODEM;LGE Virtual Modem;c:\windows\system32\DRIVERS\lgvmodem.sys [x] S1 MpKsl3465434a;MpKsl3465434a;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{D6449EF5-FA3C-4427-81EC-5395E51AC698}\MpKsl3465434a.sys [2011-05-27 28752] S1 nipplpt2;Novell iCapture Lpt Redirector 2;c:\windows\system32\drivers\nipplpt.sys [2008-08-25 34671] S2 Remote Management Agent;Novell ZENworks Remote Management Agent;c:\program files\Novell\ZENworks\RemoteManagement\RMAgent\ZenRem32.exe [2006-05-09 167936] S2 XTAgent;Novell XTier Agent Services;c:\windows\System32\Novell\XTAgent.exe [2006-05-02 61440] S3 Darpan;Darpan;c:\windows\system32\DRIVERS\Darpan.sys [2005-05-23 2773] S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2media.sys [2008-07-29 51288] S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sd.sys [2008-06-12 43608] S3 OEM13Afx;Provides a software interface to control audio effects of OEM013 camera.;c:\windows\system32\Drivers\OEM13Afx.sys [2007-06-07 141376] S3 OEM13Vfx;Creative Camera OEM013 Video VFX Driver;c:\windows\system32\DRIVERS\OEM13Vfx.sys [2007-03-05 7424] S3 OEM13Vid;Creative Camera OEM013 Driver;c:\windows\system32\DRIVERS\OEM13Vid.sys [2008-05-28 235840] . . --- Other Services/Drivers In Memory --- . *NewlyCreated* - MPKSL3465434A . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs ftbmyppu . Contents of the 'Scheduled Tasks' folder . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 12:57] . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-18 12:57] . 2011-05-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2322020850-3978503659-2079644369-501Core.job - c:\documents and settings\gast\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-20 20:02] . 2011-05-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2322020850-3978503659-2079644369-501UA.job - c:\documents and settings\gast\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-20 20:02] . . ------- Supplementary Scan ------- . IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html . - - - - ORPHANS REMOVED - - - - . AddRemove-uTorrentBar_NL Toolbar - c:\progra~1\UTORRE~1\UNWISE.EXE . . . ************************************************************************** . catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2011-05-27 15:39 Windows 5.1.2600 Service Pack 3 NTFS . scanning hidden processes ... . scanning hidden autostart entries ... . scanning hidden files ... . scan completed successfully hidden files: 0 . ************************************************************************** . Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net Windows 5.1.2600 Disk: TOSHIBA_MK1652GSX rev.LV011D -> Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-e . device: opened successfully user: MBR read successfully error: Read A device attached to the system is not functioning. kernel: MBR read successfully detected disk devices: detected hooks: \Driver\atapi DriverStartIo -> 0x89D0053B user & kernel MBR OK . ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences] @Denied: (2) (LocalSystem) "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,1b,42,aa,cb,dc,ad,41,bb,ba,ce,\ "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15, d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,31,1b,42,aa,cb,dc,ad,41,bb,ba,ce,\ . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'winlogon.exe'(928) c:\windows\system32\NETWIN32.DLL c:\program files\Novell\ZENworks\ZENPOL32.DLL c:\windows\system32\xmlparse.dll c:\windows\system32\ZenMup.dll . - - - - - - - > 'Explorer.exe'(1696) c:\windows\system32\hnetcfg.dll c:\windows\system32\ieframe.dll c:\windows\system32\NETWIN32.DLL c:\windows\system32\NLS\ENGLISH\NWSHLXNR.DLL c:\windows\system32\NLS\ENGLISH\NOVNPNTR.DLL c:\windows\system32\netprovcredman.dll c:\windows\system32\OneX.DLL c:\windows\system32\eappprxy.dll c:\windows\system32\webcheck.dll c:\windows\system32\WPDShServiceObj.dll c:\windows\system32\PortableDeviceTypes.dll c:\windows\system32\PortableDeviceApi.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\Microsoft Security Client\Antimalware\MsMpEng.exe c:\program files\Intel\WiFi\bin\EvtEng.exe c:\program files\Java\jre6\bin\jqs.exe c:\program files\McAfee\Common Framework\FrameworkService.exe c:\program files\Novell\ZENworks\nalntsrv.exe c:\windows\system32\DRIVERS\o2flash.exe c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe c:\program files\McAfee\Common Framework\naPrdMgr.exe c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe c:\program files\Novell\ZENworks\wm.exe c:\program files\Novell\ZENworks\WMRUNDLL.EXE c:\windows\system32\igfxsrvc.exe c:\windows\system32\NWTRAY.EXE c:\program files\Novell\ZENworks\NalAgent.exe . ************************************************************************** . Completion time: 2011-05-27 15:43:53 - machine was rebooted ComboFix-quarantined-files.txt 2011-05-27 13:43 ComboFix2.txt 2011-05-27 11:04 . Pre-Run: 146.124.365.824 bytes free Post-Run: 146.120.896.512 bytes free . - - End Of File - - 8E3BEB13A9414F68D955ECA4301E6632