Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Babylon Malware/adware detected with Spybot [Solved]

Started by calmat01 , Jan 25 2013 12:30 PM

  • This topic is locked This topic is locked

#1
calmat01
Posted 25 January 2013 - 12:30 PM

calmat01

    Member

  • Member
  • PipPip
  • 50 posts
I have been getting all sorts of popups that I hadn't seen before. I also noticed that I had a new search bar that I did not download from any website that I was aware of called Claro search. I tried running all different versions of OTL but it kept getting hung up on Searching Firefox files. I think this is part of my issue. I tried running Spybot and it got hung up on the Babylon malware. It didn't finish the scan. I had a previous version of MBAM but it kept saying it was outdated and when I ran the updates, I could never get it to finish scanning.

I was finally able to get a registry from one of the rkills. It follows. Any help would be appreciated.

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingc...opic308364.html

Program started at: 01/25/2013 09:14:24 AM in x86 mode.
1/25/2013 09:14:24 AM in x86 mode.
1/25/2013 09:14:24 AM in x86 mode.
1/25/2013 09:14:24 AM in x86 mode.
Windows Version: Windows Vista ™ Home Basic Service Pack 2

Windows Version: Windows Vista ™ Home Basic Service Pack 2

Windows Version: Windows Vista ™ Home Basic Service Pack 2

Windows Version: Windows Vista ™ Home Basic Service Pack 2

Checking for Windows services to stop:

Checking for Windows services to stop:

Checking for Windows services to stop:

Checking for Windows services to stop:

* No malware services found to stop.

* No malware services found to stop.

* No malware services found to stop.

* No malware services found to stop.

Checking for processes to terminate:

Checking for processes to terminate:

Checking for processes to terminate:

Checking for processes to terminate:

* C:\Windows\system32\agrsmsvc.exe (PID: 756) [WD-HEUR]
* C:\Windows\system32\agrsmsvc.exe (PID: 756) [WD-HEUR]
* C:\Windows\system32\agrsmsvc.exe (PID: 756) [WD-HEUR]
* C:\Windows\system32\agrsmsvc.exe (PID: 756) [WD-HEUR]
* C:\Windows\system32\agrsmsvc.exe (PID: 756) [WD-HEUR]
* C:\Users\Joe\Downloads\exeHelper.com (PID: 6296) [UP-HEUR]
* C:\Users\Joe\Downloads\exeHelper.com (PID: 5160) [UP-HEUR]
* C:\Users\Joe\Downloads\exeHelper.scr (PID: 6868) [UP-HEUR]
* C:\Users\Joe\Downloads\explorer.exe (PID: 5856) [SFI]
* C:\Users\Joe\Downloads\rkill.exe (PID: 6264) [UP-HEUR]
* C:\Users\Joe\Downloads\rkill.com (PID: 4108) [UP-HEUR]
* C:\Users\Joe\Downloads\rkill.scr (PID: 7260) [UP-HEUR]
* C:\Users\Joe\Downloads\WiNlOgOn.exe (PID: 7952) [SFI]
* C:\Users\Joe\Downloads\WiNlOgOn.exe (PID: 7952) [UP-HEUR]
* C:\Windows\system32\LogonUI.exe (PID: 6736) [WD-HEUR]
* C:\ProgramData\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe (PID: 3376) [AU-HEUR]

8 proccesses terminated!

Possibly Patched Files.

* C:\Windows\system32\csrss.exe
* C:\Windows\system32\csrss.exe
* C:\Windows\system32\winlogon.exe
* C:\Windows\system32\wininit.exe
* C:\Windows\system32\services.exe
* C:\Windows\system32\lsass.exe
* C:\Windows\system32\lsm.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\System32\svchost.exe
* C:\Windows\System32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\System32\spoolsv.exe
* C:\Windows\system32\svchost.exe
* C:\Windows\System32\svchost.exe
* C:\Windows\system32\wbem\wmiprvse.exe
* C:\Windows\system32\DllHost.exe
* C:\Windows\system32\wbem\wmiprvse.exe

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe did not exist and was recreated!

* HKLM\Software\Classes\exefile did not exist and was recreated!

* HKLM\Software\Classes\.bat did not exist and was recreated!

* HKLM\Software\Classes\.bat did not exist and was recreated!

* HKLM\Software\Classes\.com did not exist and was recreated!

* HKLM\Software\Classes\comfile did not exist and was recreated!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* AeLookupSvc [Missing Service]
* ALG [Missing Service]
* Appinfo [Missing Service]
* AudioEndpointBuilder [Missing Service]
* AudioSrv [Missing Service]
* BFE [Missing Service]
* BITS [Missing Service]
* Browser [Missing Service]
* CertPropSvc [Missing Service]
* CryptSvc [Missing Service]
* DcomLaunch [Missing Service]
* DFSR [Missing Service]
* Dhcp [Missing Service]
* Dnscache [Missing Service]
* dot3svc [Missing Service]
* DPS [Missing Service]
* EapHost [Missing Service]
* EMDMgmt [Missing Service]
* EventLog [Missing Service]
* EventSystem [Missing Service]
* fdPHost [Missing Service]
* FDResPub [Missing Service]
* hidserv [Missing Service]
* hkmsvc [Missing Service]
* IKEEXT [Missing Service]
* IPBusEnum [Missing Service]
* iphlpsvc [Missing Service]
* KeyIso [Missing Service]
* KtmRm [Missing Service]
* LanmanServer [Missing Service]
* LanmanWorkstation [Missing Service]
* lltdsvc [Missing Service]
* lmhosts [Missing Service]
* MMCSS [Missing Service]
* MpsSvc [Missing Service]
* MSDTC [Missing Service]
* MSiSCSI [Missing Service]
* msiserver [Missing Service]
* napagent [Missing Service]
* Netlogon [Missing Service]
* Netman [Missing Service]
* netprofm [Missing Service]
* NlaSvc [Missing Service]
* nsi [Missing Service]
* p2pimsvc [Missing Service]
* p2psvc [Missing Service]
* PcaSvc [Missing Service]
* pla [Missing Service]
* PlugPlay [Missing Service]
* PNRPAutoReg [Missing Service]
* PNRPsvc [Missing Service]
* PolicyAgent [Missing Service]
* ProfSvc [Missing Service]
* ProtectedStorage [Missing Service]
* QWAVE [Missing Service]
* RasAuto [Missing Service]
* RasMan [Missing Service]
* RemoteAccess [Missing Service]
* RemoteRegistry [Missing Service]
* RpcLocator [Missing Service]
* RpcSs [Missing Service]
* SamSs [Missing Service]
* SCardSvr [Missing Service]
* Schedule [Missing Service]
* SCPolicySvc [Missing Service]
* SDRSVC [Missing Service]
* seclogon [Missing Service]
* SENS [Missing Service]
* SessionEnv [Missing Service]
* SharedAccess [Missing Service]
* ShellHWDetection [Missing Service]
* slsvc [Missing Service]
* SLUINotify [Missing Service]
* SNMPTRAP [Missing Service]
* Spooler [Missing Service]
* SSDPSRV [Missing Service]
* stisvc [Missing Service]
* swprv [Missing Service]
* SysMain [Missing Service]
* TabletInputService [Missing Service]
* TapiSrv [Missing Service]
* TBS [Missing Service]
* TermService [Missing Service]
* Themes [Missing Service]
* THREADORDER [Missing Service]
* TrkWks [Missing Service]
* TrustedInstaller [Missing Service]
* UI0Detect [Missing Service]
* upnphost [Missing Service]
* UxSms [Missing Service]
* vds [Missing Service]
* VSS [Missing Service]
* W32Time [Missing Service]
* wcncsvc [Missing Service]
* WcsPlugInService [Missing Service]
* WdiServiceHost [Missing Service]
* WdiSystemHost [Missing Service]
* WebClient [Missing Service]
* Wecsvc [Missing Service]
* wercplsupport [Missing Service]
* WerSvc [Missing Service]
* WinDefend [Missing Service]
* WinHttpAutoProxySvc [Missing Service]
* Winmgmt [Missing Service]
* WinRM [Missing Service]
* Wlansvc [Missing Service]
* wmiApSrv [Missing Service]
* WMPNetworkSvc [Missing Service]
* WPCSvc [Missing Service]
* WPDBusEnum [Missing Service]
* wscsvc [Missing Service]
* WSearch [Missing Service]
* wuauserv [Missing Service]
* wudfsvc [Missing Service]
* ACPI [Missing Service]
* AFD [Missing Service]
* agp440 [Missing Service]
* AsyncMac [Missing Service]
* atapi [Missing Service]
* cdfs [Missing Service]
* disk [Missing Service]
* mpsdrv [Missing Service]
* NDIS [Missing Service]
* NetBIOS [Missing Service]
* NetBT [Missing Service]
* nsiproxy [Missing Service]
* partmgr [Missing Service]
* pci [Missing Service]
* pcmcia [Missing Service]
* Processor [Missing Service]
* Smb [Missing Service]
* srv [Missing Service]
* srv2 [Missing Service]
* srvnet [Missing Service]
* Tcpip [Missing Service]
* Tcpip6 [Missing Service]
* tcpipreg [Missing Service]
* TDPIPE [Missing Service]
* tdx [Missing Service]
* vga [Missing Service]
* VgaSave [Missing Service]
* volmgr [Missing Service]
* volsnap [Missing Service]
* SstpSvc [Missing Service]

Searching for Missing Digital Signatures:

* C:\Windows\System32\browser.dll [NoSig]
  • 0

Advertisements

#2
gringo_pr
Posted 25 January 2013 - 02:04 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings and Welcome to The Forums!!

My name is Gringo and I'll be glad to help you with your malware problems.

I have put together somethings for you to keep in mind while I am helping you to make things go easier and faster for both of us

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the Watch Topic Button, select Immediate Notification, and click on Proceed. This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.





I need to get some reports to get a base to start from so I need you to run these programs first.


-DeFogger-

  • Please download DeFogger to your desktop.

    Double click DeFogger to run the tool.
  • The application window will appear
  • Click the Disable button to disable your CD Emulation drivers
  • Click Yes to continue
  • A 'Finished!' message will appear
  • Click OK
  • DeFogger may ask you to reboot the machine, if it does - click OK
Do not re-enable these drivers until otherwise instructed.


-Security Check-

  • Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


-Download DDS-

  • Please download DDS from one of the links below and save it to your desktop:

    Posted Image
    Download DDS and save it to your desktop

    Link1
    Link2
    Link3


    • Double-Click on dds.scr and a command window will appear. This is normal.
    • Shortly after two logs will appear:
    • DDS.txt
    • Attach.txt
  • A window will open instructing you save & post the logs
  • Save the logs to a convenient place such as your desktop
  • Copy the contents of both logs & post in your next reply

information and logs

  • In your next post I need the following

  • both reports from DDS
  • report from security check
  • let me know of any problems you may have had

Gringo
  • 0

#3
calmat01
Posted 25 January 2013 - 11:09 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Here are the logs as you requested:

Results of screen317's Security Check version 0.99.57
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Disabled!
Norton 360
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.70.0.1100
JavaFX 2.1.1
Java™ 6 Update 27
Java™ 6 Update 24
Java 7 Update 9
Java™ 6 Update 6
Java version out of Date!
Adobe Flash Player 11.5.502.146
Adobe Reader 9 Adobe Reader out of Date!
Adobe Reader 10.1.5 Adobe Reader out of Date!
Mozilla Firefox (18.0.1)
Google Chrome 22.0.1229.95
Google Chrome 24.0.1312.56
````````Process Check: objlist.exe by Laurent````````
Norton ccSvcHst.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 6 % Defragment your hard drive soon! (Do NOT defrag if SSD!)
````````````````````End of Log``````````````````````

DDS (Ver_2012-11-20.01) - NTFS_x86 NETWORK
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by Joe at 23:02:25 on 2013-01-25
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.2351 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://websearch.just-browse.info/
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://websearch.just-browse.info/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
uURLSearchHooks: Winamp Toolbar Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\winamp toolbar\winamptb.dll
uURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
mURLSearchHooks: Winamp Toolbar Search Class: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - c:\program files\winamp toolbar\winamptb.dll
mURLSearchHooks: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - c:\program files\winamp toolbar\winamptb.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
BHO: CIEDownload Object: {67BCF957-85FC-4036-8DC4-D4D80E00A77B} - c:\program files\smart technologies\smart notebook\NotebookPlugin.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\6.4.0.9\ips\ipsbho.dll
BHO: Vaudix: {74F45961-8267-3DE9-4553-BC58A8FA0C85} - c:\programdata\vaudix\50eb4a966f900.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - c:\program files\windows live\companion\companioncore.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: GamesBarBHO Class: {CB0D163C-E9F4-4236-9496-0597E24B23A5} - c:\program files\gamesbar\2.0.1.81\oberontb.dll
BHO: NitroPDFBHO Class: {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - c:\program files\nitro pdf\pdf download\NitroPDF.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - <orphaned>
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: DVDVideoSoftTB Toolbar: {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\6.4.0.9\coieplg.dll
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: The Weather Channel Toolbar: {2E5E800E-6AC0-411E-940A-369530A35E43} - c:\windows\system32\TwcToolbarIe7.dll
TB: DVDVideoSoftTB Toolbar: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - c:\program files\dvdvideosofttb\prxtbDVDV.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - c:\program files\winamp toolbar\winamptb.dll
TB: GamesBar: {6F282B65-56BF-4BD1-A8B2-A4449A05863D} - c:\program files\gamesbar\2.0.1.81\oberontb.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [TOSCDSPD] TOSCDSPD.EXE
uRun: [Messenger (Yahoo!)] "c:\program files\yahoo!\messenger\YahooMessenger.exe" -quiet
uRun: [cacaoweb] "c:\users\joe\appdata\roaming\cacaoweb\cacaoweb.exe" -noplayer
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [FileHippo.com] "c:\program files\filehippo.com\UpdateChecker.exe" /background
uRun: [SearchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [Google Update] "c:\users\joe\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [MusicManager] "c:\users\joe\appdata\local\programs\google\musicmanager\MusicManager.exe"
uRun: [UniblueRegistryBooster] "c:\program files\uniblue\registrybooster\launcher.exe" delay 20000
uRun: [PCShowServer] c:\users\joe\appdata\local\directv player\PCShowServerPMWrapper.exe
uRun: [Logitech Vid] "c:\program files\logitech\vid hd\Vid.exe" -bootmode
uRun: [Epson Stylus NX510(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatifia.exe /fu "c:\users\joe\appdata\local\temp\E_S3D2F.tmp" /EF "HKCU"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [TPwrMain] c:\program files\toshiba\power saver\TPwrMain.EXE
mRun: [SmoothView] c:\program files\toshiba\smoothview\SmoothView.exe
mRun: [00TCrdMain] c:\program files\toshiba\flashcards\TCrdMain.exe
mRun: [ToshibaServiceStation] "c:\program files\toshiba\toshiba service station\ToshibaServiceStation.exe" /hide:60
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [SMART Board Service] c:\program files\smart technologies\smart board drivers\SMARTBoardService.exe
mRun: [SMART SNMP Agent] c:\program files\smart technologies\smart board drivers\SMARTSNMPAgent.exe -e
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [EEventManager] c:\progra~1\epsons~1\eventm~1\EEventManager.exe
mRun: [MaxMenuMgr] "c:\program files\seagate\seagatemanager\freeagent status\StxMenuMgr.exe"
mRun: [VolPanel] "c:\program files\creative\sound blaster x-fi go pro\volume panel\VolPanlu.exe" /r
mRun: [Creative SB Monitoring Utility] RunDll32 sbavmon.dll,SBAVMonitor
mRun: [UpdReg] c:\windows\UpdReg.EXE
mRun: [LTCM Client] c:\program files\ltcm client\ltcmClient.exe /startup
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [LWS] c:\program files\logitech\lws\webcam software\LWS.exe -hide
mRun: [RTHDVCPL] c:\program files\realtek\audio\hda\RtHDVCpl.exe -s
mRun: [ROC_roc_ssl_v12] "c:\program files\avg secure search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\epsona~1.lnk - d:\common\epsonreg\EpsonReg.exe
StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\users\joe\appdata\roaming\micros~1\windows\startm~1\programs\startup\paltalk.lnk - c:\program files\paltalk messenger\paltalk.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\smartb~1.lnk - c:\program files\smart technologies\smart board drivers\SMARTBoardTools.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\joe\appdata\roaming\dvdvideosoftiehelpers\freeyoutubetomp3converter.htm
IE: Save Page As PDF ... - c:\program files\nitro pdf\pdf download\nitroweb.htm
IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - c:\program files\windows live\companion\companioncore.dll
IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {4EAFEF58-EEFA-4116-983D-03B49BCBFFFE} - c:\program files\paltalk messenger\Paltalk.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab
DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} - hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/110926/CTPID.cab
TCP: NameServer = 192.168.7.254
TCP: Interfaces\{0913D5A8-EAAD-4D04-821E-DF2C6404AAB0} : DHCPNameServer = 139.94.97.230
TCP: Interfaces\{942131C3-07FE-4BE3-94CE-1E24FCF0B9E6} : DHCPNameServer = 192.168.7.254
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
AppInit_DLLs= c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\mocaflix\sprote~1.dll c:\progra~1\vaudix\sprote~1.dll
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.56\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joe\appdata\roaming\mozilla\firefox\profiles\9fuerdds.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=winamp-ff&s_qt=sb&tb_uuid=20110331225916392&tb_oid=12-12-2010&tb_mrud=25-01-2013&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=winamp-ff&tb_uuid=20110331225916392&tb_oid=12-12-2010&tb_mrud=25-01-2013&q=
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\motive\npMotive.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll
FF - plugin: c:\program files\common files\wolfram research\browser\8.0.1.2077975\npmathplugin.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.0.60818.0\npctrlui.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\nptgeqplugin.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\pando networks\media booster\npPandoWebPlugin.dll
FF - plugin: c:\program files\picasa2\npPicasa3.dll
FF - plugin: c:\program files\wildtangent games\app\browserintegration\registered\15\NP_wtapp.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\joe\appdata\local\directv player\npPCShowPlugin.dll
FF - plugin: c:\users\joe\appdata\local\directv player\npPlayerPlugin.dll
FF - plugin: c:\users\joe\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\9fuerdds.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\plugins\np-mswmp.dll
FF - plugin: c:\users\joe\appdata\roaming\mozilla\firefox\profiles\9fuerdds.default\extensions\[email protected]\plugins\npLogitechDeviceDetection.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-01-07 16:22; [email protected]; c:\users\joe\appdata\roaming\mozilla\firefox\profiles\9fuerdds.default\extensions\[email protected]
FF - ExtSQL: 2013-01-10 11:11; {b64982b1-d112-42b5-b1e4-d3867c4533f8}; c:\programdata\browser manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF - ExtSQL: 2013-01-14 14:13; [email protected]; c:\users\joe\appdata\roaming\mozilla\firefox\profiles\9fuerdds.default\extensions\[email protected]
.
---- FIREFOX POLICIES ----
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.claro.tlbrSrchUrl,
FF - user.js: extensions.claro.id - 08394b420000000000000024d26ff3a8
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15661
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1014:54:08
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - base
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\0604000.009\symds.sys [2012-10-1 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0604000.009\symefa.sys [2012-10-1 924320]
R1 jswpslwf;JumpStart Wireless Filter Driver;c:\windows\system32\drivers\jswpslwf.sys [2009-4-27 20384]
R3 FwLnk;FwLnk Driver;c:\windows\system32\drivers\FwLnk.sys [2008-9-30 7168]
R3 SMARTMouseFilterx86;HID-compliant mouse;c:\windows\system32\drivers\SMARTMouseFilterx86.sys [2009-7-23 11048]
R3 SMARTVHidMini2000x86;SMART HID Device;c:\windows\system32\drivers\SMARTVHidMini2000x86.sys [2009-7-23 14120]
S1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\bashdefs\20130116.013\BHDrvx86.sys [2013-1-15 997464]
S1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\0604000.009\ccsetx86.sys [2012-10-1 132768]
S1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_6.2.1.5\definitions\ipsdefs\20130124.001_c9d\IDSvix86.sys [2013-1-25 386720]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\0604000.009\ironx86.sys [2012-10-1 149624]
S1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\0604000.009\symtdiv.sys [2012-10-1 345208]
S2 Browser Manager;Browser Manager;c:\programdata\browser manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe [2012-11-17 2312216]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 ConfigFree Service;ConfigFree Service;c:\program files\toshiba\configfree\CFSvcs.exe [2008-4-17 40960]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
S2 FreeAgentGoNext Service;Seagate Service;c:\program files\seagate\seagatemanager\sync\FreeAgentService.exe [2009-12-18 189736]
S2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2012-10-1 398184]
S2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-12-18 682344]
S2 N360;Norton 360;c:\program files\norton 360\engine\6.4.0.9\ccsvchst.exe [2012-10-1 138272]
S2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\nitro pdf\reader\NitroPDFReaderDriverService.exe [2010-6-24 196912]
S2 Norton PC Checkup Application Launcher;Norton PC Checkup Application Launcher;c:\program files\norton pc checkup 3.0\SymcPCCULaunchSvc.exe [2012-11-17 132056]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-9-17 1153368]
S2 TeamViewer6;TeamViewer 6;c:\program files\teamviewer\version6\TeamViewer_Service.exe [2011-3-5 2296696]
S2 TOSHIBA SMART Log Service;TOSHIBA SMART Log Service;c:\program files\toshiba\smartlogservice\TosIPCSrv.exe [2007-12-3 126976]
S2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2011-4-1 450848]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-2-28 183560]
S3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files\common files\creative labs shared\service\AL6Licensing.exe [2010-12-27 79360]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\common files\creative labs shared\service\CTAELicensing.exe [2010-12-27 79360]
S3 Creative Media Toolbox 6 Licensing Service;Creative Media Toolbox 6 Licensing Service;c:\program files\common files\creative labs shared\service\MT6Licensing.exe [2010-12-27 79360]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-1-25 106656]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2011-5-30 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2011-5-13 1492840]
S3 GamesAppService;GamesAppService;c:\program files\wildtangent games\app\GamesAppService.exe [2010-10-12 206072]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files\google\google desktop search\GoogleDesktop.exe [2008-9-30 30192]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\jumpstart\jswpsapi.exe [2009-4-27 954368]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2010-12-27 1254400]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-12-18 21104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-1-25 40776]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 SVRPEDRV;SVRPEDRV;c:\windows\system32\sysprep\PEDRV.SYS [2008-9-30 9216]
S3 SWDUMon;SWDUMon;c:\windows\system32\drivers\SWDUMon.sys [2012-11-17 13024]
S3 TMachInfo;TMachInfo;c:\program files\toshiba\toshiba service station\TMachInfo.exe [2008-9-30 54136]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\windows live\mesh\wlcrasvc.exe [2010-9-22 51040]
.
=============== Created Last 30 ================
.
2013-01-26 04:25:41 -------- d-----w- c:\programdata\?L?L?????????????????????????
2013-01-25 15:39:13 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-25 13:12:54 -------- d-----w- c:\programdata\?î?î
2013-01-25 03:21:56 -------- d-----w- c:\programdata\????
2013-01-25 02:59:57 -------- d-----w- c:\programdata\????
2013-01-24 12:52:57 -------- d-----w- c:\programdata\????
2013-01-24 04:32:06 -------- d-----w- c:\users\joe\appdata\local\Apple
2013-01-24 00:04:19 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-23 20:02:47 -------- d-----w- c:\programdata\?ô?ô?????????????????????????
2013-01-22 21:36:56 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-22 00:31:45 -------- d-----w- c:\programdata\?¦?¦?????????????????????????
2013-01-21 21:43:23 -------- d-----w- c:\programdata\?÷?÷?????????????????????????
2013-01-21 05:03:39 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-20 14:58:12 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-18 12:27:07 -------- d-----w- c:\programdata\?É?É?????????????????????????
2013-01-18 00:48:04 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-17 22:45:19 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-17 00:25:35 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-16 13:10:28 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-15 22:00:04 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-15 12:42:48 -------- d-----w- c:\programdata\?'?'?????????????????????????
2013-01-14 18:44:12 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-14 12:40:44 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-13 21:23:13 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-13 21:07:06 -------- d-----w- c:\users\joe\appdata\local\PC_Drivers_Headquarters
2013-01-13 20:31:18 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-10 19:30:14 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-10 17:39:19 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 17:38:36 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 17:38:33 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 17:22:00 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2013-01-07 22:05:01 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2013-01-07 22:04:49 -------- d-----w- c:\program files\VaudiX
2013-01-07 22:04:17 -------- d-----w- c:\programdata\Premium
2013-01-07 22:03:29 -------- d-----w- c:\program files\MocaFlix
2013-01-07 22:01:33 -------- d-----w- c:\programdata\Vaudix
2013-01-07 22:00:47 -------- d-----w- c:\programdata\InstallMate
2013-01-07 21:41:49 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-06 21:59:08 -------- d-----w- c:\programdata\?????????????????????????????
2013-01-04 17:14:46 -------- d-----w- c:\programdata\?????????????????????????????
2012-12-31 23:16:33 -------- d-----w- c:\programdata\?,?,?????????????????????????
2012-12-31 05:01:16 -------- d-----w- c:\programdata\?????????????????????????????
2012-12-30 06:52:16 -------- d-----w- c:\programdata\?????????????????????????????
2012-12-29 18:48:09 -------- d-----w- c:\programdata\?î?î?????????????????????????
2012-12-27 19:58:57 -------- d-----w- c:\programdata\?????????????????????????????
2012-12-27 18:38:05 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-27 18:38:05 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-27 18:30:54 -------- d-----w- c:\programdata\?????????????????????????????
.
==================== Find3M ====================
.
2013-01-26 04:24:52 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-01-22 23:05:27 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-22 23:05:27 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-14 22:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-17 22:13:08 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-11-17 21:19:18 601100 ------w- c:\windows\system32\drivers\alcxwdm.sys
2012-11-17 21:19:18 391424 ------w- c:\windows\system32\drivers\alcxsens.sys
2012-11-17 21:19:03 208896 ------w- c:\windows\alcupd.exe
2012-11-17 21:19:03 139264 ------w- c:\windows\alcrmv.exe
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29:51 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18:17 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26:06 23040 ----a-w- c:\windows\system32\dpnsvr.exe
.
============= FINISH: 23:04:24.05 ===============

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume2
Install Date: 4/27/2009 6:40:27 PM
System Uptime: 1/25/2013 10:57:08 PM (1 hours ago)
.
Motherboard: TOSHIBA | | Portable PC
Processor: Genuine Intel® CPU 585 @ 2.16GHz | CPU | 2161/667mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 140 GiB total, 14.824 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
Acrobat.com
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.5)
Air Conflicts: Secret Wars
Aleks 3.15
Aleks 3.18
Alien Outbreak 2
Alien Sky
Alien Stars
Amazon Links
Apple Application Support
Apple Software Update
ArcSoft Print Creations
ArcSoft Print Creations - Greeting Card
ArcSoft Print Creations - Photo Calendar
Ask Toolbar
Astro Avenger 2
Astrobatics
Atheros Driver Installation Program
Atheros Wi-Fi Protected Setup Library
Atomaders
ATT-PRT22
Avencast: Rise of the Mage
Aveyond - Lord of Twilight
Aveyond - The Lost Orb
Battle Group
Bicycle Gin Rummy
Bing Bar
Blasterball 2 Revolution
Browser Manager
BurgerTime Deluxe
CameraHelperMsi
CD/DVD Drive Acoustic Silencer
Cisco Connect
Cisco EAP-FAST Module
Cisco LEAP Module
Cisco PEAP Module
Compatibility Pack for the 2007 Office system
Conduit Engine
Crazy Chicken Pinball
Creative Media Toolbox 6
Creative Media Toolbox 6 (Shared Components)
Creative System Information
Creative WaveStudio 7
Cue Master Gold
D3DX10
Dark Matter
DIRECTV Player
DivX Setup
Download Updater (AOL LLC)
Dracula Series Part 1: The Strange Case of Martha
DriverUpdate
DVD MovieFactory for TOSHIBA
DVDVideoSoftTB Toolbar
Epson CreativeZone
Epson Event Manager
EPSON NX510 Series Printer Uninstall
EPSON Scan
EpsonNet Print
EpsonNet Setup
erLT
FileHippo.com Update Checker
Fishing Craze
Flip Words
Free Audio CD Burner version 1.4.7
Free Disc Burner version 1.1
Free Studio version 4.1
Free YouTube Download 2.2
Free YouTube to MP3 Converter version 3.10.11.923
GamesBar 2.0.1.81
GearDrvs
Geneforge
Google Chrome
Google Desktop
Google Toolbar for Internet Explorer
Google Update Helper
Hazen ®
Heavy Weapon
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hoyle Puzzle and Board Games 2011
Intel® Graphics Media Accelerator Driver
Intel® Matrix Storage Manager
Invadazoid
Java 7 Update 9
Java Auto Updater
Java™ 6 Update 24
Java™ 6 Update 27
Java™ 6 Update 6
JavaFX 2.1.1
Junk Mail filter update
Logitech Vid HD
Logitech Webcam Software
LTCM Client
LWS Facebook
LWS Gallery
LWS Help_main
LWS Launcher
LWS Motion Detection
LWS Pictures And Video
LWS Twitter
LWS Video Mask Maker
LWS VideoEffects
LWS Webcam Software
LWS WLM Plugin
LWS YouTube Plugin
Magic Ball 4
Malwarebytes Anti-Malware version 1.70.0.1100
Mathematica Extras 8.0 (2077975)
MathType 6
McAfee Security Scan Plus
Mesh Runtime
Messenger Companion
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Default Manager
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Home and Student 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office PowerPoint Viewer 2007 (English)
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Suite Activation Assistant
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft VC9 runtime libraries
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Works
Microsoft XML Parser
Military Life: Tank Simulator
Mozilla Firefox 18.0.1 (x86 en-US)
Mozilla Maintenance Service
Mplayer.com
MSVCRT
MSXML 4.0 SP2 (KB941833)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Music Manager
muvee Reveal Seagate Edition
Namco All-Stars: DIG DUG
Namco All-Stars: PAC-MAN
Nitro PDF Reader
Norton 360
Norton PC Checkup
Norton Security Scan
Notebook Software
NVIDIA PhysX
OGA Notifier 2.0.0048.0
Paltalk Messenger 10.2
Pando Media Booster
PDF Download for Internet Explorer
Phoenix Assault
Picasa 3
QuickBooks Financial Center
Realtek 8169 8168 8101E 8102E Ethernet Driver
Realtek AC'97 Audio
Realtek High Definition Audio Driver
Realtek USB 2.0 Card Reader
Ricochet Recharged
Sacred Gold
Seagate Manager Installer
Search Assistant MocaFlix 1.66
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft Office 2007 suites (KB2596615) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687311) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687441) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687499) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760416) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2687307) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2760421) 32-Bit Edition
Security Update for Windows Media Encoder (KB2447961)
Security Update for Windows Media Encoder (KB954156)
Security Update for Windows Media Encoder (KB979332)
Segoe UI
SMART Board Drivers
Sound Blaster X-Fi Go! Pro
Space Strike
Spelling Dictionaries Support For Adobe Reader 9
Spotify
Spybot - Search & Destroy
Star Defender III
Star Defender Pack
Strike Ball 3
Swarm
Synaptics Pointing Device Driver
TeamViewer 6
TestGen
TextTwist 2
The Weather Channel Toolbar
TI-SmartView™
Torchlight
TOSHIBA Assist
TOSHIBA ConfigFree
TOSHIBA Desktop Links
TOSHIBA Disc Creator
TOSHIBA DVD PLAYER
TOSHIBA Extended Tiles for Windows Mobility Center
TOSHIBA Hardware Setup
TOSHIBA Recovery Disc Creator
Toshiba Registration
TOSHIBA Service Station
TOSHIBA Software Modem
TOSHIBA Speech System Applications
TOSHIBA Speech System SR Engine(U.S.) Version1.0
TOSHIBA Speech System TTS Engine(U.S.) Version1.0
TOSHIBA Supervisor Password
TOSHIBA Value Added Package
Uniblue RegistryBooster
Uninstall 1.0.0.1
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
Update Installer for WildTangent Games App
VaudiX
VC80CRTRedist - 8.0.50727.6195
WildTangent Games
WildTangent Games App (Toshiba Games)
Winamp
Winamp Detector Plug-in
Winamp Toolbar
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live Messenger Companion Core
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Windows Media Encoder 9 Series
Wolfram CDF Player (M-WIN-D 8.0.1 2078140)
Wolfram Mathematica 8 (M-WIN-T 8.0.1 2064099)
Word Wonders: The Tower of Babel
Wordary
WWII Tank Commander
Yahoo! Detect
Yahoo! Messenger
.
==== End Of File ===========================

Thanks again for any help!
  • 0

#4
gringo_pr
Posted 26 January 2013 - 05:59 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello


These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.


-AdwCleaner-

  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

--RogueKiller--

  • Download & SAVE to your Desktop RogueKiller or from here
  • Quit all programs that you may have started.
  • Please disconnect any USB or external drives from the computer before you run this scan!
  • For Vista or Windows 7, right-click and select "Run as Administrator to start"
  • For Windows XP, double-click to start.
  • Wait until Prescan has finished ...
  • Then Click on "Scan" button
  • Wait until the Status box shows "Scan Finished"
  • click on "delete"
  • Wait until the Status box shows "Deleting Finished"
  • Click on "Report" and copy/paste the content of the Notepad into your next reply.
  • The log should be found in RKreport[1].txt on your Desktop
  • Exit/Close RogueKiller+

Gringo
  • 0

#5
calmat01
Posted 26 January 2013 - 06:59 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I ran adwcleaner as you instructed. It didn't prompt me to delete anything nor did my computer reboot. I then dl RogueKiller, but when I tried to right click to run as administrator, I couldn't get any screens to show up indicating that it was running a prescreen. I hit scan and it came up with several things that it asked if I wanted to delete, but I didn't want to do that until I posted this to you. Here is the registry from AdwCleaner. I will try and see if I can run Rogue Killer as administrator one more time.

# AdwCleaner v2.108 - Logfile created 01/26/2013 at 18:31:13
# Updated 24/01/2013 by Xplode
# Operating system : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# User : Joe - JOE-PC
# Boot Mode : Normal
# Running from : C:\Users\Joe\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : Browser Manager

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Users\Joe\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\bprotector_extensions.sqlite
File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\bprotector_prefs.js
File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\searchplugins\aol-web-search.xml
File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\searchplugins\Conduit.xml
File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\searchplugins\my-web-search.xml
File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\searchplugins\safesearch.xml
File Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\searchplugins\WebSearch.xml
Folder Found : C:\Program Files\AskBarDis
Folder Found : C:\Program Files\Common Files\AVG Secure Search
Folder Found : C:\Program Files\Common Files\Plasmoo
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\DVDVideoSoftTB
Folder Found : C:\Program Files\GamesBar
Folder Found : C:\Program Files\MocaFlix
Folder Found : C:\Program Files\Winamp Toolbar
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\GamesBar
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GamesBar
Folder Found : C:\ProgramData\Premium
Folder Found : C:\ProgramData\Winamp Toolbar
Folder Found : C:\Users\Joe\AppData\Local\Conduit
Folder Found : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Found : C:\Users\Joe\AppData\Local\OpenCandy
Folder Found : C:\Users\Joe\AppData\Local\Winamp Toolbar
Folder Found : C:\Users\Joe\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Joe\AppData\LocalLow\Conduit
Folder Found : C:\Users\Joe\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Joe\AppData\LocalLow\DVDVideoSoftTB
Folder Found : C:\Users\Joe\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Joe\AppData\LocalLow\Toolbar4
Folder Found : C:\Users\Joe\AppData\Roaming\Babylon
Folder Found : C:\Users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\Conduit
Folder Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\ConduitCommon
Folder Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\CT2269050
Folder Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Folder Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Folder Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\extensions\[email protected]
Folder Found : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\WinampToolbarData
Folder Found : C:\Users\Joe\AppData\Roaming\OpenCandy

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\mocaflix\sprote~1.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\vaudix\sprote~1.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll
Key Found : HKCU\Software\5beddd0b06ee843
Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\AskBarDis
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AskBarDis
Key Found : HKCU\Software\cacaoweb
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DVDVideoSoftTB Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Winamp Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKLM\SOFTWARE\5beddd0b06ee843
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6F282B65-56BF-4BD1-A8B2-A4449A05863D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A704475C-C61A-458C-B76F-8C557D278E45}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66DD22B9-6521-4B05-97DB-0EBC00B1DA5D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{507591C2-2F4E-46A7-92D6-E6CFF82E5F26}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\DVDVideoSoftTB
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{1A93C934-025B-4C3A-B38E-9654A7003239}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28A3B2E1-9872-4B90-B90F-473A4C84D781}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{346B2223-C898-4C81-9EB0-BF7107FBDC1F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{FC5D6970-F161-42BC-ACC3-381660799279}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{A704475C-C61A-458C-B76F-8C557D278E45}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Conduit Engine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Winamp Toolbar
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKU\S-1-5-21-4056767596-380707801-2082629020-1000\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKU\S-1-5-21-4056767596-380707801-2082629020-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-4056767596-380707801-2082629020-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-4056767596-380707801-2082629020-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}
Key Found : HKU\S-1-5-21-4056767596-380707801-2082629020-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [cacaoweb]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{6F282B65-56BF-4BD1-A8B2-A4449A05863D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://www.claro-search.com/?affID=117467&tt=4612_4&babsrc=HP_ss&mntrId=08394b420000000000000024d26ff3a8
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://websearch.just-browse.info/

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\prefs.js

Found : user_pref("CT2269050..clientLogIsEnabled", false);
Found : user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2269050.AppTrackingLastCheckTime", "Fri Aug 17 2012 09:20:32 GMT-0500 (Central Daylight[...]
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129705015340022508", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
Found : user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
Found : user_pref("CT2269050.CTID", "CT2269050");
Found : user_pref("CT2269050.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2269050.CurrentServerDate", "26-1-2013");
Found : user_pref("CT2269050.DialogsAlignMode", "LTR");
Found : user_pref("CT2269050.DialogsGetterLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central Standa[...]
Found : user_pref("CT2269050.DownloadReferralCookieData", "");
Found : user_pref("CT2269050.EMailNotifierPollDate", "Fri Jan 25 2013 23:05:12 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2269050.FirstServerDate", "20-2-2011");
Found : user_pref("CT2269050.FirstTime", true);
Found : user_pref("CT2269050.FirstTimeFF3", true);
Found : user_pref("CT2269050.FirstTimeSettingsDone", true);
Found : user_pref("CT2269050.FixPageNotFoundErrors", true);
Found : user_pref("CT2269050.GroupingInvalidateCache", false);
Found : user_pref("CT2269050.GroupingLastCheckTime", "0");
Found : user_pref("CT2269050.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2269050.HasUserGlobalKeys", true);
Found : user_pref("CT2269050.HomePageProtectorEnabled", false);
Found : user_pref("CT2269050.Initialize", true);
Found : user_pref("CT2269050.InitializeCommonPrefs", true);
Found : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2269050.InstallationType", "UnknownIntegration");
Found : user_pref("CT2269050.InstalledDate", "Sat Feb 19 2011 22:35:16 GMT-0600 (Central Standard Time)");
Found : user_pref("CT2269050.InvalidateCache", false);
Found : user_pref("CT2269050.IsAlertDBUpdated", true);
Found : user_pref("CT2269050.IsGrouping", false);
Found : user_pref("CT2269050.IsMulticommunity", false);
Found : user_pref("CT2269050.IsOpenThankYouPage", false);
Found : user_pref("CT2269050.IsOpenUninstallPage", false);
Found : user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central Standar[...]
Found : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2269050.LastLogin_2.7.2.0", "Mon Mar 21 2011 18:01:58 GMT-0500 (Central Daylight Time)"[...]
Found : user_pref("CT2269050.LastLogin_3.10.0.1", "Thu Apr 26 2012 19:33:28 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 31 2012 09:13:14 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 12:20:39 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 10:30:53 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2269050.LastLogin_3.15.1.0", "Tue Nov 06 2012 23:11:12 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2269050.LastLogin_3.16.0.100", "Fri Jan 25 2013 23:00:15 GMT-0600 (Central Standard Tim[...]
Found : user_pref("CT2269050.LastLogin_3.16.0.3", "Sat Nov 17 2012 11:57:06 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2269050.LastLogin_3.3.2.1", "Fri Apr 08 2011 22:47:12 GMT-0500 (Central Daylight Time)"[...]
Found : user_pref("CT2269050.LastLogin_3.3.3.2", "Fri Jun 24 2011 23:51:29 GMT-0500 (Central Daylight Time)"[...]
Found : user_pref("CT2269050.LastLogin_3.5.0.12", "Sun Aug 14 2011 10:11:00 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2269050.LastLogin_3.6.0.10", "Tue Sep 27 2011 20:05:46 GMT-0500 (Central Daylight Time)[...]
Found : user_pref("CT2269050.LastLogin_3.7.0.6", "Mon Nov 07 2011 17:51:04 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2269050.LastLogin_3.8.0.8", "Wed Dec 07 2011 17:49:17 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2269050.LastLogin_3.8.1.0", "Mon Jan 09 2012 15:17:00 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2269050.LastLogin_3.9.0.3", "Wed Feb 15 2012 13:10:55 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT2269050.LatestVersion", "3.16.0.3");
Found : user_pref("CT2269050.Locale", "en");
Found : user_pref("CT2269050.LoginCache", 4);
Found : user_pref("CT2269050.MCDetectTooltipHeight", "83");
Found : user_pref("CT2269050.MCDetectTooltipShow", false);
Found : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2269050.MCDetectTooltipWidth", "295");
Found : user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2269050.RadioIsPodcast", false);
Found : user_pref("CT2269050.RadioLastCheckTime", "Fri Jan 25 2013 12:24:38 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
Found : user_pref("CT2269050.RadioMediaID", "12473383");
Found : user_pref("CT2269050.RadioMediaType", "Media Player");
Found : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
Found : user_pref("CT2269050.RadioShrinkedFromSetup", false);
Found : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
Found : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
Found : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
Found : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2269050.SearchEngineBeforeUnload", "Winamp Search");
Found : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Found : user_pref("CT2269050.SearchInNewTabEnabled", true);
Found : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Jan 25 2013 12:24:39 GMT-0600 (Central Stand[...]
Found : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2269050.SearchProtectorEnabled", false);
Found : user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2269050.ServiceMapLastCheckTime", "Fri Jan 25 2013 12:24:38 GMT-0600 (Central Standard [...]
Found : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2269050.SettingsLastCheckTime", "Fri Jan 25 2013 23:00:11 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT2269050.SettingsLastUpdate", "1359123080");
Found : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Jan 25 2013 12:24:37 GMT-0600 (Central Sta[...]
Found : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
Found : user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2269050.UserID", "UN70124406959497627");
Found : user_pref("CT2269050.ValidationData_Search", 1);
Found : user_pref("CT2269050.ValidationData_Toolbar", 2);
Found : user_pref("CT2269050.WeatherNetwork", "");
Found : user_pref("CT2269050.WeatherPollDate", "Fri Jan 25 2013 23:00:14 GMT-0600 (Central Standard Time)");
Found : user_pref("CT2269050.WeatherUnit", "F");
Found : user_pref("CT2269050.alertChannelId", "666138");
Found : user_pref("CT2269050.approveUntrustedApps", false);
Found : user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A342[...]
Found : user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F6F6C72716F726F");
Found : user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737575727877757875242F4B4947[...]
Found : user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cj3j@@m=<$odg", "247E61393F236B25727574782A212C6E414F44[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cj7;:D@;#ncf", "247E61393F236B25737275772A212C6E414F444[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cj><5h;\"mbe", "247E61393F236B25756F73732A212C6E414F444[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cjdb@h>cocm?'rgj", "247E61393F236B256E7876752A212C6E414[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cjfb9j?9k?orbq)til", "247E61393F236B257078747A2A212C6E4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cjfb:hk;:$odg", "247E61393F236B25707776792A212C6E414F44[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cjhf99l:7$odg", "247E61393F236B2573777629202B6D404E434C[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cjhfhkm;hpdorp=hju-xmp", "247E61393F236B2573767929202B6[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cji78 k@c", "247E61393F236B25716F77732A212C6E414F444D32[...]
Found : user_pref("CT2269050.backendstorage./9b+7e31;cji>k3?a#ncf", "247E61393F236B257678287E2A6C3F4D424B307[...]
Found : user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Found : user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Found : user_pref("CT2269050.backendstorage./9b-0?3g>d", "3A6E6B706A6F44757A74737947204B78764C252051507D2A20[...]
Found : user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D464[...]
Found : user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6E6F3D3D426C70427A4778484778764B784D225120");
Found : user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F6C72716E757774717B");
Found : user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT2269050.backendstorage.autocompletepro_enable", "31");
Found : user_pref("CT2269050.backendstorage.autocompletepro_enable_auto", "31");
Found : user_pref("CT2269050.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT2269050.backendstorage.cb_user_id_000", "43423133393939333935333631335F46697265666F78")[...]
Found : user_pref("CT2269050.backendstorage.cb_user_id_002", "43423935313236323336343931365F46697265666F78")[...]
Found : user_pref("CT2269050.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT2269050.backendstorage.cbfirsttime", "4D6F6E2044656320313220323031312031383A30353A30372[...]
Found : user_pref("CT2269050.backendstorage.ct2269050ads1", "25374225323261647325323225334125354225374225323[...]
Found : user_pref("CT2269050.backendstorage.ct2269050current_term", "");
Found : user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
Found : user_pref("CT2269050.backendstorage.ct2269050sdate", "3238");
Found : user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-[...]
Found : user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "53756E2041707220323220323031322031383A[...]
Found : user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Found : user_pref("CT2269050.backendstorage.undefined", "4672692046656220303320323031322030393A32313A3439204[...]
Found : user_pref("CT2269050.backendstorage.url_history", "687474703A2F2F6C6F67696E2E7961686F6F2E636F6D2F636[...]
Found : user_pref("CT2269050.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6[...]
Found : user_pref("CT2269050.clientLogIsEnabled", false);
Found : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2269050.components.129023235807856892", false);
Found : user_pref("CT2269050.components.129121052374999726", false);
Found : user_pref("CT2269050.components.129351672002618989", false);
Found : user_pref("CT2269050.components.129351776130744254", false);
Found : user_pref("CT2269050.components.129391330693125668", false);
Found : user_pref("CT2269050.components.129466585396013141", false);
Found : user_pref("CT2269050.components.129681780741097243", false);
Found : user_pref("CT2269050.components.334876879988992", false);
Found : user_pref("CT2269050.components.3562342111233572", false);
Found : user_pref("CT2269050.components.4930556174285671", false);
Found : user_pref("CT2269050.components.5567654423577676934", false);
Found : user_pref("CT2269050.components.5567654435776682311", false);
Found : user_pref("CT2269050.components.6344014529820961218", false);
Found : user_pref("CT2269050.components.7527685960312859", false);
Found : user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central [...]
Found : user_pref("CT2269050.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2269050.initDone", true);
Found : user_pref("CT2269050.isAppTrackingManagerOn", false);
Found : user_pref("CT2269050.isFirstRadioInstallation", false);
Found : user_pref("CT2269050.myStuffEnabled", true);
Found : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129[...]
Found : user_pref("CT2269050.revertSettingsEnabled", false);
Found : user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2269050.searchProtectorEnableByLogin", true);
Found : user_pref("CT2269050.testingCtid", "");
Found : user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central S[...]
Found : user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central S[...]
Found : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CT2269050.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/US", "\"1-230[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"57d[...]
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Joe\\AppData\\Roaming\\Mozilla\\Fir[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.100");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.come2play.com/shared/appGame/main2/game.a[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2269050");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "dvdvideosofttb");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/slir[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Mar 22 2011 08:53:53 GMT-05[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jun 05 2011 14:24:28 GMT-0500 (Centr[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 23:51:28 GMT-0500 (Central D[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "c6fbef77-11e9-4e49-adf7-a9a938fe984e");
Found : user_pref("CommunityToolbar.globalUserId", "a3b4bccd-fb1e-4f3f-a5dd-437112d40ced");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jan 25 2013 12:24:4[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jan 25 2013 12:24:47 GMT-060[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jan 25 2013 12:24:39 GMT-0600 (C[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "d2130316-4608-45a0-bb9f-a1965dc559ee");
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("aol_toolbar.surf.date", "9");
Found : user_pref("aol_toolbar.surf.lastDate", "25");
Found : user_pref("aol_toolbar.surf.lastMonth", "0");
Found : user_pref("aol_toolbar.surf.lastYear", "2013");
Found : user_pref("aol_toolbar.surf.month", "9");
Found : user_pref("aol_toolbar.surf.prevMonth", "1341");
Found : user_pref("aol_toolbar.surf.total", "24647");
Found : user_pref("aol_toolbar.surf.week", "9");
Found : user_pref("aol_toolbar.surf.year", "9");
Found : user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&i[...]
Found : user_pref("extensions.claro.admin", false);
Found : user_pref("extensions.claro.aflt", "babsst");
Found : user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
Found : user_pref("extensions.claro.dfltLng", "en");
Found : user_pref("extensions.claro.excTlbr", false);
Found : user_pref("extensions.claro.id", "08394b420000000000000024d26ff3a8");
Found : user_pref("extensions.claro.instlDay", "15661");
Found : user_pref("extensions.claro.instlRef", "sst");
Found : user_pref("extensions.claro.prdct", "claro");
Found : user_pref("extensions.claro.prtnrId", "claro");
Found : user_pref("extensions.claro.tlbrId", "base");
Found : user_pref("extensions.claro.tlbrSrchUrl", "");
Found : user_pref("extensions.claro.vrsn", "1.8.3.10");
Found : user_pref("extensions.claro.vrsni", "1.8.3.10");
Found : user_pref("extensions.claro_i.smplGrp", "none");
Found : user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:54:08");
Found : user_pref("extensions.illimitux.ilx_pref_pt_veoh", true);
Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredi[...]
Found : user_pref("extensions.toolbar.mindspark._2pMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Found : user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&[...]
Found : user_pref("winamp_toolbar.button.1303935512156_1314105936530.view", "0");
Found : user_pref("winamp_toolbar.button.1303935540827_1314105897218.view", "0");
Found : user_pref("winamp_toolbar.button.1303936162215_1314105916645.view", "0");
Found : user_pref("winamp_toolbar.button.1303936270237_1314105924931.view", "0");
Found : user_pref("winamp_toolbar.buttons.defaultview", 0);
Found : user_pref("winamp_toolbar.buttons.layout", "1303935512156_1314105936530;1303936270237_1314105924931;[...]
Found : user_pref("winamp_toolbar.cookie.homepage", "");
Found : user_pref("winamp_toolbar.cookie.search", "");
Found : user_pref("winamp_toolbar.curtain.congrats", "none");
Found : user_pref("winamp_toolbar.default.homepage.check", false);
Found : user_pref("winamp_toolbar.default.search.check", true);
Found : user_pref("winamp_toolbar.default.search.label", "AOL Search");
Found : user_pref("winamp_toolbar.default.search.url", "hxxp://search.winamp.com/search/search?query={search[...]
Found : user_pref("winamp_toolbar.favplus.focusnewtab", true);
Found : user_pref("winamp_toolbar.favplus.newtab", true);
Found : user_pref("winamp_toolbar.firsttime.showwindow", false);
Found : user_pref("winamp_toolbar.guid", "{E9823646-41D6-ABEE-6C8A-C8D1A220ECEE}");
Found : user_pref("winamp_toolbar.install.distroid", "");
Found : user_pref("winamp_toolbar.install.homepage.label", "AOL.com");
Found : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.20.9143");
Found : user_pref("winamp_toolbar.install.lid", "");
Found : user_pref("winamp_toolbar.install.mtmhp", "");
Found : user_pref("winamp_toolbar.install.ncid", "");
Found : user_pref("winamp_toolbar.metrics.activestampdate", "25");
Found : user_pref("winamp_toolbar.metrics.activestampmonth", "0");
Found : user_pref("winamp_toolbar.metrics.activestampyear", "2013");
Found : user_pref("winamp_toolbar.metrics.log", false);
Found : user_pref("winamp_toolbar.metrics.originalDate", "12");
Found : user_pref("winamp_toolbar.metrics.originalHours", "12");
Found : user_pref("winamp_toolbar.metrics.originalMinutes", "20");
Found : user_pref("winamp_toolbar.metrics.originalMonth", "12");
Found : user_pref("winamp_toolbar.metrics.originalSeconds", "9");
Found : user_pref("winamp_toolbar.metrics.originalYear", "2010");
Found : user_pref("winamp_toolbar.relatednews.enabled", false);
Found : user_pref("winamp_toolbar.remote..xml", "1359176410728");
Found : user_pref("winamp_toolbar.remote.publish.xml", "1359138274274");
Found : user_pref("winamp_toolbar.reset.flag", "1");
Found : user_pref("winamp_toolbar.reset.style", "B");
Found : user_pref("winamp_toolbar.resetprompt.daily.num", "1");
Found : user_pref("winamp_toolbar.resetprompt.daily.timestamp", "1359176414376");
Found : user_pref("winamp_toolbar.resetprompt.display.limit", "8");
Found : user_pref("winamp_toolbar.rtw.active", true);
Found : user_pref("winamp_toolbar.search.button", true);
Found : user_pref("winamp_toolbar.search.cid", "25-01-2013");
Found : user_pref("winamp_toolbar.search.focusnewtab", false);
Found : user_pref("winamp_toolbar.search.instd", "20110331225916392");
Found : user_pref("winamp_toolbar.search.newtab", false);
Found : user_pref("winamp_toolbar.search.oid", "12-12-2010");
Found : user_pref("winamp_toolbar.search.placement", "left");
Found : user_pref("winamp_toolbar.search.populateoncomplete", false);
Found : user_pref("winamp_toolbar.search.savehistory", true);
Found : user_pref("winamp_toolbar.search.searchtype", "web");
Found : user_pref("winamp_toolbar.search.source", "winamp-ff");
Found : user_pref("winamp_toolbar.searchengine.label", "AOL Search");
Found : user_pref("winamp_toolbar.skin.custom", true);
Found : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Found : user_pref("winamp_toolbar.surf.show", true);
Found : user_pref("winamp_toolbar.upgrade.showwindow", false);
Found : user_pref("winamp_toolbar.weather.degc", "-8");
Found : user_pref("winamp_toolbar.weather.degf", "18");
Found : user_pref("winamp_toolbar.weather.image", "chrome://winamptoolbar/skin/weather/33_n.png");
Found : user_pref("winamp_toolbar.weather.locationid", "USNY0996");
Found : user_pref("winamp_toolbar.weather.metric", true);
Found : user_pref("winamp_toolbar.weather.tooltip", "New York , NY : Mostly Clear");
Found : user_pref("winamp_toolbar.weather.update", "1359176410729");
Found : user_pref("winamp_toolbar.winamp.appversion", "1");
Found : user_pref("winamp_toolbar.winamp.artist", "");
Found : user_pref("winamp_toolbar.winamp.button.focus", true);
Found : user_pref("winamp_toolbar.winamp.button.forward", true);
Found : user_pref("winamp_toolbar.winamp.button.open", true);
Found : user_pref("winamp_toolbar.winamp.button.pause", true);
Found : user_pref("winamp_toolbar.winamp.button.play", true);
Found : user_pref("winamp_toolbar.winamp.button.rewind", true);
Found : user_pref("winamp_toolbar.winamp.button.stop", false);
Found : user_pref("winamp_toolbar.winamp.button.volume", true);
Found : user_pref("winamp_toolbar.winamp.info.url", "hxxp://music.aol.com/artist/{artist}");
Found : user_pref("winamp_toolbar.winamp.show.focus", true);
Found : user_pref("winamp_toolbar.winamp.show.forward", true);
Found : user_pref("winamp_toolbar.winamp.show.openfile", true);
Found : user_pref("winamp_toolbar.winamp.show.pause", true);
Found : user_pref("winamp_toolbar.winamp.show.play", true);
Found : user_pref("winamp_toolbar.winamp.show.rewind", true);
Found : user_pref("winamp_toolbar.winamp.show.stop", false);
Found : user_pref("winamp_toolbar.winamp.show.volume", true);
Found : user_pref("winamp_toolbar.winamp.ticker.show", true);
Found : user_pref("winamp_toolbar.winamp.title", "-999999");
Found : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Found : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Found : user_pref("winamp_toolbar.winamp.volume", "215");

-\\ Google Chrome v24.0.1312.56

File : C:\Users\Joe\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [58635 octets] - [26/01/2013 18:31:13]

########## EOF - C:\AdwCleaner[R1].txt - [58696 octets] ##########
  • 0

#6
calmat01
Posted 26 January 2013 - 07:42 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Ok, I was able to run Rogue Killer as administrator, but it says it is waiting... and so I don't know if it is still doing the prescreen or not.
  • 0

#7
calmat01
Posted 26 January 2013 - 07:56 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
It never stopped the waiting... on initial run as administrator. I ran the scan, and deleted the items. Here is the registry.

RogueKiller V8.4.3 [Jan 26 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo...13-roguekiller/
Website : http://tigzy.geeksto...roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Started in : Normal mode
User : Joe [Admin rights]
Mode : Remove -- Date : 01/26/2013 19:53:13
| ARK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

ÿþ1

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK1652GSX +++++
--- User ---
[MBR] 83e084d363d02dd91b3edf71f963059c
[BSP] c8df17ab07f696c9e7a3154dd4e3b14c : Windows Vista MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 143737 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 297447424 | Size: 7389 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[4]_D_01262013_02d1953.txt >>
RKreport[1]_S_01262013_02d1849.txt ; RKreport[2]_S_01262013_02d1952.txt ; RKreport[3]_D_01262013_02d1952.txt ; RKreport[4]_D_01262013_02d1953.txt
  • 0

#8
gringo_pr
Posted 26 January 2013 - 09:09 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.
Link 1
Link 2
Link 3
1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?

Gringo
  • 0

#9
calmat01
Posted 27 January 2013 - 10:04 AM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I had trouble disabling spybot's tea timer. For some reason, I could disable it from the Resident tools option, but then when it asked me to do the same in the system startup, I couldn't find it. Any how, I was able to run the combofix, even though I could not find anywhere from Norton 360's menus to allow me to disable it completely. I was able to disable most of its protection, but not all. Nonetheless, combofix completed and produced the following log:

ComboFix 13-01-27.03 - Joe 01/27/2013 9:26.4.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1434 [GMT -6:00]
Running from: c:\users\Joe\Downloads\ComboFix.exe
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\pt
c:\windows\system32\pt\toscdspd.cpl.mui
c:\windows\system32\roboot.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
c:\windows\wt\backup\1.5.1.36\_privacy.txt
c:\windows\wt\backup\1.5.1.36\info.txt
c:\windows\wt\backup\1.5.1.36\stopwcmdr.bat
c:\windows\wt\backup\1.5.1.36\updatenow.bat
c:\windows\wt\data.wts
c:\windows\wt\info.txt
c:\windows\wt\updater\_privacy.txt
c:\windows\wt\updater\data.wts
c:\windows\wt\updater\stopwcmdr.bat
c:\windows\wt\updater\updatenow.bat
c:\windows\wt\updater\userid.txt
c:\windows\wt\updater\wt.ini
c:\windows\wt\updater\wtlog.txt
c:\windows\wt\webdriver.dll
c:\windows\wt\webdriver\actorobject.dll
c:\windows\wt\webdriver\camobject.dll
c:\windows\wt\webdriver\dx5drv.dll
c:\windows\wt\webdriver\dx7drv.dll
c:\windows\wt\webdriver\modelobject.dll
c:\windows\wt\webdriver\portalobject.dll
c:\windows\wt\webdriver\proceduralelectricfx.dll
c:\windows\wt\webdriver\proceduralfire.dll
c:\windows\wt\webdriver\proceduralshifter.dll
c:\windows\wt\webdriver\sound.dll
c:\windows\wt\webdriver\spout.dll
c:\windows\wt\webdriver\string3d.dll
c:\windows\wt\webdriver\trimesh.dll
c:\windows\wt\webdriver\wdengine.dll
c:\windows\wt\webdriver\webdriver.dll
c:\windows\wt\webdriver\wildtangent.jar
c:\windows\wt\webdriver\wthost.exe
c:\windows\wt\webdriver\wthostctl.dll
c:\windows\wt\webdriver\wtwmplug.ax
c:\windows\wt\wt3d.dll
c:\windows\wt\wt3d.ini
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\actorobject.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\camobject.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\dx5drv.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\dx7drv.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\legacy\data.wts
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\legacy\webdriver.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\legacy\wt3d.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\modelobject.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\npwthost.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\npwtplug.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\portalobject.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\proceduralelectricfx.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\proceduralfire.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\proceduralshifter.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\sound.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\spout.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\string3d.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\trimesh.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\wdengine.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\webdriver.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\wildtangent.jar
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\wthost.exe
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\wthost.jar
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\wthostctl.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\wtvh.dll
c:\windows\wt\wtupdates\wtwebdriver\files\2.0.6.007\wtwmplug.ax
c:\windows\wt\wtupdates\wtwebdriver\update_info\data.wts
c:\windows\wt\wtvh.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-27 to 2013-01-27 )))))))))))))))))))))))))))))))
.
.
2013-01-27 15:47 . 2013-01-27 15:47 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-01-27 15:47 . 2013-01-27 15:47 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-27 15:47 . 2013-01-27 15:47 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-27 15:47 . 2013-01-27 15:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-27 14:16 . 2013-01-27 14:16 -------- d-----w- c:\progra~2\!!6B2F~1
2013-01-27 00:20 . 2013-01-27 00:20 -------- d-----w- c:\progra~2\6CFE~1
2013-01-26 04:25 . 2013-01-26 04:25 -------- d-----w- c:\progra~2\LLAC0F~1
2013-01-25 15:39 . 2013-01-25 15:39 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-25 13:12 . 2013-01-25 13:12 -------- d-----w- c:\progra~2\56D7~1
2013-01-25 03:21 . 2013-01-25 03:21 -------- d-----w- c:\progra~2\FEEF~1
2013-01-25 02:59 . 2013-01-25 02:59 -------- d-----w- c:\progra~2\89EF~1
2013-01-24 12:54 . 2013-01-24 12:54 -------- d-----w- c:\users\Joe\AppData\Roaming\Apple Computer
2013-01-24 12:52 . 2013-01-24 12:52 -------- d-----w- c:\progra~2\2EE7~1
2013-01-24 04:34 . 2013-01-24 04:35 -------- d-----w- c:\program files\QuickTime
2013-01-24 04:32 . 2013-01-24 04:32 -------- d-----w- c:\program files\Common Files\Apple
2013-01-24 04:32 . 2013-01-24 04:32 -------- d-----w- c:\users\Joe\AppData\Local\Apple
2013-01-24 04:31 . 2013-01-24 04:31 -------- d-----w- c:\program files\Apple Software Update
2013-01-24 04:31 . 2013-01-24 04:31 -------- d-----w- c:\programdata\Apple
2013-01-24 00:04 . 2013-01-24 00:04 -------- d-----w- c:\progra~2\68C1~1
2013-01-23 20:02 . 2013-01-23 20:02 -------- d-----w- c:\progra~2\AE94~1
2013-01-22 21:36 . 2013-01-22 21:36 -------- d-----w- c:\progra~2\29F1~1
2013-01-22 00:31 . 2013-01-22 00:31 -------- d-----w- c:\progra~2\29C4~1
2013-01-21 21:43 . 2013-01-21 21:43 -------- d-----w- c:\progra~2\EC82~1
2013-01-21 05:03 . 2013-01-21 05:03 -------- d-----w- c:\progra~2\A402~1
2013-01-20 14:58 . 2013-01-20 14:58 -------- d-----w- c:\progra~2\6CE1~1
2013-01-18 12:27 . 2013-01-18 12:27 -------- d-----w- c:\progra~2\6DA4~1
2013-01-18 00:48 . 2013-01-18 00:48 -------- d-----w- c:\progra~2\2F55~1
2013-01-17 22:45 . 2013-01-17 22:45 -------- d-----w- c:\progra~2\2BD4~1
2013-01-17 00:25 . 2013-01-17 00:25 -------- d-----w- c:\progra~2\60F1~1
2013-01-16 13:10 . 2013-01-16 13:10 -------- d-----w- c:\progra~2\E1E4~1
2013-01-15 22:00 . 2013-01-15 22:00 -------- d-----w- c:\progra~2\AB02~1
2013-01-15 12:42 . 2013-01-15 12:42 -------- d-----w- c:\progra~2\''E82F~1
2013-01-14 18:44 . 2013-01-14 18:44 -------- d-----w- c:\progra~2\2BF1~1
2013-01-14 12:40 . 2013-01-14 12:40 -------- d-----w- c:\progra~2\A9C1~1
2013-01-13 21:23 . 2013-01-13 21:23 -------- d-----w- c:\progra~2\A3EF~1
2013-01-13 21:07 . 2013-01-13 21:07 -------- d-----w- c:\users\Joe\AppData\Local\PC_Drivers_Headquarters
2013-01-13 20:31 . 2013-01-13 20:31 -------- d-----w- c:\progra~2\E6E4~1
2013-01-10 19:30 . 2013-01-10 19:30 -------- d-----w- c:\progra~2\AC55~1
2013-01-10 17:39 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 17:38 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 17:38 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 17:22 . 2013-01-20 00:26 262552 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2013-01-07 22:05 . 2013-01-07 22:05 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2013-01-07 22:04 . 2013-01-07 22:04 -------- d-----w- c:\program files\VaudiX
2013-01-07 22:04 . 2013-01-13 20:55 -------- d-----w- c:\programdata\Premium
2013-01-07 22:03 . 2013-01-07 22:03 -------- d-----w- c:\program files\MocaFlix
2013-01-07 22:01 . 2013-01-17 04:12 -------- d-----w- c:\programdata\Vaudix
2013-01-07 22:00 . 2013-01-13 20:55 -------- d-----w- c:\programdata\InstallMate
2013-01-07 21:41 . 2013-01-07 21:41 -------- d-----w- c:\progra~2\24C1~1
2013-01-06 21:59 . 2013-01-06 21:59 -------- d-----w- c:\progra~2\ECC1~1
2013-01-04 17:14 . 2013-01-04 17:14 -------- d-----w- c:\progra~2\AE02~1
2012-12-31 23:16 . 2012-12-31 23:16 -------- d-----w- c:\progra~2\__A42F~1
2012-12-31 05:01 . 2012-12-31 05:01 -------- d-----w- c:\progra~2\2BC4~1
2012-12-30 06:52 . 2012-12-30 06:52 -------- d-----w- c:\progra~2\EB55~1
2012-12-29 18:48 . 2012-12-29 18:48 -------- d-----w- c:\progra~2\2F94~1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-27 14:16 . 2012-11-17 20:26 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-01-22 23:05 . 2012-11-17 22:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-22 23:05 . 2012-11-17 22:45 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12 . 2012-12-27 18:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-27 18:38 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2011-12-18 19:21 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-17 22:13 . 2009-04-27 22:52 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-11-17 21:19 . 2012-11-17 21:20 601100 ------w- c:\windows\system32\drivers\alcxwdm.sys
2012-11-17 21:19 . 2012-11-17 21:20 391424 ------w- c:\windows\system32\drivers\alcxsens.sys
2012-11-17 21:19 . 2012-11-17 21:20 208896 ------w- c:\windows\alcupd.exe
2012-11-17 21:19 . 2012-11-17 21:20 139264 ------w- c:\windows\alcrmv.exe
2012-11-14 02:09 . 2012-12-15 09:19 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-15 09:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-15 09:19 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-15 09:19 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-15 09:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-15 09:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-14 21:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18 . 2012-12-14 21:33 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-14 21:33 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-01-20 00:26 . 2013-01-10 17:22 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2011-03-11 1373512]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-08-26 15:32 279944 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 21:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{74F45961-8267-3DE9-4553-BC58A8FA0C85}]
2013-01-07 22:22 118272 ----a-w- c:\programdata\Vaudix\50eb4a966f900.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 21:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-08-26 279944]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-12-29 591248]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-30 3077528]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-18 30192]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe" [2009-07-23 2596864]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" [2009-07-23 1048576]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" [2010-02-19 241789]
"Creative SB Monitoring Utility"="sbavmon.dll" [2010-08-03 104448]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-27 10967656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
.
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2012-10-1 8356008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2009-7-23 10227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll c:\progra~2\browse~1\23796~1.11\{16cdf~1\browsemngr.dll c:\progra~1\google\google~1\googledesktopnetwork3.dll c:\progra~1\mocaflix\sprotector.dll c:\progra~1\vaudix\sprotector.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-22 23:18 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 23:05]
.
2013-01-27 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files\DriverUpdate\DriverUpdate.exe [2012-09-17 22:42]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:19]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:19]
.
2013-01-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4056767596-380707801-2082629020-1000Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 21:24]
.
2013-01-27 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4056767596-380707801-2082629020-1000UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 21:24]
.
2013-01-19 c:\windows\Tasks\Norton Security Scan for Joe.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-05 15:06]
.
2013-01-27 c:\windows\Tasks\rbmonitor.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-07-25 14:32]
.
2013-01-27 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\registrybooster.exe [2012-07-25 14:32]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://websearch.just-browse.info/
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://websearch.just-browse.info/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Joe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
TCP: DhcpNameServer = 192.168.7.254
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=winamp-ff&s_qt=sb&tb_uuid=20110331225916392&tb_oid=12-12-2010&tb_mrud=25-01-2013&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=winamp-ff&tb_uuid=20110331225916392&tb_oid=12-12-2010&tb_mrud=25-01-2013&q=
FF - ExtSQL: 2013-01-07 16:22; [email protected]; c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\extensions\[email protected]
FF - ExtSQL: 2013-01-10 11:11; {b64982b1-d112-42b5-b1e4-d3867c4533f8}; c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF - ExtSQL: 2013-01-14 14:13; [email protected]; c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\extensions\[email protected]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.claro.tlbrSrchUrl,
FF - user.js: extensions.claro.id - 08394b420000000000000024d26ff3a8
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15661
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1014:54
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - base
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-TOSCDSPD - TOSCDSPD.EXE
HKCU-Run-UniblueRegistryBooster - c:\program files\Uniblue\RegistryBooster\launcher.exe
HKLM-Run-ROC_roc_ssl_v12 - c:\program files\AVG Secure Search\ROC_roc_ssl_v12.exe
SafeBoot-WudfPf
SafeBoot-WudfRd
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-27 09:47
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-01-27 09:53:24
ComboFix-quarantined-files.txt 2013-01-27 15:53
.
Pre-Run: 16,819,761,152 bytes free
Post-Run: 16,605,278,208 bytes free
.
- - End Of File - - 5AF350758B807C4C2B4902179CEB39FF

My computer seems to be running a little faster. But I still keep getting a warning that another program has changed my search settings, and if I would like to keep my previous search settings along with the option to keep my AOL search settings. In addition, I still keep getting that claro search page, and I have no idea where that came from.

Thanks again for your help!
  • 0

#10
gringo_pr
Posted 27 January 2013 - 11:22 AM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Hello

Lets get a deeper look into the system and see if something shows up.

Download and run OTL

Download OTL by Old Timer and save it to your Desktop.
  • Double click on OTL.exe to run it.
  • Under Output, ensure that Minimal Output is selected.
  • Under Extra Registry section, select Use SafeList.
  • Click the Scan All Users checkbox.
  • Click on Run Scan at the top left hand corner.
  • When done, two Notepad files will open.
    • OTL.txt <-- Will be opened and the that I need posted back here
    • Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
  • Please post the contents of OTL.txt in your next reply.

Gringo
  • 0

Advertisements

#11
calmat01
Posted 27 January 2013 - 07:08 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I tried to run OTL but it kept getting hung up on a Windows file. I tried each version of OTL. This has happened once before. I believe I was instructed to run one of the rkills. I ran them all and got 4 different logs. Not sure if they are all the same or not. Not sure what to do next.
  • 0

#12
gringo_pr
Posted 27 January 2013 - 08:18 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Greetings

At this time I would like you to run this script for me and it is a good time to check out the computer to see if there is anything else that needs to be addressed.

:Run CFScript:

Open Notepad and copy/paste the text in the box into the window:

ClearJavaCache::

Folder::
c:\programdata\Premium
c:\program files\VaudiX
c:\program files\MocaFlix
c:\programdata\Vaudix
c:\programdata\InstallMate
c:\program files\AskBarDis
c:\program files\ConduitEngine

DDS::
uStart Page = hxxp://websearch.just-browse.info/
mStart Page = hxxp://websearch.just-browse.info/

Firefox::
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\
FF - ExtSQL: 2013-01-10 11:11; {b64982b1-d112-42b5-b1e4-d3867c4533f8}; c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.claro.tlbrSrchUrl, 
FF - user.js: extensions.claro.id - 08394b420000000000000024d26ff3a8
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15661
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1014:54
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - base
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false

Save it to your desktop as CFScript.txt

Referring to the picture above, drag CFScript.txt into ComboFix.exe
Posted Image
This will let ComboFix run again.
Restart if you have to.
Save the produced logfile to your desktop.

Note: Do not mouseclick combofix's window whilst it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"

  • In your next post I need the following

  • report from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now after running the script?

Gringo
  • 0

#13
calmat01
Posted 29 January 2013 - 03:26 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
Here is the report you requested. A few errors kept popping up while Combofix was running. I failed to write it down but it was the same error over and over. Combofix continued to run without a problem. When I opened up my Firefox browser again, Claro Search was not there. However, there was still a message that said a program was trying to change my search settings. I don't know if that may be my Norton 360, which, despite all the boxes I unchecked to keep it from running, still ran in the background.

ComboFix 13-01-27.03 - Joe 01/29/2013 14:56:15.5.1 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1252.1.1033.18.2939.1527 [GMT -6:00]
Running from: c:\users\Joe\Desktop\ComboFix.exe
Command switches used :: c:\users\Joe\Desktop\CFscript.txt
AV: Norton 360 *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton 360 *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AskBarDis
c:\program files\AskBarDis\bar\bin\askBar.dll
c:\program files\AskBarDis\bar\bin\askPopStp.dll
c:\program files\AskBarDis\bar\bin\psvince.dll
c:\program files\AskBarDis\bar\Settings\config.dat
c:\program files\AskBarDis\bar\Settings\config.dat.bak
c:\program files\AskBarDis\unins000.dat
c:\program files\AskBarDis\unins000.exe
c:\program files\ConduitEngine
c:\program files\ConduitEngine\appContextMenu.xml
c:\program files\ConduitEngine\ConduitEngine.dll
c:\program files\ConduitEngine\ConduitEngineHelper.exe
c:\program files\ConduitEngine\ConduitEngineUninstall.exe
c:\program files\ConduitEngine\engineContextMenu.xml
c:\program files\ConduitEngine\EngineSettings.json
c:\program files\ConduitEngine\INSTALL.LOG
c:\program files\ConduitEngine\prxConduitEngine.dll
c:\program files\ConduitEngine\toolbar.cfg
c:\program files\MocaFlix
c:\program files\MocaFlix\sprotector.dll
c:\program files\MocaFlix\uninstall.exe
c:\program files\VaudiX
c:\program files\VaudiX\sprotector.dll
c:\program files\VaudiX\uninstall.exe
c:\programdata\InstallMate
c:\programdata\InstallMate\{4F9315F2-720A-4191-A37A-3A2894703704}\_Setup.dll
c:\programdata\InstallMate\{4F9315F2-720A-4191-A37A-3A2894703704}\_Setupx.dll
c:\programdata\InstallMate\{4F9315F2-720A-4191-A37A-3A2894703704}\20130107160045.log
c:\programdata\InstallMate\{4F9315F2-720A-4191-A37A-3A2894703704}\Readme.txt
c:\programdata\InstallMate\{4F9315F2-720A-4191-A37A-3A2894703704}\Setup.dat
c:\programdata\InstallMate\{4F9315F2-720A-4191-A37A-3A2894703704}\Setup.exe
c:\programdata\InstallMate\{4F9315F2-720A-4191-A37A-3A2894703704}\Setup.ico
c:\programdata\InstallMate\{4F9315F2-720A-4191-A37A-3A2894703704}\TsuDll.dll
c:\programdata\InstallMate\{F99EA49F-8820-4AE6-A80D-C002227D8669}\_Setup.dll
c:\programdata\InstallMate\{F99EA49F-8820-4AE6-A80D-C002227D8669}\_Setupx.dll
c:\programdata\InstallMate\{F99EA49F-8820-4AE6-A80D-C002227D8669}\20120107160453.log
c:\programdata\InstallMate\{F99EA49F-8820-4AE6-A80D-C002227D8669}\Readme.txt
c:\programdata\InstallMate\{F99EA49F-8820-4AE6-A80D-C002227D8669}\Setup.dat
c:\programdata\InstallMate\{F99EA49F-8820-4AE6-A80D-C002227D8669}\Setup.exe
c:\programdata\InstallMate\{F99EA49F-8820-4AE6-A80D-C002227D8669}\Setup.ico
c:\programdata\InstallMate\{F99EA49F-8820-4AE6-A80D-C002227D8669}\TsuDll.dll
c:\programdata\InstallMate\{F99EA49F-8820-4AE6-A80D-C002227D8669}\Uninstall.ini
c:\programdata\InstallMate\VaudiX\_Setup.dll
c:\programdata\InstallMate\VaudiX\_Setupx.dll
c:\programdata\InstallMate\VaudiX\Setup.dat
c:\programdata\InstallMate\VaudiX\Setup.exe
c:\programdata\InstallMate\VaudiX\Setup.ico
c:\programdata\InstallMate\VaudiX\TsuDll.dll
c:\programdata\Premium
c:\programdata\Vaudix
c:\programdata\Vaudix\50eb4a966f900.tlb
c:\programdata\Vaudix\data\Vaudix.dat
c:\programdata\Vaudix\settings.ini
c:\programdata\Vaudix\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-28 to 2013-01-29 )))))))))))))))))))))))))))))))
.
.
2013-01-29 21:14 . 2013-01-29 21:14 -------- d-----w- c:\users\TEMP\AppData\Local\temp
2013-01-29 21:14 . 2013-01-29 21:14 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-01-29 21:14 . 2013-01-29 21:14 -------- d-----w- c:\users\Guest\AppData\Local\temp
2013-01-29 21:14 . 2013-01-29 21:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-29 20:39 . 2013-01-29 20:39 -------- d-----w- c:\progra~2\27FE~1
2013-01-27 22:59 . 2013-01-27 22:59 -------- d-----w- c:\progra~2\6BF1~1
2013-01-27 20:18 . 2013-01-27 20:18 -------- d-----w- c:\progra~2\6755~1
2013-01-27 14:16 . 2013-01-27 14:16 -------- d-----w- c:\progra~2\!!6B2F~1
2013-01-27 00:20 . 2013-01-27 00:20 -------- d-----w- c:\progra~2\6CFE~1
2013-01-26 04:25 . 2013-01-26 04:25 -------- d-----w- c:\progra~2\LLAC0F~1
2013-01-25 15:39 . 2013-01-25 15:39 40776 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2013-01-25 13:12 . 2013-01-25 13:12 -------- d-----w- c:\progra~2\56D7~1
2013-01-25 03:21 . 2013-01-25 03:21 -------- d-----w- c:\progra~2\FEEF~1
2013-01-25 02:59 . 2013-01-25 02:59 -------- d-----w- c:\progra~2\89EF~1
2013-01-24 12:54 . 2013-01-24 12:54 -------- d-----w- c:\users\Joe\AppData\Roaming\Apple Computer
2013-01-24 12:52 . 2013-01-24 12:52 -------- d-----w- c:\progra~2\2EE7~1
2013-01-24 04:34 . 2013-01-24 04:35 -------- d-----w- c:\program files\QuickTime
2013-01-24 04:32 . 2013-01-24 04:32 -------- d-----w- c:\program files\Common Files\Apple
2013-01-24 04:32 . 2013-01-24 04:32 -------- d-----w- c:\users\Joe\AppData\Local\Apple
2013-01-24 04:31 . 2013-01-24 04:31 -------- d-----w- c:\program files\Apple Software Update
2013-01-24 04:31 . 2013-01-24 04:31 -------- d-----w- c:\programdata\Apple
2013-01-24 00:04 . 2013-01-24 00:04 -------- d-----w- c:\progra~2\68C1~1
2013-01-23 20:02 . 2013-01-23 20:02 -------- d-----w- c:\progra~2\AE94~1
2013-01-22 21:36 . 2013-01-22 21:36 -------- d-----w- c:\progra~2\29F1~1
2013-01-22 00:31 . 2013-01-22 00:31 -------- d-----w- c:\progra~2\29C4~1
2013-01-21 21:43 . 2013-01-21 21:43 -------- d-----w- c:\progra~2\EC82~1
2013-01-21 05:03 . 2013-01-21 05:03 -------- d-----w- c:\progra~2\A402~1
2013-01-20 14:58 . 2013-01-20 14:58 -------- d-----w- c:\progra~2\6CE1~1
2013-01-18 12:27 . 2013-01-18 12:27 -------- d-----w- c:\progra~2\6DA4~1
2013-01-18 00:48 . 2013-01-18 00:48 -------- d-----w- c:\progra~2\2F55~1
2013-01-17 22:45 . 2013-01-17 22:45 -------- d-----w- c:\progra~2\2BD4~1
2013-01-17 00:25 . 2013-01-17 00:25 -------- d-----w- c:\progra~2\60F1~1
2013-01-16 13:10 . 2013-01-16 13:10 -------- d-----w- c:\progra~2\E1E4~1
2013-01-15 22:00 . 2013-01-15 22:00 -------- d-----w- c:\progra~2\AB02~1
2013-01-15 12:42 . 2013-01-15 12:42 -------- d-----w- c:\progra~2\''E82F~1
2013-01-14 18:44 . 2013-01-14 18:44 -------- d-----w- c:\progra~2\2BF1~1
2013-01-14 12:40 . 2013-01-14 12:40 -------- d-----w- c:\progra~2\A9C1~1
2013-01-13 21:23 . 2013-01-13 21:23 -------- d-----w- c:\progra~2\A3EF~1
2013-01-13 21:07 . 2013-01-13 21:07 -------- d-----w- c:\users\Joe\AppData\Local\PC_Drivers_Headquarters
2013-01-13 20:31 . 2013-01-13 20:31 -------- d-----w- c:\progra~2\E6E4~1
2013-01-10 19:30 . 2013-01-10 19:30 -------- d-----w- c:\progra~2\AC55~1
2013-01-10 17:39 . 2012-11-23 01:35 2048000 ----a-w- c:\windows\system32\win32k.sys
2013-01-10 17:38 . 2012-11-20 04:22 204288 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 17:38 . 2012-11-02 10:19 1400832 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 17:22 . 2013-01-20 00:26 262552 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2013-01-07 22:05 . 2013-01-07 22:05 -------- d-----w- c:\programdata\WoW Worldwide Software LTD
2013-01-07 21:41 . 2013-01-07 21:41 -------- d-----w- c:\progra~2\24C1~1
2013-01-06 21:59 . 2013-01-06 21:59 -------- d-----w- c:\progra~2\ECC1~1
2013-01-04 17:14 . 2013-01-04 17:14 -------- d-----w- c:\progra~2\AE02~1
2012-12-31 23:16 . 2012-12-31 23:16 -------- d-----w- c:\progra~2\__A42F~1
2012-12-31 05:01 . 2012-12-31 05:01 -------- d-----w- c:\progra~2\2BC4~1
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-29 20:38 . 2012-11-17 20:26 13024 ----a-w- c:\windows\system32\drivers\SWDUMon.sys
2013-01-22 23:05 . 2012-11-17 22:45 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-22 23:05 . 2012-11-17 22:45 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-16 13:12 . 2012-12-27 18:38 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 10:50 . 2012-12-27 18:38 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 22:49 . 2011-12-18 19:21 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-17 22:13 . 2009-04-27 22:52 319456 ----a-w- c:\windows\DIFxAPI.dll
2012-11-17 21:19 . 2012-11-17 21:20 601100 ------w- c:\windows\system32\drivers\alcxwdm.sys
2012-11-17 21:19 . 2012-11-17 21:20 391424 ------w- c:\windows\system32\drivers\alcxsens.sys
2012-11-17 21:19 . 2012-11-17 21:20 208896 ------w- c:\windows\alcupd.exe
2012-11-17 21:19 . 2012-11-17 21:20 139264 ------w- c:\windows\alcrmv.exe
2012-11-14 02:09 . 2012-12-15 09:19 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-15 09:19 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-15 09:19 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-15 09:19 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-15 09:19 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-15 09:19 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 01:29 . 2012-12-14 21:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 10:18 . 2012-12-14 21:33 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 08:26 . 2012-12-14 21:33 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2013-01-20 00:26 . 2013-01-10 17:22 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files\Winamp Toolbar\winamptb.dll" [2011-03-11 1373512]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
2011-01-17 21:54 175912 ----a-w- c:\program files\DVDVideoSoftTB\prxtbDVDV.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{872b5b88-9db5-4310-bdd0-ac189557e5f5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{872B5B88-9DB5-4310-BDD0-AC189557E5F5}"= "c:\program files\DVDVideoSoftTB\prxtbDVDV.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\program files\Yahoo!\Messenger\YahooMessenger.exe" [2011-08-22 6276408]
"FileHippo.com"="c:\program files\FileHippo.com\UpdateChecker.exe" [2010-08-09 248832]
"SearchEngineProtection"="c:\program files\Gamesbar\SearchEngineProtection.exe" [2010-12-29 591248]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2011-10-30 3077528]
"Logitech Vid"="c:\program files\Logitech\Vid HD\Vid.exe" [2011-01-13 6129496]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-27 39408]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-25 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-25 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-25 145944]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2008-04-16 178712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-08-14 1348904]
"TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2008-02-06 431456]
"SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2008-06-02 505720]
"00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2008-05-09 716800]
"ToshibaServiceStation"="c:\program files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2011-02-11 1295736]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2010-06-18 30192]
"SMART Board Service"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe" [2009-07-23 2596864]
"SMART SNMP Agent"="c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" [2009-07-23 1048576]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2011-07-11 74752]
"EEventManager"="c:\progra~1\EPSONS~1\EVENTM~1\EEventManager.exe" [2009-04-07 673616]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-12-18 197928]
"VolPanel"="c:\program files\Creative\Sound Blaster X-Fi Go Pro\Volume Panel\VolPanlu.exe" [2010-02-19 241789]
"Creative SB Monitoring Utility"="sbavmon.dll" [2010-08-03 104448]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"LTCM Client"="c:\program files\LTCM Client\ltcmClient.exe" [2009-08-05 1596096]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-11-11 205336]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-03-27 10967656]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
.
c:\users\Joe\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Epson all-in-one Registration.lnk - d:\common\EpsonReg\EpsonReg.exe [N/A]
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
PalTalk.lnk - c:\program files\Paltalk Messenger\paltalk.exe [2012-10-1 8356008]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.285\SSScheduler.exe [2012-9-5 271808]
SMART Board Tools.lnk - c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardTools.exe [2009-7-23 10227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~2\browse~1\23796~1.11\{16cdf~1\browse~1.dll c:\progra~2\browse~1\23796~1.11\{16cdf~1\browsemngr.dll c:\progra~2\browse~1\23796~1.11\{16cdf~1\browsemngr.dll c:\progra~1\google\google~1\googledesktopnetwork3.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-22 23:18 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-17 23:05]
.
2013-01-29 c:\windows\Tasks\DriverUpdate Startup.job
- c:\program files\DriverUpdate\DriverUpdate.exe [2012-09-17 22:42]
.
2013-01-29 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:19]
.
2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-28 23:19]
.
2013-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4056767596-380707801-2082629020-1000Core.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 21:24]
.
2013-01-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4056767596-380707801-2082629020-1000UA.job
- c:\users\Joe\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-10 21:24]
.
2013-01-19 c:\windows\Tasks\Norton Security Scan for Joe.job
- c:\program files\Norton Security Scan\Engine\2.7.3.34\Nss.exe [2010-06-05 15:06]
.
2013-01-29 c:\windows\Tasks\rbmonitor.job
- c:\program files\Uniblue\RegistryBooster\rbmonitor.exe [2012-07-25 14:32]
.
2013-01-29 c:\windows\Tasks\RegistryBooster.job
- c:\program files\Uniblue\RegistryBooster\registrybooster.exe [2012-07-25 14:32]
.
.
------- Supplementary Scan -------
.
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Joe\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Save Page As PDF ... - file://c:\program files\Nitro PDF\PDF Download\nitroweb.htm
TCP: DhcpNameServer = 192.168.7.254
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=winamp-ff&s_qt=sb&tb_uuid=20110331225916392&tb_oid=12-12-2010&tb_mrud=25-01-2013&query=
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=winamp-ff&tb_uuid=20110331225916392&tb_oid=12-12-2010&tb_mrud=25-01-2013&q=
FF - ExtSQL: 2013-01-07 16:22; [email protected]; c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\extensions\[email protected]
FF - ExtSQL: 2013-01-10 11:11; {b64982b1-d112-42b5-b1e4-d3867c4533f8}; c:\programdata\Browser Manager\2.3.796.11\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension
FF - ExtSQL: 2013-01-14 14:13; [email protected]; c:\users\Joe\AppData\Roaming\Mozilla\Firefox\Profiles\9fuerdds.default\extensions\[email protected]
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(extensions.claro.tlbrSrchUrl,
FF - user.js: extensions.claro.id - 08394b420000000000000024d26ff3a8
FF - user.js: extensions.claro.appId - {C3110516-8EFC-49D6-8B72-69354F332062}
FF - user.js: extensions.claro.instlDay - 15661
FF - user.js: extensions.claro.vrsn - 1.8.3.10
FF - user.js: extensions.claro.vrsni - 1.8.3.10
FF - user.js: extensions.claro_i.vrsnTs - 1.8.3.1014:54
FF - user.js: extensions.claro.prtnrId - claro
FF - user.js: extensions.claro.prdct - claro
FF - user.js: extensions.claro.aflt - babsst
FF - user.js: extensions.claro_i.smplGrp - none
FF - user.js: extensions.claro.tlbrId - base
FF - user.js: extensions.claro.instlRef - sst
FF - user.js: extensions.claro.dfltLng - en
FF - user.js: extensions.claro.excTlbr - false
FF - user.js: extensions.claro.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\AskBarDis\bar\bin\askBar.dll
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
BHO-{74F45961-8267-3DE9-4553-BC58A8FA0C85} - c:\programdata\Vaudix\50eb4a966f900.dll
Toolbar-{3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\AskBarDis\bar\bin\askBar.dll
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\ConduitEngine\prxConduitEngine.dll
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\AskBarDis\bar\bin\askBar.dll
AddRemove-Ask Toolbar_is1 - c:\program files\AskBarDis\unins000.exe
AddRemove-conduitEngine - c:\progra~1\CONDUI~1\ConduitEngineUninstall.exe
AddRemove-SP_56ec1d15 - c:\program files\MocaFlix\uninstall.exe
AddRemove-SP_8187691c - c:\program files\VaudiX\uninstall.exe
AddRemove-VaudiX - c:\progra~2\INSTAL~1\VaudiX\Setup.exe
AddRemove-{681002C6-5019-81A2-7871-A43754F71E56} - c:\programdata\Vaudix\uninstall.exe
AddRemove-{F99EA49F-8820-4AE6-A80D-C002227D8669} - c:\progra~2\INSTAL~1\{F99EA~1\Setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-29 15:14
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\N360]
"ImagePath"="\"c:\program files\Norton 360\Engine\6.4.0.9\ccSvcHst.exe\" /s \"N360\" /m \"c:\program files\Norton 360\Engine\6.4.0.9\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-01-29 15:19:54
ComboFix-quarantined-files.txt 2013-01-29 21:19
ComboFix2.txt 2013-01-27 15:53
.
Pre-Run: 20,508,827,648 bytes free
Post-Run: 20,675,293,184 bytes free
.
- - End Of File - - 941ECBF869A91B5918E47D7026815908
  • 0

#14
gringo_pr
Posted 29 January 2013 - 07:40 PM

gringo_pr

    Trusted Helper

  • Malware Removal
  • 7,268 posts
Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

  • 0

#15
calmat01
Posted 29 January 2013 - 09:33 PM

calmat01

    Member

  • Topic Starter
  • Member
  • PipPip
  • 50 posts
I mentioned in an earlier post that Claro Search was not appearing anymore. Well, when I opened a fresh window in Firefox, it came back. Here are the results of the scan:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.5.2 (01.26.2013:2)
OS: Windows Vista ™ Home Basic x86
Ran by Joe on Tue 01/29/2013 at 21:18:52.63
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] browser manager
Successfully deleted: [Service] browser manager



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
Successfully deleted: [Registry Value] hkey_current_user\software\microsoft\internet explorer\toolbar\webbrowser\\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\toolbar\\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}



~~~ Registry Keys

Failed to delete: [Registry Key] hkey_current_user\software\datamngr_toolbar
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\windows\currentversion\ext\bprotectsettings
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{02478d38-c3f9-4efb-9b51-7695eca05670}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{25cee8ec-5730-41bc-8b58-22ddc8ab8c20}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{25cee8ec-5730-41bc-8b58-22ddc8ab8c20}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{30f9b915-b755-4826-820b-08fba6bd249d}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{36377dd7-b3eb-42f5-986f-680baf59ba9d}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{bb74de59-bc4c-4172-9ac4-73315f71cffe}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{bb74de59-bc4c-4172-9ac4-73315f71cffe}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{e5f5d888-2587-e012-a817-7038f5690f26}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{ebf2ba02-9094-4c5a-858b-bb198f3d8de2}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{fcbccb87-9224-4b8d-b117-f56d924beb18}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\explorer\browser helper objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afbcb7e0-f91a-4951-9f31-58fee57a25c4}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\askbardis"
Successfully deleted: [Registry Key] "hkey_current_user\software\pip"
Successfully deleted: [Registry Key] "hkey_local_machine\software\pip"



~~~ Files



~~~ Folders

Failed to delete: [Folder] "C:\ProgramData\browser manager"
Failed to delete: [Folder] "C:\ProgramData\application data\browser manager"



~~~ FireFox

Successfully deleted: [File] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\user.js
Successfully deleted: [File] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\bprotector_extensions.sqlite
Successfully deleted: [File] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\bprotector_prefs.js
Successfully deleted: [File] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\searchplugins\conduit.xml
Successfully deleted: [File] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\searchplugins\my-web-search.xml
Successfully deleted: [File] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\searchplugins\websearch.xml
Successfully deleted: [Folder] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\conduitcommon
Successfully deleted: [Folder] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\winamptoolbardata
Successfully deleted: [Folder] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Successfully deleted: [Folder] C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\extensions\{acaa314b-eeba-48e4-ad47-84e31c44796c}
Successfully deleted: [Registry Value] hkey_current_user\software\mozilla\firefox\extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}
Successfully deleted the following from C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\prefs.js

user_pref("CT2269050..clientLogIsEnabled", false);
user_pref("CT2269050..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2269050..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2269050.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
user_pref("CT2269050.AppTrackingLastCheckTime", "Fri Aug 17 2012 09:20:32 GMT-0500 (Central Daylight Time)");
user_pref("CT2269050.BrowserCompStateIsOpen_129575150554007677", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129681780741097243", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129705015340022508", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129853623028165512", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129881141106886992", true);
user_pref("CT2269050.BrowserCompStateIsOpen_129977890572899945", true);
user_pref("CT2269050.CTID", "CT2269050");
user_pref("CT2269050.CommunitiesChangesLastCheckTime", "0");
user_pref("CT2269050.CurrentServerDate", "26-1-2013");
user_pref("CT2269050.DialogsAlignMode", "LTR");
user_pref("CT2269050.DialogsGetterLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.DownloadReferralCookieData", "");
user_pref("CT2269050.EMailNotifierPollDate", "Fri Jan 25 2013 23:05:12 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.FirstServerDate", "20-2-2011");
user_pref("CT2269050.FirstTime", true);
user_pref("CT2269050.FirstTimeFF3", true);
user_pref("CT2269050.FirstTimeSettingsDone", true);
user_pref("CT2269050.FixPageNotFoundErrors", true);
user_pref("CT2269050.GroupingInvalidateCache", false);
user_pref("CT2269050.GroupingLastCheckTime", "0");
user_pref("CT2269050.GroupingLastServerUpdateTime", "0");
user_pref("CT2269050.GroupingServerCheckInterval", 1440);
user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
user_pref("CT2269050.HasUserGlobalKeys", true);
user_pref("CT2269050.HomePageProtectorEnabled", false);
user_pref("CT2269050.Initialize", true);
user_pref("CT2269050.InitializeCommonPrefs", true);
user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
user_pref("CT2269050.InstallationType", "UnknownIntegration");
user_pref("CT2269050.InstalledDate", "Sat Feb 19 2011 22:35:16 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.InvalidateCache", false);
user_pref("CT2269050.IsAlertDBUpdated", true);
user_pref("CT2269050.IsGrouping", false);
user_pref("CT2269050.IsMulticommunity", false);
user_pref("CT2269050.IsOpenThankYouPage", false);
user_pref("CT2269050.IsOpenUninstallPage", false);
user_pref("CT2269050.LanguagePackLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
user_pref("CT2269050.LastLogin_2.7.2.0", "Mon Mar 21 2011 18:01:58 GMT-0500 (Central Daylight Time)");
user_pref("CT2269050.LastLogin_3.10.0.1", "Thu Apr 26 2012 19:33:28 GMT-0500 (Central Daylight Time)");
user_pref("CT2269050.LastLogin_3.12.2.3", "Thu May 31 2012 09:13:14 GMT-0500 (Central Daylight Time)");
user_pref("CT2269050.LastLogin_3.13.0.6", "Wed Jun 27 2012 12:20:39 GMT-0500 (Central Daylight Time)");
user_pref("CT2269050.LastLogin_3.14.1.0", "Tue Aug 21 2012 10:30:53 GMT-0500 (Central Daylight Time)");
user_pref("CT2269050.LastLogin_3.15.1.0", "Tue Nov 06 2012 23:11:12 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.LastLogin_3.16.0.100", "Fri Jan 25 2013 23:00:15 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.LastLogin_3.16.0.3", "Sat Nov 17 2012 11:57:06 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.LastLogin_3.3.2.1", "Fri Apr 08 2011 22:47:12 GMT-0500 (Central Daylight Time)");
user_pref("CT2269050.LastLogin_3.3.3.2", "Fri Jun 24 2011 23:51:29 GMT-0500 (Central Daylight Time)");
user_pref("CT2269050.LastLogin_3.5.0.12", "Sun Aug 14 2011 10:11:00 GMT-0500 (Central Daylight Time)");
user_pref("CT2269050.LastLogin_3.6.0.10", "Tue Sep 27 2011 20:05:46 GMT-0500 (Central Daylight Time)");
user_pref("CT2269050.LastLogin_3.7.0.6", "Mon Nov 07 2011 17:51:04 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.LastLogin_3.8.0.8", "Wed Dec 07 2011 17:49:17 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.LastLogin_3.8.1.0", "Mon Jan 09 2012 15:17:00 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.LastLogin_3.9.0.3", "Wed Feb 15 2012 13:10:55 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.LatestVersion", "3.16.0.3");
user_pref("CT2269050.Locale", "en");
user_pref("CT2269050.LoginCache", 4);
user_pref("CT2269050.MCDetectTooltipHeight", "83");
user_pref("CT2269050.MCDetectTooltipShow", false);
user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
user_pref("CT2269050.MCDetectTooltipWidth", "295");
user_pref("CT2269050.MyStuffEnabledAtInstallation", true);
user_pref("CT2269050.RadioIsPodcast", false);
user_pref("CT2269050.RadioLastCheckTime", "Fri Jan 25 2013 12:24:38 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.RadioLastUpdateIPServer", "3");
user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
user_pref("CT2269050.RadioMediaID", "12473383");
user_pref("CT2269050.RadioMediaType", "Media Player");
user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
user_pref("CT2269050.RadioShrinkedFromSetup", false);
user_pref("CT2269050.RadioStationName", "Hotmix%20108");
user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
user_pref("CT2269050.SHRINK_TOOLBAR", 1);
user_pref("CT2269050.SavedHomepage", "resource:/browserconfig.properties");
user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2269050&octid=EB_ORIGINAL_CTID&SearchSource=1");
user_pref("CT2269050.SearchEngineBeforeUnload", "Winamp Search");
user_pref("CT2269050.SearchFromAddressBarIsInit", true);
user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&q=");
user_pref("CT2269050.SearchInNewTabEnabled", true);
user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
user_pref("CT2269050.SearchInNewTabLastCheckTime", "Fri Jan 25 2013 12:24:39 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
user_pref("CT2269050.SearchProtectorEnabled", false);
user_pref("CT2269050.SearchProtectorToolbarDisabled", false);
user_pref("CT2269050.ServiceMapLastCheckTime", "Fri Jan 25 2013 12:24:38 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.SettingsCheckIntervalMin", 120);
user_pref("CT2269050.SettingsLastCheckTime", "Fri Jan 25 2013 23:00:11 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.SettingsLastUpdate", "1359123080");
user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Fri Jan 25 2013 12:24:37 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1331805997");
user_pref("CT2269050.ToolbarShrinkedFromSetup", false);
user_pref("CT2269050.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2269050");
user_pref("CT2269050.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com
user_pref("CT2269050.UserID", "UN70124406959497627");
user_pref("CT2269050.ValidationData_Search", 1);
user_pref("CT2269050.ValidationData_Toolbar", 2);
user_pref("CT2269050.WeatherNetwork", "");
user_pref("CT2269050.WeatherPollDate", "Fri Jan 25 2013 23:00:14 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.WeatherUnit", "F");
user_pref("CT2269050.alertChannelId", "666138");
user_pref("CT2269050.approveUntrustedApps", false);
user_pref("CT2269050.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D474549484C5952594B335E5356432C45333438334A414C546660576364676F6A5E4B766B6E5B
user_pref("CT2269050.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B
user_pref("CT2269050.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462B554A4D4B4749594D33535D4F432C45333439344A414C565B5E6C656E706C7164736D4D786D
user_pref("CT2269050.backendstorage./9b+7e.:2z527", "247E70756B74757945473D3E3C3D3F3B224D4245327A3426282721263A313C2E30313233344E565A53553C675C5F4C354E4041413B44544B56484A4B4C
user_pref("CT2269050.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D6850
user_pref("CT2269050.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A66
user_pref("CT2269050.backendstorage./9b+7e06cg5el8:", "6E6D6F6F6C72716F726F");
user_pref("CT2269050.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737575727877757875242F4B49474F42357D5D5C3D");
user_pref("CT2269050.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D
user_pref("CT2269050.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A49
user_pref("CT2269050.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D
user_pref("CT2269050.backendstorage./9b+7e31;cj3j@@m=<$odg", "247E61393F236B25727574782A212C6E414F444D327A343F564C4C594948305B5053403742256257525A5558524B344D7A7D5047525F636A5
user_pref("CT2269050.backendstorage./9b+7e31;cj7;:D@;#ncf", "247E61393F236B25737275772A212C6E414F444D327A34434746504C472F5A4F523F364124615651595457514A334C797C4F46513471746256
user_pref("CT2269050.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E414F444D327A344352574757532F445D57515235605558453C472A615E5C5B6F5B57616D523B
user_pref("CT2269050.backendstorage./9b+7e31;cj><5h;\"mbe", "247E61393F236B25756F73732A212C6E414F444D327A344A484154472E594E513E3540236055505853565049324B787B4E45505D6168543D5C
user_pref("CT2269050.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D305C5D66523B544356
user_pref("CT2269050.backendstorage./9b+7e31;cjdb@h>cocm?'rgj", "247E61393F236B256E7876752A212C6E414F444D327A34504E4C544A4F5B4F594B335E5356433A4528655A555D585B554E37507D21534A
user_pref("CT2269050.backendstorage./9b+7e31;cjfb9j?9k?orbq)til", "247E61393F236B257078747A2A212C6E414F444D327A34524E45564B45574B5B5E4E5D35605558453C472A675C575F5A5D5750395220
user_pref("CT2269050.backendstorage./9b+7e31;cjfb:hk;:$odg", "247E61393F236B25707776792A212C6E414F444D327A34524E4654574746305B5053403742256257525A5558524B344D7A7D5047523572756
user_pref("CT2269050.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317933534D49512C574C4F3C333E214D49535F442D4631483F4A2D595A634F385140534A556266
user_pref("CT2269050.backendstorage./9b+7e31;cjhf99l:7$odg", "247E61393F236B2573777629202B6D404E434C317933535144445745422F5A4F523F364124615651595457514A334C797C4F46515E6269553
user_pref("CT2269050.backendstorage./9b+7e31;cjhfhkm;hpdorp=hju-xmp", "247E61393F236B2573767929202B6D404E434C317933535153565846535B4F5A5D5B485355603863585B483F4A2D6A5F5A625D60
user_pref("CT2269050.backendstorage./9b+7e31;cji78 k@c", "247E61393F236B25716F77732A212C6E414F444D327A345543442C574C4F3C333E215E534E5651544E47304976794C434E316E715F533C5543574
user_pref("CT2269050.backendstorage./9b+7e31;cji>k3?a#ncf", "247E61393F236B257678287E2A6C3F4D424B3078325348553D494B2D584D503D343F224E4F58442D4635483F4A575B624E3756513462705E78
user_pref("CT2269050.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A
user_pref("CT2269050.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B
user_pref("CT2269050.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B
user_pref("CT2269050.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D
user_pref("CT2269050.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A312833474745445159575B504B504B4D5E545553533A655A5D4A334C3C3B3A395148536775636367757567
user_pref("CT2269050.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B
user_pref("CT2269050.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A43
user_pref("CT2269050.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68
user_pref("CT2269050.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A72
user_pref("CT2269050.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37502E4F4747315C5154412A4334313738483F4A635F5A6A645E625A4772676A5740594A47
user_pref("CT2269050.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D
user_pref("CT2269050.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A51
user_pref("CT2269050.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F67757868
user_pref("CT2269050.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C44
user_pref("CT2269050.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A52404548564F58315C5154412A4335342F37483F4A68646B645D5E626462616D6971726B6C78
user_pref("CT2269050.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
user_pref("CT2269050.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D73
user_pref("CT2269050.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B48
user_pref("CT2269050.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D
user_pref("CT2269050.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215642542D584D503D263F2D2E2E2E443B4635645E6669595C6062686F5C7363716F696467764F
user_pref("CT2269050.backendstorage./9b-0?3g>d", "3A6E6B706A6F44757A74737947204B78764C252051507D2A20525528572827592F2B2B61");
user_pref("CT2269050.backendstorage./9b-0?3g@6:5;", "");
user_pref("CT2269050.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
user_pref("CT2269050.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232C2F30313237425C6453685A64536C56685C5C676264523B6F756B65745D
user_pref("CT2269050.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
user_pref("CT2269050.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484777213F3E484F4E4D4648502B564B4E2E5959595F4C564F3764535750");
user_pref("CT2269050.backendstorage./9b5ba==9cjag", "6E6F3D3D426C70427A4778484778764B784D225120");
user_pref("CT2269050.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F6F6C72716E757774717B");
user_pref("CT2269050.backendstorage./9b9643g3/9e", "6A");
user_pref("CT2269050.backendstorage./9b<:222h64<", "393F352F3E");
user_pref("CT2269050.backendstorage./9b=+03eh8h8j?:", "4443");
user_pref("CT2269050.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
user_pref("CT2269050.backendstorage./9b?b0d:8aj62<h", "6D");
user_pref("CT2269050.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
user_pref("CT2269050.backendstorage.autocompletepro_enable", "31");
user_pref("CT2269050.backendstorage.autocompletepro_enable_auto", "31");
user_pref("CT2269050.backendstorage.cb_firstuse0100", "31");
user_pref("CT2269050.backendstorage.cb_user_id_000", "43423133393939333935333631335F46697265666F78");
user_pref("CT2269050.backendstorage.cb_user_id_002", "43423935313236323336343931365F46697265666F78");
user_pref("CT2269050.backendstorage.cbcountry_000", "5553");
user_pref("CT2269050.backendstorage.cbfirsttime", "4D6F6E2044656320313220323031312031383A30353A303720474D542D30363030202843656E7472616C205374616E646172642054696D6529");
user_pref("CT2269050.backendstorage.ct2269050ads1", "25374225323261647325323225334125354225374225323261696425323225334125323235333634322532322532432532327469746C65253232253341
user_pref("CT2269050.backendstorage.ct2269050current_term", "");
user_pref("CT2269050.backendstorage.ct2269050isadsdisabled", "66616C7365");
user_pref("CT2269050.backendstorage.ct2269050sdate", "3238");
user_pref("CT2269050.backendstorage.hxxp://storage_conduit_com/marketplace/83/6d/8399d181-be98-42f2-b035-1616f617316d/.pricesparrowuuid", "30424330464441372D453537332D34364538
user_pref("CT2269050.backendstorage.shoppingapp.gk.exipres", "53756E2041707220323220323031322031383A30353A343020474D542D30353030202843656E7472616C204461796C696768742054696D652
user_pref("CT2269050.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
user_pref("CT2269050.backendstorage.undefined", "4672692046656220303320323031322030393A32313A343920474D542D30363030202843656E7472616C205374616E646172642054696D6529");
user_pref("CT2269050.backendstorage.url_history", "687474703A2F2F6C6F67696E2E7961686F6F2E636F6D2F636F6E6669672F6C6F67696E3B5F796C743D416F596348384B4652656B7667634B4D7130685967
user_pref("CT2269050.backendstorage.url_history0001", "687474703A2F2F7777772E66616365626F6F6B2E636F6D2F6C2E7068703F753D687474702533412532462532467777772E6B69696974762E636F6D25
user_pref("CT2269050.clientLogIsEnabled", false);
user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
user_pref("CT2269050.components.129023235807856892", false);
user_pref("CT2269050.components.129121052374999726", false);
user_pref("CT2269050.components.129351672002618989", false);
user_pref("CT2269050.components.129351776130744254", false);
user_pref("CT2269050.components.129391330693125668", false);
user_pref("CT2269050.components.129466585396013141", false);
user_pref("CT2269050.components.129681780741097243", false);
user_pref("CT2269050.components.334876879988992", false);
user_pref("CT2269050.components.3562342111233572", false);
user_pref("CT2269050.components.4930556174285671", false);
user_pref("CT2269050.components.5567654423577676934", false);
user_pref("CT2269050.components.5567654435776682311", false);
user_pref("CT2269050.components.6344014529820961218", false);
user_pref("CT2269050.components.7527685960312859", false);
user_pref("CT2269050.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlP
user_pref("CT2269050.globalFirstTimeInfoLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.homepageProtectorEnableByLogin", true);
user_pref("CT2269050.initDone", true);
user_pref("CT2269050.isAppTrackingManagerOn", false);
user_pref("CT2269050.isFirstRadioInstallation", false);
user_pref("CT2269050.myStuffEnabled", true);
user_pref("CT2269050.myStuffPublihserMinWidth", 400);
user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
user_pref("CT2269050.oldAppsList", "128834881989343894,128834881989343895,111,129466585399606892,129881140170815901,129391330693125668,129863783591067571,129881141106886992,12
user_pref("CT2269050.revertSettingsEnabled", false);
user_pref("CT2269050.searchProtectorDialogDelayInSec", 10);
user_pref("CT2269050.searchProtectorEnableByLogin", true);
user_pref("CT2269050.testingCtid", "");
user_pref("CT2269050.toolbarAppMetaDataLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.toolbarContextMenuLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central Standard Time)");
user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
user_pref("CT2269050.usagesFlag", 2);
user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1be9fea05d85729068cf11b8558395983\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/666138/661999/US", "\"1-230703-97185600\"");
user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2269050", "\"1353315459\"");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "C5ZJe6gL80JBW5CuLy+wkg==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");
user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "FqddrIU7eyJgaaLyHDeVMQ==");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10.0.1", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.100", "\"0343677cfb1cd1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:155b\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.2.1", "\"0652eeacc6cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"07b2625f8cb1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"8028f138140cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:1254\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"6a637346d78ccc1:1254\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.1.0", "\"6a637346d78ccc1:0\"");
user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:12da\"");
user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2269050", "\"0697a2066791d3f9dfa6c976583f2c5c\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2269050&octid=CT2269050", "\"1322501035\"");
user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2269050/CT2269050", "\"1311170367\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"634515953213470000\"");
user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"57d291a0ab9ea2aeecde67e5686b89e6\"");
user_pref("CommunityToolbar.EngineOwner", "");
user_pref("CommunityToolbar.EngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
user_pref("CommunityToolbar.EngineOwnerToolbarId", "dvdvideosofttb");
user_pref("CommunityToolbar.IsEngineShown", true);
user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Joe\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\9fuerdds.default\\conduitCommon\\modules\\3.16.0.100");
user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.100");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_ext_msg_key_f66a68c6", "356x332");
user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://www.come2play.com/shared/appGame/main2/game.asp?channel_id=848&game_id=12&ctid=CT2269050&play_type=quick", "840x629");
user_pref("CommunityToolbar.OriginalEngineOwner", "CT2269050");
user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{872b5b88-9db5-4310-bdd0-ac189557e5f5}");
user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "dvdvideosofttb");
user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&invocationType=tb50ffwinampab&query=");
user_pref("CommunityToolbar.ToolbarsList", "CT2269050");
user_pref("CommunityToolbar.ToolbarsList2", "CT2269050");
user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue Mar 22 2011 08:53:53 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Jun 05 2011 14:24:28 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.alert.locale", "en");
user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Jun 24 2011 23:51:28 GMT-0500 (Central Daylight Time)");
user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.alert.showTrayIcon", false);
user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.alert.userId", "c6fbef77-11e9-4e49-adf7-a9a938fe984e");
user_pref("CommunityToolbar.globalUserId", "a3b4bccd-fb1e-4f3f-a5dd-437112d40ced");
user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
user_pref("CommunityToolbar.killedEngine", true);
user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Jan 25 2013 12:24:42 GMT-0600 (Central Standard Time)");
user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Fri Jan 25 2013 12:24:47 GMT-0600 (Central Standard Time)");
user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
user_pref("CommunityToolbar.notifications.locale", "en");
user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Jan 25 2013 12:24:39 GMT-0600 (Central Standard Time)");
user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
user_pref("CommunityToolbar.notifications.showTrayIcon", false);
user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
user_pref("CommunityToolbar.notifications.userId", "d2130316-4608-45a0-bb9f-a1965dc559ee");
user_pref("CommunityToolbar.undefined", "");
user_pref("aol_toolbar.surf.date", "9");
user_pref("aol_toolbar.surf.lastDate", "25");
user_pref("aol_toolbar.surf.lastMonth", "0");
user_pref("aol_toolbar.surf.lastYear", "2013");
user_pref("aol_toolbar.surf.month", "9");
user_pref("aol_toolbar.surf.prevMonth", "1341");
user_pref("aol_toolbar.surf.total", "24647");
user_pref("aol_toolbar.surf.week", "9");
user_pref("aol_toolbar.surf.year", "9");
user_pref("browser.search.defaulturl", "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=winamp-ff&s_qt=sb&tb_uuid=20110331225916392&tb_oid=12-12-2010
user_pref("extensions.claro.admin", false);
user_pref("extensions.claro.aflt", "babsst");
user_pref("extensions.claro.appId", "{C3110516-8EFC-49D6-8B72-69354F332062}");
user_pref("extensions.claro.dfltLng", "en");
user_pref("extensions.claro.excTlbr", false);
user_pref("extensions.claro.id", "08394b420000000000000024d26ff3a8");
user_pref("extensions.claro.instlDay", "15661");
user_pref("extensions.claro.instlRef", "sst");
user_pref("extensions.claro.prdct", "claro");
user_pref("extensions.claro.prtnrId", "claro");
user_pref("extensions.claro.tlbrId", "base");
user_pref("extensions.claro.tlbrSrchUrl", "");
user_pref("extensions.claro.vrsn", "1.8.3.10");
user_pref("extensions.claro.vrsni", "1.8.3.10");
user_pref("extensions.claro_i.smplGrp", "none");
user_pref("extensions.claro_i.vrsnTs", "1.8.3.1014:54:08");
user_pref("extensions.enabledItems", "[email protected]:1.0.11,[email protected]:4.0,{20a82645-c095-46ed-80e3-08825760534b}:1.2.1,{340c2bbc-ce74-4362-90b5-7c26312808
user_pref("extensions.mywebsearch.prevKwdEnabled", true);
user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://slirsredirect.search.aol.com/slirs_hxxp/sredir?sredir=2685&invocationType=tb50ffwinampab&query=");
user_pref("extensions.toolbar.mindspark._2pMembers_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=E5502C2D-F555-4378-A8AA-6E65E1A84202&n=77ed505f&p2=^CD^xdm176^S0075
user_pref("extensions.toolbar.mindspark._2pMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.installDate", "2012041311");
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerId", "^CD^xdm176^S00753^us");
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.partnerSubId", "59605");
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._2pMembers_.installation.toolbarId", "E5502C2D-F555-4378-A8AA-6E65E1A84202");
user_pref("extensions.toolbar.mindspark._2pMembers_.lastActivePing", "1334616351253");
user_pref("extensions.toolbar.mindspark._2pMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._2pMembers_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._2pMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._2pMembers_.options.tabEnabled", false);
user_pref("extensions.toolbar.mindspark._2pMembers_.searchHistory", "Aunt jemima frozen breakfasts||Aunt jemima");
user_pref("extensions.toolbar.mindspark._2pMembers_.weather.location", "78401");
user_pref("extensions.toolbar.mindspark.lastInstalled", "[email protected]");
user_pref("keyword.URL", "hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&s_qt=ab&s_it=winamp-ff&tb_uuid=20110331225916392&tb_oid=12-12-2010&tb_mrud=25-01-20
user_pref("winamp_toolbar.default.search.url", "hxxp://search.winamp.com/search/search?query={searchTerms}&invocationType=winamp-ff&s_qt=sb&tb_uuid=20110331225916392&tb_oid=12
user_pref("winamp_toolbar.search.searchtype", "web");
Emptied folder: C:\Users\Joe\AppData\Roaming\mozilla\firefox\profiles\9fuerdds.default\minidumps [53 files]



~~~ Chrome

Successfully deleted: [Folder] C:\Users\Joe\appdata\local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\pgafcinpmmpklohkojmllohdhomoefph



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/29/2013 at 21:28:02.61
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP