Advertisement

There's no such thing as a stupid question, but they're the easiest to answer.
Login
Search

Advertisement

Virus & Other Malware Removal Virus & Other Malware Removal
Search Search
Search for:
Tech Support Guy > > >

partner37.mydomainadvisor.com

(In Progress)
(!)

infernos's Avatar
infernos infernos is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Nov 2012
09-Nov-2012, 01:56 PM #1
partner37.mydomainadvisor.com
For the last few days my browser kept randomly redirecting me to partner37.mydomainadvisor.com. I looked up some info about it and it seems it's a browser hijack that's really difficult to remove. Now, I have literally no experience in dealing with viruses so I would appreciate it you could help me with this. I know the first step is to open the task manager and check for abnormal process of mydomainadvisor but I can't find it. Is there some way I can recognize it?

Also here's my hijactkhis log (I'm not sure is that important but before scanning I got a pop-up saying that my system denied acces to Hosts file and if there are any hijacked domains in that file, hijackthis might not be able to fix that):

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:53:04, on 2012.11.09
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Ieva\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Users\Ieva\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Users\Ieva\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\Ieva\AppData\Local\Akamai\netsession_win.exe
C:\Users\Ieva\Desktop\HijackThis.exe
C:\Program Files\RelevantKnowledge\rlvknlg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\RunDll32.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?babsrc=H...0000241d9db367
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxta...&cr=1265626548
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\PROGRA~1\SearchYa!\1.5.20.0\bh\searchya.dll (file missing)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Ieva\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\PROGRA~1\SearchYa!\1.5.20.0\searchyaTlbr.dll (file missing)
O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Ieva\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Ieva\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ieva\AppData\Local\Akamai\netsession_win.exe"
O4 - HKCU\..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\browse~1\23762~1.17\{16cdf~1\browse~1.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe

--
End of file - 8356 bytes
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,419 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
09-Nov-2012, 02:38 PM #2
step 1
Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
infernos's Avatar
infernos infernos is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Nov 2012
09-Nov-2012, 02:43 PM #3
# AdwCleaner v2.007 - Logfile created 11/09/2012 at 20:42:09
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Ieva - IEVA-PC
# Boot Mode : Normal
# Running from : C:\Users\Ieva\Desktop\AdwCleaner.exe
# Option [Search]


***** [Services] *****

Found : Browser Manager
Found : RelevantKnowledge

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\sea rchplugins\browsemngr.xml
File Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\sea rchplugins\Conduit.xml
File Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\sea rchplugins\search.xml
File Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\sea rchplugins\SweetIm.xml
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Found : C:\Program Files\RelevantKnowledge
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Browser Manager
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\Users\Ieva\AppData\Local\blekkotb
Folder Found : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Found : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Found : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Found : C:\Users\Ieva\AppData\Local\Temp\Conduit
Folder Found : C:\Users\Ieva\AppData\LocalLow\Conduit
Folder Found : C:\Users\Ieva\AppData\Roaming\Babylon
Folder Found : C:\Users\Ieva\AppData\Roaming\Media Finder
Folder Found : C:\Users\Ieva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\Con duit
Folder Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\Con duitEngine
Folder Found : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23762~1.17\{16cdf~1\browse~1.dll
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\Headlight
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
Key Found : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Key Found : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Key Found : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchya
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKU\S-1-5-21-447599058-4001135061-4274216376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-447599058-4001135061-4274216376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKU\S-1-5-21-447599058-4001135061-4274216376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-447599058-4001135061-4274216376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0Dzy0D0BtAyCyB0Czzzz0EtN0D 0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtBzyzy&cr=1265626548
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e00000000000000241d9db367
[HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={296FEB44-D2F7-11E1-ABC4-00241D9DB367}
[HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e00000000000000241d9db367

-\\ Mozilla Firefox v16.0.2 (lt)

Profile name : default
File : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\pre fs.js

Found : user_pref("CT2233703.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2233703.CTID", "CT2233703");
Found : user_pref("CT2233703.CurrentServerDate", "5-10-2010");
Found : user_pref("CT2233703.DialogsAlignMode", "LTR");
Found : user_pref("CT2233703.DownloadReferralCookieData", "");
Found : user_pref("CT2233703.EMailNotifierPollDate", "Tue Oct 05 2010 20:14:04 GMT+0300 (FLE Daylight Time)"[...]
Found : user_pref("CT2233703.FirstServerDate", "30-8-2010");
Found : user_pref("CT2233703.FirstTime", true);
Found : user_pref("CT2233703.FirstTimeFF3", true);
Found : user_pref("CT2233703.FirstTimeSettingsDone", true);
Found : user_pref("CT2233703.FixPageNotFoundErrors", true);
Found : user_pref("CT2233703.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2233703.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2233703.Initialize", true);
Found : user_pref("CT2233703.InitializeCommonPrefs", true);
Found : user_pref("CT2233703.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2233703.InstallationType", "UnknownIntegration");
Found : user_pref("CT2233703.InstalledDate", "Mon Aug 30 2010 15:09:06 GMT+0300 (FLE Daylight Time)");
Found : user_pref("CT2233703.InvalidateCache", false);
Found : user_pref("CT2233703.IsGrouping", false);
Found : user_pref("CT2233703.IsMulticommunity", false);
Found : user_pref("CT2233703.IsOpenThankYouPage", true);
Found : user_pref("CT2233703.IsOpenUninstallPage", false);
Found : user_pref("CT2233703.LanguagePackLastCheckTime", "Tue Oct 05 2010 14:37:02 GMT+0300 (FLE Daylight Ti[...]
Found : user_pref("CT2233703.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2233703.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2233703.LastLogin_2.6.0.15", "Tue Oct 05 2010 18:37:06 GMT+0300 (FLE Daylight Time)");
Found : user_pref("CT2233703.LatestVersion", "2.7.2.0");
Found : user_pref("CT2233703.Locale", "en");
Found : user_pref("CT2233703.LoginCache", 4);
Found : user_pref("CT2233703.MCDetectTooltipHeight", "83");
Found : user_pref("CT2233703.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2233703.MCDetectTooltipWidth", "295");
Found : user_pref("CT2233703.RadioIsPodcast", false);
Found : user_pref("CT2233703.RadioLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE Daylight Time)");
Found : user_pref("CT2233703.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2233703.RadioLastUpdateServer", "129141247792900000");
Found : user_pref("CT2233703.RadioMediaID", "11027882");
Found : user_pref("CT2233703.RadioMediaType", "Media Player");
Found : user_pref("CT2233703.RadioMenuSelectedID", "EBRadioMenu_CT2233703_RECENT11027882");
Found : user_pref("CT2233703.RadioShrinked", "expanded");
Found : user_pref("CT2233703.RadioStationName", "DANCE%20radio");
Found : user_pref("CT2233703.RadioStationURL", "hxxp://www.abradio.cz/asx/danceradio32.asx");
Found : user_pref("CT2233703.RadioVolume", "50");
Found : user_pref("CT2233703.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2233703.SavedHomepage", "resource:/browserconfig.properties");
Found : user_pref("CT2233703.SearchBoxWidth", 213);
Found : user_pref("CT2233703.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Found : user_pref("CT2233703.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT223[...]
Found : user_pref("CT2233703.SearchInNewTabEnabled", true);
Found : user_pref("CT2233703.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2233703.SearchInNewTabLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE Daylight [...]
Found : user_pref("CT2233703.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2233703.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2233703.SettingsCheckIntervalMin", 120);
Found : user_pref("CT2233703.SettingsLastCheckTime", "Tue Oct 05 2010 19:13:55 GMT+0300 (FLE Daylight Time)"[...]
Found : user_pref("CT2233703.SettingsLastUpdate", "1285580322");
Found : user_pref("CT2233703.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2233703.ThirdPartyComponentsLastCheck", "Tue Sep 21 2010 07:27:05 GMT+0300 (FLE Dayligh[...]
Found : user_pref("CT2233703.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2233703.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Found : user_pref("CT2233703.UserID", "UN73440700604169263");
Found : user_pref("CT2233703.ValidationData_Search", 1);
Found : user_pref("CT2233703.ValidationData_Toolbar", 2);
Found : user_pref("CT2233703.WeatherNetwork", "");
Found : user_pref("CT2233703.WeatherPollDate", "Tue Oct 05 2010 20:06:47 GMT+0300 (FLE Daylight Time)");
Found : user_pref("CT2233703.WeatherUnit", "C");
Found : user_pref("CT2233703.alertChannelId", "631527");
Found : user_pref("CT2233703.clientLogIsEnabled", false);
Found : user_pref("CT2233703.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Found : user_pref("CT2233703.myStuffEnabled", true);
Found : user_pref("CT2233703.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2233703.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2233703.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2233703.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2233703.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868126/863926/LT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/LT", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2474641", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2836015", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2474641",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2836015",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2474641/CT2474641[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2836015/CT2836015[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/41/247/CT2474641/Images/Buttons2.xml-13-[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2474641");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ff19b72a-36ed-4066-8865-a580ae938cce}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "free_i-dressup");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2233703,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2233703");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 20 2011 16:21:50 GMT+03[...]
Found : user_pref("CommunityToolbar.alert.alertEnabled", true);
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 07:26:46 GMT+0300 (FLE D[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 07:26:28 GMT+0300 (FLE Dayli[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "3d1f366e-96cd-4541-ac38-95403a68ab6e");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE[...]
Found : user_pref("CommunityToolbar.globalUserId", "1e1335e2-459f-4cd3-8003-370f6f6c09c7");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("ConduitEngine.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.GroupingInvalidateCache", false);
Found : user_pref("ConduitEngine.GroupingLastCheckTime", "0");
Found : user_pref("ConduitEngine.GroupingLastServerUpdateTime", "0");
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", false);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standard Time)");
Found : user_pref("ConduitEngine.InvalidateCache", false);
Found : user_pref("ConduitEngine.IsGrouping", false);
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standar[...]
Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standard Time)"[...]
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.RadioLastCheckTime", "0");
Found : user_pref("ConduitEngine.RadioLastUpdateIPServer", "0");
Found : user_pref("ConduitEngine.RadioLastUpdateServer", "0");
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Dec 18 2010 16:34:56 GMT+0200 (FLE Standard Ti[...]
Found : user_pref("ConduitEngine.UserID", "UN90538513078182939");
Found : user_pref("ConduitEngine.engineLocale", "en-US");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE S[...]
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("avg.install.userHPSettings", "hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e000[...]
Found : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.defaultthis.engineName", "Free i-Dressup Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2474641&Sea[...]
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "d6d6c88e00000000000000241d9db367");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15618");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112546");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "d6d6c88e00000000000000241d9db367");
Found : user_pref("extensions.BabylonToolbar_i.id", "d6d6c88e00000000000000241d9db367");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15463");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Found : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.715:30:31");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.searchya.aflt", "foxtab");
Found : user_pref("extensions.searchya.autoRvrt", false);
Found : user_pref("extensions.searchya.cntry", "LT");
Found : user_pref("extensions.searchya.dfltLng", "");
Found : user_pref("extensions.searchya.dfltSrch", true);
Found : user_pref("extensions.searchya.dnsErr", true);
Found : user_pref("extensions.searchya.envrmnt", "production");
Found : user_pref("extensions.searchya.excTlbr", false);
Found : user_pref("extensions.searchya.hdrMd5", "7A000F8F204326082CB9F14FDCCB1828");
Found : user_pref("extensions.searchya.hmpg", false);
Found : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=&cd=2XzuyEtN2Y1[...]
Found : user_pref("extensions.searchya.id", "00241D9DB367C88E");
Found : user_pref("extensions.searchya.instlDay", "15542");
Found : user_pref("extensions.searchya.instlRef", "");
Found : user_pref("extensions.searchya.isDcmntCmplt", true);
Found : user_pref("extensions.searchya.isdcmntcmplt", true);
Found : user_pref("extensions.searchya.lastVrsnTs", "1.5.20.08:55:8");
Found : user_pref("extensions.searchya.mntrvrsn", "1.3.0");
Found : user_pref("extensions.searchya.newTab", false);
Found : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=&cd=2XzuyEtN2[...]
Found : user_pref("extensions.searchya.prdct", "searchya");
Found : user_pref("extensions.searchya.propectorlck", 81410137);
Found : user_pref("extensions.searchya.prtkHmpg", 1);
Found : user_pref("extensions.searchya.prtnrId", "searchya");
Found : user_pref("extensions.searchya.sg", "none");
Found : user_pref("extensions.searchya.smplGrp", "none");
Found : user_pref("extensions.searchya.srchPrvdr", "Search");
Found : user_pref("extensions.searchya.tlbrId", "base");
Found : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=&cd=2XzuyEt[...]
Found : user_pref("extensions.searchya.vrsn", "1.5.20.0");
Found : user_pref("extensions.searchya.vrsnTs", "1.5.20.08:55:8");
Found : user_pref("extensions.searchya.vrsni", "1.5.20.0");
Found : user_pref("extensions.searchya_i.newTab", false);
Found : user_pref("extensions.searchya_i.smplGrp", "none");
Found : user_pref("extensions.searchya_i.vrsnTs", "1.5.20.08:55:8");

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [33852 octets] - [09/11/2012 20:42:09]

########## EOF - C:\AdwCleaner[R1].txt - [33913 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,419 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
09-Nov-2012, 02:49 PM #4
OK run AdwCleaner again
Now press delete
It will clear the problems & then offer to reboot
please let it reboot & then post the log it makes
The logfile will also be saved in C:\AdwCleaner[S1].txt

once it reboots, let us know if you still have any problems
infernos's Avatar
infernos infernos is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Nov 2012
09-Nov-2012, 03:04 PM #5
I've done everything you said and while I can't say for sure evrything is fixed (the redirects used to be really sporadic - everything would look ok for a while and then it would start redirecting to mydomainadvisor again) but so far it looks fine. Here's the log:

# AdwCleaner v2.007 - Logfile created 11/09/2012 at 20:49:51
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Ieva - IEVA-PC
# Boot Mode : Normal
# Running from : C:\Users\Ieva\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Browser Manager
Stopped & Deleted : RelevantKnowledge

***** [Files / Folders] *****

Deleted on reboot : C:\Program Files\RelevantKnowledge
Deleted on reboot : C:\ProgramData\Browser Manager
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\sea rchplugins\browsemngr.xml
File Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\sea rchplugins\Conduit.xml
File Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\sea rchplugins\search.xml
File Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\sea rchplugins\SweetIm.xml
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
Folder Deleted : C:\ProgramData\SweetIM
Folder Deleted : C:\Users\Ieva\AppData\Local\blekkotb
Folder Deleted : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Deleted : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Folder Deleted : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Folder Deleted : C:\Users\Ieva\AppData\Local\Temp\Conduit
Folder Deleted : C:\Users\Ieva\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Ieva\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Ieva\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\Ieva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
Folder Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\Con duit
Folder Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\Con duitEngine
Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

***** [Registry] *****

Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23762~1.17\{16cdf~1\browse~1.dll
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Headlight
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchya
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKU\S-1-5-21-447599058-4001135061-4274216376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0Dzy0D0BtAyCyB0Czzzz0EtN0D 0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtBzyzy&cr=1265626548 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e00000000000000241d9db367 --> hxxp://www.google.com
Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]

-\\ Mozilla Firefox v16.0.2 (lt)

Profile name : default
File : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\pre fs.js

C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\use r.js ... Deleted !

Deleted : user_pref("CT2233703.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2233703.CTID", "CT2233703");
Deleted : user_pref("CT2233703.CurrentServerDate", "5-10-2010");
Deleted : user_pref("CT2233703.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2233703.DownloadReferralCookieData", "");
Deleted : user_pref("CT2233703.EMailNotifierPollDate", "Tue Oct 05 2010 20:14:04 GMT+0300 (FLE Daylight Time)"[...]
Deleted : user_pref("CT2233703.FirstServerDate", "30-8-2010");
Deleted : user_pref("CT2233703.FirstTime", true);
Deleted : user_pref("CT2233703.FirstTimeFF3", true);
Deleted : user_pref("CT2233703.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2233703.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2233703.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2233703.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2233703.Initialize", true);
Deleted : user_pref("CT2233703.InitializeCommonPrefs", true);
Deleted : user_pref("CT2233703.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2233703.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2233703.InstalledDate", "Mon Aug 30 2010 15:09:06 GMT+0300 (FLE Daylight Time)");
Deleted : user_pref("CT2233703.InvalidateCache", false);
Deleted : user_pref("CT2233703.IsGrouping", false);
Deleted : user_pref("CT2233703.IsMulticommunity", false);
Deleted : user_pref("CT2233703.IsOpenThankYouPage", true);
Deleted : user_pref("CT2233703.IsOpenUninstallPage", false);
Deleted : user_pref("CT2233703.LanguagePackLastCheckTime", "Tue Oct 05 2010 14:37:02 GMT+0300 (FLE Daylight Ti[...]
Deleted : user_pref("CT2233703.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2233703.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2233703.LastLogin_2.6.0.15", "Tue Oct 05 2010 18:37:06 GMT+0300 (FLE Daylight Time)");
Deleted : user_pref("CT2233703.LatestVersion", "2.7.2.0");
Deleted : user_pref("CT2233703.Locale", "en");
Deleted : user_pref("CT2233703.LoginCache", 4);
Deleted : user_pref("CT2233703.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2233703.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2233703.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2233703.RadioIsPodcast", false);
Deleted : user_pref("CT2233703.RadioLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE Daylight Time)");
Deleted : user_pref("CT2233703.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2233703.RadioLastUpdateServer", "129141247792900000");
Deleted : user_pref("CT2233703.RadioMediaID", "11027882");
Deleted : user_pref("CT2233703.RadioMediaType", "Media Player");
Deleted : user_pref("CT2233703.RadioMenuSelectedID", "EBRadioMenu_CT2233703_RECENT11027882");
Deleted : user_pref("CT2233703.RadioShrinked", "expanded");
Deleted : user_pref("CT2233703.RadioStationName", "DANCE%20radio");
Deleted : user_pref("CT2233703.RadioStationURL", "hxxp://www.abradio.cz/asx/danceradio32.asx");
Deleted : user_pref("CT2233703.RadioVolume", "50");
Deleted : user_pref("CT2233703.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2233703.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT2233703.SearchBoxWidth", 213);
Deleted : user_pref("CT2233703.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2233703.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT223[...]
Deleted : user_pref("CT2233703.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2233703.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2233703.SearchInNewTabLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE Daylight [...]
Deleted : user_pref("CT2233703.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2233703.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2233703.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2233703.SettingsLastCheckTime", "Tue Oct 05 2010 19:13:55 GMT+0300 (FLE Daylight Time)"[...]
Deleted : user_pref("CT2233703.SettingsLastUpdate", "1285580322");
Deleted : user_pref("CT2233703.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2233703.ThirdPartyComponentsLastCheck", "Tue Sep 21 2010 07:27:05 GMT+0300 (FLE Dayligh[...]
Deleted : user_pref("CT2233703.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2233703.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2233703.UserID", "UN73440700604169263");
Deleted : user_pref("CT2233703.ValidationData_Search", 1);
Deleted : user_pref("CT2233703.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2233703.WeatherNetwork", "");
Deleted : user_pref("CT2233703.WeatherPollDate", "Tue Oct 05 2010 20:06:47 GMT+0300 (FLE Daylight Time)");
Deleted : user_pref("CT2233703.WeatherUnit", "C");
Deleted : user_pref("CT2233703.alertChannelId", "631527");
Deleted : user_pref("CT2233703.clientLogIsEnabled", false);
Deleted : user_pref("CT2233703.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2233703.myStuffEnabled", true);
Deleted : user_pref("CT2233703.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2233703.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2233703.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2233703.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2233703.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868126/863926/LT", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/LT", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2474641", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2836015", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2474641",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2836015",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2474641/CT2474641[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2836015/CT2836015[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/41/247/CT2474641/Images/Buttons2.xml-13-[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2474641");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ff19b72a-36ed-4066-8865-a580ae938cce}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "free_i-dressup");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2233703,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2233703");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 20 2011 16:21:50 GMT+03[...]
Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 07:26:46 GMT+0300 (FLE D[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 07:26:28 GMT+0300 (FLE Dayli[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "3d1f366e-96cd-4541-ac38-95403a68ab6e");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "1e1335e2-459f-4cd3-8003-370f6f6c09c7");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.GroupingInvalidateCache", false);
Deleted : user_pref("ConduitEngine.GroupingLastCheckTime", "0");
Deleted : user_pref("ConduitEngine.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standard Time)");
Deleted : user_pref("ConduitEngine.InvalidateCache", false);
Deleted : user_pref("ConduitEngine.IsGrouping", false);
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standar[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standard Time)"[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.RadioLastCheckTime", "0");
Deleted : user_pref("ConduitEngine.RadioLastUpdateIPServer", "0");
Deleted : user_pref("ConduitEngine.RadioLastUpdateServer", "0");
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Dec 18 2010 16:34:56 GMT+0200 (FLE Standard Ti[...]
Deleted : user_pref("ConduitEngine.UserID", "UN90538513078182939");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE S[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("avg.install.userHPSettings", "hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e000[...]
Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaultthis.engineName", "Free i-Dressup Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2474641&Sea[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.id", "d6d6c88e00000000000000241d9db367");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15618");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112546");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d6d6c88e00000000000000241d9db367");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "d6d6c88e00000000000000241d9db367");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15463");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
Deleted : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.715:30:31");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.searchya.aflt", "foxtab");
Deleted : user_pref("extensions.searchya.autoRvrt", false);
Deleted : user_pref("extensions.searchya.cntry", "LT");
Deleted : user_pref("extensions.searchya.dfltLng", "");
Deleted : user_pref("extensions.searchya.dfltSrch", true);
Deleted : user_pref("extensions.searchya.dnsErr", true);
Deleted : user_pref("extensions.searchya.envrmnt", "production");
Deleted : user_pref("extensions.searchya.excTlbr", false);
Deleted : user_pref("extensions.searchya.hdrMd5", "7A000F8F204326082CB9F14FDCCB1828");
Deleted : user_pref("extensions.searchya.hmpg", false);
Deleted : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=&cd=2XzuyEtN2Y1[...]
Deleted : user_pref("extensions.searchya.id", "00241D9DB367C88E");
Deleted : user_pref("extensions.searchya.instlDay", "15542");
Deleted : user_pref("extensions.searchya.instlRef", "");
Deleted : user_pref("extensions.searchya.isDcmntCmplt", true);
Deleted : user_pref("extensions.searchya.isdcmntcmplt", true);
Deleted : user_pref("extensions.searchya.lastVrsnTs", "1.5.20.08:55:8");
Deleted : user_pref("extensions.searchya.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.searchya.newTab", false);
Deleted : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=&cd=2XzuyEtN2[...]
Deleted : user_pref("extensions.searchya.prdct", "searchya");
Deleted : user_pref("extensions.searchya.propectorlck", 81410137);
Deleted : user_pref("extensions.searchya.prtkHmpg", 1);
Deleted : user_pref("extensions.searchya.prtnrId", "searchya");
Deleted : user_pref("extensions.searchya.sg", "none");
Deleted : user_pref("extensions.searchya.smplGrp", "none");
Deleted : user_pref("extensions.searchya.srchPrvdr", "Search");
Deleted : user_pref("extensions.searchya.tlbrId", "base");
Deleted : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=&cd=2XzuyEt[...]
Deleted : user_pref("extensions.searchya.vrsn", "1.5.20.0");
Deleted : user_pref("extensions.searchya.vrsnTs", "1.5.20.08:55:8");
Deleted : user_pref("extensions.searchya.vrsni", "1.5.20.0");
Deleted : user_pref("extensions.searchya_i.newTab", false);
Deleted : user_pref("extensions.searchya_i.smplGrp", "none");
Deleted : user_pref("extensions.searchya_i.vrsnTs", "1.5.20.08:55:8");

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [33983 octets] - [09/11/2012 20:42:09]
AdwCleaner[S1].txt - [34113 octets] - [09/11/2012 20:49:51]

########## EOF - C:\AdwCleaner[S1].txt - [34174 octets] ##########
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,419 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
09-Nov-2012, 04:31 PM #6
Download to Desktop: DDS by sUBs from one of the below locations
http://download.bleepingcomputer.com/sUBs/dds.com
http://download.bleepingcomputer.com/sUBs/dds.exe
double click DDS to run it
Make sure there is a check mark in DDS txt
place a check mark in the attach.txt box and then press start
Do not select any other options unless specifically told to
When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it
Save both reports to your desktop.
DDS.txt
Attach.txt
post the contents of both logs back here.
__________________
Derek Microsoft MVP/Windows - Security | Thespykiller | How to protect yourself and other Security Advice
Find out all about the European Wild Hedgehog, what you can do to save it from extinction Hedgehog Rescue
infernos's Avatar
infernos infernos is offline
Member with 4 posts.
THREAD STARTER
 
Join Date: Nov 2012
10-Nov-2012, 04:22 PM #7
DDS (Ver_2012-11-07.01) - NTFS_x86
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2
Run by Ieva at 22:13:49 on 2012-11-10
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1322 [GMT 2:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Users\Ieva\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
C:\Users\Ieva\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
C:\Users\Ieva\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Users\Ieva\AppData\Local\Akamai\netsession_win.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Windows\system32\mspaint.exe
C:\Windows\system32\mspaint.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\System32\svchost.exe -k Akamai
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k SDRSVC
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uSearch Bar = Preserve
mStart Page = hxxp://www.google.com
uProxyOverride = 127.0.0.1:9421;<local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
uRun: [Google Update] "c:\users\ieva\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [Octoshape Streaming Services] "c:\users\ieva\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
uRun: [Akamai NetSession Interface] "c:\users\ieva\appdata\local\akamai\netsession_win.exe"
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
TCP: NameServer = 217.147.34.15 217.147.34.16
TCP: Interfaces\{B476A002-6B28-4BE4-AD45-C938AA70DC5C} : DHCPNameServer = 217.147.34.15 217.147.34.16
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\ieva\appdata\roaming\mozilla\firefox\profiles\v294rfgw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - component: c:\users\ieva\appdata\roaming\mozilla\firefox\profiles\v294rfgw.default\ext ensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\ieva\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\users\ieva\appdata\roaming\mozilla\plugins\npoctoshape.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2012-11-06 16:35; {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}; c:\users\ieva\appdata\roaming\mozilla\firefox\profiles\v294rfgw.default\ext ensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-12-3 68136]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-1-3 5120]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-9 52224]
S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-28 1343400]
.
=============== Created Last 30 ================
.
2012-11-10 07:45:52 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{019f3a46-86b7-4306-b56e-d937c9cfa7b4}\mpengine.dll
2012-11-09 05:20:05 6918632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-11-02 08:40:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-10-31 05:20:34 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2012-10-30 19:10:52 -------- d-----w- c:\users\ieva\Incomplete
2012-10-30 19:09:51 -------- d-----w- c:\users\ieva\appdata\roaming\VideoConverterFox
2012-10-20 07:10:26 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c41241a3-d7eb-427c-a92f-4a0b53662a8a}\gapaengine.dll
2012-10-13 06:46:25 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-13 06:46:25 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
.
==================== Find3M ====================
.
2012-11-10 07:34:09 17488 ----a-w- c:\windows\gdrv.sys
2012-10-31 05:38:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-31 05:38:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-13 11:58:51 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-09-13 11:58:51 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 19:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2012-08-30 19:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
.
============= FINISH: 22:20:16,46 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-07.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 2009.12.03 06:55:50
System Uptime: 2012.11.10 09:36:06 (13 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2C
Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 1584/266mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 466 GiB total, 428,971 GiB free.
D: is CDROM ()
E: is Removable
F: is Removable
G: is Removable
H: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Description: MpKsl162d3540
Device ID: ROOT\LEGACY_MPKSL162D3540\0000
Manufacturer:
Name: MpKsl162d3540
PNP Device ID: ROOT\LEGACY_MPKSL162D3540\0000
Service: MpKsl162d3540
.
==== System Restore Points ===================
.
RP638: 2012.10.14 10:29:53 - Windows Update
RP639: 2012.10.14 19:00:03 - Windows Backup
RP640: 2012.10.18 07:10:35 - Windows Update
RP641: 2012.10.21 10:11:24 - Windows Update
RP642: 2012.10.21 19:00:03 - Windows Backup
RP643: 2012.10.24 18:41:50 - Windows Update
RP644: 2012.10.28 08:53:41 - Windows Update
RP645: 2012.10.28 19:00:04 - Windows Backup
RP646: 2012.11.01 11:38:02 - Windows Update
RP647: 2012.11.01 21:36:59 - Windows Update
RP648: 2012.11.02 10:38:59 - Installed Java 7 Update 9
RP649: 2012.11.04 19:00:04 - Windows Backup
RP650: 2012.11.05 15:06:02 - Windows Update
RP651: 2012.11.09 07:19:20 - Windows Update
.
==== Installed Programs ======================
.
1ClickDownloader
7-Zip 4.65
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 9 Lite
Adobe Shockwave Player 11.6
Akamai NetSession Interface
Akamai NetSession Interface Service
Bing Bar
D3DX10
EasySaver B9.0410.1
Far Manager v1.70
Google Chrome
Internet Explorer Toolbar 4.6 by SweetPacks
Java 7 Update 9
Java Auto Updater
Java(TM) 6 Update 31
K-Lite Mega Codec Pack 5.1.0
Last.fm 1.5.4.27091
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft Office File Validation Add-In
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Mozilla Firefox 16.0.2 (x86 lt)
Mozilla Maintenance Service
Mozilla Thunderbird (2.0.0.23)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Norton Security Scan
Octoshape Streaming Services
Photobie -- photo editing software from Photobie Design
PunkBuster Services
Readiris Pro 10
Realtek High Definition Audio Driver
Samsung SCX-4300 Series
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
SmarThru 4
Sonarca Sound Recorder Free 3.8.3
SweetIM for Messenger 3.7
swMSM
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
.
==== Event Viewer Messages From Past Week ========
.
2012.11.09 20:49:50, Error: Service Control Manager [7031] - The Browser Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
2012.11.09 13:56:46, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
.
==== End Of File ===========================
dvk01's Avatar
dvk01   (Derek) dvk01 is offline dvk01 is authorized to help remove malware.
Moderator & Malware Removal Specialist with 45,419 posts.
 
Join Date: Dec 2002
Location: Loughton, Essex, UK
10-Nov-2012, 04:37 PM #8
I can't see any obvious problems there now
if you get any problems come back

go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.
and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration
Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
As Seen On

BBC, Reader's Digest, PC Magazine, Today Show, Money Magazine
WELCOME TO TECH SUPPORT GUY!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.


(clock)
THIS THREAD HAS EXPIRED.
Are you having the same problem? We have volunteers ready to answer your question, but first you'll have to join for free. Need help getting started? Check out our Welcome Guide.

Search Tech Support Guy

Find the solution to your
computer problem!




Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools


WELCOME
You Are Using: Server ID
Trusted Website Back to the Top ↑