I got a virus, help me please!

Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

SheratanN

Thread Starter
Joined
Jan 8, 2013
Messages
13
Hello , I got a virus called NOHTD.exe and I got XP Professional SP2/SP3 ... What I got in MSCONFIG startup ->This virus is in Command : There are 2 : The first : Command : C:\WINDOWS\system32\Drives\NoHTD.exe and the location is
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
And the second one is : Command : C:\WINDOWS\system32\Drives\NoHTD.exe and the location : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

EDIT: I forgot to say this : When I close the Google chrome, there is a chrome.exe which isn't closed , when I close it appears NoHTD.exe and when i want to end that procces it dissapears and then appears again the chrome.exe.

Help please , I don't know if I posted right , but i need some help :) .
Thank you.
 

SheratanN

Thread Starter
Joined
Jan 8, 2013
Messages
13
Sorry for posting in the wrong section , thank you for moving the thread. I will wait a reply . Thank you.
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
post the logs that have been requested and we can help you
 

SheratanN

Thread Starter
Joined
Jan 8, 2013
Messages
13
All right , I have 1 question , with the GMER LOG , I will post the quick scan or the full scan ? (LOG)
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
quick scan should be enough for this one
 

SheratanN

Thread Starter
Joined
Jan 8, 2013
Messages
13
GMER LOG :

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-08 15:17:32
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2000JB-00GVA0 rev.08.02D08 186.31GB
Running: fsxnd8qx.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pxtdapob.sys


---- System - GMER 2.0 ----

SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF7255818]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF72557D0]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7249A20]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF724A2A8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF7255910]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF7255794]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF724A2C8]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF7255866]
SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF72550B0]
SSDT spnk.sys ZwSetValueKey [0xF72A619A]

INT 0x62 ? 8ABCDBF8
INT 0x73 ? 8ABCDBF8
INT 0x73 ? 8ABCDBF8
INT 0x73 ? 8ABCDBF8
INT 0xA4 ? 8A7D2BF8
INT 0xB4 ? 8A7D2BF8

---- Kernel code sections - GMER 2.0 ----

? spnk.sys The system cannot find the file specified. !
.text USBPORT.SYS!DllUnload F66EB80C 5 Bytes JMP 8A7D21D8
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF60C7000, 0x238387, 0xE8000020]
pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xAA5EAF00, 0x24000, 0x48000000]
? C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

---- User code sections - GMER 2.0 ----

.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F8, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, FB, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F8, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F9, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913412
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, FA, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F9, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, FA, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913483
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F8, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9135B1
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F9, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, FA, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, FB, 5D, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 74, A3, 00] {SUB [EBX+0x0], DH}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 77, A3, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 74, A3, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 75, A3, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91798E
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 76, A3, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 75, A3, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 76, A3, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9179FF
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 74, A3, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917B2D
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 75, A3, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 76, A3, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 77, A3, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\WINDOWS\Explorer.EXE[3024] SHELL32.dll!SHFileOperationW 7CA707BB 5 Bytes JMP 02431102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, CC, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CF, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, CC, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, CD, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FCE6
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CE, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, CD, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CE, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FD57
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, CC, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FE85
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, CD, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CE, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CF, 26, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B8, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BB, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B8, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B9, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CDD2
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BA, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B9, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BA, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CE43
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B8, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CF71
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B9, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BA, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BB, F7, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 40, 73, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 43, 73, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 40, 73, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 41, 73, 00] {TEST AL, 0x41; JAE 0x4}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91495A
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 42, 73, 00] {TEST AL, 0x42; JAE 0x4}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 41, 73, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 42, 73, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9149CB
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 40, 73, 00] {TEST AL, 0x40; JAE 0x4}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914AF9
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 41, 73, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 42, 73, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 43, 73, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 20, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 23, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 20, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 21, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91973A
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 22, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 21, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 22, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9197AB
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 20, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9198D9
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 21, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 22, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 23, C1, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 58, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5B, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 58, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 59, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BE72
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5A, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 59, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5A, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BEE3
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 58, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C011
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 59, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5A, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5B, E8, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 18, B4, 00] {SUB [EAX], BL; MOV AH, 0x0}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1B, B4, 00] {SUB [EBX], BL; MOV AH, 0x0}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 18, B4, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 19, B4, 00] {TEST AL, 0x19; MOV AH, 0x0}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918A32
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1A, B4, 00] {TEST AL, 0x1a; MOV AH, 0x0}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 19, B4, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1A, B4, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918AA3
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 18, B4, 00] {TEST AL, 0x18; MOV AH, 0x0}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918BD1
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 19, B4, 00] {SUB [ECX], BL; MOV AH, 0x0}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1A, B4, 00] {SUB [EDX], BL; MOV AH, 0x0}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1B, B4, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A0, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A3, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A0, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A1, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9132BA
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A2, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A1, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A2, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91332B
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A0, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913459
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A1, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A2, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A3, 5C, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, EC, 7E, 00] {SUB AH, CH; JLE 0x4}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EF, 7E, 00] {SUB BH, CH; JLE 0x4}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, EC, 7E, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, ED, 7E, 00] {TEST AL, 0xed; JLE 0x4}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915506
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, EE, 7E, 00] {TEST AL, 0xee; JLE 0x4}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, ED, 7E, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, EE, 7E, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915577
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, EC, 7E, 00] {TEST AL, 0xec; JLE 0x4}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9156A5
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, ED, 7E, 00] {SUB CH, CH; JLE 0x4}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, EE, 7E, 00] {SUB DH, CH; JLE 0x4}
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EF, 7E, 00]
.text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

---- Kernel IAT/EAT - GMER 2.0 ----

IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7298048] spnk.sys

---- User IAT/EAT - GMER 2.0 ----

IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00740010
IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00BA0010
IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003D0010
IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 010D0010
IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 008A0010
IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00D80010
IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00FF0010
IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00CB0010
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613463D7] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61346306] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134657C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346622] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346537] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [613463D7] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [613464A2] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61346306] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00720010
IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00950010
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613463D7] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61346306] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134657C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346622] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346537] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [613463D7] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [613464A2] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61346306] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll

---- Modules - GMER 2.0 ----

Module _________ F71AC000-F71C4000 (98304 bytes)

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0xB5 0x30 0xB7 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x20 0x02 0x00 0x00 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0xA4 0x30 0xB7 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42
Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] -1992502633
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 166140596
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 2366B23B86357325A612234C7891665BE9611000446AD39CA7B59E10C701E990E22A14E32DC2A5F9130A7925219EBFFBE591CEAA9C3DA92908FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3D9DB7CE019D40AA5C26D6A4B87F78D705E4F1E3A5AC48DA455E113FD0A91201F9B663DF222C7331AD088439E93B6BBC8326AFF1ACD7D7690BB6FDA275FAFBD89C123F54BCE1A1AE4A79D6E161AABD1BD79BB19BAE42AB2653E747C26F1DFB532937AB4E19C9C80DDBB83407FE45A4EA3ABD29ED1CAF953EB44A047463439A74387A4A882E244BC59C38E8E72C78FE39A5BBA9CAED5B0A720DE634607A9387502764238F742230E28C1B2415D123CAA558782CEAA06FA297FB7F3780E1A5939297319EC2EAEDA283EA3DF8F4DD19AC65D68A0DD7338F1B186587D3A6C889B479ED520D59919F71DAC0AB6041C4A36C40E63B8CF0284FD57070A433F465C08556D26B20D96F47903156A73307FBFC7512150A50E88837D5338BB362636EC14311B455ED228D6815DFB9A6B12A0057D74B2F2A5EC5604645836444D23FA2F5CF22441C706379783AD8BD5101DD4CD4C7704980A4633DEB719CF11AD9A641BB3119760107A046E4601D7907262D670F1D99B9A8F3EFB58D49CAE92CB08D10E3111

---- EOF - GMER 2.0 ----



DDS LOG :
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 7.0.6000.21256 BrowserJavaVersion: 10.2.1
Run by User at 13:34:45 on 2013-01-08
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.370 [GMT 2:00]
.
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
C:\Program Files\Application Updater\ApplicationUpdater.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
D:\Program Files\Hi-Rez Studios\HiPatchService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\SAgent4.exe
C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
C:\Program Files\D-Tools\daemon.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Documents and Settings\User\Application Data\Java.exe
C:\Documents and Settings\User\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
C:\Program Files\G10 Multi-Mode\G10-Editor.exe
C:\Documents and Settings\User\Start Menu\Programs\Startup\Windows Update Center.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\alg.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3248869
mSearch Page = hxxp://www.google.ro
mDefault_Search_URL = hxxp://www.google.ro
uProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>
uSearchURL,(Default) = hxxp://www.google.ro
mCustomizeSearch = hxxp://www.google.ro
uURLSearchHooks: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
uURLSearchHooks: Xfire New Toolbar: {113342cd-3031-4ee9-9288-2c58857d3a3d} - c:\program files\xfire_new\prxtbXfir.dll
dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
mWinlogon: Userinit = c:\windows\system32\userinit.exe
mWinlogon: SFCDisable = dword:-99
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\documents and settings\user\application data\complitly\Complitly.dll
BHO: Xfire New Toolbar: {113342cd-3031-4ee9-9288-2c58857d3a3d} - c:\program files\xfire_new\prxtbXfir.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - LocalServer32 - <no file>
BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - LocalServer32 - <no file>
BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll
BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - LocalServer32 - <no file>
BHO: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - LocalServer32 - <no file>
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - LocalServer32 - <no file>
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - LocalServer32 - <no file>
BHO: Softonic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
BHO: QuickNet BHO: {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - LocalServer32 - <no file>
BHO: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - LocalServer32 - <no file>
TB: Softonic-Eng7 Toolbar: {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - LocalServer32 - <no file>
TB: Softonic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - LocalServer32 - <no file>
TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - LocalServer32 - <no file>
TB: Softonic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
TB: <No Name>: {8dcb7100-df86-4384-8842-8fa844297b3f} - LocalServer32 - <no file>
TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - LocalServer32 - <no file>
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
TB: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - LocalServer32 - <no file>
TB: Xfire New Toolbar: {113342cd-3031-4ee9-9288-2c58857d3a3d} - c:\program files\xfire_new\prxtbXfir.dll
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
uRun: [EPSON P50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffe.exe /fu "c:\docume~1\user\locals~1\temp\E_S1B1.tmp" /EF "HKCU"
uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Epson Stylus SX420W(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\docume~1\user\locals~1\temp\E_S134F.tmp" /EF "HKCU"
uRun: [EPSON SX420W Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\docume~1\user\locals~1\temp\E_S1352.tmp" /EF "HKCU"
uRun: [HKCU] c:\windows\system32\windir\winlog.exe
uRun: [Java] c:\documents and settings\user\application data\Java.exe
uRun: [SansaDispatch] c:\documents and settings\user\application data\sandisk\sansa updater\SansaDispatch.exe
uRun: [OscarEditor] "c:\program files\g10 multi-mode\G10-Editor.exe" Minimum
uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
uRun: [JavaUpdate] c:\windows\system32\drives\NoHTD.exe
mRun: [Hard Disk Sentinel] "c:\program files\hard disk sentinel\HDSentinel.exe" /AUTORUN
mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [RTBatteryMeter] c:\program files\vibrategamedevicedriver\RFPIcon.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
mRun: [HKLM] c:\windows\system32\windir\winlog.exe
mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
mRun: [WinUPD] c:\windows\system32\drives\NoHTD.exe
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
uExplorerRun: [Policies] c:\windows\system32\windir\winlog.exe
mExplorerRun: [Policies] c:\windows\system32\windir\winlog.exe
StartupFolder: c:\documents and settings\user\start menu\programs\startup\Windows Update Center.exe
StartupFolder: c:\docume~1\user\startm~1\programs\startup\xfire.lnk - d:\program files\xfire\Xfire.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableLUA = dword:0
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309563511406
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: Interfaces\{E8480474-6B98-45F7-9C99-08CC7B582FA5} : DHCPNameServer = 213.154.124.1 192.168.0.1
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: avgrsstarter - avgrsstx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
mASetup: {5460C4DF-B266-909E-CB58-E32B79832EB2} - c:\windows\system32\drives\NoHTD.exe
mASetup: {C1B155HL-E5J3-3PSW-8546-PF83C0U1LW38} - c:\windows\system32\windir\winlog.exe
mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\9xa6ls5t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=HP_ss&mntrId=700de11700000000000000ffef16c512
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=KW_ss&mntrId=700de11700000000000000ffef16c512&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937CDB5D2B8
FF - prefs.js: browser.search.selectedEngine - SearchTheWeb
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\9xa6ls5t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\9xa6ls5t.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\9xa6ls5t.default\extensions\[email protected]\components\DTToolbarFF.dll
FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\documents and settings\user\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-11-18 18:50; [email protected]; c:\program files\iminent\[email protected]
FF - ExtSQL: 2012-11-18 18:50; {C9B68337-E93A-44EA-94DC-CB300EC06444}; c:\documents and settings\user\application data\mozilla\firefox\profiles\9xa6ls5t.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: extensions.BabylonToolbar_i.id - 700de117000000000000001fd05dc16b
FF - user.js: extensions.BabylonToolbar_i.hardId - 700de117000000000000001fd05dc16b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15369
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 700de117000000000000001fd05dc16b
FF - user.js: extensions.funmoods_i.instlDay - 15434
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1621:51:34
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEj6ju1a&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 700de117000000000000001fd05dc16b
FF - user.js: extensions.incredibar_i.instlDay - 15499
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:09:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyEj6ju1a
FF - user.js: extensions.incredibar_i.upn2n - 92261548962685992
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 453
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112560&tt=3112_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 700de11700000000000000ffef16c512
FF - user.js: extensions.BabylonToolbar.instlDay - 15552
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.111:23:49
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
============= SERVICES / DRIVERS ===============
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-26 52872]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-7-12 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-7-12 5248]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2011-2-25 39472]
R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2012-11-11 11608]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-26 216400]
R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-26 29584]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-26 243024]
R2 am7pro;Art*Money*Pro7.37.2;d:\program files\artmoney\am737.sys [2012-7-31 8192]
R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-2-6 748440]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-6-20 24328]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files\hi-rez studios\HiPatchService.exe [2012-8-7 8704]
R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-8-10 227184]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-4-18 793056]
R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-7-29 140848]
R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-6-8 185856]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2007-11-7 12928]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-6-23 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
S2 spd3ssl;S*pyware P*rocess D*etector v3.22.5;\??\d:\program files\spyware process detector\spd322.sys --> d:\program files\spyware process detector\spd322.sys [?]
S2 UI Assistant Service;UI Assistant Service;c:\program files\join air\assistantservices.exe --> c:\program files\join air\AssistantServices.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-7-1 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-10-26 30312]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\pc tools\pc tools utilities\tools\defrag\DMDefragSrv.exe [2012-4-18 1038304]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\pc tools\pc tools utilities\tools\repair\DMRepairSrv.exe [2012-4-18 1030112]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;c:\program files\garena plus\room\safedrv.sys [2012-5-20 22112]
S3 injectDLL;injectDLL;\??\c:\documents and settings\user\desktop\tutorialul fb fix\doar daca nu functioneaza !\injector 32 bit\injectdll.sys --> c:\documents and settings\user\desktop\tutorialul fb fix\doar daca nu functioneaza !\injector 32 bit\injectDLL.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2012-1-5 33792]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-24 9216]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-11-16 25856]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2010-11-6 1252474]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2012-4-18 108864]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2012-4-18 128120]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\fxx\qcusbser.sys [2010-3-30 103424]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-8-9 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-8-9 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-8-9 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-8-9 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-8-9 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-8-9 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-8-9 115752]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-10-26 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-10-26 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-10-26 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-10-26 114280]
S3 tcpip helper;tcpip helper;\??\c:\program files\garena plus\x86\tcpiphlp.sys --> c:\program files\garena plus\x86\tcpiphlp.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-3-30 25088]
S3 TunngleService;TunngleService;d:\program files\tunngle\TnglCtrl.exe [2012-12-26 745368]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys --> c:\windows\system32\drivers\vmfilter303.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-7-8 14416]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 XDva385;XDva385;c:\windows\system32\XDva385.sys [2011-5-10 76488]
S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;c:\windows\system32\XDva391.sys [2012-2-9 77264]
S3 XDva396;XDva396;\??\c:\windows\system32\xdva396.sys --> c:\windows\system32\XDva396.sys [?]
S3 XDva397;XDva397;c:\windows\system32\XDva397.sys [2012-6-3 77136]
.
=============== Created Last 30 ================
.
2013-01-08 11:33:52 -------- d-----w- c:\documents and settings\user\application data\YouTube Downloader
2013-01-06 12:25:02 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
2013-01-06 11:59:06 -------- d-----w- c:\documents and settings\all users\application data\Solidshield
2013-01-02 08:29:53 -------- d-----w- C:\spoolerlogs
2013-01-01 17:51:56 -------- d-----w- c:\program files\Microsoft XNA
2012-12-29 09:46:36 282512 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-29 09:46:32 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-26 19:36:34 -------- d-----w- c:\documents and settings\all users\application data\Tunngle
2012-12-23 09:57:58 -------- d-----w- c:\documents and settings\user\local settings\application data\LogMeIn Hamachi
2012-12-22 05:37:19 -------- d-----w- c:\program files\Dropbox
2012-12-16 17:16:10 -------- d-----w- c:\documents and settings\user\local settings\application data\PMB Files
2012-12-16 17:16:05 -------- d-----w- c:\documents and settings\all users\application data\PMB Files
2012-12-16 17:15:46 -------- d-----w- c:\documents and settings\user\.swt
2012-12-13 12:30:28 5955856 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-12-11 22:46:18 42440 ----a-w- c:\windows\system32\xfcodec.dll
.
==================== Find3M ====================
.
2012-12-12 09:09:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 09:09:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-12 07:23:38 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-12 07:23:38 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2011-12-20 18:24:43 43520 --sha-r- c:\windows\system32\drives\NoHTD.exe
2006-07-17 20:45:58 1172472 --sha-r- c:\windows\system32\windir\winlog.exe
.
============= FINISH: 13:35:19.17 ===============
 

Attachments

SheratanN

Thread Starter
Joined
Jan 8, 2013
Messages
13
Sorry for double posting, but does this virus make my PC slower? It is quite slow in idle the processor is at 58%.
EDIT: Look at this ( you can find this at the end of the POST )
-> 2011-12-20 18:24:43 43520 --sha-r- c:\windows\system32\drives\NoHTD.exe
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Delete any existing version of ComboFix you have sitting on your desktop
Please read and follow all these instructions very carefully
Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

Download ComboFix from Hereto your Desktop.

**Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
--------------------------------------------------------------------
1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
  • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
  • Remember to re enable the protection again after combofix has finished
--------------------------------------------------------------------
2. Close any open browsers and any other programs you might have running
Double click on renamed combofix.exe & follow the prompts.​
If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt" for further review


****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

Please tell us if it has cured the problems or if there are any outstanding issues

*EXTRA NOTES*
  • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
  • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
  • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

Post the log in next reply please...
 

SheratanN

Thread Starter
Joined
Jan 8, 2013
Messages
13
There you go :


ComboFix 13-01-08.01 - User 01/09/2013 9:26.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1291 [GMT 2:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\CFLog
c:\documents and settings\All Users\Application Data\1344150586.bdinstall.bin
c:\documents and settings\All Users\Application Data\1344151133.bdinstall.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\PostBuild.exe
c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\Setup.ilg
c:\documents and settings\All Users\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe
c:\documents and settings\User\Application Data\Microsoft\Windows\((Mutex)).cfg
c:\documents and settings\User\Application Data\Microsoft\Windows\((Mutex)).dat
c:\documents and settings\User\Application Data\Microsoft\Windows\((Mutex)).xtr
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\chrome.manifest
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\funmoods.css
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\funmoods.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\arwDwn.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ae.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\bg.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ch.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\cn.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\cz.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\de.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\eg.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\en.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\es.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\fr.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\gr.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\he.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\il.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\it.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ja.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\jp.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\nl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\no.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\pl.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\pt.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ro.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ru.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\sa.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\se.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\sv.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\tr.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ua.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\us.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\help_16.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\home.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\logo.png
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\privecy_16_hot.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\tellafriend.gif
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\loader.xul
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\mtstart.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\tmplt.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\uninsthk.js
c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\install.rdf
c:\documents and settings\User\Application Data\PriceGong
c:\documents and settings\User\Application Data\PriceGong\Data\1.txt
c:\documents and settings\User\Application Data\PriceGong\Data\1.xml
c:\documents and settings\User\Application Data\PriceGong\Data\a.txt
c:\documents and settings\User\Application Data\PriceGong\Data\a.xml
c:\documents and settings\User\Application Data\PriceGong\Data\b.txt
c:\documents and settings\User\Application Data\PriceGong\Data\b.xml
c:\documents and settings\User\Application Data\PriceGong\Data\c.txt
c:\documents and settings\User\Application Data\PriceGong\Data\c.xml
c:\documents and settings\User\Application Data\PriceGong\Data\d.txt
c:\documents and settings\User\Application Data\PriceGong\Data\d.xml
c:\documents and settings\User\Application Data\PriceGong\Data\e.txt
c:\documents and settings\User\Application Data\PriceGong\Data\e.xml
c:\documents and settings\User\Application Data\PriceGong\Data\f.txt
c:\documents and settings\User\Application Data\PriceGong\Data\f.xml
c:\documents and settings\User\Application Data\PriceGong\Data\g.txt
c:\documents and settings\User\Application Data\PriceGong\Data\g.xml
c:\documents and settings\User\Application Data\PriceGong\Data\h.txt
c:\documents and settings\User\Application Data\PriceGong\Data\h.xml
c:\documents and settings\User\Application Data\PriceGong\Data\i.txt
c:\documents and settings\User\Application Data\PriceGong\Data\i.xml
c:\documents and settings\User\Application Data\PriceGong\Data\j.txt
c:\documents and settings\User\Application Data\PriceGong\Data\J.xml
c:\documents and settings\User\Application Data\PriceGong\Data\k.txt
c:\documents and settings\User\Application Data\PriceGong\Data\k.xml
c:\documents and settings\User\Application Data\PriceGong\Data\l.txt
c:\documents and settings\User\Application Data\PriceGong\Data\l.xml
c:\documents and settings\User\Application Data\PriceGong\Data\m.txt
c:\documents and settings\User\Application Data\PriceGong\Data\m.xml
c:\documents and settings\User\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\User\Application Data\PriceGong\Data\n.txt
c:\documents and settings\User\Application Data\PriceGong\Data\n.xml
c:\documents and settings\User\Application Data\PriceGong\Data\o.txt
c:\documents and settings\User\Application Data\PriceGong\Data\o.xml
c:\documents and settings\User\Application Data\PriceGong\Data\p.txt
c:\documents and settings\User\Application Data\PriceGong\Data\p.xml
c:\documents and settings\User\Application Data\PriceGong\Data\q.txt
c:\documents and settings\User\Application Data\PriceGong\Data\q.xml
c:\documents and settings\User\Application Data\PriceGong\Data\r.txt
c:\documents and settings\User\Application Data\PriceGong\Data\r.xml
c:\documents and settings\User\Application Data\PriceGong\Data\s.txt
c:\documents and settings\User\Application Data\PriceGong\Data\s.xml
c:\documents and settings\User\Application Data\PriceGong\Data\t.txt
c:\documents and settings\User\Application Data\PriceGong\Data\t.xml
c:\documents and settings\User\Application Data\PriceGong\Data\u.txt
c:\documents and settings\User\Application Data\PriceGong\Data\u.xml
c:\documents and settings\User\Application Data\PriceGong\Data\v.txt
c:\documents and settings\User\Application Data\PriceGong\Data\v.xml
c:\documents and settings\User\Application Data\PriceGong\Data\w.txt
c:\documents and settings\User\Application Data\PriceGong\Data\w.xml
c:\documents and settings\User\Application Data\PriceGong\Data\x.txt
c:\documents and settings\User\Application Data\PriceGong\Data\x.xml
c:\documents and settings\User\Application Data\PriceGong\Data\y.txt
c:\documents and settings\User\Application Data\PriceGong\Data\y.xml
c:\documents and settings\User\Application Data\PriceGong\Data\z.txt
c:\documents and settings\User\Application Data\PriceGong\Data\z.xml
c:\documents and settings\User\Application Data\Toolbar4
c:\documents and settings\User\Local Settings\Application Data\assembly\tmp
c:\documents and settings\User\My Documents\~WRL1802.tmp
c:\program files\Complitly
c:\program files\Complitly\chrome\ComplitlyChrome.crx
c:\program files\Complitly\FireFoxExtension.exe
c:\program files\Complitly\InstTracker.exe
c:\program files\Complitly\[email protected]\chrome.manifest
c:\program files\Complitly\[email protected]\chrome\content\appIcon.png
c:\program files\Complitly\[email protected]\chrome\content\browserOverlay.xul
c:\program files\Complitly\[email protected]\chrome\content\options.js
c:\program files\Complitly\[email protected]\chrome\content\options.xul
c:\program files\Complitly\[email protected]\chrome\content\utils.js
c:\program files\Complitly\[email protected]\defaults\preferences\predictad.js
c:\program files\Complitly\[email protected]\install.rdf
c:\program files\Complitly\unins000.dat
c:\program files\Complitly\unins000.exe
c:\program files\Web Assistant\ExTEnsion32.dll
c:\windows\system32\drives
c:\windows\system32\drives\NoHTD.exe
c:\windows\system32\Rpcqt.dll
c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.exe
c:\windows\system32\tmpDC.tmp
c:\windows\system32\tmpDD.tmp
c:\windows\system32\Uninstall-TvPlugin-5.4
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\system32\WinDir
c:\windows\system32\WinDir\winlog.exe
C:\Windupdt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_RPCQT
-------\Service_RPCQT
.
.
((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
.
.
2013-01-09 07:44 . 2013-01-09 07:44 -------- d-----w- c:\windows\system32\xircom
2013-01-09 07:44 . 2013-01-09 07:44 -------- d-----w- c:\windows\system32\wbem\snmp
2013-01-09 07:44 . 2013-01-09 07:44 -------- d-----w- c:\program files\microsoft frontpage
2013-01-08 11:33 . 2013-01-08 11:33 -------- d-----w- c:\documents and settings\User\Application Data\YouTube Downloader
2013-01-06 12:25 . 2013-01-06 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
2013-01-06 11:59 . 2013-01-06 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
2013-01-02 08:29 . 2013-01-02 08:29 -------- d-----w- C:\spoolerlogs
2013-01-01 17:51 . 2013-01-01 17:51 -------- d-----w- c:\program files\Microsoft XNA
2012-12-29 09:46 . 2012-12-29 09:46 282512 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-12-29 09:46 . 2012-12-29 09:46 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
2012-12-26 19:36 . 2012-12-26 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Tunngle
2012-12-26 18:31 . 2012-12-26 18:31 -------- d-----w- c:\program files\Ubisoft
2012-12-23 09:57 . 2013-01-09 07:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\LogMeIn Hamachi
2012-12-23 09:57 . 2013-01-09 07:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
2012-12-22 05:37 . 2012-12-22 05:37 -------- d-----w- c:\program files\Dropbox
2012-12-16 17:16 . 2013-01-09 07:41 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PMB Files
2012-12-16 17:16 . 2012-12-31 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
2012-12-16 17:15 . 2012-12-16 17:15 -------- d-----w- c:\documents and settings\User\.swt
2012-12-13 12:30 . 2012-12-13 12:30 5955856 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-12-11 22:46 . 2012-12-11 22:46 42440 ----a-w- c:\windows\system32\xfcodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 09:09 . 2012-03-29 18:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 09:09 . 2011-07-28 10:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-08 17:33 . 2012-12-08 17:33 119808 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
2012-11-12 07:23 . 2012-11-12 07:23 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2012-11-12 07:23 . 2012-11-12 07:23 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2007-11-06 22:19 . 2010-09-28 12:39 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-06 22:19 . 2010-09-28 12:39 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
2012-03-13 04:38 . 2012-04-07 10:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
[-] 2008-06-20 . 2B2877D48DD29BC5D6FFDC05EA03FFEA . 360960 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
[-] 2007-10-27 . 33BB8397EF5223E11A83BEC3E2EC1766 . 360704 . . [5.1.2600.3002] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
.
[-] 2012-02-14 . 93110F6B8428AA84CCDABDB710A502EF . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
[7] 2007-10-27 . 4295F398C188D02DC7A5899EAC121914 . 343040 . . [7.0.2600.3085] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.3085_x-ww_e059201c\msvcrt.dll
[7] 2004-08-03 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-11-26 1525088]
"{113342cd-3031-4ee9-9288-2c58857d3a3d}"= "c:\program files\Xfire_New\prxtbXfir.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
[HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
[HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
.
[HKEY_CLASSES_ROOT\clsid\{113342cd-3031-4ee9-9288-2c58857d3a3d}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{113342cd-3031-4ee9-9288-2c58857d3a3d}]
2011-05-09 09:49 176936 ----a-w- c:\program files\Xfire_New\prxtbXfir.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
2012-02-06 15:57 1074016 ----a-w- c:\program files\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{113342cd-3031-4ee9-9288-2c58857d3a3d}"= "c:\program files\Xfire_New\prxtbXfir.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{113342cd-3031-4ee9-9288-2c58857d3a3d}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
@="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
2012-09-14 14:59 242864 ----a-w- c:\documents and settings\User\Application Data\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
@="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
2012-09-14 14:59 242864 ----a-w- c:\documents and settings\User\Application Data\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
@="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
[HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
2012-09-14 14:59 242864 ----a-w- c:\documents and settings\User\Application Data\MegaCloud\MegaCloudShellExt.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-07-03 322352]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-22 6591800]
"Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
"Java"="c:\documents and settings\User\Application Data\Java.exe" [2012-07-02 334848]
"SansaDispatch"="c:\documents and settings\User\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-07-16 79872]
"OscarEditor"="c:\program files\G10 Multi-Mode\G10-Editor.exe" [2011-08-31 3344384]
"Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-12-16 3093624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2010-06-25 3768832]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]
"QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nltide_3"="advpack.dll" [2009-03-08 128512]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Windows Update Center.exe [2012-2-3 904233]
Xfire.lnk - d:\program files\Xfire\Xfire.exe [2012-12-12 3558856]
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2010-08-26 16:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
"62.75.206.182,255.255.255.255,192.168.0.156,1"=""
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0tings\\0cumen\0\0$ \0ÈT:øT:U:8U:XU:c:\w\0\0( \0sasnative32\0OODBS
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk]
backup=c:\windows\pss\Dropbox.lnkStartup
backupExtension=Startup
path=c:\documents and settings\User\Start Menu\Programs\Startup\Dropbox.lnk
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^IMVU.lnk]
backup=c:\windows\pss\IMVU.lnkStartup
.
[HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Xfire.lnk]
backup=c:\windows\pss\Xfire.lnkStartup
backupExtension=Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced System Optimizer
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cracked Steam Service
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update)
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spdetector3
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
2007-09-20 22:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 15:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDReminder]
2012-06-26 09:25 10069928 ----a-w- c:\program files\RegClean Pro\RegCleanPro.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
"SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"d:\\ProgRaM FilEs\\steam\\Steam.exe"=
"c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
"c:\\WINDOWS\\system32\\muzapp.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"d:\\Program Files\\Tunngle\\TnglCtrl.exe"=
"d:\\Program Files\\Tunngle\\Tunngle.exe"=
"d:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"8394:TCP"= 8394:TCP:League of Legends Launcher
"8394:UDP"= 8394:UDP:League of Legends Launcher
"6946:TCP"= 6946:TCP:League of Legends Launcher
"6946:UDP"= 6946:UDP:League of Legends Launcher
"8378:TCP"= 8378:TCP:League of Legends Launcher
"8378:UDP"= 8378:UDP:League of Legends Launcher
"8379:TCP"= 8379:TCP:League of Legends Launcher
"8379:UDP"= 8379:UDP:League of Legends Launcher
"8380:TCP"= 8380:TCP:League of Legends Launcher
"8380:UDP"= 8380:UDP:League of Legends Launcher
"6979:TCP"= 6979:TCP:League of Legends Launcher
"6979:UDP"= 6979:UDP:League of Legends Launcher
"6917:TCP"= 6917:TCP:League of Legends Launcher
"6917:UDP"= 6917:UDP:League of Legends Launcher
"57670:TCP"= 57670:TCP:pando Media Booster
"57670:UDP"= 57670:UDP:pando Media Booster
"6925:TCP"= 6925:TCP:League of Legends Launcher
"6925:UDP"= 6925:UDP:League of Legends Launcher
"8381:TCP"= 8381:TCP:League of Legends Launcher
"8381:UDP"= 8381:UDP:League of Legends Launcher
"6971:TCP"= 6971:TCP:League of Legends Launcher
"6971:UDP"= 6971:UDP:League of Legends Launcher
"6930:TCP"= 6930:TCP:League of Legends Launcher
"6930:UDP"= 6930:UDP:League of Legends Launcher
"6886:TCP"= 6886:TCP:League of Legends Launcher
"6886:UDP"= 6886:UDP:League of Legends Launcher
"6924:TCP"= 6924:TCP:League of Legends Launcher
"6924:UDP"= 6924:UDP:League of Legends Launcher
"6973:TCP"= 6973:TCP:League of Legends Launcher
"6973:UDP"= 6973:UDP:League of Legends Launcher
"6906:TCP"= 6906:TCP:League of Legends Launcher
"6906:UDP"= 6906:UDP:League of Legends Launcher
"56079:TCP"= 56079:TCP:pando Media Booster
"56079:UDP"= 56079:UDP:pando Media Booster
"6911:TCP"= 6911:TCP:League of Legends Launcher
"6911:UDP"= 6911:UDP:League of Legends Launcher
"6953:TCP"= 6953:TCP:League of Legends Launcher
"6953:UDP"= 6953:UDP:League of Legends Launcher
"6938:TCP"= 6938:TCP:League of Legends Launcher
"6938:UDP"= 6938:UDP:League of Legends Launcher
"6992:TCP"= 6992:TCP:League of Legends Launcher
"6992:UDP"= 6992:UDP:League of Legends Launcher
"6991:TCP"= 6991:TCP:League of Legends Launcher
"6991:UDP"= 6991:UDP:League of Legends Launcher
"6940:TCP"= 6940:TCP:League of Legends Launcher
"6940:UDP"= 6940:UDP:League of Legends Launcher
"8382:TCP"= 8382:TCP:League of Legends Launcher
"8382:UDP"= 8382:UDP:League of Legends Launcher
"6966:TCP"= 6966:TCP:League of Legends Launcher
"6966:UDP"= 6966:UDP:League of Legends Launcher
"8396:TCP"= 8396:TCP:League of Legends Launcher
"8396:UDP"= 8396:UDP:League of Legends Launcher
"6987:TCP"= 6987:TCP:League of Legends Launcher
"6987:UDP"= 6987:UDP:League of Legends Launcher
"8397:TCP"= 8397:TCP:League of Legends Launcher
"8397:UDP"= 8397:UDP:League of Legends Launcher
"6939:TCP"= 6939:TCP:League of Legends Launcher
"6939:UDP"= 6939:UDP:League of Legends Launcher
"6912:TCP"= 6912:TCP:League of Legends Launcher
"6912:UDP"= 6912:UDP:League of Legends Launcher
"8398:TCP"= 8398:TCP:League of Legends Launcher
"8398:UDP"= 8398:UDP:League of Legends Launcher
"8383:TCP"= 8383:TCP:League of Legends Launcher
"8383:UDP"= 8383:UDP:League of Legends Launcher
"8393:TCP"= 8393:TCP:League of Legends Lobby
"8393:UDP"= 8393:UDP:League of Legends Lobby
"8390:TCP"= 8390:TCP:League of Legends Game Client
"8390:UDP"= 8390:UDP:League of Legends Game Client
"6955:TCP"= 6955:TCP:League of Legends Launcher
"6955:UDP"= 6955:UDP:League of Legends Launcher
"58357:TCP"= 58357:TCP:pando Media Booster
"58357:UDP"= 58357:UDP:pando Media Booster
"94:TCP"= 94:TCP:VRS Recording System TCP/IP Port
"59062:TCP"= 59062:TCP:pando Media Booster
"59062:UDP"= 59062:UDP:pando Media Booster
.
R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/26/2010 6:20 PM 52872]
R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/12/2010 8:15 AM 155136]
R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/12/2010 8:15 AM 5248]
R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2/25/2011 5:25 PM 39472]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/11/2010 9:25 PM 717296]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/26/2010 6:20 PM 216400]
R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/26/2010 6:20 PM 243024]
R2 am7pro;Art*Money*Pro7.37.2;d:\program files\ArtMoney\am737.sys [7/31/2012 10:35 AM 8192]
R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2/6/2012 5:49 PM 748440]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [6/20/2012 7:35 AM 24328]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [12/10/2012 5:29 PM 1435568]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files\Hi-Rez Studios\HiPatchService.exe [8/7/2012 11:53 AM 8704]
R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 9:35 PM 227184]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [4/18/2012 9:43 AM 793056]
R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [7/29/2011 5:40 PM 140848]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12/13/2012 2:26 PM 3290896]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [6/8/2012 10:09 AM 185856]
R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [11/7/2007 7:15 PM 12928]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [6/23/2012 11:47 AM 27136]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
S2 spd3ssl;S*pyware P*rocess D*etector v3.22.5;\??\d:\program files\Spyware Process Detector\spd322.sys --> d:\program files\Spyware Process Detector\spd322.sys [?]
S2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe --> c:\program files\Join Air\AssistantServices.exe [?]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/1/2011 11:41 PM 1691480]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/26/2012 5:36 PM 30312]
S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [4/18/2012 9:43 AM 1038304]
S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [4/18/2012 9:43 AM 1030112]
S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
S3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\room\safedrv.sys [5/20/2012 4:15 PM 22112]
S3 injectDLL;injectDLL;\??\c:\documents and settings\User\Desktop\Tutorialul FB FIX\DOAR DACA NU FUNCTIONEAZA !\Injector 32 bit\injectDLL.sys --> c:\documents and settings\User\Desktop\Tutorialul FB FIX\DOAR DACA NU FUNCTIONEAZA !\Injector 32 bit\injectDLL.sys [?]
S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [1/5/2012 4:02 PM 33792]
S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [12/24/2010 11:14 AM 9216]
S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [11/16/2011 10:22 PM 25856]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [11/6/2010 1:42 PM 1252474]
S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [4/18/2012 9:43 AM 108864]
S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [4/18/2012 9:43 AM 128120]
S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\FXX\qcusbser.sys [3/30/2010 11:31 AM 103424]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/9/2010 5:36 PM 89256]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/9/2010 5:36 PM 15016]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/9/2010 5:36 PM 120744]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/9/2010 5:36 PM 114216]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/9/2010 5:36 PM 25512]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/9/2010 5:36 PM 110632]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/9/2010 5:36 PM 115752]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/26/2012 5:36 PM 121064]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/26/2012 5:36 PM 12776]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/26/2012 5:36 PM 136808]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/26/2012 5:36 PM 114280]
S3 tcpip helper;tcpip helper;\??\c:\program files\Garena Plus\x86\tcpiphlp.sys --> c:\program files\Garena Plus\x86\tcpiphlp.sys [?]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/30/2011 1:05 PM 25088]
S3 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe [12/26/2012 9:36 PM 745368]
S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys --> c:\windows\system32\drivers\vmfilter303.sys [?]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [7/8/2012 10:34 AM 14416]
S3 XDva385;XDva385;c:\windows\system32\XDva385.sys [5/10/2011 2:24 PM 76488]
S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
S3 XDva391;XDva391;c:\windows\system32\XDva391.sys [2/9/2012 7:02 PM 77264]
S3 XDva396;XDva396;\??\c:\windows\system32\XDva396.sys --> c:\windows\system32\XDva396.sys [?]
S3 XDva397;XDva397;c:\windows\system32\XDva397.sys [6/3/2012 7:23 PM 77136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
2009-03-08 01:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:09]
.
2011-05-04 c:\windows\Tasks\expressburnShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-04-24 15:05]
.
2012-02-05 c:\windows\Tasks\expressripDowngrade.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-04-24 15:05]
.
2011-12-17 c:\windows\Tasks\expressripShakeIcon.job
- c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-04-24 15:05]
.
2013-01-09 c:\windows\Tasks\Game_Booster_AutoUpdate.job
- c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-07-08 14:57]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:32]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:32]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1659004503-839522115-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-16 14:45]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1659004503-839522115-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-16 14:45]
.
2012-10-11 c:\windows\Tasks\MotoHelper MUM.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2013-01-07 c:\windows\Tasks\MotoHelper Routing.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2012-10-11 c:\windows\Tasks\MotoHelper Update.job
- c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
.
2013-01-08 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
.
2012-08-21 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 21:30]
.
2013-01-08 c:\windows\Tasks\RegClean Pro_DEFAULT.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-07-09 09:25]
.
2013-01-02 c:\windows\Tasks\RegClean Pro_UPDATES.job
- c:\program files\RegClean Pro\RegCleanPro.exe [2012-07-09 09:25]
.
2012-01-11 c:\windows\Tasks\switchShakeIcon.job
- c:\program files\NCH Software\Switch\switch.exe [2012-01-08 18:09]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3248869
uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>
uSearchURL,(Default) = hxxp://www.google.ro
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
TCP: DhcpNameServer = 213.154.124.1 192.168.0.1
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=HP_ss&mntrId=700de11700000000000000ffef16c512
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=KW_ss&mntrId=700de11700000000000000ffef16c512&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937CDB5D2B8
FF - prefs.js: browser.search.selectedEngine - SearchTheWeb
FF - prefs.js: browser.startup.homepage -
FF - prefs.js: browser.search.selectedEngine -
FF - ExtSQL: 2012-11-18 18:50; [email protected]; c:\program files\Iminent\[email protected]
FF - ExtSQL: 2012-11-18 18:50; {C9B68337-E93A-44EA-94DC-CB300EC06444}; c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: browser.sessionstore.resume_from_crash - false
FF - user.js: general.useragent.extra.brc - BRI/1
FF - user.js: extensions.BabylonToolbar_i.id - 700de117000000000000001fd05dc16b
FF - user.js: extensions.BabylonToolbar_i.hardId - 700de117000000000000001fd05dc16b
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15369
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: extensions.funmoods_i.hmpg - true
FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
FF - user.js: extensions.funmoods_i.dfltSrch - true
FF - user.js: extensions.funmoods_i.srchPrvdr - Search
FF - user.js: extensions.funmoods_i.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
FF - user.js: extensions.funmoods_i.id - 700de117000000000000001fd05dc16b
FF - user.js: extensions.funmoods_i.instlDay - 15434
FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1621:51
FF - user.js: extensions.funmoods_i.prtnrId - funmoods
FF - user.js: extensions.funmoods_i.prdct - funmoods
FF - user.js: extensions.funmoods_i.aflt - make
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods_i.tlbrId - base
FF - user.js: extensions.funmoods_i.instlRef -
FF - user.js: extensions.funmoods_i.dfltLng -
FF - user.js: extensions.funmoods_i.excTlbr - false
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEj6ju1a&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 700de117000000000000001fd05dc16b
FF - user.js: extensions.incredibar_i.instlDay - 15499
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:09
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyEj6ju1a
FF - user.js: extensions.incredibar_i.upn2n - 92261548962685992
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10643
FF - user.js: extensions.incredibar_i.ppd - 453
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112560&tt=3112_1
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - 700de11700000000000000ffef16c512
FF - user.js: extensions.BabylonToolbar.instlDay - 15552
FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.111:23
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
BHO-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - (no file)
BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file)
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
Toolbar-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
HKLM-Run-WinUPD - c:\windows\system32\Drives\NoHTD.exe
HKU-Default-Run-Sidebar - c:\program files\Windows Sidebar\sidebar.exe
MSConfigStartUp-Epson Stylus SX420W(Network) - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE
MSConfigStartUp-EPSON SX420W Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE
MSConfigStartUp-JavaUpdate - c:\windows\system32\Drives\NoHTD.exe
MSConfigStartUp-WinUPD - c:\windows\system32\Drives\NoHTD.exe
HKLM_ActiveSetup-{5460C4DF-B266-909E-CB58-E32B79832EB2} - c:\windows\system32\Drives\NoHTD.exe
AddRemove-1ClickDownload - c:\program files\TornTV.com\uninst.exe
AddRemove-PunkBusterSvc - d:\program files\Ubisoft\FarCry 3\bin\pbsvc_fc3.exe
AddRemove-SopCast Tv Plugin 5.4 Setup - c:\windows\system32\Uninstall-TvPlugin-5.4
AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-01-09 09:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
SansaDispatch = c:\documents and settings\User\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?????????360328??????????url?(?????????????S?????????????????????????????x?S?????????H?S?
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1004336348-1659004503-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:2c,ef,9b,0a,14,8b,90,9c,ef,78,a1,9f,8a,04,e9,d6,48,7e,b1,37,b4,
86,73,36,76,33,76,3d,37,2a,35,f5,a2,fb,3a,60,d8,ce,4a,8e,ba,75,32,bc,5d,b2,\
"rkeysecu"=hex:15,b2,6a,88,90,bf,08,9d,bf,2a,23,7e,c5,58,17,66
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="2366B23B86357325A612234C7891665BE9611000446AD39CA7B59E10C701E990E22A14E32DC2A5F9130A7925219EBFFBE591CEAA9C3DA92908FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3D9DB7CE019D40AA5C26D6A4B87F78D705E4F1E3A5AC48DA455E113FD0A91201F9B663DF222C7331AD088439E93B6BBC8326AFF1ACD7D7690BB6FDA275FAFBD89C123F54BCE1A1AE4A79D6E161AABD1BD79BB19BAE42AB2653E747C26F1DFB532937AB4E19C9C80DDBB83407FE45A4EA3ABD29ED1CAF953EB44A047463439A74387A4A882E244BC59C38E8E72C78FE39A5BBA9CAED5B0A720DE634607A9387502764238F742230E28C1B2415D123CAA558782CEAA06FA297FB7F3780E1A5939297319EC2EAEDA283EA3DF8F4DD19AC65D68A0DD7338F1B186587D3A6C889B479ED520D59919F71DAC0AB6041C4A36C40E63B8CF0284FD57070A433F465C08556D26B20D96F47903156A73307FBFC7512150A50E88837D5338BB362636EC14311B455ED228D6815DFB9A6B12A0057D74B2F2A5EC5604645836444D23FA2F5CF22441C706379783AD8BD5101DD4CD4C7704980A4633DEB719CF11AD9A641BB3119760107A046E4601D7907262D670F1D99B9A8F3EFB58D49CAE92CB08D10E3111805787335870B884545588E76D390D3739CF17F6E5F0564EF49A5753C57B6BDD46C2BDC4B58BD5B7C400A876A20D98C3E51DCE0B5D51EF8805066A84FE2EC2A99EDF44C65554522814C97C60F58DF094D792193EFB91AE5068382B03484346AC58FE6B1D7A0DB4D2710AC62BE8F0AB289FD2A781DAE2FAA9E2A41D5B010AFB94A99C45ECBDFB0ED56742BD4A6DCB3166F0814D28E5B05ED7A509D46DC5E74F32E18080ABC3DE6BC0929290048DB2E618F09B3CCEB6CB8F75FC7C79422CB8C1E8B5EDC4D7C669514CE2070257929BCE90EB20EF12F905CB427A32333423A77DA1001A3A7B08BC6F24B8E7DECE56996A7237CDEB2297C74B53E3BC77ED08D25F67F5871FBCFE37A7BB46F83E18841E9341AA01463F9E779AFA5AB7F31B52E7CDEAE828E10A8282475D70066F3B55D55D2D320CFBC1A8D58FBF3D44B6F2C09D82488E0768D5B17A9CA1343BF76916A6C65453D685AD3AC7396515BDD3D430E067C8B96DB04DB70678BD9FE5DA1159CB7F3F57EE9BE460A9EA1FA272082DF33C6C3480E21E5F3FBAA6933BD428E902BB3AA0230914B64ED24E043642C0FB9EF517668F4DF09C081B73D3B4CA1BEA44E50D91BE0524A7322BEBE0E03D1145CC1D03623BCE3A632504600203F661546C671740463D2688F77A14655B695A528A861CAC7982F5F8D3900D0A5EA2E58BF56EE1395506DB4A7C0F129A7F8ACBD502A969B39"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1148)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(3828)
c:\windows\system32\SHDOCVW.dll
c:\windows\system32\WININET.dll
c:\program files\Unlocker\UnlockerHook.dll
c:\program files\Common Files\Spigot\Search Settings\wth.dll
c:\documents and settings\User\Application Data\MegaCloud\MegaCloudShellExt.dll
c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
c:\program files\G10 Multi-Mode\DLL\DLL_PenSuit.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\windows\system32\SAgent4.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\documents and settings\User\Start Menu\Programs\Startup\Windows Update Center.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2013-01-09 09:51:43 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-09 07:51
.
Pre-Run: 1,627,189,248 bytes free
Post-Run: 1,626,226,688 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 150A04BF77197ECCDD0E695006E5ADB2
 

Attachments

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
next step

Please download AdwCleaner to your desktop.
  • Double click the adwcleaner.exe to run the tool.
  • Click Search.
  • When the scan finished, a notepad window will be opened.
  • Please post the contents here in your topic.
  • The logfile will also be saved in C:\AdwCleaner[R1].txt.
 

SheratanN

Thread Starter
Joined
Jan 8, 2013
Messages
13
Sorry for posting and I hope you will keep helping me , the site doesn't work.
EDIT: I will download it from another mirror. I downloaded it from SoftPedia it's the 2.105 version . I hope it's the corrent one.
EDIT2: I got an outdated one , and i downloaded a updated one :).
EDIT3:
AdwCleaner LOG -> :

# AdwCleaner v2.105 - Logfile created 01/09/2013 at 12:36:09
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner (1).exe
# Option [Search]


***** [Services] *****

Found : Application Updater
Found : Web Assistant Updater

***** [Files / Folders] *****

File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\Conduit.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\daemon-search.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\funmoods.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\MyStart Search.xml
File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\SweetIm.xml
File Found : C:\END
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Found : C:\user.js
File Found : C:\WINDOWS\system32\conduitEngine.tmp
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Found : C:\Documents and Settings\All Users\Application Data\Premium
Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Found : C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
Folder Found : C:\Documents and Settings\User\Application Data\Babylon
Folder Found : C:\Documents and Settings\User\Application Data\Complitly
Folder Found : C:\Documents and Settings\User\Application Data\incredibar.com
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\Conduit
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\ConduitEngine
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\CT2405280
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\CT2776682
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{113342cd-3031-4ee9-9288-2c58857d3a3d}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\SweetIMToolbarData
Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\WinampToolbarData
Folder Found : C:\Documents and Settings\User\Application Data\Search Settings
Folder Found : C:\Documents and Settings\User\Application Data\yourfiledownloader
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Xfire_New
Folder Found : C:\Program Files\Application Updater
Folder Found : C:\Program Files\Common Files\spigot
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Web Assistant
Folder Found : C:\Program Files\Xfire_New
Folder Found : C:\Program Files\yourfiledownloader
Folder Found : C:\Program Files\YouTube Downloader Toolbar

***** [Registry] *****

Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\Search Settings
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\BrotherSoft_Extreme
Key Found : HKCU\Software\Complitly
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Iminent
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\incredibar.com
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{113342CD-3031-4EE9-9288-2C58857D3A3D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\Softonic-Eng7
Key Found : HKCU\Software\Somoto Toolbar
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\Web Assistant
Key Found : HKCU\Software\Winamp Toolbar
Key Found : HKCU\Software\Xfire_New
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\Application Updater
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BrotherSoft_Extreme
Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{113342CD-3031-4EE9-9288-2C58857D3A3D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{5DB566B7-67C9-48C5-AECD-B30BA0214A53}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Found : HKLM\SOFTWARE\Classes\I
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Found : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar
Key Found : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1
Key Found : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620
Key Found : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3248869
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620
Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\incredibar.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F90E1CD-F5F7-4D52-ABCD-9ECD7CE6B25C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28BA5638-E2E7-4E76-94EE-F197C8D39AA1}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59F4DD82-CFCC-438B-9C39-0611365D6F4B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98B5FD0F-CA1B-4A47-A817-181C96C55E94}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAB5F2BC-B3A2-4F5F-8C69-527F15456FE8}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0ACF485-4A74-4DEA-BF6C-605A07781F4C}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Xfire_New Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{113342CD-3031-4EE9-9288-2C58857D3A3D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xfire_New Toolbar
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\Softonic-Eng7
Key Found : HKLM\Software\SweetIM
Key Found : HKLM\Software\Web Assistant
Key Found : HKLM\Software\Winamp Toolbar
Key Found : HKLM\Software\Xfire_New
Key Found : HKLM\Software\YourFileDownloader
Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{113342CD-3031-4EE9-9288-2C58857D3A3D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{113342CD-3031-4EE9-9288-2C58857D3A3D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.21256

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3248869

-\\ Mozilla Firefox v11.0 (ro)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\prefs.js

Found : user_pref("CT1060933.autoDisableScopes", -1);
Found : user_pref("CT2405280..clientLogIsEnabled", true);
Found : user_pref("CT2405280..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2405280..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2405280.CTID", "CT2405280");
Found : user_pref("CT2405280.CurrentServerDate", "29-3-2011");
Found : user_pref("CT2405280.DialogsAlignMode", "LTR");
Found : user_pref("CT2405280.DownloadReferralCookieData", "");
Found : user_pref("CT2405280.EMailNotifierPollDate", "Wed Mar 30 2011 15:12:18 GMT+0300 (GTB Daylight Time)"[...]
Found : user_pref("CT2405280.FirstServerDate", "3-1-2011");
Found : user_pref("CT2405280.FirstTime", true);
Found : user_pref("CT2405280.FirstTimeFF3", true);
Found : user_pref("CT2405280.FixPageNotFoundErrors", true);
Found : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2405280.HasUserGlobalKeys", true);
Found : user_pref("CT2405280.Initialize", true);
Found : user_pref("CT2405280.InitializeCommonPrefs", true);
Found : user_pref("CT2405280.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2405280.InstallationId", "integrated_CT2405280 .exe");
Found : user_pref("CT2405280.InstallationType", "ConduitIntegration");
Found : user_pref("CT2405280.InstalledDate", "Mon Jan 03 2011 21:50:32 GMT+0200 (GTB Standard Time)");
Found : user_pref("CT2405280.InvalidateCache", false);
Found : user_pref("CT2405280.IsGrouping", false);
Found : user_pref("CT2405280.IsMulticommunity", false);
Found : user_pref("CT2405280.IsOpenThankYouPage", false);
Found : user_pref("CT2405280.IsOpenUninstallPage", true);
Found : user_pref("CT2405280.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:01:43 GMT+0300 (GTB Daylight Ti[...]
Found : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2405280.LastLogin_3.2.1.3", "Sun Feb 20 2011 00:39:03 GMT+0200 (GTB Standard Time)");
Found : user_pref("CT2405280.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:27 GMT+0300 (GTB Daylight Time)");
Found : user_pref("CT2405280.LatestVersion", "3.2.5.2");
Found : user_pref("CT2405280.Locale", "en-us");
Found : user_pref("CT2405280.MCDetectTooltipHeight", "83");
Found : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT2405280.MCDetectTooltipWidth", "295");
Found : user_pref("CT2405280.RadioIsPodcast", false);
Found : user_pref("CT2405280.RadioLastCheckTime", "Tue Mar 29 2011 22:01:30 GMT+0300 (GTB Daylight Time)");
Found : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
Found : user_pref("CT2405280.RadioMediaID", "20503713");
Found : user_pref("CT2405280.RadioMediaType", "Media Player");
Found : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT240528020503713");
Found : user_pref("CT2405280.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Found : user_pref("CT2405280.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Found : user_pref("CT2405280.SavedHomepage", "hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4[...]
Found : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
Found : user_pref("CT2405280.SearchInNewTabEnabled", true);
Found : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 22:01:28 GMT+0300 (GTB Daylight [...]
Found : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2405280.ServiceMapLastCheckTime", "Tue Mar 29 2011 22:01:42 GMT+0300 (GTB Daylight Time[...]
Found : user_pref("CT2405280.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:11 GMT+0300 (GTB Daylight Time)"[...]
Found : user_pref("CT2405280.SettingsLastUpdate", "1300362061");
Found : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 18:25:36 GMT+0200 (GTB Standar[...]
Found : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2405280.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2405280.UserID", "UN63990844459859016");
Found : user_pref("CT2405280.WeatherNetwork", "");
Found : user_pref("CT2405280.WeatherPollDate", "Wed Mar 30 2011 15:02:22 GMT+0300 (GTB Daylight Time)");
Found : user_pref("CT2405280.WeatherUnit", "C");
Found : user_pref("CT2405280.alertChannelId", "799768");
Found : user_pref("CT2405280.backendstorage._fb_dailyactivity", "31333031343235333238323032");
Found : user_pref("CT2405280.backendstorage._fb_lifetimesent", "54525545");
Found : user_pref("CT2405280.backendstorage.facebook_ctid_connect_send", "73656E646564");
Found : user_pref("CT2405280.backendstorage.foxshows_latestnotice", "3231");
Found : user_pref("CT2405280.backendstorage.gs_dailyactivity", "31333031343235333237383036");
Found : user_pref("CT2405280.backendstorage.gs_lifetimesent", "54525545");
Found : user_pref("CT2405280.backendstorage.ytapp_dailyactivity", "31333031343235333238313037");
Found : user_pref("CT2405280.backendstorage.ytapp_lifetimesent", "54525545");
Found : user_pref("CT2405280.myStuffEnabled", true);
Found : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2405280.testingCtid", "");
Found : user_pref("CT2405280.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 22:01:43 GMT+0300 (GTB Dayli[...]
Found : user_pref("CT2405280.toolbarContextMenuLastCheckTime", "Mon Jan 03 2011 21:50:45 GMT+0200 (GTB Stand[...]
Found : user_pref("CT2776682..clientLogIsEnabled", true);
Found : user_pref("CT2776682..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2776682..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2776682.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2776682.CTID", "CT2776682");
Found : user_pref("CT2776682.CurrentServerDate", "29-3-2011");
Found : user_pref("CT2776682.DialogsAlignMode", "LTR");
Found : user_pref("CT2776682.DownloadReferralCookieData", "");
Found : user_pref("CT2776682.EMailNotifierPollDate", "Wed Mar 30 2011 15:12:19 GMT+0300 (GTB Daylight Time)"[...]
Found : user_pref("CT2776682.FirstServerDate", "29-3-2011");
Found : user_pref("CT2776682.FirstTime", true);
Found : user_pref("CT2776682.FirstTimeFF3", true);
Found : user_pref("CT2776682.FixPageNotFoundErrors", true);
Found : user_pref("CT2776682.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2776682.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2776682.HasUserGlobalKeys", true);
Found : user_pref("CT2776682.Initialize", true);
Found : user_pref("CT2776682.InitializeCommonPrefs", true);
Found : user_pref("CT2776682.InstallationAndCookieDataSentCount", 2);
Found : user_pref("CT2776682.InstallationId", "Integrated_CT2776682.exe");
Found : user_pref("CT2776682.InstallationType", "ConduitIntegration");
Found : user_pref("CT2776682.InstalledDate", "Tue Mar 29 2011 22:13:25 GMT+0300 (GTB Daylight Time)");
Found : user_pref("CT2776682.InvalidateCache", false);
Found : user_pref("CT2776682.IsGrouping", false);
Found : user_pref("CT2776682.IsMulticommunity", false);
Found : user_pref("CT2776682.IsOpenThankYouPage", true);
Found : user_pref("CT2776682.IsOpenUninstallPage", true);
Found : user_pref("CT2776682.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:18:06 GMT+0300 (GTB Daylight Ti[...]
Found : user_pref("CT2776682.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2776682.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2776682.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:27 GMT+0300 (GTB Daylight Time)");
Found : user_pref("CT2776682.LatestVersion", "3.3.3.2");
Found : user_pref("CT2776682.Locale", "en");
Found : user_pref("CT2776682.MCDetectTooltipHeight", "83");
Found : user_pref("CT2776682.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Found : user_pref("CT2776682.MCDetectTooltipWidth", "295");
Found : user_pref("CT2776682.RadioIsPodcast", false);
Found : user_pref("CT2776682.RadioLastCheckTime", "Tue Mar 29 2011 22:13:13 GMT+0300 (GTB Daylight Time)");
Found : user_pref("CT2776682.RadioLastUpdateIPServer", "3");
Found : user_pref("CT2776682.RadioLastUpdateServer", "3");
Found : user_pref("CT2776682.RadioMediaID", "9962");
Found : user_pref("CT2776682.RadioMediaType", "Media Player");
Found : user_pref("CT2776682.RadioMenuSelectedID", "EBRadioMenu_CT27766829962");
Found : user_pref("CT2776682.RadioStationName", "California%20Rock");
Found : user_pref("CT2776682.RadioStationURL", "hxxp://feedlive.net/california.asx");
Found : user_pref("CT2776682.SavedHomepage", "hxxp://eu.ask.com?o=15573&l=dis");
Found : user_pref("CT2776682.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2776682.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT277[...]
Found : user_pref("CT2776682.SearchInNewTabEnabled", true);
Found : user_pref("CT2776682.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2776682.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 22:13:13 GMT+0300 (GTB Daylight [...]
Found : user_pref("CT2776682.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2776682.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT2776682.ServiceMapLastCheckTime", "Tue Mar 29 2011 22:12:59 GMT+0300 (GTB Daylight Time[...]
Found : user_pref("CT2776682.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:14 GMT+0300 (GTB Daylight Time)"[...]
Found : user_pref("CT2776682.SettingsLastUpdate", "1301390906");
Found : user_pref("CT2776682.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2776682.ThirdPartyComponentsLastCheck", "Tue Mar 29 2011 22:12:59 GMT+0300 (GTB Dayligh[...]
Found : user_pref("CT2776682.ThirdPartyComponentsLastUpdate", "1246786978");
Found : user_pref("CT2776682.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Found : user_pref("CT2776682.UserID", "UN58402490744656218");
Found : user_pref("CT2776682.WeatherNetwork", "");
Found : user_pref("CT2776682.WeatherPollDate", "Wed Mar 30 2011 15:02:23 GMT+0300 (GTB Daylight Time)");
Found : user_pref("CT2776682.WeatherUnit", "C");
Found : user_pref("CT2776682.alertChannelId", "1168776");
Found : user_pref("CT2776682.backendstorage._fb_dailyactivity", "31333031343235393931333232");
Found : user_pref("CT2776682.backendstorage._fb_lifetimesent", "54525545");
Found : user_pref("CT2776682.backendstorage.facebook_ctid_connect_send", "73656E646564");
Found : user_pref("CT2776682.components.1000034", true);
Found : user_pref("CT2776682.components.1000234", true);
Found : user_pref("CT2776682.myStuffEnabled", true);
Found : user_pref("CT2776682.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2776682.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2776682.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2776682.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2776682.testingCtid", "");
Found : user_pref("CT2776682.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 22:13:11 GMT+0300 (GTB Dayli[...]
Found : user_pref("CT2776682.toolbarContextMenuLastCheckTime", "Tue Mar 29 2011 22:13:15 GMT+0300 (GTB Dayli[...]
Found : user_pref("CT2801948.autoDisableScopes", 10);
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2776682");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1168776/1164461/RO", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/799768/795587/RO", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/RO", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2405280", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2776682", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2405280/CT2405280[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2776682/CT2776682[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/equalizer_dea[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/minimize.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/play.gif", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/stop.gif", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/vol.gif", "\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineOwner", "CT2405280");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-eng7");
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2405280");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-eng7");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/slir[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2405280,CT2776682");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280,CT2776682");
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Mar 29 2011 22:18:06 GMT+0300 (GTB D[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Mar 29 2011 22:12:52 GMT+0300 (GTB Dayli[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "ab11dceb-aaa7-40c2-8284-fb0d48def50f");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jan 12 2011 15:41:54 GMT+0200 (GTB[...]
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2776682");
Found : user_pref("ConduitEngine.FirstServerDate", "11/27/2010 18");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstalledDate", "Sat Nov 27 2010 18:40:43 GMT+0200 (GTB Standard Time)");
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:01:58 GMT+0300 (GTB Dayligh[...]
Found : user_pref("ConduitEngine.LastLogin_3.2.1.3", "Sun Feb 20 2011 00:39:10 GMT+0200 (GTB Standard Time)"[...]
Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:28 GMT+0300 (GTB Daylight Time)"[...]
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:30 GMT+0300 (GTB Daylight Ti[...]
Found : user_pref("ConduitEngine.UserID", "UN36620930773737663");
Found : user_pref("ConduitEngine.engineLocale", "en-US");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Mar 29 2011 22:01:48 GMT+0300 (GTB D[...]
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Found : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme Customized Web Search");
Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=HP_s[...]
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "700de117000000000000001fd05dc16b");
Found : user_pref("extensions.BabylonToolbar_i.id", "700de117000000000000001fd05dc16b");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15369");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112560&tt=3112_[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:36:03");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.enabledAddons", "[email protected]:5.0,[email protected][...]
Found : user_pref("extensions.funmoods_i.aflt", "make");
Found : user_pref("extensions.funmoods_i.dfltLng", "");
Found : user_pref("extensions.funmoods_i.dfltSrch", true);
Found : user_pref("extensions.funmoods_i.dnsErr", true);
Found : user_pref("extensions.funmoods_i.excTlbr", false);
Found : user_pref("extensions.funmoods_i.hmpg", true);
Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=make");
Found : user_pref("extensions.funmoods_i.id", "700de117000000000000001fd05dc16b");
Found : user_pref("extensions.funmoods_i.instlDay", "15434");
Found : user_pref("extensions.funmoods_i.instlRef", "");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=make");
Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods_i.tlbrId", "base");
Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=make&q="[...]
Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1621:51:34");
Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=KW_ss&mntrId=700d[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.simapp_id", "{240C0BB2-107A-4117-849F-0EA7A719F958}");
Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Found : user_pref("sweetim.toolbar.version", "1.0.0.10");
Found : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
Found : user_pref("winamp_toolbar.firsttime.showwindow", false);
Found : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.12.1");
Found : user_pref("winamp_toolbar.metrics.activestampdate", "30");
Found : user_pref("winamp_toolbar.metrics.activestampmonth", "2");
Found : user_pref("winamp_toolbar.metrics.activestampyear", "2011");
Found : user_pref("winamp_toolbar.metrics.originalDate", "24");
Found : user_pref("winamp_toolbar.metrics.originalHours", "24");
Found : user_pref("winamp_toolbar.metrics.originalMinutes", "4");
Found : user_pref("winamp_toolbar.metrics.originalMonth", "11");
Found : user_pref("winamp_toolbar.metrics.originalSeconds", "33");
Found : user_pref("winamp_toolbar.metrics.originalYear", "2010");
Found : user_pref("winamp_toolbar.search.populateoncomplete", false);
Found : user_pref("winamp_toolbar.search.searchtype", "web");
Found : user_pref("winamp_toolbar.search.source", "tb50ffwinamp");
Found : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Found : user_pref("winamp_toolbar.upgrade.showwindow", false);
Found : user_pref("winamp_toolbar.winamp.appversion", "1");
Found : user_pref("winamp_toolbar.winamp.artist", "");
Found : user_pref("winamp_toolbar.winamp.title", "-999999");
Found : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Found : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Found : user_pref("winamp_toolbar.winamp.volume", "0");
Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=NT_ss&mntr[...]
Found : user_pref("CT3248869.autoDisableScopes", 0);
Found : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937[...]
Found : user_pref("browser.search.selectedEngine", "SearchTheWeb");

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Found [l.19] : urls_to_restore_on_startup = [ "hxxp://www.google.ro/", "hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937CDB5D2B8" ]
Found [l.2331] : urls_to_restore_on_startup = [ "hxxp://www.google.ro/", "hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937CDB5D2B8" ]

*************************

AdwCleaner[R1].txt - [57489 octets] - [09/01/2013 12:36:09]

########## EOF - C:\AdwCleaner[R1].txt - [57550 octets] ##########
 

dvk01

Derek
Retired Moderator Retired Malware Specialist
Joined
Dec 14, 2002
Messages
56,452
Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
The logfile will also be saved in C:\AdwCleaner[S1].txt

then tell us what problems if any that you are still having
 

SheratanN

Thread Starter
Joined
Jan 8, 2013
Messages
13
There you go :


# AdwCleaner v2.105 - Logfile created 01/09/2013 at 13:24:56
# Updated 08/01/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : User - PC
# Boot Mode : Normal
# Running from : C:\Documents and Settings\User\Desktop\adwcleaner (1).exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Application Updater
Stopped & Deleted : Web Assistant Updater

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Deleted on reboot : C:\Program Files\Common Files\spigot
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\Askcom.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\daemon-search.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\funmoods.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\MyStart Search.xml
File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\SweetIm.xml
File Deleted : C:\END
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
Folder Deleted : C:\Documents and Settings\User\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\User\Application Data\Complitly
Folder Deleted : C:\Documents and Settings\User\Application Data\incredibar.com
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\Conduit
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\CT2405280
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\CT2776682
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{113342cd-3031-4ee9-9288-2c58857d3a3d}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\SweetIMToolbarData
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\WinampToolbarData
Folder Deleted : C:\Documents and Settings\User\Application Data\Search Settings
Folder Deleted : C:\Documents and Settings\User\Application Data\yourfiledownloader
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Xfire_New
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Web Assistant
Folder Deleted : C:\Program Files\Xfire_New
Folder Deleted : C:\Program Files\yourfiledownloader
Folder Deleted : C:\Program Files\YouTube Downloader Toolbar

***** [Registry] *****

Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\BrotherSoft_Extreme
Key Deleted : HKCU\Software\Complitly
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Iminent
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\incredibar.com
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{113342CD-3031-4EE9-9288-2C58857D3A3D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\Softonic-Eng7
Key Deleted : HKCU\Software\Somoto Toolbar
Key Deleted : HKCU\Software\SweetIM
Key Deleted : HKCU\Software\Web Assistant
Key Deleted : HKCU\Software\Winamp Toolbar
Key Deleted : HKCU\Software\Xfire_New
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BrotherSoft_Extreme
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{113342CD-3031-4EE9-9288-2C58857D3A3D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5DB566B7-67C9-48C5-AECD-B30BA0214A53}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3248869
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F90E1CD-F5F7-4D52-ABCD-9ECD7CE6B25C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28BA5638-E2E7-4E76-94EE-F197C8D39AA1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59F4DD82-CFCC-438B-9C39-0611365D6F4B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98B5FD0F-CA1B-4A47-A817-181C96C55E94}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAB5F2BC-B3A2-4F5F-8C69-527F15456FE8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0ACF485-4A74-4DEA-BF6C-605A07781F4C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Xfire_New Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{113342CD-3031-4EE9-9288-2C58857D3A3D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xfire_New Toolbar
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\Softonic-Eng7
Key Deleted : HKLM\Software\SweetIM
Key Deleted : HKLM\Software\Web Assistant
Key Deleted : HKLM\Software\Winamp Toolbar
Key Deleted : HKLM\Software\Xfire_New
Key Deleted : HKLM\Software\YourFileDownloader
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{113342CD-3031-4EE9-9288-2C58857D3A3D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{113342CD-3031-4EE9-9288-2C58857D3A3D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browsers] *****

-\\ Internet Explorer v7.0.6000.21256

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3248869 --> hxxp://www.google.com

-\\ Mozilla Firefox v11.0 (ro)

File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\prefs.js

C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\user.js ... Deleted !

Deleted : user_pref("CT1060933.autoDisableScopes", -1);
Deleted : user_pref("CT2405280..clientLogIsEnabled", true);
Deleted : user_pref("CT2405280..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2405280..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2405280.CTID", "CT2405280");
Deleted : user_pref("CT2405280.CurrentServerDate", "29-3-2011");
Deleted : user_pref("CT2405280.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2405280.DownloadReferralCookieData", "");
Deleted : user_pref("CT2405280.EMailNotifierPollDate", "Wed Mar 30 2011 15:12:18 GMT+0300 (GTB Daylight Time)"[...]
Deleted : user_pref("CT2405280.FirstServerDate", "3-1-2011");
Deleted : user_pref("CT2405280.FirstTime", true);
Deleted : user_pref("CT2405280.FirstTimeFF3", true);
Deleted : user_pref("CT2405280.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2405280.HasUserGlobalKeys", true);
Deleted : user_pref("CT2405280.Initialize", true);
Deleted : user_pref("CT2405280.InitializeCommonPrefs", true);
Deleted : user_pref("CT2405280.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2405280.InstallationId", "integrated_CT2405280 .exe");
Deleted : user_pref("CT2405280.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2405280.InstalledDate", "Mon Jan 03 2011 21:50:32 GMT+0200 (GTB Standard Time)");
Deleted : user_pref("CT2405280.InvalidateCache", false);
Deleted : user_pref("CT2405280.IsGrouping", false);
Deleted : user_pref("CT2405280.IsMulticommunity", false);
Deleted : user_pref("CT2405280.IsOpenThankYouPage", false);
Deleted : user_pref("CT2405280.IsOpenUninstallPage", true);
Deleted : user_pref("CT2405280.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:01:43 GMT+0300 (GTB Daylight Ti[...]
Deleted : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2405280.LastLogin_3.2.1.3", "Sun Feb 20 2011 00:39:03 GMT+0200 (GTB Standard Time)");
Deleted : user_pref("CT2405280.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:27 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT2405280.LatestVersion", "3.2.5.2");
Deleted : user_pref("CT2405280.Locale", "en-us");
Deleted : user_pref("CT2405280.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2405280.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2405280.RadioIsPodcast", false);
Deleted : user_pref("CT2405280.RadioLastCheckTime", "Tue Mar 29 2011 22:01:30 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
Deleted : user_pref("CT2405280.RadioMediaID", "20503713");
Deleted : user_pref("CT2405280.RadioMediaType", "Media Player");
Deleted : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT240528020503713");
Deleted : user_pref("CT2405280.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
Deleted : user_pref("CT2405280.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
Deleted : user_pref("CT2405280.SavedHomepage", "hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4[...]
Deleted : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
Deleted : user_pref("CT2405280.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 22:01:28 GMT+0300 (GTB Daylight [...]
Deleted : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2405280.ServiceMapLastCheckTime", "Tue Mar 29 2011 22:01:42 GMT+0300 (GTB Daylight Time[...]
Deleted : user_pref("CT2405280.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:11 GMT+0300 (GTB Daylight Time)"[...]
Deleted : user_pref("CT2405280.SettingsLastUpdate", "1300362061");
Deleted : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 18:25:36 GMT+0200 (GTB Standar[...]
Deleted : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2405280.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2405280.UserID", "UN63990844459859016");
Deleted : user_pref("CT2405280.WeatherNetwork", "");
Deleted : user_pref("CT2405280.WeatherPollDate", "Wed Mar 30 2011 15:02:22 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT2405280.WeatherUnit", "C");
Deleted : user_pref("CT2405280.alertChannelId", "799768");
Deleted : user_pref("CT2405280.backendstorage._fb_dailyactivity", "31333031343235333238323032");
Deleted : user_pref("CT2405280.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("CT2405280.backendstorage.facebook_ctid_connect_send", "73656E646564");
Deleted : user_pref("CT2405280.backendstorage.foxshows_latestnotice", "3231");
Deleted : user_pref("CT2405280.backendstorage.gs_dailyactivity", "31333031343235333237383036");
Deleted : user_pref("CT2405280.backendstorage.gs_lifetimesent", "54525545");
Deleted : user_pref("CT2405280.backendstorage.ytapp_dailyactivity", "31333031343235333238313037");
Deleted : user_pref("CT2405280.backendstorage.ytapp_lifetimesent", "54525545");
Deleted : user_pref("CT2405280.myStuffEnabled", true);
Deleted : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2405280.testingCtid", "");
Deleted : user_pref("CT2405280.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 22:01:43 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2405280.toolbarContextMenuLastCheckTime", "Mon Jan 03 2011 21:50:45 GMT+0200 (GTB Stand[...]
Deleted : user_pref("CT2776682..clientLogIsEnabled", true);
Deleted : user_pref("CT2776682..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2776682..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2776682.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2776682.CTID", "CT2776682");
Deleted : user_pref("CT2776682.CurrentServerDate", "29-3-2011");
Deleted : user_pref("CT2776682.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2776682.DownloadReferralCookieData", "");
Deleted : user_pref("CT2776682.EMailNotifierPollDate", "Wed Mar 30 2011 15:12:19 GMT+0300 (GTB Daylight Time)"[...]
Deleted : user_pref("CT2776682.FirstServerDate", "29-3-2011");
Deleted : user_pref("CT2776682.FirstTime", true);
Deleted : user_pref("CT2776682.FirstTimeFF3", true);
Deleted : user_pref("CT2776682.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2776682.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2776682.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2776682.HasUserGlobalKeys", true);
Deleted : user_pref("CT2776682.Initialize", true);
Deleted : user_pref("CT2776682.InitializeCommonPrefs", true);
Deleted : user_pref("CT2776682.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2776682.InstallationId", "Integrated_CT2776682.exe");
Deleted : user_pref("CT2776682.InstallationType", "ConduitIntegration");
Deleted : user_pref("CT2776682.InstalledDate", "Tue Mar 29 2011 22:13:25 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT2776682.InvalidateCache", false);
Deleted : user_pref("CT2776682.IsGrouping", false);
Deleted : user_pref("CT2776682.IsMulticommunity", false);
Deleted : user_pref("CT2776682.IsOpenThankYouPage", true);
Deleted : user_pref("CT2776682.IsOpenUninstallPage", true);
Deleted : user_pref("CT2776682.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:18:06 GMT+0300 (GTB Daylight Ti[...]
Deleted : user_pref("CT2776682.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2776682.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2776682.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:27 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT2776682.LatestVersion", "3.3.3.2");
Deleted : user_pref("CT2776682.Locale", "en");
Deleted : user_pref("CT2776682.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2776682.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Deleted : user_pref("CT2776682.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2776682.RadioIsPodcast", false);
Deleted : user_pref("CT2776682.RadioLastCheckTime", "Tue Mar 29 2011 22:13:13 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT2776682.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2776682.RadioLastUpdateServer", "3");
Deleted : user_pref("CT2776682.RadioMediaID", "9962");
Deleted : user_pref("CT2776682.RadioMediaType", "Media Player");
Deleted : user_pref("CT2776682.RadioMenuSelectedID", "EBRadioMenu_CT27766829962");
Deleted : user_pref("CT2776682.RadioStationName", "California%20Rock");
Deleted : user_pref("CT2776682.RadioStationURL", "hxxp://feedlive.net/california.asx");
Deleted : user_pref("CT2776682.SavedHomepage", "hxxp://eu.ask.com?o=15573&l=dis");
Deleted : user_pref("CT2776682.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2776682.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT277[...]
Deleted : user_pref("CT2776682.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2776682.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2776682.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 22:13:13 GMT+0300 (GTB Daylight [...]
Deleted : user_pref("CT2776682.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2776682.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2776682.ServiceMapLastCheckTime", "Tue Mar 29 2011 22:12:59 GMT+0300 (GTB Daylight Time[...]
Deleted : user_pref("CT2776682.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:14 GMT+0300 (GTB Daylight Time)"[...]
Deleted : user_pref("CT2776682.SettingsLastUpdate", "1301390906");
Deleted : user_pref("CT2776682.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2776682.ThirdPartyComponentsLastCheck", "Tue Mar 29 2011 22:12:59 GMT+0300 (GTB Dayligh[...]
Deleted : user_pref("CT2776682.ThirdPartyComponentsLastUpdate", "1246786978");
Deleted : user_pref("CT2776682.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
Deleted : user_pref("CT2776682.UserID", "UN58402490744656218");
Deleted : user_pref("CT2776682.WeatherNetwork", "");
Deleted : user_pref("CT2776682.WeatherPollDate", "Wed Mar 30 2011 15:02:23 GMT+0300 (GTB Daylight Time)");
Deleted : user_pref("CT2776682.WeatherUnit", "C");
Deleted : user_pref("CT2776682.alertChannelId", "1168776");
Deleted : user_pref("CT2776682.backendstorage._fb_dailyactivity", "31333031343235393931333232");
Deleted : user_pref("CT2776682.backendstorage._fb_lifetimesent", "54525545");
Deleted : user_pref("CT2776682.backendstorage.facebook_ctid_connect_send", "73656E646564");
Deleted : user_pref("CT2776682.components.1000034", true);
Deleted : user_pref("CT2776682.components.1000234", true);
Deleted : user_pref("CT2776682.myStuffEnabled", true);
Deleted : user_pref("CT2776682.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2776682.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2776682.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2776682.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2776682.testingCtid", "");
Deleted : user_pref("CT2776682.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 22:13:11 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2776682.toolbarContextMenuLastCheckTime", "Tue Mar 29 2011 22:13:15 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CT2801948.autoDisableScopes", 10);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2776682");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1168776/1164461/RO", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/799768/795587/RO", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/RO", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2405280", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2776682", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2405280/CT2405280[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2776682/CT2776682[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/equalizer_dea[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/minimize.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/play.gif", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/stop.gif", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/vol.gif", "\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2405280");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-eng7");
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2405280");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-eng7");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/slir[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2405280,CT2776682");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280,CT2776682");
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Mar 29 2011 22:18:06 GMT+0300 (GTB D[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Mar 29 2011 22:12:52 GMT+0300 (GTB Dayli[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "ab11dceb-aaa7-40c2-8284-fb0d48def50f");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jan 12 2011 15:41:54 GMT+0200 (GTB[...]
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2776682");
Deleted : user_pref("ConduitEngine.FirstServerDate", "11/27/2010 18");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Nov 27 2010 18:40:43 GMT+0200 (GTB Standard Time)");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:01:58 GMT+0300 (GTB Dayligh[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.2.1.3", "Sun Feb 20 2011 00:39:10 GMT+0200 (GTB Standard Time)"[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:28 GMT+0300 (GTB Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:30 GMT+0300 (GTB Daylight Ti[...]
Deleted : user_pref("ConduitEngine.UserID", "UN36620930773737663");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Mar 29 2011 22:01:48 GMT+0300 (GTB D[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme Customized Web Search");
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=HP_s[...]
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "700de117000000000000001fd05dc16b");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "700de117000000000000001fd05dc16b");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15369");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112560&tt=3112_[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:36:03");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.enabledAddons", "[email protected]:5.0,[email protected][...]
Deleted : user_pref("extensions.funmoods_i.aflt", "make");
Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);
Deleted : user_pref("extensions.funmoods_i.dnsErr", true);
Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
Deleted : user_pref("extensions.funmoods_i.hmpg", true);
Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=make");
Deleted : user_pref("extensions.funmoods_i.id", "700de117000000000000001fd05dc16b");
Deleted : user_pref("extensions.funmoods_i.instlDay", "15434");
Deleted : user_pref("extensions.funmoods_i.instlRef", "");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=make");
Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=make&q="[...]
Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1621:51:34");
Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=KW_ss&mntrId=700d[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{240C0BB2-107A-4117-849F-0EA7A719F958}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("sweetim.toolbar.version", "1.0.0.10");
Deleted : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false);
Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.12.1");
Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "30");
Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "2");
Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2011");
Deleted : user_pref("winamp_toolbar.metrics.originalDate", "24");
Deleted : user_pref("winamp_toolbar.metrics.originalHours", "24");
Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "4");
Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "11");
Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "33");
Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2010");
Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false);
Deleted : user_pref("winamp_toolbar.search.searchtype", "web");
Deleted : user_pref("winamp_toolbar.search.source", "tb50ffwinamp");
Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false);
Deleted : user_pref("winamp_toolbar.winamp.appversion", "1");
Deleted : user_pref("winamp_toolbar.winamp.artist", "");
Deleted : user_pref("winamp_toolbar.winamp.title", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
Deleted : user_pref("winamp_toolbar.winamp.volume", "0");
Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=NT_ss&mntr[...]
Deleted : user_pref("CT3248869.autoDisableScopes", 0);
Deleted : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937[...]
Deleted : user_pref("browser.search.selectedEngine", "SearchTheWeb");

-\\ Google Chrome v23.0.1271.97

File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://www.google.ro/", "hxxp://search.iminent.com/?appId=[...]
Deleted [l.2331] : urls_to_restore_on_startup = [ "hxxp://www.google.ro/", "hxxp://search.iminent.com/?appId=C04[...]

*************************

AdwCleaner[R1].txt - [57620 octets] - [09/01/2013 12:36:09]
AdwCleaner[R2].txt - [57681 octets] - [09/01/2013 13:24:24]
AdwCleaner[S1].txt - [56448 octets] - [09/01/2013 13:24:56]

########## EOF - C:\AdwCleaner[S1].txt - [56509 octets] ##########
 

SheratanN

Thread Starter
Joined
Jan 8, 2013
Messages
13
Well , I don't know if that's a problem but when I'm in google chrome and I'm watching at something on YT it's quite lagging :(. And when I'm in google chrome with 5 tabs opened the processor usage it's at 70% sometimes, and then it goes like 58% and then 30%.
 
Status
This thread has been Locked and is not open to further replies. Please start a New Thread if you're having a similar issue. View our Welcome Guide to learn how to use this site.

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 807,865 other people just like you!

Latest posts

Staff online

Top