1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

I got a virus, help me please!

Discussion in 'Virus & Other Malware Removal' started by SheratanN, Jan 8, 2013.

Thread Status:
Not open for further replies.
Advertisement
  1. SheratanN

    SheratanN Thread Starter

    Joined:
    Jan 8, 2013
    Messages:
    13
    Hello , I got a virus called NOHTD.exe and I got XP Professional SP2/SP3 ... What I got in MSCONFIG startup ->This virus is in Command : There are 2 : The first : Command : C:\WINDOWS\system32\Drives\NoHTD.exe and the location is
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.
    And the second one is : Command : C:\WINDOWS\system32\Drives\NoHTD.exe and the location : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run.

    EDIT: I forgot to say this : When I close the Google chrome, there is a chrome.exe which isn't closed , when I close it appears NoHTD.exe and when i want to end that procces it dissapears and then appears again the chrome.exe.

    Help please , I don't know if I posted right , but i need some help :) .
    Thank you.
     
  2. etaf

    etaf Moderator

    Joined:
    Oct 2, 2003
    Messages:
    65,422
    First Name:
    Wayne
  3. SheratanN

    SheratanN Thread Starter

    Joined:
    Jan 8, 2013
    Messages:
    13
    Sorry for posting in the wrong section , thank you for moving the thread. I will wait a reply . Thank you.
     
  4. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    post the logs that have been requested and we can help you
     
  5. SheratanN

    SheratanN Thread Starter

    Joined:
    Jan 8, 2013
    Messages:
    13
    All right , I have 1 question , with the GMER LOG , I will post the quick scan or the full scan ? (LOG)
     
  6. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    quick scan should be enough for this one
     
  7. SheratanN

    SheratanN Thread Starter

    Joined:
    Jan 8, 2013
    Messages:
    13
    GMER LOG :

    GMER 2.0.18444 - http://www.gmer.net
    Rootkit scan 2013-01-08 15:17:32
    Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 WDC_WD2000JB-00GVA0 rev.08.02D08 186.31GB
    Running: fsxnd8qx.exe; Driver: C:\DOCUME~1\User\LOCALS~1\Temp\pxtdapob.sys


    ---- System - GMER 2.0 ----

    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwClose [0xF7255818]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreateKey [0xF72557D0]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwCreatePagingFile [0xF7249A20]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateKey [0xF724A2A8]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwEnumerateValueKey [0xF7255910]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwOpenKey [0xF7255794]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryKey [0xF724A2C8]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwQueryValueKey [0xF7255866]
    SSDT d347bus.sys (PnP BIOS Extension/ ) ZwSetSystemPowerState [0xF72550B0]
    SSDT spnk.sys ZwSetValueKey [0xF72A619A]

    INT 0x62 ? 8ABCDBF8
    INT 0x73 ? 8ABCDBF8
    INT 0x73 ? 8ABCDBF8
    INT 0x73 ? 8ABCDBF8
    INT 0xA4 ? 8A7D2BF8
    INT 0xB4 ? 8A7D2BF8

    ---- Kernel code sections - GMER 2.0 ----

    ? spnk.sys The system cannot find the file specified. !
    .text USBPORT.SYS!DllUnload F66EB80C 5 Bytes JMP 8A7D21D8
    .text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xF60C7000, 0x238387, 0xE8000020]
    pnidata C:\WINDOWS\system32\DRIVERS\secdrv.sys unknown last section [0xAA5EAF00, 0x24000, 0x48000000]
    ? C:\DOCUME~1\User\LOCALS~1\Temp\mbr.sys The system cannot find the file specified. !

    ---- User code sections - GMER 2.0 ----

    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, F8, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, FB, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, F8, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, F9, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B913412
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, FA, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, F9, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, FA, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B913483
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, F8, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9135B1
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, F9, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, FA, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, FB, 5D, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 74, A3, 00] {SUB [EBX+0x0], DH}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 77, A3, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 74, A3, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 75, A3, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91798E
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 76, A3, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 75, A3, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 76, A3, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9179FF
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 74, A3, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B917B2D
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 75, A3, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 76, A3, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 77, A3, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\WINDOWS\Explorer.EXE[3024] SHELL32.dll!SHFileOperationW 7CA707BB 5 Bytes JMP 02431102 C:\Program Files\Unlocker\UnlockerHook.dll
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, CC, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, CF, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, CC, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, CD, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B90FCE6
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, CE, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, CD, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, CE, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B90FD57
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, CC, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B90FE85
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, CD, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, CE, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, CF, 26, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, B8, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, BB, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, B8, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, B9, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91CDD2
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, BA, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, B9, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, BA, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91CE43
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, B8, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91CF71
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, B9, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, BA, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, BB, F7, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 40, 73, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 43, 73, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 40, 73, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 41, 73, 00] {TEST AL, 0x41; JAE 0x4}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91495A
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 42, 73, 00] {TEST AL, 0x42; JAE 0x4}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 41, 73, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 42, 73, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9149CB
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 40, 73, 00] {TEST AL, 0x40; JAE 0x4}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B914AF9
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 41, 73, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 42, 73, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 43, 73, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 20, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 23, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 20, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 21, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91973A
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 22, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 21, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 22, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B9197AB
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 20, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9198D9
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 21, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 22, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 23, C1, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 58, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 5B, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 58, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 59, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B91BE72
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 5A, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 59, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 5A, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91BEE3
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 58, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B91C011
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 59, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 5A, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 5B, E8, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, 18, B4, 00] {SUB [EAX], BL; MOV AH, 0x0}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, 1B, B4, 00] {SUB [EBX], BL; MOV AH, 0x0}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, 18, B4, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, 19, B4, 00] {TEST AL, 0x19; MOV AH, 0x0}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B918A32
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, 1A, B4, 00] {TEST AL, 0x1a; MOV AH, 0x0}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, 19, B4, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, 1A, B4, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B918AA3
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, 18, B4, 00] {TEST AL, 0x18; MOV AH, 0x0}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B918BD1
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, 19, B4, 00] {SUB [ECX], BL; MOV AH, 0x0}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, 1A, B4, 00] {SUB [EDX], BL; MOV AH, 0x0}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, 1B, B4, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, A0, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, A3, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, A0, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, A1, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B9132BA
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, A2, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, A1, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, A2, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B91332B
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, A0, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B913459
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, A1, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, A2, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, A3, 5C, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtCreateFile + 6 7C90D0B4 4 Bytes [28, EC, 7E, 00] {SUB AH, CH; JLE 0x4}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtCreateFile + B 7C90D0B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtMapViewOfSection + 6 7C90D524 4 Bytes [28, EF, 7E, 00] {SUB BH, CH; JLE 0x4}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtMapViewOfSection + B 7C90D529 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenFile + 6 7C90D5A4 4 Bytes [68, EC, 7E, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenFile + B 7C90D5A9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcess + 6 7C90D604 4 Bytes [A8, ED, 7E, 00] {TEST AL, 0xed; JLE 0x4}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcess + B 7C90D609 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessToken + 6 7C90D614 4 Bytes CALL 7B915506
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessToken + B 7C90D619 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessTokenEx + 6 7C90D624 4 Bytes [A8, EE, 7E, 00] {TEST AL, 0xee; JLE 0x4}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenProcessTokenEx + B 7C90D629 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThread + 6 7C90D664 4 Bytes [68, ED, 7E, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThread + B 7C90D669 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadToken + 6 7C90D674 4 Bytes [68, EE, 7E, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadToken + B 7C90D679 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadTokenEx + 6 7C90D684 4 Bytes CALL 7B915577
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtOpenThreadTokenEx + B 7C90D689 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryAttributesFile + 6 7C90D714 4 Bytes [A8, EC, 7E, 00] {TEST AL, 0xec; JLE 0x4}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryAttributesFile + B 7C90D719 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryFullAttributesFile + 6 7C90D7B4 4 Bytes CALL 7B9156A5
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtQueryFullAttributesFile + B 7C90D7B9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationFile + 6 7C90DC64 4 Bytes [28, ED, 7E, 00] {SUB CH, CH; JLE 0x4}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationFile + B 7C90DC69 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationThread + 6 7C90DCB4 4 Bytes [28, EE, 7E, 00] {SUB DH, CH; JLE 0x4}
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtSetInformationThread + B 7C90DCB9 1 Byte [E2]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtUnmapViewOfSection + 6 7C90DF14 4 Bytes [68, EF, 7E, 00]
    .text C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] ntdll.dll!NtUnmapViewOfSection + B 7C90DF19 1 Byte [E2]

    ---- Kernel IAT/EAT - GMER 2.0 ----

    IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [F7298048] spnk.sys

    ---- User IAT/EAT - GMER 2.0 ----

    IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1720] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00740010
    IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[1760] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00BA0010
    IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3436] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 003D0010
    IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3488] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 010D0010
    IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3496] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 008A0010
    IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3532] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00D80010
    IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3600] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00FF0010
    IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[3604] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00CB0010
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613463D7] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61346306] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134657C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346622] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346537] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [613463D7] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [613464A2] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61346306] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[3980] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[4784] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00720010
    IAT C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe[5216] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00950010
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\USER32.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!GetSysColor] [613463D7] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenu] [61346306] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileW] [6134657C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateFileA] [61346622] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [GDI32.dll!GetStockObject] [6134649C] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [61347889] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [61347917] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [613478C9] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!AnimateWindow] [61346537] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenuEx] [61346344] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcA] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColor] [613463D7] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!DefWindowProcW] [61346CC4] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetSysColorBrush] [613464A2] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TrackPopupMenu] [61346306] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [613470AD] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll
    IAT C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe[6044] @ C:\WINDOWS\system32\IPHLPAPI.DLL [KERNEL32.dll!LoadLibraryA] [61347849] C:\PROGRA~1\Yahoo!\MESSEN~1\yui.dll

    ---- Modules - GMER 2.0 ----

    Module _________ F71AC000-F71C4000 (98304 bytes)

    ---- Registry - GMER 2.0 ----

    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf40
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x20 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0xB5 0x30 0xB7 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf41
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x20 0x02 0x00 0x00 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0xA4 0x30 0xB7 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\[email protected] 0x0C 0x30 0xB7 0x25 ...
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf42
    Reg HKLM\SYSTEM\CurrentControlSet\Services\d347prt\Cfg\0Jf43
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] -1992502633
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\[email protected] 166140596
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] C:\Program Files\DAEMON Tools Lite\
    Reg HKLM\SYSTEM\ControlSet002\Services\sptd\Cfg\[email protected] 0x00 0x00 0x00 0x00 ...
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
    Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\[email protected] 2366B23B86357325A612234C7891665BE9611000446AD39CA7B59E10C701E990E22A14E32DC2A5F9130A7925219EBFFBE591CEAA9C3DA92908FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3D9DB7CE019D40AA5C26D6A4B87F78D705E4F1E3A5AC48DA455E113FD0A91201F9B663DF222C7331AD088439E93B6BBC8326AFF1ACD7D7690BB6FDA275FAFBD89C123F54BCE1A1AE4A79D6E161AABD1BD79BB19BAE42AB2653E747C26F1DFB532937AB4E19C9C80DDBB83407FE45A4EA3ABD29ED1CAF953EB44A047463439A74387A4A882E244BC59C38E8E72C78FE39A5BBA9CAED5B0A720DE634607A9387502764238F742230E28C1B2415D123CAA558782CEAA06FA297FB7F3780E1A5939297319EC2EAEDA283EA3DF8F4DD19AC65D68A0DD7338F1B186587D3A6C889B479ED520D59919F71DAC0AB6041C4A36C40E63B8CF0284FD57070A433F465C08556D26B20D96F47903156A73307FBFC7512150A50E88837D5338BB362636EC14311B455ED228D6815DFB9A6B12A0057D74B2F2A5EC5604645836444D23FA2F5CF22441C706379783AD8BD5101DD4CD4C7704980A4633DEB719CF11AD9A641BB3119760107A046E4601D7907262D670F1D99B9A8F3EFB58D49CAE92CB08D10E3111

    ---- EOF - GMER 2.0 ----



    DDS LOG :
    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 7.0.6000.21256 BrowserJavaVersion: 10.2.1
    Run by User at 13:34:45 on 2013-01-08
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.370 [GMT 2:00]
    .
    AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\Program Files\AVG\AVG9\avgchsvx.exe
    C:\Program Files\AVG\AVG9\avgrsx.exe
    C:\Program Files\AVG\AVG9\avgcsrvx.exe
    C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe
    C:\Program Files\Application Updater\ApplicationUpdater.exe
    C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
    D:\Program Files\Hi-Rez Studios\HiPatchService.exe
    C:\Program Files\Java\jre6\bin\jqs.exe
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperService.exe
    C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
    C:\WINDOWS\system32\PnkBstrA.exe
    C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    C:\Program Files\Motorola\MotoHelper\MotoHelperAgent.exe
    C:\WINDOWS\Explorer.EXE
    C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
    C:\WINDOWS\system32\SAgent4.exe
    C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
    C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    C:\Program Files\Hard Disk Sentinel\HDSentinel.exe
    C:\Program Files\D-Tools\daemon.exe
    C:\Program Files\Unlocker\UnlockerAssistant.exe
    C:\Program Files\VibrateGameDeviceDriver\RFPIcon.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    C:\Documents and Settings\User\Application Data\Java.exe
    C:\Documents and Settings\User\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe
    C:\Program Files\G10 Multi-Mode\G10-Editor.exe
    C:\Documents and Settings\User\Start Menu\Programs\Startup\Windows Update Center.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\alg.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\system32\taskmgr.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\Program Files\uTorrent\uTorrent.exe
    C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\system32\svchost.exe -k LocalService
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3248869
    mSearch Page = hxxp://www.google.ro
    mDefault_Search_URL = hxxp://www.google.ro
    uProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>
    uSearchURL,(Default) = hxxp://www.google.ro
    mCustomizeSearch = hxxp://www.google.ro
    uURLSearchHooks: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
    uURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    uURLSearchHooks: Xfire New Toolbar: {113342cd-3031-4ee9-9288-2c58857d3a3d} - c:\program files\xfire_new\prxtbXfir.dll
    dURLSearchHooks: YTNavAssistPlugin Class: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    mWinlogon: Userinit = c:\windows\system32\userinit.exe
    mWinlogon: SFCDisable = dword:-99
    BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    BHO: Complitly: {0FB6A909-6086-458F-BD92-1F8EE10042A0} - c:\documents and settings\user\application data\complitly\Complitly.dll
    BHO: Xfire New Toolbar: {113342cd-3031-4ee9-9288-2c58857d3a3d} - c:\program files\xfire_new\prxtbXfir.dll
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Yahooo Search Protection: {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
    BHO: Winamp Toolbar Loader: {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - LocalServer32 - <no file>
    BHO: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - LocalServer32 - <no file>
    BHO: DivX Plus Web Player HTML5 <video>: {326E768D-4182-46FD-9C16-1449A49795F4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
    BHO: Web Assistant: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\web assistant\Extension32.dll
    BHO: AVG Safe Search: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - LocalServer32 - <no file>
    BHO: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - LocalServer32 - <no file>
    BHO: TBSB01620 Class: {58124A0B-DC32-4180-9BFF-E0E21AE34026} - LocalServer32 - <no file>
    BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - LocalServer32 - <no file>
    BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
    BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    BHO: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    BHO: Bing Bar BHO: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - LocalServer32 - <no file>
    BHO: Softonic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.0 runtime\bin\jp2ssv.dll
    BHO: JQSIEStartDetectorImpl Class: {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
    BHO: QuickNet BHO: {EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - LocalServer32 - <no file>
    BHO: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
    BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0\YTSingleInstance.dll
    TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
    TB: Winamp Toolbar: {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - LocalServer32 - <no file>
    TB: Softonic-Eng7 Toolbar: {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - LocalServer32 - <no file>
    TB: Softonic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
    TB: Easy Photo Print: {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - c:\program files\epson software\easy photo print\EPTBL.dll
    TB: DAEMON Tools Toolbar: {32099AAC-C132-4136-9E9A-4E364A424E17} - LocalServer32 - <no file>
    TB: Winamp Toolbar: {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - LocalServer32 - <no file>
    TB: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - LocalServer32 - <no file>
    TB: Softonic Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - LocalServer32 - <no file>
    TB: <No Name>: {8dcb7100-df86-4384-8842-8fa844297b3f} - LocalServer32 - <no file>
    TB: Conduit Engine : {30F9B915-B755-4826-820B-08FBA6BD249D} - LocalServer32 - <no file>
    TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn3\yt.dll
    TB: YouTube Downloader Toolbar: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - c:\program files\youtube downloader toolbar\ie\5.0\youtubedownloaderToolbarIE.dll
    TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - LocalServer32 - <no file>
    TB: Xfire New Toolbar: {113342cd-3031-4ee9-9288-2c58857d3a3d} - c:\program files\xfire_new\prxtbXfir.dll
    uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
    uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe"
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [Creative WebCam Tray] "c:\program files\creative\shared files\CamTray.exe"
    uRun: [EPSON P50 Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatiffe.exe /fu "c:\docume~1\user\locals~1\temp\E_S1B1.tmp" /EF "HKCU"
    uRun: [Google Update] "c:\documents and settings\user\local settings\application data\google\update\GoogleUpdate.exe" /c
    uRun: [Epson Stylus SX420W(Network)] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\docume~1\user\locals~1\temp\E_S134F.tmp" /EF "HKCU"
    uRun: [EPSON SX420W Series] c:\windows\system32\spool\drivers\w32x86\3\e_fatigce.exe /fu "c:\docume~1\user\locals~1\temp\E_S1352.tmp" /EF "HKCU"
    uRun: [HKCU] c:\windows\system32\windir\winlog.exe
    uRun: [Java] c:\documents and settings\user\application data\Java.exe
    uRun: [SansaDispatch] c:\documents and settings\user\application data\sandisk\sansa updater\SansaDispatch.exe
    uRun: [OscarEditor] "c:\program files\g10 multi-mode\G10-Editor.exe" Minimum
    uRun: [Pando Media Booster] c:\program files\pando networks\media booster\PMB.exe
    uRun: [JavaUpdate] c:\windows\system32\drives\NoHTD.exe
    mRun: [Hard Disk Sentinel] "c:\program files\hard disk sentinel\HDSentinel.exe" /AUTORUN
    mRun: [DAEMON Tools-1033] "c:\program files\d-tools\daemon.exe" -lang 1033
    mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe" -H
    mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
    mRun: [RTBatteryMeter] c:\program files\vibrategamedevicedriver\RFPIcon.exe
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    mRun: [SearchSettings] "c:\program files\common files\spigot\search settings\SearchSettings.exe"
    mRun: [QuickTime Task] "d:\program files\quicktime\QTTask.exe" -atboottime
    mRun: [HKLM] c:\windows\system32\windir\winlog.exe
    mRun: [LogMeIn Hamachi Ui] "c:\program files\logmein hamachi\hamachi-2-ui.exe" --auto-start
    mRun: [WinUPD] c:\windows\system32\drives\NoHTD.exe
    dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
    dRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
    dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N
    uExplorerRun: [Policies] c:\windows\system32\windir\winlog.exe
    mExplorerRun: [Policies] c:\windows\system32\windir\winlog.exe
    StartupFolder: c:\documents and settings\user\start menu\programs\startup\Windows Update Center.exe
    StartupFolder: c:\docume~1\user\startm~1\programs\startup\xfire.lnk - d:\program files\xfire\Xfire.exe
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    uPolicies-System: EnableLUA = dword:0
    mPolicies-System: EnableLUA = dword:0
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
    IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    IE: {BBF74FB9-ABCD-4678-880A-2511DAABB5E1} - {25BC7718-0BFA-40EA-B381-4B2D9732D686} - c:\program files\yahoo!\search protection\ysp.dll
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    .
    INFO: HKCU has more than 50 listed domains.
    If you wish to scan all of them, select the 'Force scan all domains' option.
    .
    DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1309563511406
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_02-windows-i586.cab
    DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
    TCP: Interfaces\{E8480474-6B98-45F7-9C99-08CC7B582FA5} : DHCPNameServer = 213.154.124.1 192.168.0.1
    Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
    Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - LocalServer32 - <no file>
    Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: AtiExtEvent - Ati2evxx.dll
    Notify: avgrsstarter - avgrsstx.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
    mASetup: {5460C4DF-B266-909E-CB58-E32B79832EB2} - c:\windows\system32\drives\NoHTD.exe
    mASetup: {C1B155HL-E5J3-3PSW-8546-PF83C0U1LW38} - c:\windows\system32\windir\winlog.exe
    mASetup: {D58F39FF-953E-4F45-898F-59F243B9A523} - RUNDLL32 advpack.dll,LaunchINFSection Sidebar.inf,Register
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\user\application data\mozilla\firefox\profiles\9xa6ls5t.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=HP_ss&mntrId=700de11700000000000000ffef16c512
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=KW_ss&mntrId=700de11700000000000000ffef16c512&q=
    FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937CDB5D2B8
    FF - prefs.js: browser.search.selectedEngine - SearchTheWeb
    FF - prefs.js: browser.startup.homepage -
    FF - prefs.js: browser.search.selectedEngine -
    FF - component: c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\nav_18.1.0.37\ipsffplgn\components\IPSFFPl.dll
    FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\9xa6ls5t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}\components\WinampTBPlayer.dll
    FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\9xa6ls5t.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCoreGecko19.dll
    FF - component: c:\documents and settings\user\application data\mozilla\firefox\profiles\9xa6ls5t.default\extensions\[email protected]\components\DTToolbarFF.dll
    FF - plugin: c:\documents and settings\all users\application data\nexoneu\ngm\npNxGameeu.dll
    FF - plugin: c:\documents and settings\user\local settings\application data\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\documents and settings\user\local settings\application data\unity\webplayer\loader\npUnity3D32.dll
    FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
    FF - plugin: c:\program files\divx\divx ovs helper\npovshelper.dll
    FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
    FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
    FF - plugin: c:\program files\google\update\1.3.21.111\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.79\npGoogleUpdate3.dll
    FF - plugin: c:\program files\google\update\1.3.21.99\npGoogleUpdate3.dll
    FF - plugin: c:\program files\java\jre7\bin\new_plugin\npjp2.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\microsoft silverlight\4.0.50401.0\npctrlui.dll
    FF - plugin: c:\program files\oracle\javafx 2.0 runtime\bin\new_plugin\npjp2.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - ExtSQL: 2012-11-18 18:50; [email protected]; c:\program files\iminent\[email protected]
    FF - ExtSQL: 2012-11-18 18:50; {C9B68337-E93A-44EA-94DC-CB300EC06444}; c:\documents and settings\user\application data\mozilla\firefox\profiles\9xa6ls5t.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: general.useragent.extra.brc - BRI/1
    FF - user.js: extensions.BabylonToolbar_i.id - 700de117000000000000001fd05dc16b
    FF - user.js: extensions.BabylonToolbar_i.hardId - 700de117000000000000001fd05dc16b
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15369
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: extensions.funmoods_i.hmpg - true
    FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
    FF - user.js: extensions.funmoods_i.dfltSrch - true
    FF - user.js: extensions.funmoods_i.srchPrvdr - Search
    FF - user.js: extensions.funmoods_i.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
    FF - user.js: extensions.funmoods_i.id - 700de117000000000000001fd05dc16b
    FF - user.js: extensions.funmoods_i.instlDay - 15434
    FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1621:51:34
    FF - user.js: extensions.funmoods_i.prtnrId - funmoods
    FF - user.js: extensions.funmoods_i.prdct - funmoods
    FF - user.js: extensions.funmoods_i.aflt - make
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods_i.tlbrId - base
    FF - user.js: extensions.funmoods_i.instlRef -
    FF - user.js: extensions.funmoods_i.dfltLng -
    FF - user.js: extensions.funmoods_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEj6ju1a&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - 700de117000000000000001fd05dc16b
    FF - user.js: extensions.incredibar_i.instlDay - 15499
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:09:48
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6OyEj6ju1a
    FF - user.js: extensions.incredibar_i.upn2n - 92261548962685992
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 453
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112560&tt=3112_1
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
    FF - user.js: extensions.BabylonToolbar.id - 700de11700000000000000ffef16c512
    FF - user.js: extensions.BabylonToolbar.instlDay - 15552
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.111:23:49
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [2010-8-26 52872]
    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [2010-7-12 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [2010-7-12 5248]
    R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2011-2-25 39472]
    R1 avgio;avgio;d:\program files\avira\antivir desktop\avgio.sys [2012-11-11 11608]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2010-8-26 216400]
    R1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2010-8-26 29584]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2010-8-26 243024]
    R2 am7pro;Art*Money*Pro7.37.2;d:\program files\artmoney\am737.sys [2012-7-31 8192]
    R2 Application Updater;Application Updater;c:\program files\application updater\ApplicationUpdater.exe [2012-2-6 748440]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [2012-6-20 24328]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-12-10 1435568]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files\hi-rez studios\HiPatchService.exe [2012-8-7 8704]
    R2 MotoHelper;MotoHelper Service;c:\program files\motorola\motohelper\MotoHelperService.exe [2011-8-10 227184]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-4-18 793056]
    R2 PfFilter;PfFilter;c:\program files\iobit\protected folder\pffilter.sys [2011-7-29 140848]
    R2 RPCQT;Remote Procedure Call (CQTPM);c:\windows\system32\svchost.exe -k netsvcs [2004-8-3 14336]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-12-13 3290896]
    R2 Web Assistant Updater;Web Assistant Updater;c:\program files\web assistant\ExtensionUpdaterService.exe [2012-6-8 185856]
    R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [2007-11-7 12928]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [2012-6-23 27136]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-11-9 160944]
    S2 spd3ssl;S*pyware P*rocess D*etector v3.22.5;\??\d:\program files\spyware process detector\spd322.sys --> d:\program files\spyware process detector\spd322.sys [?]
    S2 UI Assistant Service;UI Assistant Service;c:\program files\join air\assistantservices.exe --> c:\program files\join air\AssistantServices.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2011-7-1 1691480]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [2012-10-26 30312]
    S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\pc tools\pc tools utilities\tools\defrag\DMDefragSrv.exe [2012-4-18 1038304]
    S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\pc tools\pc tools utilities\tools\repair\DMRepairSrv.exe [2012-4-18 1030112]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\eaglexnt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 GGSAFERDriver;GGSAFER Driver;c:\program files\garena plus\room\safedrv.sys [2012-5-20 22112]
    S3 injectDLL;injectDLL;\??\c:\documents and settings\user\desktop\tutorialul fb fix\doar daca nu functioneaza !\injector 32 bit\injectdll.sys --> c:\documents and settings\user\desktop\tutorialul fb fix\doar daca nu functioneaza !\injector 32 bit\injectDLL.sys [?]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [2012-1-5 33792]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-12-24 9216]
    S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [2011-11-16 25856]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\gamemon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [2010-11-6 1252474]
    S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [2012-4-18 108864]
    S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [2012-4-18 128120]
    S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\fxx\qcusbser.sys [2010-3-30 103424]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [2010-8-9 89256]
    S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [2010-8-9 15016]
    S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [2010-8-9 120744]
    S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [2010-8-9 114216]
    S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [2010-8-9 25512]
    S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [2010-8-9 110632]
    S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [2010-8-9 115752]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2012-10-26 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [2012-10-26 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [2012-10-26 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [2012-10-26 114280]
    S3 tcpip helper;tcpip helper;\??\c:\program files\garena plus\x86\tcpiphlp.sys --> c:\program files\garena plus\x86\tcpiphlp.sys [?]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [2011-3-30 25088]
    S3 TunngleService;TunngleService;d:\program files\tunngle\TnglCtrl.exe [2012-12-26 745368]
    S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys --> c:\windows\system32\drivers\vmfilter303.sys [?]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\iobit\game booster 3\driver\WinRing0.sys [2012-7-8 14416]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    S3 XDva385;XDva385;c:\windows\system32\XDva385.sys [2011-5-10 76488]
    S3 XDva389;XDva389;\??\c:\windows\system32\xdva389.sys --> c:\windows\system32\XDva389.sys [?]
    S3 XDva390;XDva390;\??\c:\windows\system32\xdva390.sys --> c:\windows\system32\XDva390.sys [?]
    S3 XDva391;XDva391;c:\windows\system32\XDva391.sys [2012-2-9 77264]
    S3 XDva396;XDva396;\??\c:\windows\system32\xdva396.sys --> c:\windows\system32\XDva396.sys [?]
    S3 XDva397;XDva397;c:\windows\system32\XDva397.sys [2012-6-3 77136]
    .
    =============== Created Last 30 ================
    .
    2013-01-08 11:33:52 -------- d-----w- c:\documents and settings\user\application data\YouTube Downloader
    2013-01-06 12:25:02 -------- d-----w- c:\documents and settings\all users\application data\Electronic Arts
    2013-01-06 11:59:06 -------- d-----w- c:\documents and settings\all users\application data\Solidshield
    2013-01-02 08:29:53 -------- d-----w- C:\spoolerlogs
    2013-01-01 17:51:56 -------- d-----w- c:\program files\Microsoft XNA
    2012-12-29 09:46:36 282512 ----a-w- c:\windows\system32\PnkBstrB.exe
    2012-12-29 09:46:32 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
    2012-12-26 19:36:34 -------- d-----w- c:\documents and settings\all users\application data\Tunngle
    2012-12-23 09:57:58 -------- d-----w- c:\documents and settings\user\local settings\application data\LogMeIn Hamachi
    2012-12-22 05:37:19 -------- d-----w- c:\program files\Dropbox
    2012-12-16 17:16:10 -------- d-----w- c:\documents and settings\user\local settings\application data\PMB Files
    2012-12-16 17:16:05 -------- d-----w- c:\documents and settings\all users\application data\PMB Files
    2012-12-16 17:15:46 -------- d-----w- c:\documents and settings\user\.swt
    2012-12-13 12:30:28 5955856 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
    2012-12-11 22:46:18 42440 ----a-w- c:\windows\system32\xfcodec.dll
    .
    ==================== Find3M ====================
    .
    2012-12-12 09:09:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-12 09:09:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-11-12 07:23:38 445016 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-11-12 07:23:38 109144 ----a-w- c:\windows\system32\OpenAL32.dll
    2011-12-20 18:24:43 43520 --sha-r- c:\windows\system32\drives\NoHTD.exe
    2006-07-17 20:45:58 1172472 --sha-r- c:\windows\system32\windir\winlog.exe
    .
    ============= FINISH: 13:35:19.17 ===============
     

    Attached Files:

  8. SheratanN

    SheratanN Thread Starter

    Joined:
    Jan 8, 2013
    Messages:
    13
    Sorry for double posting, but does this virus make my PC slower? It is quite slow in idle the processor is at 58%.
    EDIT: Look at this ( you can find this at the end of the POST )
    -> 2011-12-20 18:24:43 43520 --sha-r- c:\windows\system32\drives\NoHTD.exe
     
  9. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.

    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  10. SheratanN

    SheratanN Thread Starter

    Joined:
    Jan 8, 2013
    Messages:
    13
    There you go :


    ComboFix 13-01-08.01 - User 01/09/2013 9:26.1.2 - x86
    Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1291 [GMT 2:00]
    Running from: c:\documents and settings\User\Desktop\ComboFix.exe
    AV: AVG Anti-Virus *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\CFLog
    c:\documents and settings\All Users\Application Data\1344150586.bdinstall.bin
    c:\documents and settings\All Users\Application Data\1344151133.bdinstall.bin
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\PostBuild.exe
    c:\documents and settings\All Users\Application Data\TEMP\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}\Setup.ilg
    c:\documents and settings\All Users\Application Data\TEMP\{E8C64028-08E5-4BF0-B1C0-DBAAC6A77DF1}\PostBuild.exe
    c:\documents and settings\User\Application Data\Microsoft\Windows\((Mutex)).cfg
    c:\documents and settings\User\Application Data\Microsoft\Windows\((Mutex)).dat
    c:\documents and settings\User\Application Data\Microsoft\Windows\((Mutex)).xtr
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\chrome.manifest
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\funmoods.css
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\funmoods.xul
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\arwDwn.gif
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ae.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\bg.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ch.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\cn.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\cz.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\de.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\eg.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\en.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\es.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\fr.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\gr.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\he.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\il.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\it.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ja.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\jp.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\nl.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\no.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\pl.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\pt.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ro.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ru.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\sa.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\se.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\sv.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\tr.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\ua.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\flgs\us.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\help_16.gif
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\home.gif
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\logo.png
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\privecy_16_hot.gif
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\imgs\tellafriend.gif
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\loader.xul
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\mtstart.js
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\tmplt.js
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\content\uninsthk.js
    c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]\install.rdf
    c:\documents and settings\User\Application Data\PriceGong
    c:\documents and settings\User\Application Data\PriceGong\Data\1.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\1.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\a.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\a.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\b.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\b.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\c.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\c.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\d.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\d.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\e.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\e.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\f.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\f.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\g.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\g.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\h.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\h.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\i.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\i.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\j.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\J.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\k.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\k.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\l.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\l.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\m.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\m.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\mru.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\n.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\n.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\o.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\o.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\p.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\p.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\q.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\q.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\r.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\r.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\s.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\s.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\t.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\t.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\u.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\u.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\v.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\v.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\w.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\w.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\x.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\x.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\y.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\y.xml
    c:\documents and settings\User\Application Data\PriceGong\Data\z.txt
    c:\documents and settings\User\Application Data\PriceGong\Data\z.xml
    c:\documents and settings\User\Application Data\Toolbar4
    c:\documents and settings\User\Local Settings\Application Data\assembly\tmp
    c:\documents and settings\User\My Documents\~WRL1802.tmp
    c:\program files\Complitly
    c:\program files\Complitly\chrome\ComplitlyChrome.crx
    c:\program files\Complitly\FireFoxExtension.exe
    c:\program files\Complitly\InstTracker.exe
    c:\program files\Complitly\[email protected]Complitly.com\chrome.manifest
    c:\program files\Complitly\[email protected]\chrome\content\appIcon.png
    c:\program files\Complitly\[email protected]\chrome\content\browserOverlay.xul
    c:\program files\Complitly\[email protected]\chrome\content\options.js
    c:\program files\Complitly\[email protected]\chrome\content\options.xul
    c:\program files\Complitly\[email protected]\chrome\content\utils.js
    c:\program files\Complitly\[email protected]\defaults\preferences\predictad.js
    c:\program files\Complitly\[email protected]\install.rdf
    c:\program files\Complitly\unins000.dat
    c:\program files\Complitly\unins000.exe
    c:\program files\Web Assistant\ExTEnsion32.dll
    c:\windows\system32\drives
    c:\windows\system32\drives\NoHTD.exe
    c:\windows\system32\Rpcqt.dll
    c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.exe
    c:\windows\system32\tmpDC.tmp
    c:\windows\system32\tmpDD.tmp
    c:\windows\system32\Uninstall-TvPlugin-5.4
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\system32\WinDir
    c:\windows\system32\WinDir\winlog.exe
    C:\Windupdt
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    -------\Legacy_RPCQT
    -------\Service_RPCQT
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-12-09 to 2013-01-09 )))))))))))))))))))))))))))))))
    .
    .
    2013-01-09 07:44 . 2013-01-09 07:44 -------- d-----w- c:\windows\system32\xircom
    2013-01-09 07:44 . 2013-01-09 07:44 -------- d-----w- c:\windows\system32\wbem\snmp
    2013-01-09 07:44 . 2013-01-09 07:44 -------- d-----w- c:\program files\microsoft frontpage
    2013-01-08 11:33 . 2013-01-08 11:33 -------- d-----w- c:\documents and settings\User\Application Data\YouTube Downloader
    2013-01-06 12:25 . 2013-01-06 12:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Electronic Arts
    2013-01-06 11:59 . 2013-01-06 11:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Solidshield
    2013-01-02 08:29 . 2013-01-02 08:29 -------- d-----w- C:\spoolerlogs
    2013-01-01 17:51 . 2013-01-01 17:51 -------- d-----w- c:\program files\Microsoft XNA
    2012-12-29 09:46 . 2012-12-29 09:46 282512 ----a-w- c:\windows\system32\PnkBstrB.exe
    2012-12-29 09:46 . 2012-12-29 09:46 76888 ----a-w- c:\windows\system32\PnkBstrA.exe
    2012-12-26 19:36 . 2012-12-26 19:40 -------- d-----w- c:\documents and settings\All Users\Application Data\Tunngle
    2012-12-26 18:31 . 2012-12-26 18:31 -------- d-----w- c:\program files\Ubisoft
    2012-12-23 09:57 . 2013-01-09 07:17 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\LogMeIn Hamachi
    2012-12-23 09:57 . 2013-01-09 07:45 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\LogMeIn Hamachi
    2012-12-22 05:37 . 2012-12-22 05:37 -------- d-----w- c:\program files\Dropbox
    2012-12-16 17:16 . 2013-01-09 07:41 -------- d-----w- c:\documents and settings\User\Local Settings\Application Data\PMB Files
    2012-12-16 17:16 . 2012-12-31 19:02 -------- d-----w- c:\documents and settings\All Users\Application Data\PMB Files
    2012-12-16 17:15 . 2012-12-16 17:15 -------- d-----w- c:\documents and settings\User\.swt
    2012-12-13 12:30 . 2012-12-13 12:30 5955856 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
    2012-12-11 22:46 . 2012-12-11 22:46 42440 ----a-w- c:\windows\system32\xfcodec.dll
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-12-12 09:09 . 2012-03-29 18:07 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-12-12 09:09 . 2011-07-28 10:31 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-12-08 17:33 . 2012-12-08 17:33 119808 ----a-r- c:\documents and settings\User\Application Data\Microsoft\Installer\{CCF298AF-9CE1-4B26-B251-486E98A34789}\icons.exe
    2012-11-12 07:23 . 2012-11-12 07:23 445016 ----a-w- c:\windows\system32\wrap_oal.dll
    2012-11-12 07:23 . 2012-11-12 07:23 109144 ----a-w- c:\windows\system32\OpenAL32.dll
    2007-11-06 22:19 . 2010-09-28 12:39 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
    2007-11-06 22:19 . 2010-09-28 12:39 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
    2012-03-13 04:38 . 2012-04-07 10:27 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ------- Sigcheck -------
    Note: Unsigned files aren't necessarily malware.
    .
    [7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
    [7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
    [7] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\system32\dllcache\tcpip.sys
    [-] 2008-06-20 . 2B2877D48DD29BC5D6FFDC05EA03FFEA . 360960 . . [5.1.2600.3394] . . c:\windows\system32\drivers\tcpip.sys
    [-] 2007-10-27 . 33BB8397EF5223E11A83BEC3E2EC1766 . 360704 . . [5.1.2600.3002] . . c:\windows\$NtUninstallKB951748$\tcpip.sys
    .
    [-] 2012-02-14 . 93110F6B8428AA84CCDABDB710A502EF . 343040 . . [7.0.2600.5512] . . c:\windows\system32\msvcrt.dll
    [7] 2007-10-27 . 4295F398C188D02DC7A5899EAC121914 . 343040 . . [7.0.2600.3085] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.2600.3085_x-ww_e059201c\msvcrt.dll
    [7] 2004-08-03 . 4200BE3808F6406DBE45A7B88DAE5035 . 322560 . . [7.0.2600.0] . . c:\windows\WinSxS\x86_Microsoft.Windows.CPlusPlusRuntime_6595b64144ccf1df_7.0.0.0_x-ww_2726e76a\msvcrt.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
    "{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}"= "c:\program files\Yahoo!\Companion\Installs\cpn3\yt.dll" [2012-11-26 1525088]
    "{113342cd-3031-4ee9-9288-2c58857d3a3d}"= "c:\program files\Xfire_New\prxtbXfir.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{81017ea9-9aa8-4a6a-9734-7af40e7d593f}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin.1]
    [HKEY_CLASSES_ROOT\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}]
    [HKEY_CLASSES_ROOT\yt.YTNavAssistPlugin]
    .
    [HKEY_CLASSES_ROOT\clsid\{113342cd-3031-4ee9-9288-2c58857d3a3d}]
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{113342cd-3031-4ee9-9288-2c58857d3a3d}]
    2011-05-09 09:49 176936 ----a-w- c:\program files\Xfire_New\prxtbXfir.dll
    .
    [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F3FEE66E-E034-436a-86E4-9690573BEE8A}]
    2012-02-06 15:57 1074016 ----a-w- c:\program files\YouTube Downloader Toolbar\IE\5.0\youtubedownloaderToolbarIE.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
    "{113342cd-3031-4ee9-9288-2c58857d3a3d}"= "c:\program files\Xfire_New\prxtbXfir.dll" [2011-05-09 176936]
    .
    [HKEY_CLASSES_ROOT\clsid\{113342cd-3031-4ee9-9288-2c58857d3a3d}]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\0MegaCloudNormal]
    @="{03FB4211-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4211-3964-44E8-97D7-A2FA49CF5576}]
    2012-09-14 14:59 242864 ----a-w- c:\documents and settings\User\Application Data\MegaCloud\MegaCloudShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1MegaCloudModified]
    @="{03FB4212-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4212-3964-44E8-97D7-A2FA49CF5576}]
    2012-09-14 14:59 242864 ----a-w- c:\documents and settings\User\Application Data\MegaCloud\MegaCloudShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2MeagCloudError]
    @="{03FB4213-3964-44E8-97D7-A2FA49CF5576}"
    [HKEY_CLASSES_ROOT\CLSID\{03FB4213-3964-44E8-97D7-A2FA49CF5576}]
    2012-09-14 14:59 242864 ----a-w- c:\documents and settings\User\Application Data\MegaCloud\MegaCloudShellExt.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
    @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
    @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
    @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
    @="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
    [HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
    2012-11-13 23:32 129272 ----a-w- c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2010-07-03 322352]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-02-22 6591800]
    "Creative WebCam Tray"="c:\program files\Creative\Shared Files\CamTray.exe" [2005-10-27 299008]
    "Java"="c:\documents and settings\User\Application Data\Java.exe" [2012-07-02 334848]
    "SansaDispatch"="c:\documents and settings\User\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe" [2012-07-16 79872]
    "OscarEditor"="c:\program files\G10 Multi-Mode\G10-Editor.exe" [2011-08-31 3344384]
    "Pando Media Booster"="c:\program files\Pando Networks\Media Booster\PMB.exe" [2012-12-16 3093624]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Hard Disk Sentinel"="c:\program files\Hard Disk Sentinel\HDSentinel.exe" [2010-06-25 3768832]
    "DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
    "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
    "RTBatteryMeter"="c:\program files\VibrateGameDeviceDriver\RFPIcon.exe" [2003-01-16 49152]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-09-30 252296]
    "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-02-06 934240]
    "QuickTime Task"="d:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
    "LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-10 2254768]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
    .
    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
    "nltide_3"="advpack.dll" [2009-03-08 128512]
    .
    c:\documents and settings\User\Start Menu\Programs\Startup\
    Windows Update Center.exe [2012-2-3 904233]
    Xfire.lnk - d:\program files\Xfire\Xfire.exe [2012-12-12 3558856]
    .
    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
    "EnableLUA"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
    2010-08-26 16:20 12536 ----a-w- c:\windows\system32\avgrsstx.dll
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\tcpip\parameters\persistentroutes]
    "62.75.206.182,255.255.255.255,192.168.0.156,1"=""
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0tings\\0cumen\0\0$ \0ÈT:øT:U:8U:XU:c:\w\0\0( \0sasnative32\0OODBS
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^GamersFirst LIVE!.lnk]
    backup=c:\windows\pss\GamersFirst LIVE!.lnkCommon Startup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Dropbox.lnk]
    backup=c:\windows\pss\Dropbox.lnkStartup
    backupExtension=Startup
    path=c:\documents and settings\User\Start Menu\Programs\Startup\Dropbox.lnk
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^IMVU.lnk]
    backup=c:\windows\pss\IMVU.lnkStartup
    .
    [HKLM\~\startupfolder\C:^Documents and Settings^User^Start Menu^Programs^Startup^Xfire.lnk]
    backup=c:\windows\pss\Xfire.lnkStartup
    backupExtension=Startup
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced System Optimizer
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Clownfish
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Cracked Steam Service
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FileZilla Server Interface
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (news)
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GameXN (update)
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray
    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\spdetector3
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
    2007-09-20 22:35 202024 ----a-w- c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
    2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
    2006-10-27 07:47 31016 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
    2012-12-10 15:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
    2007-03-01 22:57 153136 ----a-w- c:\program files\Common Files\Nero\Lib\NeroCheck.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RDReminder]
    2012-06-26 09:25 10069928 ----a-w- c:\program files\RegClean Pro\RegCleanPro.exe
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-disabled]
    "Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" -resume
    "SearchSettings"="c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe"
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableUnicastResponsesToMulticastBroadcast"= 0 (0x0)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrA.exe"=
    "c:\\WINDOWS\\system32\\PnkBstrB.exe"=
    "c:\\Documents and Settings\\All Users\\Application Data\\NexonEU\\NGM\\NGM.exe"=
    "c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
    "d:\\ProgRaM FilEs\\steam\\Steam.exe"=
    "c:\\Documents and Settings\\User\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
    "c:\\Documents and Settings\\User\\Local Settings\\Application Data\\Google\\Google Talk Plugin\\googletalkplugin.exe"=
    "c:\\WINDOWS\\system32\\muzapp.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
    "d:\\Program Files\\Tunngle\\TnglCtrl.exe"=
    "d:\\Program Files\\Tunngle\\Tunngle.exe"=
    "d:\\Program Files\\Electronic Arts\\Need for Speed(TM) Hot Pursuit\\Launcher.exe"=
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "8394:TCP"= 8394:TCP:League of Legends Launcher
    "8394:UDP"= 8394:UDP:League of Legends Launcher
    "6946:TCP"= 6946:TCP:League of Legends Launcher
    "6946:UDP"= 6946:UDP:League of Legends Launcher
    "8378:TCP"= 8378:TCP:League of Legends Launcher
    "8378:UDP"= 8378:UDP:League of Legends Launcher
    "8379:TCP"= 8379:TCP:League of Legends Launcher
    "8379:UDP"= 8379:UDP:League of Legends Launcher
    "8380:TCP"= 8380:TCP:League of Legends Launcher
    "8380:UDP"= 8380:UDP:League of Legends Launcher
    "6979:TCP"= 6979:TCP:League of Legends Launcher
    "6979:UDP"= 6979:UDP:League of Legends Launcher
    "6917:TCP"= 6917:TCP:League of Legends Launcher
    "6917:UDP"= 6917:UDP:League of Legends Launcher
    "57670:TCP"= 57670:TCP:pando Media Booster
    "57670:UDP"= 57670:UDP:pando Media Booster
    "6925:TCP"= 6925:TCP:League of Legends Launcher
    "6925:UDP"= 6925:UDP:League of Legends Launcher
    "8381:TCP"= 8381:TCP:League of Legends Launcher
    "8381:UDP"= 8381:UDP:League of Legends Launcher
    "6971:TCP"= 6971:TCP:League of Legends Launcher
    "6971:UDP"= 6971:UDP:League of Legends Launcher
    "6930:TCP"= 6930:TCP:League of Legends Launcher
    "6930:UDP"= 6930:UDP:League of Legends Launcher
    "6886:TCP"= 6886:TCP:League of Legends Launcher
    "6886:UDP"= 6886:UDP:League of Legends Launcher
    "6924:TCP"= 6924:TCP:League of Legends Launcher
    "6924:UDP"= 6924:UDP:League of Legends Launcher
    "6973:TCP"= 6973:TCP:League of Legends Launcher
    "6973:UDP"= 6973:UDP:League of Legends Launcher
    "6906:TCP"= 6906:TCP:League of Legends Launcher
    "6906:UDP"= 6906:UDP:League of Legends Launcher
    "56079:TCP"= 56079:TCP:pando Media Booster
    "56079:UDP"= 56079:UDP:pando Media Booster
    "6911:TCP"= 6911:TCP:League of Legends Launcher
    "6911:UDP"= 6911:UDP:League of Legends Launcher
    "6953:TCP"= 6953:TCP:League of Legends Launcher
    "6953:UDP"= 6953:UDP:League of Legends Launcher
    "6938:TCP"= 6938:TCP:League of Legends Launcher
    "6938:UDP"= 6938:UDP:League of Legends Launcher
    "6992:TCP"= 6992:TCP:League of Legends Launcher
    "6992:UDP"= 6992:UDP:League of Legends Launcher
    "6991:TCP"= 6991:TCP:League of Legends Launcher
    "6991:UDP"= 6991:UDP:League of Legends Launcher
    "6940:TCP"= 6940:TCP:League of Legends Launcher
    "6940:UDP"= 6940:UDP:League of Legends Launcher
    "8382:TCP"= 8382:TCP:League of Legends Launcher
    "8382:UDP"= 8382:UDP:League of Legends Launcher
    "6966:TCP"= 6966:TCP:League of Legends Launcher
    "6966:UDP"= 6966:UDP:League of Legends Launcher
    "8396:TCP"= 8396:TCP:League of Legends Launcher
    "8396:UDP"= 8396:UDP:League of Legends Launcher
    "6987:TCP"= 6987:TCP:League of Legends Launcher
    "6987:UDP"= 6987:UDP:League of Legends Launcher
    "8397:TCP"= 8397:TCP:League of Legends Launcher
    "8397:UDP"= 8397:UDP:League of Legends Launcher
    "6939:TCP"= 6939:TCP:League of Legends Launcher
    "6939:UDP"= 6939:UDP:League of Legends Launcher
    "6912:TCP"= 6912:TCP:League of Legends Launcher
    "6912:UDP"= 6912:UDP:League of Legends Launcher
    "8398:TCP"= 8398:TCP:League of Legends Launcher
    "8398:UDP"= 8398:UDP:League of Legends Launcher
    "8383:TCP"= 8383:TCP:League of Legends Launcher
    "8383:UDP"= 8383:UDP:League of Legends Launcher
    "8393:TCP"= 8393:TCP:League of Legends Lobby
    "8393:UDP"= 8393:UDP:League of Legends Lobby
    "8390:TCP"= 8390:TCP:League of Legends Game Client
    "8390:UDP"= 8390:UDP:League of Legends Game Client
    "6955:TCP"= 6955:TCP:League of Legends Launcher
    "6955:UDP"= 6955:UDP:League of Legends Launcher
    "58357:TCP"= 58357:TCP:pando Media Booster
    "58357:UDP"= 58357:UDP:pando Media Booster
    "94:TCP"= 94:TCP:VRS Recording System TCP/IP Port
    "59062:TCP"= 59062:TCP:pando Media Booster
    "59062:UDP"= 59062:UDP:pando Media Booster
    .
    R0 AvgRkx86;avgrkx86.sys;c:\windows\system32\drivers\avgrkx86.sys [8/26/2010 6:20 PM 52872]
    R0 d347bus;d347bus;c:\windows\system32\drivers\d347bus.sys [7/12/2010 8:15 AM 155136]
    R0 d347prt;d347prt;c:\windows\system32\drivers\d347prt.sys [7/12/2010 8:15 AM 5248]
    R0 hotcore3;hotcore3;c:\windows\system32\drivers\hotcore3.sys [2/25/2011 5:25 PM 39472]
    R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7/11/2010 9:25 PM 717296]
    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [8/26/2010 6:20 PM 216400]
    R1 AvgTdiX;AVG Network Redirector;c:\windows\system32\drivers\avgtdix.sys [8/26/2010 6:20 PM 243024]
    R2 am7pro;Art*Money*Pro7.37.2;d:\program files\ArtMoney\am737.sys [7/31/2012 10:35 AM 8192]
    R2 Application Updater;Application Updater;c:\program files\Application Updater\ApplicationUpdater.exe [2/6/2012 5:49 PM 748440]
    R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [6/20/2012 7:35 AM 24328]
    R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [12/10/2012 5:29 PM 1435568]
    R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;d:\program files\Hi-Rez Studios\HiPatchService.exe [8/7/2012 11:53 AM 8704]
    R2 MotoHelper;MotoHelper Service;c:\program files\Motorola\MotoHelper\MotoHelperService.exe [8/10/2011 9:35 PM 227184]
    R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [4/18/2012 9:43 AM 793056]
    R2 PfFilter;PfFilter;c:\program files\IObit\Protected Folder\pffilter.sys [7/29/2011 5:40 PM 140848]
    R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe [12/13/2012 2:26 PM 3290896]
    R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [6/8/2012 10:09 AM 185856]
    R3 DynCal;Dynamic Calibration Service;c:\windows\system32\drivers\DynCal.sys [11/7/2007 7:15 PM 12928]
    R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\drivers\tap0901t.sys [6/23/2012 11:47 AM 27136]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [11/9/2012 11:21 AM 160944]
    S2 spd3ssl;S*pyware P*rocess D*etector v3.22.5;\??\d:\program files\Spyware Process Detector\spd322.sys --> d:\program files\Spyware Process Detector\spd322.sys [?]
    S2 UI Assistant Service;UI Assistant Service;c:\program files\Join Air\AssistantServices.exe --> c:\program files\Join Air\AssistantServices.exe [?]
    S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [7/1/2011 11:41 PM 1691480]
    S3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\drivers\ssadadb.sys [10/26/2012 5:36 PM 30312]
    S3 DMDefragService;PC Tools Performance Toolkit Defrag Service;c:\program files\PC Tools\PC Tools Utilities\Tools\Defrag\DMDefragSrv.exe [4/18/2012 9:43 AM 1038304]
    S3 DMRepairService;PC Tools Performance Toolkit Repair Service;c:\program files\PC Tools\PC Tools Utilities\Tools\Repair\DMRepairSrv.exe [4/18/2012 9:43 AM 1030112]
    S3 EagleXNt;EagleXNt;\??\c:\windows\system32\drivers\EagleXNt.sys --> c:\windows\system32\drivers\EagleXNt.sys [?]
    S3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\room\safedrv.sys [5/20/2012 4:15 PM 22112]
    S3 injectDLL;injectDLL;\??\c:\documents and settings\User\Desktop\Tutorialul FB FIX\DOAR DACA NU FUNCTIONEAZA !\Injector 32 bit\injectDLL.sys --> c:\documents and settings\User\Desktop\Tutorialul FB FIX\DOAR DACA NU FUNCTIONEAZA !\Injector 32 bit\injectDLL.sys [?]
    S3 libusb0;LibUsb-Win32 - Kernel Driver, Version 0.1.10.1;c:\windows\system32\drivers\libusb0.sys [1/5/2012 4:02 PM 33792]
    S3 massfilter;ZTE Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [12/24/2010 11:14 AM 9216]
    S3 motandroidusb;Mot ADB Interface Driver;c:\windows\system32\drivers\motoandroid.sys [11/16/2011 10:22 PM 25856]
    S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
    S3 P1120VID;Creative WebCam NX Ultra;c:\windows\system32\drivers\P1120Vid.sys [11/6/2010 1:42 PM 1252474]
    S3 PCTDMDefrag;PCTDMDefrag;c:\windows\system32\drivers\PCTDMDefrag.sys [4/18/2012 9:43 AM 108864]
    S3 PCTDSMon;PCTDSMon;c:\windows\system32\drivers\PCTDSMon.sys [4/18/2012 9:43 AM 128120]
    S3 qcusbser;Qualcomm USB Device for Legacy Serial Communication;c:\windows\system32\drivers\FXX\qcusbser.sys [3/30/2010 11:31 AM 103424]
    S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);c:\windows\system32\drivers\s0016bus.sys [8/9/2010 5:36 PM 89256]
    S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;c:\windows\system32\drivers\s0016mdfl.sys [8/9/2010 5:36 PM 15016]
    S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;c:\windows\system32\drivers\s0016mdm.sys [8/9/2010 5:36 PM 120744]
    S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\s0016mgmt.sys [8/9/2010 5:36 PM 114216]
    S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);c:\windows\system32\drivers\s0016nd5.sys [8/9/2010 5:36 PM 25512]
    S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;c:\windows\system32\drivers\s0016obex.sys [8/9/2010 5:36 PM 110632]
    S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);c:\windows\system32\drivers\s0016unic.sys [8/9/2010 5:36 PM 115752]
    S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [10/26/2012 5:36 PM 121064]
    S3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\drivers\ssadmdfl.sys [10/26/2012 5:36 PM 12776]
    S3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\drivers\ssadmdm.sys [10/26/2012 5:36 PM 136808]
    S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\ssadserd.sys [10/26/2012 5:36 PM 114280]
    S3 tcpip helper;tcpip helper;\??\c:\program files\Garena Plus\x86\tcpiphlp.sys --> c:\program files\Garena Plus\x86\tcpiphlp.sys [?]
    S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\drivers\teamviewervpn.sys [3/30/2011 1:05 PM 25088]
    S3 TunngleService;TunngleService;d:\program files\Tunngle\TnglCtrl.exe [12/26/2012 9:36 PM 745368]
    S3 vmfilter303;vmfilter303;c:\windows\system32\drivers\vmfilter303.sys --> c:\windows\system32\drivers\vmfilter303.sys [?]
    S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [7/8/2012 10:34 AM 14416]
    S3 XDva385;XDva385;c:\windows\system32\XDva385.sys [5/10/2011 2:24 PM 76488]
    S3 XDva389;XDva389;\??\c:\windows\system32\XDva389.sys --> c:\windows\system32\XDva389.sys [?]
    S3 XDva390;XDva390;\??\c:\windows\system32\XDva390.sys --> c:\windows\system32\XDva390.sys [?]
    S3 XDva391;XDva391;c:\windows\system32\XDva391.sys [2/9/2012 7:02 PM 77264]
    S3 XDva396;XDva396;\??\c:\windows\system32\XDva396.sys --> c:\windows\system32\XDva396.sys [?]
    S3 XDva397;XDva397;c:\windows\system32\XDva397.sys [6/3/2012 7:23 PM 77136]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{D58F39FF-953E-4F45-898F-59F243B9A523}]
    2009-03-08 01:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-29 09:09]
    .
    2011-05-04 c:\windows\Tasks\expressburnShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressBurn\expressburn.exe [2011-04-24 15:05]
    .
    2012-02-05 c:\windows\Tasks\expressripDowngrade.job
    - c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-04-24 15:05]
    .
    2011-12-17 c:\windows\Tasks\expressripShakeIcon.job
    - c:\program files\NCH Swift Sound\ExpressRip\expressrip.exe [2011-04-24 15:05]
    .
    2013-01-09 c:\windows\Tasks\Game_Booster_AutoUpdate.job
    - c:\program files\IObit\Game Booster 3\AutoUpdate.exe [2012-07-08 14:57]
    .
    2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:32]
    .
    2013-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2011-07-28 17:32]
    .
    2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1659004503-839522115-1003Core.job
    - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-16 14:45]
    .
    2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1004336348-1659004503-839522115-1003UA.job
    - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2011-01-16 14:45]
    .
    2012-10-11 c:\windows\Tasks\MotoHelper MUM.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
    .
    2013-01-07 c:\windows\Tasks\MotoHelper Routing.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
    .
    2012-10-11 c:\windows\Tasks\MotoHelper Update.job
    - c:\program files\Motorola\MotoHelper\MotoHelperUpdate.exe [2011-08-08 22:11]
    .
    2013-01-08 c:\windows\Tasks\ParetoLogic Registration3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 21:30]
    .
    2012-08-21 c:\windows\Tasks\ParetoLogic Update Version3.job
    - c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 21:30]
    .
    2013-01-08 c:\windows\Tasks\RegClean Pro_DEFAULT.job
    - c:\program files\RegClean Pro\RegCleanPro.exe [2012-07-09 09:25]
    .
    2013-01-02 c:\windows\Tasks\RegClean Pro_UPDATES.job
    - c:\program files\RegClean Pro\RegCleanPro.exe [2012-07-09 09:25]
    .
    2012-01-11 c:\windows\Tasks\switchShakeIcon.job
    - c:\program files\NCH Software\Switch\switch.exe [2012-01-08 18:09]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3248869
    uInternet Settings,ProxyOverride = 127.0.0.1:9421;192.168.*.*;<local>
    uSearchURL,(Default) = hxxp://www.google.ro
    IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949}
    TCP: DhcpNameServer = 213.154.124.1 192.168.0.1
    FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=
    FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
    FF - prefs.js: browser.startup.homepage - hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=HP_ss&mntrId=700de11700000000000000ffef16c512
    FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=KW_ss&mntrId=700de11700000000000000ffef16c512&q=
    FF - prefs.js: browser.startup.homepage - hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937CDB5D2B8
    FF - prefs.js: browser.search.selectedEngine - SearchTheWeb
    FF - prefs.js: browser.startup.homepage -
    FF - prefs.js: browser.search.selectedEngine -
    FF - ExtSQL: 2012-11-18 18:50; [email protected]; c:\program files\Iminent\[email protected]
    FF - ExtSQL: 2012-11-18 18:50; {C9B68337-E93A-44EA-94DC-CB300EC06444}; c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{C9B68337-E93A-44EA-94DC-CB300EC06444}
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    FF - user.js: browser.sessionstore.resume_from_crash - false
    FF - user.js: general.useragent.extra.brc - BRI/1
    FF - user.js: extensions.BabylonToolbar_i.id - 700de117000000000000001fd05dc16b
    FF - user.js: extensions.BabylonToolbar_i.hardId - 700de117000000000000001fd05dc16b
    FF - user.js: extensions.BabylonToolbar_i.instlDay - 15369
    FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
    FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
    FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
    FF - user.js: extensions.funmoods_i.hmpg - true
    FF - user.js: extensions.funmoods_i.hmpgUrl - hxxp://start.funmoods.com/?f=1&a=make
    FF - user.js: extensions.funmoods_i.dfltSrch - true
    FF - user.js: extensions.funmoods_i.srchPrvdr - Search
    FF - user.js: extensions.funmoods_i.dnsErr - true
    FF - user.js: extensions.funmoods_i.newTab - true
    FF - user.js: extensions.funmoods_i.newTabUrl - hxxp://start.funmoods.com/?f=2&a=make
    FF - user.js: extensions.funmoods_i.tlbrSrchUrl - hxxp://start.funmoods.com/results.php?f=3&a=make&q=
    FF - user.js: extensions.funmoods_i.id - 700de117000000000000001fd05dc16b
    FF - user.js: extensions.funmoods_i.instlDay - 15434
    FF - user.js: extensions.funmoods_i.vrsn - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsni - 1.5.11.16
    FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.11.1621:51
    FF - user.js: extensions.funmoods_i.prtnrId - funmoods
    FF - user.js: extensions.funmoods_i.prdct - funmoods
    FF - user.js: extensions.funmoods_i.aflt - make
    FF - user.js: extensions.funmoods_i.smplGrp - none
    FF - user.js: extensions.funmoods_i.tlbrId - base
    FF - user.js: extensions.funmoods_i.instlRef -
    FF - user.js: extensions.funmoods_i.dfltLng -
    FF - user.js: extensions.funmoods_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.newTab - false
    FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEj6ju1a&loc=IB_TB&i=26&search=
    FF - user.js: extensions.incredibar_i.id - 700de117000000000000001fd05dc16b
    FF - user.js: extensions.incredibar_i.instlDay - 15499
    FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
    FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1411:09
    FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
    FF - user.js: extensions.incredibar_i.prdct - incredibar
    FF - user.js: extensions.incredibar_i.aflt - orgnl
    FF - user.js: extensions.incredibar_i.smplGrp - none
    FF - user.js: extensions.incredibar_i.tlbrId - base
    FF - user.js: extensions.incredibar_i.instlRef -
    FF - user.js: extensions.incredibar_i.dfltLng -
    FF - user.js: extensions.incredibar_i.excTlbr - false
    FF - user.js: extensions.incredibar_i.ms_url_id -
    FF - user.js: extensions.incredibar_i.upn2 - 6OyEj6ju1a
    FF - user.js: extensions.incredibar_i.upn2n - 92261548962685992
    FF - user.js: extensions.incredibar_i.productid - 26
    FF - user.js: extensions.incredibar_i.installerproductid - 26
    FF - user.js: extensions.incredibar_i.did - 10643
    FF - user.js: extensions.incredibar_i.ppd - 453
    FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=112560&tt=3112_1
    FF - user.js: extensions.BabylonToolbar_i.babExt -
    FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
    FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
    FF - user.js: extensions.BabylonToolbar.id - 700de11700000000000000ffef16c512
    FF - user.js: extensions.BabylonToolbar.instlDay - 15552
    FF - user.js: extensions.BabylonToolbar.vrsn - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar.vrsni - 1.5.29.1
    FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.29.111:23
    FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
    FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
    FF - user.js: extensions.BabylonToolbar.aflt - babsst
    FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
    FF - user.js: extensions.BabylonToolbar.tlbrId - base
    FF - user.js: extensions.BabylonToolbar.instlRef - sst
    FF - user.js: extensions.BabylonToolbar.dfltLng - en
    FF - user.js: extensions.BabylonToolbar.excTlbr - false
    FF - user.js: extensions.BabylonToolbar.admin - false
    .
    - - - - ORPHANS REMOVED - - - -
    .
    BHO-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    BHO-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
    BHO-{58124A0B-DC32-4180-9BFF-E0E21AE34026} - (no file)
    BHO-{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - (no file)
    BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
    BHO-{EA5CA8B6-9B9C-4994-A7A1-947B6C631BE7} - (no file)
    Toolbar-{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
    Toolbar-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
    Toolbar-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
    WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
    HKLM-Run-WinUPD - c:\windows\system32\Drives\NoHTD.exe
    HKU-Default-Run-Sidebar - c:\program files\Windows Sidebar\sidebar.exe
    MSConfigStartUp-Epson Stylus SX420W(Network) - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE
    MSConfigStartUp-EPSON SX420W Series - c:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIGCE.EXE
    MSConfigStartUp-JavaUpdate - c:\windows\system32\Drives\NoHTD.exe
    MSConfigStartUp-WinUPD - c:\windows\system32\Drives\NoHTD.exe
    HKLM_ActiveSetup-{5460C4DF-B266-909E-CB58-E32B79832EB2} - c:\windows\system32\Drives\NoHTD.exe
    AddRemove-1ClickDownload - c:\program files\TornTV.com\uninst.exe
    AddRemove-PunkBusterSvc - d:\program files\Ubisoft\FarCry 3\bin\pbsvc_fc3.exe
    AddRemove-SopCast Tv Plugin 5.4 Setup - c:\windows\system32\Uninstall-TvPlugin-5.4
    AddRemove-{4FFBB818-B13C-11E0-931D-B2664824019B}_is1 - c:\program files\Complitly\unins000.exe
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-01-09 09:47
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    SansaDispatch = c:\documents and settings\User\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe?????????360328??????????url?(?????????????S?????????????????????????????x?S?????????H?S?
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\npggsvc]
    "ImagePath"="c:\windows\system32\GameMon.des -service"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\S-1-5-21-1004336348-1659004503-839522115-1003\Software\SecuROM\License information*]
    "datasecu"=hex:2c,ef,9b,0a,14,8b,90,9c,ef,78,a1,9f,8a,04,e9,d6,48,7e,b1,37,b4,
    86,73,36,76,33,76,3d,37,2a,35,f5,a2,fb,3a,60,d8,ce,4a,8e,ba,75,32,bc,5d,b2,\
    "rkeysecu"=hex:15,b2,6a,88,90,bf,08,9d,bf,2a,23,7e,c5,58,17,66
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
    @="?????????????????? v1"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
    @="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
    @="?????????????????? v2"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
    @="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
    .
    [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
    "OODEFRAG14.00.00.01PROFESSIONAL"="2366B23B86357325A612234C7891665BE9611000446AD39CA7B59E10C701E990E22A14E32DC2A5F9130A7925219EBFFBE591CEAA9C3DA92908FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98085D575E7D6A3B9808A6171C11EC38DE3D9DB7CE019D40AA5C26D6A4B87F78D705E4F1E3A5AC48DA455E113FD0A91201F9B663DF222C7331AD088439E93B6BBC8326AFF1ACD7D7690BB6FDA275FAFBD89C123F54BCE1A1AE4A79D6E161AABD1BD79BB19BAE42AB2653E747C26F1DFB532937AB4E19C9C80DDBB83407FE45A4EA3ABD29ED1CAF953EB44A047463439A74387A4A882E244BC59C38E8E72C78FE39A5BBA9CAED5B0A720DE634607A9387502764238F742230E28C1B2415D123CAA558782CEAA06FA297FB7F3780E1A5939297319EC2EAEDA283EA3DF8F4DD19AC65D68A0DD7338F1B186587D3A6C889B479ED520D59919F71DAC0AB6041C4A36C40E63B8CF0284FD57070A433F465C08556D26B20D96F47903156A73307FBFC7512150A50E88837D5338BB362636EC14311B455ED228D6815DFB9A6B12A0057D74B2F2A5EC5604645836444D23FA2F5CF22441C706379783AD8BD5101DD4CD4C7704980A4633DEB719CF11AD9A641BB3119760107A046E4601D7907262D670F1D99B9A8F3EFB58D49CAE92CB08D10E3111805787335870B884545588E76D390D3739CF17F6E5F0564EF49A5753C57B6BDD46C2BDC4B58BD5B7C400A876A20D98C3E51DCE0B5D51EF8805066A84FE2EC2A99EDF44C65554522814C97C60F58DF094D792193EFB91AE5068382B03484346AC58FE6B1D7A0DB4D2710AC62BE8F0AB289FD2A781DAE2FAA9E2A41D5B010AFB94A99C45ECBDFB0ED56742BD4A6DCB3166F0814D28E5B05ED7A509D46DC5E74F32E18080ABC3DE6BC0929290048DB2E618F09B3CCEB6CB8F75FC7C79422CB8C1E8B5EDC4D7C669514CE2070257929BCE90EB20EF12F905CB427A32333423A77DA1001A3A7B08BC6F24B8E7DECE56996A7237CDEB2297C74B53E3BC77ED08D25F67F5871FBCFE37A7BB46F83E18841E9341AA01463F9E779AFA5AB7F31B52E7CDEAE828E10A8282475D70066F3B55D55D2D320CFBC1A8D58FBF3D44B6F2C09D82488E0768D5B17A9CA1343BF76916A6C65453D685AD3AC7396515BDD3D430E067C8B96DB04DB70678BD9FE5DA1159CB7F3F57EE9BE460A9EA1FA272082DF33C6C3480E21E5F3FBAA6933BD428E902BB3AA0230914B64ED24E043642C0FB9EF517668F4DF09C081B73D3B4CA1BEA44E50D91BE0524A7322BEBE0E03D1145CC1D03623BCE3A632504600203F661546C671740463D2688F77A14655B695A528A861CAC7982F5F8D3900D0A5EA2E58BF56EE1395506DB4A7C0F129A7F8ACBD502A969B39"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'winlogon.exe'(1148)
    c:\windows\system32\Ati2evxx.dll
    c:\windows\system32\atiadlxx.dll
    .
    - - - - - - - > 'explorer.exe'(3828)
    c:\windows\system32\SHDOCVW.dll
    c:\windows\system32\WININET.dll
    c:\program files\Unlocker\UnlockerHook.dll
    c:\program files\Common Files\Spigot\Search Settings\wth.dll
    c:\documents and settings\User\Application Data\MegaCloud\MegaCloudShellExt.dll
    c:\documents and settings\User\Application Data\Dropbox\bin\DropboxExt.17.dll
    c:\program files\G10 Multi-Mode\DLL\DLL_PenSuit.dll
    c:\windows\system32\msi.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\credui.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\Ati2evxx.exe
    c:\windows\system32\Ati2evxx.exe
    c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
    c:\program files\Java\jre6\bin\jqs.exe
    c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
    c:\program files\Motorola\MotoHelper\MotoHelperAgent.exe
    c:\windows\system32\PnkBstrA.exe
    c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    c:\windows\system32\SAgent4.exe
    c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
    c:\documents and settings\User\Start Menu\Programs\Startup\Windows Update Center.exe
    c:\windows\system32\wscntfy.exe
    .
    **************************************************************************
    .
    Completion time: 2013-01-09 09:51:43 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-01-09 07:51
    .
    Pre-Run: 1,627,189,248 bytes free
    Post-Run: 1,626,226,688 bytes free
    .
    WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
    [boot loader]
    timeout=2
    default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
    [operating systems]
    c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
    UnsupportedDebug="do not select this" /debug
    multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
    .
    - - End Of File - - 150A04BF77197ECCDD0E695006E5ADB2
     

    Attached Files:

  11. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    next step

    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  12. SheratanN

    SheratanN Thread Starter

    Joined:
    Jan 8, 2013
    Messages:
    13
    Sorry for posting and I hope you will keep helping me , the site doesn't work.
    EDIT: I will download it from another mirror. I downloaded it from SoftPedia it's the 2.105 version . I hope it's the corrent one.
    EDIT2: I got an outdated one , and i downloaded a updated one :).
    EDIT3:
    AdwCleaner LOG -> :

    # AdwCleaner v2.105 - Logfile created 01/09/2013 at 12:36:09
    # Updated 08/01/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : User - PC
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\User\Desktop\adwcleaner (1).exe
    # Option [Search]


    ***** [Services] *****

    Found : Application Updater
    Found : Web Assistant Updater

    ***** [Files / Folders] *****

    File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\Askcom.xml
    File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\Conduit.xml
    File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\daemon-search.xml
    File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\funmoods.xml
    File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\MyStart Search.xml
    File Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\SweetIm.xml
    File Found : C:\END
    File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\user.js
    File Found : C:\WINDOWS\system32\conduitEngine.tmp
    Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Found : C:\Documents and Settings\All Users\Application Data\InstallMate
    Folder Found : C:\Documents and Settings\All Users\Application Data\Premium
    Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Found : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Found : C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    Folder Found : C:\Documents and Settings\User\Application Data\Babylon
    Folder Found : C:\Documents and Settings\User\Application Data\Complitly
    Folder Found : C:\Documents and Settings\User\Application Data\incredibar.com
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\Conduit
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\ConduitEngine
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\CT2405280
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\CT2776682
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{113342cd-3031-4ee9-9288-2c58857d3a3d}
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\SweetIMToolbarData
    Folder Found : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\WinampToolbarData
    Folder Found : C:\Documents and Settings\User\Application Data\Search Settings
    Folder Found : C:\Documents and Settings\User\Application Data\yourfiledownloader
    Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
    Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Folder Found : C:\Documents and Settings\User\Local Settings\Application Data\Xfire_New
    Folder Found : C:\Program Files\Application Updater
    Folder Found : C:\Program Files\Common Files\spigot
    Folder Found : C:\Program Files\Conduit
    Folder Found : C:\Program Files\Web Assistant
    Folder Found : C:\Program Files\Xfire_New
    Folder Found : C:\Program Files\yourfiledownloader
    Folder Found : C:\Program Files\YouTube Downloader Toolbar

    ***** [Registry] *****

    Key Found : HKCU\Software\1ClickDownload
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\AppDataLow\Software\Search Settings
    Key Found : HKCU\Software\AppDataLow\Software\SmartBar
    Key Found : HKCU\Software\BrotherSoft_Extreme
    Key Found : HKCU\Software\Complitly
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\conduitEngine
    Key Found : HKCU\Software\conduitEngine
    Key Found : HKCU\Software\ConduitSearchScopes
    Key Found : HKCU\Software\IM
    Key Found : HKCU\Software\Iminent
    Key Found : HKCU\Software\ImInstaller
    Key Found : HKCU\Software\incredibar.com
    Key Found : HKCU\Software\InstallCore
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{113342CD-3031-4EE9-9288-2C58857D3A3D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Found : HKCU\Software\Search Settings
    Key Found : HKCU\Software\Softonic
    Key Found : HKCU\Software\Softonic-Eng7
    Key Found : HKCU\Software\Somoto Toolbar
    Key Found : HKCU\Software\SweetIM
    Key Found : HKCU\Software\Web Assistant
    Key Found : HKCU\Software\Winamp Toolbar
    Key Found : HKCU\Software\Xfire_New
    Key Found : HKCU\Software\YourFileDownloader
    Key Found : HKCU\Toolbar
    Key Found : HKLM\Software\Application Updater
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\Software\BrotherSoft_Extreme
    Key Found : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Found : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Found : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{113342CD-3031-4EE9-9288-2C58857D3A3D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5DB566B7-67C9-48C5-AECD-B30BA0214A53}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
    Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
    Key Found : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
    Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
    Key Found : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
    Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
    Key Found : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
    Key Found : HKLM\SOFTWARE\Classes\I
    Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
    Key Found : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
    Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
    Key Found : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
    Key Found : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
    Key Found : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
    Key Found : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
    Key Found : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar
    Key Found : HKLM\SOFTWARE\Classes\TBSB01620.IEToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620
    Key Found : HKLM\SOFTWARE\Classes\TBSB01620.TBSB01620.3
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3248869
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.TBSB01620.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
    Key Found : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
    Key Found : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
    Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
    Key Found : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\conduitEngine
    Key Found : HKLM\Software\conduitEngine
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\Software\incredibar.com
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F90E1CD-F5F7-4D52-ABCD-9ECD7CE6B25C}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28BA5638-E2E7-4E76-94EE-F197C8D39AA1}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59F4DD82-CFCC-438B-9C39-0611365D6F4B}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98B5FD0F-CA1B-4A47-A817-181C96C55E94}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAB5F2BC-B3A2-4F5F-8C69-527F15456FE8}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0ACF485-4A74-4DEA-BF6C-605A07781F4C}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Xfire_New Toolbar
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{113342CD-3031-4EE9-9288-2C58857D3A3D}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xfire_New Toolbar
    Key Found : HKLM\Software\Search Settings
    Key Found : HKLM\Software\Softonic-Eng7
    Key Found : HKLM\Software\SweetIM
    Key Found : HKLM\Software\Web Assistant
    Key Found : HKLM\Software\Winamp Toolbar
    Key Found : HKLM\Software\Xfire_New
    Key Found : HKLM\Software\YourFileDownloader
    Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
    Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKU\S-1-5-21-1004336348-1659004503-839522115-1003\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
    Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{113342CD-3031-4EE9-9288-2C58857D3A3D}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{113342CD-3031-4EE9-9288-2C58857D3A3D}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
    Value Found : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v7.0.6000.21256

    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3248869

    -\\ Mozilla Firefox v11.0 (ro)

    File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\prefs.js

    Found : user_pref("CT1060933.autoDisableScopes", -1);
    Found : user_pref("CT2405280..clientLogIsEnabled", true);
    Found : user_pref("CT2405280..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Found : user_pref("CT2405280..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Found : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Found : user_pref("CT2405280.CTID", "CT2405280");
    Found : user_pref("CT2405280.CurrentServerDate", "29-3-2011");
    Found : user_pref("CT2405280.DialogsAlignMode", "LTR");
    Found : user_pref("CT2405280.DownloadReferralCookieData", "");
    Found : user_pref("CT2405280.EMailNotifierPollDate", "Wed Mar 30 2011 15:12:18 GMT+0300 (GTB Daylight Time)"[...]
    Found : user_pref("CT2405280.FirstServerDate", "3-1-2011");
    Found : user_pref("CT2405280.FirstTime", true);
    Found : user_pref("CT2405280.FirstTimeFF3", true);
    Found : user_pref("CT2405280.FixPageNotFoundErrors", true);
    Found : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
    Found : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Found : user_pref("CT2405280.HasUserGlobalKeys", true);
    Found : user_pref("CT2405280.Initialize", true);
    Found : user_pref("CT2405280.InitializeCommonPrefs", true);
    Found : user_pref("CT2405280.InstallationAndCookieDataSentCount", 3);
    Found : user_pref("CT2405280.InstallationId", "integrated_CT2405280 .exe");
    Found : user_pref("CT2405280.InstallationType", "ConduitIntegration");
    Found : user_pref("CT2405280.InstalledDate", "Mon Jan 03 2011 21:50:32 GMT+0200 (GTB Standard Time)");
    Found : user_pref("CT2405280.InvalidateCache", false);
    Found : user_pref("CT2405280.IsGrouping", false);
    Found : user_pref("CT2405280.IsMulticommunity", false);
    Found : user_pref("CT2405280.IsOpenThankYouPage", false);
    Found : user_pref("CT2405280.IsOpenUninstallPage", true);
    Found : user_pref("CT2405280.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:01:43 GMT+0300 (GTB Daylight Ti[...]
    Found : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
    Found : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Found : user_pref("CT2405280.LastLogin_3.2.1.3", "Sun Feb 20 2011 00:39:03 GMT+0200 (GTB Standard Time)");
    Found : user_pref("CT2405280.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:27 GMT+0300 (GTB Daylight Time)");
    Found : user_pref("CT2405280.LatestVersion", "3.2.5.2");
    Found : user_pref("CT2405280.Locale", "en-us");
    Found : user_pref("CT2405280.MCDetectTooltipHeight", "83");
    Found : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
    Found : user_pref("CT2405280.MCDetectTooltipWidth", "295");
    Found : user_pref("CT2405280.RadioIsPodcast", false);
    Found : user_pref("CT2405280.RadioLastCheckTime", "Tue Mar 29 2011 22:01:30 GMT+0300 (GTB Daylight Time)");
    Found : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
    Found : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
    Found : user_pref("CT2405280.RadioMediaID", "20503713");
    Found : user_pref("CT2405280.RadioMediaType", "Media Player");
    Found : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT240528020503713");
    Found : user_pref("CT2405280.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
    Found : user_pref("CT2405280.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
    Found : user_pref("CT2405280.SavedHomepage", "hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4[...]
    Found : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
    Found : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
    Found : user_pref("CT2405280.SearchInNewTabEnabled", true);
    Found : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
    Found : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 22:01:28 GMT+0300 (GTB Daylight [...]
    Found : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Found : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Found : user_pref("CT2405280.ServiceMapLastCheckTime", "Tue Mar 29 2011 22:01:42 GMT+0300 (GTB Daylight Time[...]
    Found : user_pref("CT2405280.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:11 GMT+0300 (GTB Daylight Time)"[...]
    Found : user_pref("CT2405280.SettingsLastUpdate", "1300362061");
    Found : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
    Found : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 18:25:36 GMT+0200 (GTB Standar[...]
    Found : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1246790578");
    Found : user_pref("CT2405280.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
    Found : user_pref("CT2405280.UserID", "UN63990844459859016");
    Found : user_pref("CT2405280.WeatherNetwork", "");
    Found : user_pref("CT2405280.WeatherPollDate", "Wed Mar 30 2011 15:02:22 GMT+0300 (GTB Daylight Time)");
    Found : user_pref("CT2405280.WeatherUnit", "C");
    Found : user_pref("CT2405280.alertChannelId", "799768");
    Found : user_pref("CT2405280.backendstorage._fb_dailyactivity", "31333031343235333238323032");
    Found : user_pref("CT2405280.backendstorage._fb_lifetimesent", "54525545");
    Found : user_pref("CT2405280.backendstorage.facebook_ctid_connect_send", "73656E646564");
    Found : user_pref("CT2405280.backendstorage.foxshows_latestnotice", "3231");
    Found : user_pref("CT2405280.backendstorage.gs_dailyactivity", "31333031343235333237383036");
    Found : user_pref("CT2405280.backendstorage.gs_lifetimesent", "54525545");
    Found : user_pref("CT2405280.backendstorage.ytapp_dailyactivity", "31333031343235333238313037");
    Found : user_pref("CT2405280.backendstorage.ytapp_lifetimesent", "54525545");
    Found : user_pref("CT2405280.myStuffEnabled", true);
    Found : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
    Found : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Found : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
    Found : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Found : user_pref("CT2405280.testingCtid", "");
    Found : user_pref("CT2405280.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 22:01:43 GMT+0300 (GTB Dayli[...]
    Found : user_pref("CT2405280.toolbarContextMenuLastCheckTime", "Mon Jan 03 2011 21:50:45 GMT+0200 (GTB Stand[...]
    Found : user_pref("CT2776682..clientLogIsEnabled", true);
    Found : user_pref("CT2776682..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Found : user_pref("CT2776682..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Found : user_pref("CT2776682.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Found : user_pref("CT2776682.CTID", "CT2776682");
    Found : user_pref("CT2776682.CurrentServerDate", "29-3-2011");
    Found : user_pref("CT2776682.DialogsAlignMode", "LTR");
    Found : user_pref("CT2776682.DownloadReferralCookieData", "");
    Found : user_pref("CT2776682.EMailNotifierPollDate", "Wed Mar 30 2011 15:12:19 GMT+0300 (GTB Daylight Time)"[...]
    Found : user_pref("CT2776682.FirstServerDate", "29-3-2011");
    Found : user_pref("CT2776682.FirstTime", true);
    Found : user_pref("CT2776682.FirstTimeFF3", true);
    Found : user_pref("CT2776682.FixPageNotFoundErrors", true);
    Found : user_pref("CT2776682.GroupingServerCheckInterval", 1440);
    Found : user_pref("CT2776682.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Found : user_pref("CT2776682.HasUserGlobalKeys", true);
    Found : user_pref("CT2776682.Initialize", true);
    Found : user_pref("CT2776682.InitializeCommonPrefs", true);
    Found : user_pref("CT2776682.InstallationAndCookieDataSentCount", 2);
    Found : user_pref("CT2776682.InstallationId", "Integrated_CT2776682.exe");
    Found : user_pref("CT2776682.InstallationType", "ConduitIntegration");
    Found : user_pref("CT2776682.InstalledDate", "Tue Mar 29 2011 22:13:25 GMT+0300 (GTB Daylight Time)");
    Found : user_pref("CT2776682.InvalidateCache", false);
    Found : user_pref("CT2776682.IsGrouping", false);
    Found : user_pref("CT2776682.IsMulticommunity", false);
    Found : user_pref("CT2776682.IsOpenThankYouPage", true);
    Found : user_pref("CT2776682.IsOpenUninstallPage", true);
    Found : user_pref("CT2776682.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:18:06 GMT+0300 (GTB Daylight Ti[...]
    Found : user_pref("CT2776682.LanguagePackReloadIntervalMM", 1440);
    Found : user_pref("CT2776682.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Found : user_pref("CT2776682.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:27 GMT+0300 (GTB Daylight Time)");
    Found : user_pref("CT2776682.LatestVersion", "3.3.3.2");
    Found : user_pref("CT2776682.Locale", "en");
    Found : user_pref("CT2776682.MCDetectTooltipHeight", "83");
    Found : user_pref("CT2776682.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
    Found : user_pref("CT2776682.MCDetectTooltipWidth", "295");
    Found : user_pref("CT2776682.RadioIsPodcast", false);
    Found : user_pref("CT2776682.RadioLastCheckTime", "Tue Mar 29 2011 22:13:13 GMT+0300 (GTB Daylight Time)");
    Found : user_pref("CT2776682.RadioLastUpdateIPServer", "3");
    Found : user_pref("CT2776682.RadioLastUpdateServer", "3");
    Found : user_pref("CT2776682.RadioMediaID", "9962");
    Found : user_pref("CT2776682.RadioMediaType", "Media Player");
    Found : user_pref("CT2776682.RadioMenuSelectedID", "EBRadioMenu_CT27766829962");
    Found : user_pref("CT2776682.RadioStationName", "California%20Rock");
    Found : user_pref("CT2776682.RadioStationURL", "hxxp://feedlive.net/california.asx");
    Found : user_pref("CT2776682.SavedHomepage", "hxxp://eu.ask.com?o=15573&l=dis");
    Found : user_pref("CT2776682.SearchFromAddressBarIsInit", true);
    Found : user_pref("CT2776682.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT277[...]
    Found : user_pref("CT2776682.SearchInNewTabEnabled", true);
    Found : user_pref("CT2776682.SearchInNewTabIntervalMM", 1440);
    Found : user_pref("CT2776682.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 22:13:13 GMT+0300 (GTB Daylight [...]
    Found : user_pref("CT2776682.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Found : user_pref("CT2776682.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Found : user_pref("CT2776682.ServiceMapLastCheckTime", "Tue Mar 29 2011 22:12:59 GMT+0300 (GTB Daylight Time[...]
    Found : user_pref("CT2776682.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:14 GMT+0300 (GTB Daylight Time)"[...]
    Found : user_pref("CT2776682.SettingsLastUpdate", "1301390906");
    Found : user_pref("CT2776682.ThirdPartyComponentsInterval", 504);
    Found : user_pref("CT2776682.ThirdPartyComponentsLastCheck", "Tue Mar 29 2011 22:12:59 GMT+0300 (GTB Dayligh[...]
    Found : user_pref("CT2776682.ThirdPartyComponentsLastUpdate", "1246786978");
    Found : user_pref("CT2776682.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
    Found : user_pref("CT2776682.UserID", "UN58402490744656218");
    Found : user_pref("CT2776682.WeatherNetwork", "");
    Found : user_pref("CT2776682.WeatherPollDate", "Wed Mar 30 2011 15:02:23 GMT+0300 (GTB Daylight Time)");
    Found : user_pref("CT2776682.WeatherUnit", "C");
    Found : user_pref("CT2776682.alertChannelId", "1168776");
    Found : user_pref("CT2776682.backendstorage._fb_dailyactivity", "31333031343235393931333232");
    Found : user_pref("CT2776682.backendstorage._fb_lifetimesent", "54525545");
    Found : user_pref("CT2776682.backendstorage.facebook_ctid_connect_send", "73656E646564");
    Found : user_pref("CT2776682.components.1000034", true);
    Found : user_pref("CT2776682.components.1000234", true);
    Found : user_pref("CT2776682.myStuffEnabled", true);
    Found : user_pref("CT2776682.myStuffPublihserMinWidth", 400);
    Found : user_pref("CT2776682.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Found : user_pref("CT2776682.myStuffServiceIntervalMM", 1440);
    Found : user_pref("CT2776682.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Found : user_pref("CT2776682.testingCtid", "");
    Found : user_pref("CT2776682.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 22:13:11 GMT+0300 (GTB Dayli[...]
    Found : user_pref("CT2776682.toolbarContextMenuLastCheckTime", "Tue Mar 29 2011 22:13:15 GMT+0300 (GTB Dayli[...]
    Found : user_pref("CT2801948.autoDisableScopes", 10);
    Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2776682");
    Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1168776/1164461/RO", "\"0\"[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/799768/795587/RO", "\"0\"")[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/RO", "\"0\"")[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2405280", [...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2776682", [...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2405280/CT2405280[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2776682/CT2776682[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/equalizer_dea[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/minimize.gif"[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/play.gif", "\[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/stop.gif", "\[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/vol.gif", "\"[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
    Found : user_pref("CommunityToolbar.EngineOwner", "CT2405280");
    Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}");
    Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-eng7");
    Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2405280");
    Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}");
    Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-eng7");
    Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/slir[...]
    Found : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2405280,CT2776682");
    Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280,CT2776682");
    Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Mar 29 2011 22:18:06 GMT+0300 (GTB D[...]
    Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Found : user_pref("CommunityToolbar.alert.locale", "en");
    Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Mar 29 2011 22:12:52 GMT+0300 (GTB Dayli[...]
    Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
    Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Found : user_pref("CommunityToolbar.alert.userId", "ab11dceb-aaa7-40c2-8284-fb0d48def50f");
    Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jan 12 2011 15:41:54 GMT+0200 (GTB[...]
    Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2776682");
    Found : user_pref("ConduitEngine.FirstServerDate", "11/27/2010 18");
    Found : user_pref("ConduitEngine.FirstTime", true);
    Found : user_pref("ConduitEngine.FirstTimeFF3", true);
    Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Found : user_pref("ConduitEngine.Initialize", true);
    Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Found : user_pref("ConduitEngine.InstalledDate", "Sat Nov 27 2010 18:40:43 GMT+0200 (GTB Standard Time)");
    Found : user_pref("ConduitEngine.IsMulticommunity", false);
    Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:01:58 GMT+0300 (GTB Dayligh[...]
    Found : user_pref("ConduitEngine.LastLogin_3.2.1.3", "Sun Feb 20 2011 00:39:10 GMT+0200 (GTB Standard Time)"[...]
    Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:28 GMT+0300 (GTB Daylight Time)"[...]
    Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
    Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:30 GMT+0300 (GTB Daylight Ti[...]
    Found : user_pref("ConduitEngine.UserID", "UN36620930773737663");
    Found : user_pref("ConduitEngine.engineLocale", "en-US");
    Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Mar 29 2011 22:01:48 GMT+0300 (GTB D[...]
    Found : user_pref("ConduitEngine.initDone", true);
    Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Found : user_pref("browser.search.defaultengine", "Ask.com");
    Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Found : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme Customized Web Search");
    Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Found : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
    Found : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=HP_s[...]
    Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486");
    Found : user_pref("extensions.BabylonToolbar_i.hardId", "700de117000000000000001fd05dc16b");
    Found : user_pref("extensions.BabylonToolbar_i.id", "700de117000000000000001fd05dc16b");
    Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15369");
    Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112560&tt=3112_[...]
    Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
    Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:36:03");
    Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Found : user_pref("extensions.enabledAddons", "[email protected]:5.0,[email protected][...]
    Found : user_pref("extensions.funmoods_i.aflt", "make");
    Found : user_pref("extensions.funmoods_i.dfltLng", "");
    Found : user_pref("extensions.funmoods_i.dfltSrch", true);
    Found : user_pref("extensions.funmoods_i.dnsErr", true);
    Found : user_pref("extensions.funmoods_i.excTlbr", false);
    Found : user_pref("extensions.funmoods_i.hmpg", true);
    Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=make");
    Found : user_pref("extensions.funmoods_i.id", "700de117000000000000001fd05dc16b");
    Found : user_pref("extensions.funmoods_i.instlDay", "15434");
    Found : user_pref("extensions.funmoods_i.instlRef", "");
    Found : user_pref("extensions.funmoods_i.newTab", true);
    Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=make");
    Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
    Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
    Found : user_pref("extensions.funmoods_i.smplGrp", "none");
    Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
    Found : user_pref("extensions.funmoods_i.tlbrId", "base");
    Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=make&q="[...]
    Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
    Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1621:51:34");
    Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
    Found : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=KW_ss&mntrId=700d[...]
    Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    Found : user_pref("sweetim.toolbar.mode.debug", "false");
    Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
    Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
    Found : user_pref("sweetim.toolbar.simapp_id", "{240C0BB2-107A-4117-849F-0EA7A719F958}");
    Found : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
    Found : user_pref("sweetim.toolbar.version", "1.0.0.10");
    Found : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
    Found : user_pref("winamp_toolbar.firsttime.showwindow", false);
    Found : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.12.1");
    Found : user_pref("winamp_toolbar.metrics.activestampdate", "30");
    Found : user_pref("winamp_toolbar.metrics.activestampmonth", "2");
    Found : user_pref("winamp_toolbar.metrics.activestampyear", "2011");
    Found : user_pref("winamp_toolbar.metrics.originalDate", "24");
    Found : user_pref("winamp_toolbar.metrics.originalHours", "24");
    Found : user_pref("winamp_toolbar.metrics.originalMinutes", "4");
    Found : user_pref("winamp_toolbar.metrics.originalMonth", "11");
    Found : user_pref("winamp_toolbar.metrics.originalSeconds", "33");
    Found : user_pref("winamp_toolbar.metrics.originalYear", "2010");
    Found : user_pref("winamp_toolbar.search.populateoncomplete", false);
    Found : user_pref("winamp_toolbar.search.searchtype", "web");
    Found : user_pref("winamp_toolbar.search.source", "tb50ffwinamp");
    Found : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
    Found : user_pref("winamp_toolbar.upgrade.showwindow", false);
    Found : user_pref("winamp_toolbar.winamp.appversion", "1");
    Found : user_pref("winamp_toolbar.winamp.artist", "");
    Found : user_pref("winamp_toolbar.winamp.title", "-999999");
    Found : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
    Found : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
    Found : user_pref("winamp_toolbar.winamp.volume", "0");
    Found : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=NT_ss&mntr[...]
    Found : user_pref("CT3248869.autoDisableScopes", 0);
    Found : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937[...]
    Found : user_pref("browser.search.selectedEngine", "SearchTheWeb");

    -\\ Google Chrome v23.0.1271.97

    File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Found [l.19] : urls_to_restore_on_startup = [ "hxxp://www.google.ro/", "hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937CDB5D2B8" ]
    Found [l.2331] : urls_to_restore_on_startup = [ "hxxp://www.google.ro/", "hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937CDB5D2B8" ]

    *************************

    AdwCleaner[R1].txt - [57489 octets] - [09/01/2013 12:36:09]

    ########## EOF - C:\AdwCleaner[R1].txt - [57550 octets] ##########
     
  13. dvk01

    dvk01 Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    56,451
    First Name:
    Derek
    Please run AdwCleaner again, This time press delete, It will clear the problems & then offer to reboot, please let it reboot & then post the log it makes.
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    then tell us what problems if any that you are still having
     
  14. SheratanN

    SheratanN Thread Starter

    Joined:
    Jan 8, 2013
    Messages:
    13
    There you go :


    # AdwCleaner v2.105 - Logfile created 01/09/2013 at 13:24:56
    # Updated 08/01/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : User - PC
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\User\Desktop\adwcleaner (1).exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Application Updater
    Stopped & Deleted : Web Assistant Updater

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Deleted on reboot : C:\Program Files\Common Files\spigot
    File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\Askcom.xml
    File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\Conduit.xml
    File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\daemon-search.xml
    File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\funmoods.xml
    File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\MyStart Search.xml
    File Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\searchplugins\SweetIm.xml
    File Deleted : C:\END
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\user.js
    File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\InstallMate
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
    Folder Deleted : C:\Documents and Settings\User\Application Data\Babylon
    Folder Deleted : C:\Documents and Settings\User\Application Data\Complitly
    Folder Deleted : C:\Documents and Settings\User\Application Data\incredibar.com
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\Conduit
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\ConduitEngine
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\CT2405280
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\CT2776682
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{113342cd-3031-4ee9-9288-2c58857d3a3d}
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{90b49673-5506-483e-b92b-ca0265bd9ca8}
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\extensions\[email protected]
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\SweetIMToolbarData
    Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\WinampToolbarData
    Folder Deleted : C:\Documents and Settings\User\Application Data\Search Settings
    Folder Deleted : C:\Documents and Settings\User\Application Data\yourfiledownloader
    Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
    Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Xfire_New
    Folder Deleted : C:\Program Files\Application Updater
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Web Assistant
    Folder Deleted : C:\Program Files\Xfire_New
    Folder Deleted : C:\Program Files\yourfiledownloader
    Folder Deleted : C:\Program Files\YouTube Downloader Toolbar

    ***** [Registry] *****

    Key Deleted : HKCU\Software\1ClickDownload
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
    Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
    Key Deleted : HKCU\Software\BrotherSoft_Extreme
    Key Deleted : HKCU\Software\Complitly
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\conduitEngine
    Key Deleted : HKCU\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\Iminent
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\incredibar.com
    Key Deleted : HKCU\Software\InstallCore
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0D7562AE-8EF6-416D-A838-AB665251703A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{113342CD-3031-4EE9-9288-2C58857D3A3D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{977AE9CC-AF83-45E8-9E03-E2798216E2D5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A09AB6EB-31B5-454C-97EC-9B294D92EE2A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
    Key Deleted : HKCU\Software\Search Settings
    Key Deleted : HKCU\Software\Softonic
    Key Deleted : HKCU\Software\Softonic-Eng7
    Key Deleted : HKCU\Software\Somoto Toolbar
    Key Deleted : HKCU\Software\SweetIM
    Key Deleted : HKCU\Software\Web Assistant
    Key Deleted : HKCU\Software\Winamp Toolbar
    Key Deleted : HKCU\Software\Xfire_New
    Key Deleted : HKCU\Software\YourFileDownloader
    Key Deleted : HKCU\Toolbar
    Key Deleted : HKLM\Software\Application Updater
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BrotherSoft_Extreme
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{442F13BC-2031-42D5-9520-437F65271153}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Complitly.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\winamptbServer.exe
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{113342CD-3031-4EE9-9288-2C58857D3A3D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57BCA5FA-5DBB-45A2-B558-1755C3F6253B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5DB566B7-67C9-48C5-AECD-B30BA0214A53}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EF4E91D-DDD5-4478-BCA7-DA04435934C0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B38D6EDE-390B-4620-8365-29E16459EBDA}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F20F11FD-203E-45A9-B7BB-AFC1B4FEA7A6}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE178B09-C8AA-4734-804D-1849BCCA0C29}
    Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj
    Key Deleted : HKLM\SOFTWARE\Classes\DTToolbar.ToolBandObj.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\I
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0F54B66A-21CF-4548-AE59-A6B83EE6676F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{51A971CA-D36E-4D13-A799-2CF0A491D04D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{56FBEA9F-EF93-4318-B75F-A96FC7C7BD7B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{78B3C85E-44FF-4DC8-B3AD-156F39DC75E5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{841FD004-57A2-4B49-BBDB-5897394619DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C9AE652B-8C99-4AC2-B556-8B501182874E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1164984-B567-47BD-A7FF-240C2594404A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E19FDA06-5BDF-43C2-B794-BCD8A4C2051F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FAB076F5-E4DD-4EA4-AFEE-F18BF972B057}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3248869
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{01BCB858-2F62-4F06-A8F4-48F927C15333}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{538CD77C-BFDD-49B0-9562-77419CAB89D1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLTBSearch.1
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.AOLToolBand.1
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.Downloader.1
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarInfo.1
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTb.ToolbarParams.1
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper
    Key Deleted : HKLM\SOFTWARE\Classes\WinampTbServer.AolToolbarHelper.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\conduitEngine
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlfienamagdnkekbbbocojppncdambda
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\Software\incredibar.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1F90E1CD-F5F7-4D52-ABCD-9ECD7CE6B25C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{28BA5638-E2E7-4E76-94EE-F197C8D39AA1}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59F4DD82-CFCC-438B-9C39-0611365D6F4B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{98B5FD0F-CA1B-4A47-A817-181C96C55E94}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CAB5F2BC-B3A2-4F5F-8C69-527F15456FE8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E0ACF485-4A74-4DEA-BF6C-605A07781F4C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\incredibar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Xfire_New Toolbar
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{113342CD-3031-4EE9-9288-2C58857D3A3D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41BC-8B58-22DDC8AB8C20}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25C7A6C5-F397-4531-A0A5-361DE093F29A}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{4BD8E034-E0F4-4509-A753-467A8E854CD8}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Xfire_New Toolbar
    Key Deleted : HKLM\Software\Search Settings
    Key Deleted : HKLM\Software\Softonic-Eng7
    Key Deleted : HKLM\Software\SweetIM
    Key Deleted : HKLM\Software\Web Assistant
    Key Deleted : HKLM\Software\Winamp Toolbar
    Key Deleted : HKLM\Software\Xfire_New
    Key Deleted : HKLM\Software\YourFileDownloader
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{113342CD-3031-4EE9-9288-2C58857D3A3D}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{113342CD-3031-4EE9-9288-2C58857D3A3D}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EBF2BA02-9094-4C5A-858B-BB198F3D8DE2}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
    Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v7.0.6000.21256

    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT3248869 --> hxxp://www.google.com

    -\\ Mozilla Firefox v11.0 (ro)

    File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\prefs.js

    C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\9xa6ls5t.default\user.js ... Deleted !

    Deleted : user_pref("CT1060933.autoDisableScopes", -1);
    Deleted : user_pref("CT2405280..clientLogIsEnabled", true);
    Deleted : user_pref("CT2405280..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2405280..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2405280.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2405280.CTID", "CT2405280");
    Deleted : user_pref("CT2405280.CurrentServerDate", "29-3-2011");
    Deleted : user_pref("CT2405280.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2405280.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2405280.EMailNotifierPollDate", "Wed Mar 30 2011 15:12:18 GMT+0300 (GTB Daylight Time)"[...]
    Deleted : user_pref("CT2405280.FirstServerDate", "3-1-2011");
    Deleted : user_pref("CT2405280.FirstTime", true);
    Deleted : user_pref("CT2405280.FirstTimeFF3", true);
    Deleted : user_pref("CT2405280.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2405280.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2405280.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2405280.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2405280.Initialize", true);
    Deleted : user_pref("CT2405280.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2405280.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2405280.InstallationId", "integrated_CT2405280 .exe");
    Deleted : user_pref("CT2405280.InstallationType", "ConduitIntegration");
    Deleted : user_pref("CT2405280.InstalledDate", "Mon Jan 03 2011 21:50:32 GMT+0200 (GTB Standard Time)");
    Deleted : user_pref("CT2405280.InvalidateCache", false);
    Deleted : user_pref("CT2405280.IsGrouping", false);
    Deleted : user_pref("CT2405280.IsMulticommunity", false);
    Deleted : user_pref("CT2405280.IsOpenThankYouPage", false);
    Deleted : user_pref("CT2405280.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2405280.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:01:43 GMT+0300 (GTB Daylight Ti[...]
    Deleted : user_pref("CT2405280.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2405280.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2405280.LastLogin_3.2.1.3", "Sun Feb 20 2011 00:39:03 GMT+0200 (GTB Standard Time)");
    Deleted : user_pref("CT2405280.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:27 GMT+0300 (GTB Daylight Time)");
    Deleted : user_pref("CT2405280.LatestVersion", "3.2.5.2");
    Deleted : user_pref("CT2405280.Locale", "en-us");
    Deleted : user_pref("CT2405280.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2405280.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
    Deleted : user_pref("CT2405280.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2405280.RadioIsPodcast", false);
    Deleted : user_pref("CT2405280.RadioLastCheckTime", "Tue Mar 29 2011 22:01:30 GMT+0300 (GTB Daylight Time)");
    Deleted : user_pref("CT2405280.RadioLastUpdateIPServer", "3");
    Deleted : user_pref("CT2405280.RadioLastUpdateServer", "129167775315800000");
    Deleted : user_pref("CT2405280.RadioMediaID", "20503713");
    Deleted : user_pref("CT2405280.RadioMediaType", "Media Player");
    Deleted : user_pref("CT2405280.RadioMenuSelectedID", "EBRadioMenu_CT240528020503713");
    Deleted : user_pref("CT2405280.RadioStationName", "Virgin%20Radio%20Classic%20Rock");
    Deleted : user_pref("CT2405280.RadioStationURL", "hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=vcbb[...]
    Deleted : user_pref("CT2405280.SavedHomepage", "hxxp://eis.esnips.com/page/search/?client_uuid=bda82ac0-85c3-4[...]
    Deleted : user_pref("CT2405280.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2405280.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT240[...]
    Deleted : user_pref("CT2405280.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2405280.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2405280.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 22:01:28 GMT+0300 (GTB Daylight [...]
    Deleted : user_pref("CT2405280.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2405280.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2405280.ServiceMapLastCheckTime", "Tue Mar 29 2011 22:01:42 GMT+0300 (GTB Daylight Time[...]
    Deleted : user_pref("CT2405280.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:11 GMT+0300 (GTB Daylight Time)"[...]
    Deleted : user_pref("CT2405280.SettingsLastUpdate", "1300362061");
    Deleted : user_pref("CT2405280.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2405280.ThirdPartyComponentsLastCheck", "Wed Mar 16 2011 18:25:36 GMT+0200 (GTB Standar[...]
    Deleted : user_pref("CT2405280.ThirdPartyComponentsLastUpdate", "1246790578");
    Deleted : user_pref("CT2405280.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
    Deleted : user_pref("CT2405280.UserID", "UN63990844459859016");
    Deleted : user_pref("CT2405280.WeatherNetwork", "");
    Deleted : user_pref("CT2405280.WeatherPollDate", "Wed Mar 30 2011 15:02:22 GMT+0300 (GTB Daylight Time)");
    Deleted : user_pref("CT2405280.WeatherUnit", "C");
    Deleted : user_pref("CT2405280.alertChannelId", "799768");
    Deleted : user_pref("CT2405280.backendstorage._fb_dailyactivity", "31333031343235333238323032");
    Deleted : user_pref("CT2405280.backendstorage._fb_lifetimesent", "54525545");
    Deleted : user_pref("CT2405280.backendstorage.facebook_ctid_connect_send", "73656E646564");
    Deleted : user_pref("CT2405280.backendstorage.foxshows_latestnotice", "3231");
    Deleted : user_pref("CT2405280.backendstorage.gs_dailyactivity", "31333031343235333237383036");
    Deleted : user_pref("CT2405280.backendstorage.gs_lifetimesent", "54525545");
    Deleted : user_pref("CT2405280.backendstorage.ytapp_dailyactivity", "31333031343235333238313037");
    Deleted : user_pref("CT2405280.backendstorage.ytapp_lifetimesent", "54525545");
    Deleted : user_pref("CT2405280.myStuffEnabled", true);
    Deleted : user_pref("CT2405280.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2405280.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2405280.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2405280.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2405280.testingCtid", "");
    Deleted : user_pref("CT2405280.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 22:01:43 GMT+0300 (GTB Dayli[...]
    Deleted : user_pref("CT2405280.toolbarContextMenuLastCheckTime", "Mon Jan 03 2011 21:50:45 GMT+0200 (GTB Stand[...]
    Deleted : user_pref("CT2776682..clientLogIsEnabled", true);
    Deleted : user_pref("CT2776682..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2776682..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2776682.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2776682.CTID", "CT2776682");
    Deleted : user_pref("CT2776682.CurrentServerDate", "29-3-2011");
    Deleted : user_pref("CT2776682.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2776682.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2776682.EMailNotifierPollDate", "Wed Mar 30 2011 15:12:19 GMT+0300 (GTB Daylight Time)"[...]
    Deleted : user_pref("CT2776682.FirstServerDate", "29-3-2011");
    Deleted : user_pref("CT2776682.FirstTime", true);
    Deleted : user_pref("CT2776682.FirstTimeFF3", true);
    Deleted : user_pref("CT2776682.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2776682.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2776682.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2776682.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2776682.Initialize", true);
    Deleted : user_pref("CT2776682.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2776682.InstallationAndCookieDataSentCount", 2);
    Deleted : user_pref("CT2776682.InstallationId", "Integrated_CT2776682.exe");
    Deleted : user_pref("CT2776682.InstallationType", "ConduitIntegration");
    Deleted : user_pref("CT2776682.InstalledDate", "Tue Mar 29 2011 22:13:25 GMT+0300 (GTB Daylight Time)");
    Deleted : user_pref("CT2776682.InvalidateCache", false);
    Deleted : user_pref("CT2776682.IsGrouping", false);
    Deleted : user_pref("CT2776682.IsMulticommunity", false);
    Deleted : user_pref("CT2776682.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2776682.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2776682.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:18:06 GMT+0300 (GTB Daylight Ti[...]
    Deleted : user_pref("CT2776682.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2776682.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2776682.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:27 GMT+0300 (GTB Daylight Time)");
    Deleted : user_pref("CT2776682.LatestVersion", "3.3.3.2");
    Deleted : user_pref("CT2776682.Locale", "en");
    Deleted : user_pref("CT2776682.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2776682.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
    Deleted : user_pref("CT2776682.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2776682.RadioIsPodcast", false);
    Deleted : user_pref("CT2776682.RadioLastCheckTime", "Tue Mar 29 2011 22:13:13 GMT+0300 (GTB Daylight Time)");
    Deleted : user_pref("CT2776682.RadioLastUpdateIPServer", "3");
    Deleted : user_pref("CT2776682.RadioLastUpdateServer", "3");
    Deleted : user_pref("CT2776682.RadioMediaID", "9962");
    Deleted : user_pref("CT2776682.RadioMediaType", "Media Player");
    Deleted : user_pref("CT2776682.RadioMenuSelectedID", "EBRadioMenu_CT27766829962");
    Deleted : user_pref("CT2776682.RadioStationName", "California%20Rock");
    Deleted : user_pref("CT2776682.RadioStationURL", "hxxp://feedlive.net/california.asx");
    Deleted : user_pref("CT2776682.SavedHomepage", "hxxp://eu.ask.com?o=15573&l=dis");
    Deleted : user_pref("CT2776682.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2776682.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT277[...]
    Deleted : user_pref("CT2776682.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2776682.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2776682.SearchInNewTabLastCheckTime", "Tue Mar 29 2011 22:13:13 GMT+0300 (GTB Daylight [...]
    Deleted : user_pref("CT2776682.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2776682.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2776682.ServiceMapLastCheckTime", "Tue Mar 29 2011 22:12:59 GMT+0300 (GTB Daylight Time[...]
    Deleted : user_pref("CT2776682.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:14 GMT+0300 (GTB Daylight Time)"[...]
    Deleted : user_pref("CT2776682.SettingsLastUpdate", "1301390906");
    Deleted : user_pref("CT2776682.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2776682.ThirdPartyComponentsLastCheck", "Tue Mar 29 2011 22:12:59 GMT+0300 (GTB Dayligh[...]
    Deleted : user_pref("CT2776682.ThirdPartyComponentsLastUpdate", "1246786978");
    Deleted : user_pref("CT2776682.TrusteLinkUrl", "hxxp://trust.conduit.com/EB_ORIGINAL_CTID");
    Deleted : user_pref("CT2776682.UserID", "UN58402490744656218");
    Deleted : user_pref("CT2776682.WeatherNetwork", "");
    Deleted : user_pref("CT2776682.WeatherPollDate", "Wed Mar 30 2011 15:02:23 GMT+0300 (GTB Daylight Time)");
    Deleted : user_pref("CT2776682.WeatherUnit", "C");
    Deleted : user_pref("CT2776682.alertChannelId", "1168776");
    Deleted : user_pref("CT2776682.backendstorage._fb_dailyactivity", "31333031343235393931333232");
    Deleted : user_pref("CT2776682.backendstorage._fb_lifetimesent", "54525545");
    Deleted : user_pref("CT2776682.backendstorage.facebook_ctid_connect_send", "73656E646564");
    Deleted : user_pref("CT2776682.components.1000034", true);
    Deleted : user_pref("CT2776682.components.1000234", true);
    Deleted : user_pref("CT2776682.myStuffEnabled", true);
    Deleted : user_pref("CT2776682.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2776682.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2776682.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2776682.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2776682.testingCtid", "");
    Deleted : user_pref("CT2776682.toolbarAppMetaDataLastCheckTime", "Tue Mar 29 2011 22:13:11 GMT+0300 (GTB Dayli[...]
    Deleted : user_pref("CT2776682.toolbarContextMenuLastCheckTime", "Tue Mar 29 2011 22:13:15 GMT+0300 (GTB Dayli[...]
    Deleted : user_pref("CT2801948.autoDisableScopes", 10);
    Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2776682");
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1168776/1164461/RO", "\"0\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/799768/795587/RO", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/RO", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2405280", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2776682", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2405280/CT2405280[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2776682/CT2776682[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/equalizer_dea[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/minimize.gif"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/play.gif", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/stop.gif", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Mint/vol.gif", "\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
    Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2405280");
    Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}");
    Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "softonic-eng7");
    Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2405280");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "softonic-eng7");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://slirsredirect.search.aol.com/slir[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT2405280,CT2776682");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2405280,CT2776682");
    Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Mar 29 2011 22:18:06 GMT+0300 (GTB D[...]
    Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.locale", "en");
    Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Mar 29 2011 22:12:52 GMT+0300 (GTB Dayli[...]
    Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291048634");
    Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.alert.userId", "ab11dceb-aaa7-40c2-8284-fb0d48def50f");
    Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Jan 12 2011 15:41:54 GMT+0200 (GTB[...]
    Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2776682");
    Deleted : user_pref("ConduitEngine.FirstServerDate", "11/27/2010 18");
    Deleted : user_pref("ConduitEngine.FirstTime", true);
    Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
    Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Deleted : user_pref("ConduitEngine.Initialize", true);
    Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Nov 27 2010 18:40:43 GMT+0200 (GTB Standard Time)");
    Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
    Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Mar 29 2011 22:01:58 GMT+0300 (GTB Dayligh[...]
    Deleted : user_pref("ConduitEngine.LastLogin_3.2.1.3", "Sun Feb 20 2011 00:39:10 GMT+0200 (GTB Standard Time)"[...]
    Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Wed Mar 30 2011 14:02:28 GMT+0300 (GTB Daylight Time)"[...]
    Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
    Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Mar 30 2011 14:02:30 GMT+0300 (GTB Daylight Ti[...]
    Deleted : user_pref("ConduitEngine.UserID", "UN36620930773737663");
    Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
    Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Mar 29 2011 22:01:48 GMT+0300 (GTB D[...]
    Deleted : user_pref("ConduitEngine.initDone", true);
    Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
    Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Deleted : user_pref("browser.search.defaultthis.engineName", "BrotherSoft Extreme Customized Web Search");
    Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Deleted : user_pref("browser.search.selectedEngine", "Search the web (Babylon)");
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=HP_s[...]
    Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=100486");
    Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "700de117000000000000001fd05dc16b");
    Deleted : user_pref("extensions.BabylonToolbar_i.id", "700de117000000000000001fd05dc16b");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15369");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112560&tt=3112_[...]
    Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1710:36:03");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Deleted : user_pref("extensions.enabledAddons", "[email protected]:5.0,[email protected][...]
    Deleted : user_pref("extensions.funmoods_i.aflt", "make");
    Deleted : user_pref("extensions.funmoods_i.dfltLng", "");
    Deleted : user_pref("extensions.funmoods_i.dfltSrch", true);
    Deleted : user_pref("extensions.funmoods_i.dnsErr", true);
    Deleted : user_pref("extensions.funmoods_i.excTlbr", false);
    Deleted : user_pref("extensions.funmoods_i.hmpg", true);
    Deleted : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=make");
    Deleted : user_pref("extensions.funmoods_i.id", "700de117000000000000001fd05dc16b");
    Deleted : user_pref("extensions.funmoods_i.instlDay", "15434");
    Deleted : user_pref("extensions.funmoods_i.instlRef", "");
    Deleted : user_pref("extensions.funmoods_i.newTab", true);
    Deleted : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=make");
    Deleted : user_pref("extensions.funmoods_i.prdct", "funmoods");
    Deleted : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
    Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
    Deleted : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
    Deleted : user_pref("extensions.funmoods_i.tlbrId", "base");
    Deleted : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=make&q="[...]
    Deleted : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
    Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1621:51:34");
    Deleted : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
    Deleted : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=KW_ss&mntrId=700d[...]
    Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
    Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
    Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
    Deleted : user_pref("sweetim.toolbar.simapp_id", "{240C0BB2-107A-4117-849F-0EA7A719F958}");
    Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
    Deleted : user_pref("sweetim.toolbar.version", "1.0.0.10");
    Deleted : user_pref("winamp_toolbar.buttons.layout", "skins_btn_wa;plugins_btn_wa;shout_btn_wa;video_btn_wa;ai[...]
    Deleted : user_pref("winamp_toolbar.firsttime.showwindow", false);
    Deleted : user_pref("winamp_toolbar.install.lastTbVersion", "5.6.12.1");
    Deleted : user_pref("winamp_toolbar.metrics.activestampdate", "30");
    Deleted : user_pref("winamp_toolbar.metrics.activestampmonth", "2");
    Deleted : user_pref("winamp_toolbar.metrics.activestampyear", "2011");
    Deleted : user_pref("winamp_toolbar.metrics.originalDate", "24");
    Deleted : user_pref("winamp_toolbar.metrics.originalHours", "24");
    Deleted : user_pref("winamp_toolbar.metrics.originalMinutes", "4");
    Deleted : user_pref("winamp_toolbar.metrics.originalMonth", "11");
    Deleted : user_pref("winamp_toolbar.metrics.originalSeconds", "33");
    Deleted : user_pref("winamp_toolbar.metrics.originalYear", "2010");
    Deleted : user_pref("winamp_toolbar.search.populateoncomplete", false);
    Deleted : user_pref("winamp_toolbar.search.searchtype", "web");
    Deleted : user_pref("winamp_toolbar.search.source", "tb50ffwinamp");
    Deleted : user_pref("winamp_toolbar.strbundle.msg", "Winamp Toolbar");
    Deleted : user_pref("winamp_toolbar.upgrade.showwindow", false);
    Deleted : user_pref("winamp_toolbar.winamp.appversion", "1");
    Deleted : user_pref("winamp_toolbar.winamp.artist", "");
    Deleted : user_pref("winamp_toolbar.winamp.title", "-999999");
    Deleted : user_pref("winamp_toolbar.winamp.tracklength", "-999999");
    Deleted : user_pref("winamp_toolbar.winamp.tracktime", "-999999");
    Deleted : user_pref("winamp_toolbar.winamp.volume", "0");
    Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=112560&tt=3112_1&babsrc=NT_ss&mntr[...]
    Deleted : user_pref("CT3248869.autoDisableScopes", 0);
    Deleted : user_pref("browser.startup.homepage", "hxxp://search.iminent.com/?appId=C043BC49-0735-4683-A1AE-0937[...]
    Deleted : user_pref("browser.search.selectedEngine", "SearchTheWeb");

    -\\ Google Chrome v23.0.1271.97

    File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    Deleted [l.19] : urls_to_restore_on_startup = [ "hxxp://www.google.ro/", "hxxp://search.iminent.com/?appId=[...]
    Deleted [l.2331] : urls_to_restore_on_startup = [ "hxxp://www.google.ro/", "hxxp://search.iminent.com/?appId=C04[...]

    *************************

    AdwCleaner[R1].txt - [57620 octets] - [09/01/2013 12:36:09]
    AdwCleaner[R2].txt - [57681 octets] - [09/01/2013 13:24:24]
    AdwCleaner[S1].txt - [56448 octets] - [09/01/2013 13:24:56]

    ########## EOF - C:\AdwCleaner[S1].txt - [56509 octets] ##########
     
  15. SheratanN

    SheratanN Thread Starter

    Joined:
    Jan 8, 2013
    Messages:
    13
    Well , I don't know if that's a problem but when I'm in google chrome and I'm watching at something on YT it's quite lagging :(. And when I'm in google chrome with 5 tabs opened the processor usage it's at 70% sometimes, and then it goes like 58% and then 30%.
     
  16. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1084262

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice