1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

partner37.mydomainadvisor.com

Discussion in 'Virus & Other Malware Removal' started by infernos, Nov 9, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. infernos

    infernos Thread Starter

    Joined:
    Nov 9, 2012
    Messages:
    4
    For the last few days my browser kept randomly redirecting me to partner37.mydomainadvisor.com. I looked up some info about it and it seems it's a browser hijack that's really difficult to remove. Now, I have literally no experience in dealing with viruses so I would appreciate it you could help me with this. I know the first step is to open the task manager and check for abnormal process of mydomainadvisor but I can't find it. Is there some way I can recognize it?

    Also here's my hijactkhis log (I'm not sure is that important but before scanning I got a pop-up saying that my system denied acces to Hosts file and if there are any hijacked domains in that file, hijackthis might not be able to fix that):

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 19:53:04, on 2012.11.09
    Platform: Windows 7 SP1 (WinNT 6.00.3505)
    MSIE: Internet Explorer v9.00 (9.00.8112.16450)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\SweetIM\Messenger\SweetIM.exe
    C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Users\Ieva\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    C:\Users\Ieva\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
    C:\Users\Ieva\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Users\Ieva\AppData\Local\Akamai\netsession_win.exe
    C:\Users\Ieva\Desktop\HijackThis.exe
    C:\Program Files\RelevantKnowledge\rlvknlg.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Windows\system32\RunDll32.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e00000000000000241d9db367
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.searchya.com/?s=0&a=foxt...BtDtBtN1L2XzutBtFtCtFtDtFtBzyzy&cr=1265626548
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1:9421;<local>
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: Ironsource LTD Helper Object - {25927741-5E5B-4D27-8D8B-9188FE64373F} - C:\PROGRA~1\SearchYa!\1.5.20.0\bh\searchya.dll (file missing)
    O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
    O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: Help the General-Search Project - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Ieva\AppData\Roaming\MEDIAF~1\EXTENS~1\GENCRA~1.DLL
    O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
    O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
    O3 - Toolbar: SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
    O3 - Toolbar: SearchYa Toolbar - {33AA308B-B565-4376-AC66-59EE9B6AD13E} - C:\PROGRA~1\SearchYa!\1.5.20.0\searchyaTlbr.dll (file missing)
    O3 - Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
    O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    O4 - HKLM\..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe
    O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
    O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
    O4 - HKLM\..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Ieva\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Octoshape Streaming Services] "C:\Users\Ieva\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun
    O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Ieva\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [Media Finder] "C:\Program Files\Media Finder\Media Finder.exe" /opentotray
    O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
    O8 - Extra context menu item: Download with &Media Finder - C:\Program Files\Media Finder\hook.html
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O9 - Extra button: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
    O9 - Extra 'Tools' menuitem: SmarThru4 Web Capture - {5941A0E4-56C1-4a49-9B18-05762CAC5F9B} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
    O9 - Extra button: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
    O9 - Extra 'Tools' menuitem: SmarThru4 Capture Selection - {A07BFEF7-DD11-4937-B23B-E70C11D2EDF4} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
    O9 - Extra button: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
    O9 - Extra 'Tools' menuitem: SmarThru4 Save as HTML - {E753A93F-2367-4978-BFA0-83048C1E61CB} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
    O9 - Extra button: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
    O9 - Extra 'Tools' menuitem: SmarThru4 Save Selected Text - {F1F53366-3E11-47ab-BF84-580C94F9C9AD} - C:\Program Files\SmarThru 4\WebCapture.dll (HKCU)
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
    O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
    O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    O20 - AppInit_DLLs: c:\progra~2\browse~1\23762~1.17\{16cdf~1\browse~1.dll
    O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    O23 - Service: Browser Manager - Unknown owner - C:\ProgramData\Browser Manager\2.3.762.17\{16cdff19-861d-48e3-a751-d99a27784753}\browsemngr.exe
    O23 - Service: ES lite Service for program management. (ES lite Service) - Unknown owner - C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
    O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe
    O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
    O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
    O23 - Service: RelevantKnowledge - TMRG, Inc. - C:\Program Files\RelevantKnowledge\rlservice.exe

    --
    End of file - 8356 bytes
     
  2. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,883
    step 1
    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  3. infernos

    infernos Thread Starter

    Joined:
    Nov 9, 2012
    Messages:
    4
    # AdwCleaner v2.007 - Logfile created 11/09/2012 at 20:42:09
    # Updated 06/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : Ieva - IEVA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Ieva\Desktop\AdwCleaner.exe
    # Option [Search]


    ***** [Services] *****

    Found : Browser Manager
    Found : RelevantKnowledge

    ***** [Files / Folders] *****

    File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
    File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
    File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    File Found : C:\user.js
    File Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\searchplugins\browsemngr.xml
    File Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\searchplugins\Conduit.xml
    File Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\searchplugins\search.xml
    File Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\searchplugins\SweetIm.xml
    Folder Found : C:\Program Files\Common Files\Software Update Utility
    Folder Found : C:\Program Files\Conduit
    Folder Found : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
    Folder Found : C:\Program Files\RelevantKnowledge
    Folder Found : C:\Program Files\SweetIM
    Folder Found : C:\ProgramData\Babylon
    Folder Found : C:\ProgramData\blekko toolbars
    Folder Found : C:\ProgramData\Browser Manager
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
    Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
    Folder Found : C:\ProgramData\SweetIM
    Folder Found : C:\Users\Ieva\AppData\Local\blekkotb
    Folder Found : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
    Folder Found : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Folder Found : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Folder Found : C:\Users\Ieva\AppData\Local\Temp\Conduit
    Folder Found : C:\Users\Ieva\AppData\LocalLow\Conduit
    Folder Found : C:\Users\Ieva\AppData\Roaming\Babylon
    Folder Found : C:\Users\Ieva\AppData\Roaming\Media Finder
    Folder Found : C:\Users\Ieva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
    Folder Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\Conduit
    Folder Found : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\ConduitEngine
    Folder Found : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

    ***** [Registry] *****

    Data Found : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23762~1.17\{16cdf~1\browse~1.dll
    Key Found : HKCU\Software\AppDataLow\Software\Conduit
    Key Found : HKCU\Software\Conduit
    Key Found : HKCU\Software\DataMngr
    Key Found : HKCU\Software\DataMngr_Toolbar
    Key Found : HKCU\Software\Headlight
    Key Found : HKCU\Software\MediaFinder
    Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\Software\Babylon
    Key Found : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\dnUpdate
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Found : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
    Key Found : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
    Key Found : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
    Key Found : HKLM\SOFTWARE\Classes\I
    Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Key Found : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
    Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
    Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
    Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
    Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
    Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
    Key Found : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
    Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
    Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
    Key Found : HKLM\SOFTWARE\Classes\MF
    Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
    Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
    Key Found : HKLM\SOFTWARE\Classes\Prod.cap
    Key Found : HKLM\SOFTWARE\Classes\sim-packages
    Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Key Found : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Key Found : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Key Found : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
    Key Found : HKLM\Software\Conduit
    Key Found : HKLM\Software\DataMngr
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
    Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Key Found : HKLM\Software\Iminent
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchya
    Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Found : HKU\S-1-5-21-447599058-4001135061-4274216376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Found : HKU\S-1-5-21-447599058-4001135061-4274216376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Found : HKU\S-1-5-21-447599058-4001135061-4274216376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Found : HKU\S-1-5-21-447599058-4001135061-4274216376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
    Value Found : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D0F4A166-B8D4-48b8-9D63-80849FE137CB}]
    Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0Dzy0D0BtAyCyB0Czzzz0EtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtBzyzy&cr=1265626548
    [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e00000000000000241d9db367
    [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={296FEB44-D2F7-11E1-ABC4-00241D9DB367}
    [HKCU\Software\Microsoft\Internet Explorer\Main - bProtector Start Page] = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e00000000000000241d9db367

    -\\ Mozilla Firefox v16.0.2 (lt)

    Profile name : default
    File : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\prefs.js

    Found : user_pref("CT2233703.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Found : user_pref("CT2233703.CTID", "CT2233703");
    Found : user_pref("CT2233703.CurrentServerDate", "5-10-2010");
    Found : user_pref("CT2233703.DialogsAlignMode", "LTR");
    Found : user_pref("CT2233703.DownloadReferralCookieData", "");
    Found : user_pref("CT2233703.EMailNotifierPollDate", "Tue Oct 05 2010 20:14:04 GMT+0300 (FLE Daylight Time)"[...]
    Found : user_pref("CT2233703.FirstServerDate", "30-8-2010");
    Found : user_pref("CT2233703.FirstTime", true);
    Found : user_pref("CT2233703.FirstTimeFF3", true);
    Found : user_pref("CT2233703.FirstTimeSettingsDone", true);
    Found : user_pref("CT2233703.FixPageNotFoundErrors", true);
    Found : user_pref("CT2233703.GroupingServerCheckInterval", 1440);
    Found : user_pref("CT2233703.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Found : user_pref("CT2233703.Initialize", true);
    Found : user_pref("CT2233703.InitializeCommonPrefs", true);
    Found : user_pref("CT2233703.InstallationAndCookieDataSentCount", 3);
    Found : user_pref("CT2233703.InstallationType", "UnknownIntegration");
    Found : user_pref("CT2233703.InstalledDate", "Mon Aug 30 2010 15:09:06 GMT+0300 (FLE Daylight Time)");
    Found : user_pref("CT2233703.InvalidateCache", false);
    Found : user_pref("CT2233703.IsGrouping", false);
    Found : user_pref("CT2233703.IsMulticommunity", false);
    Found : user_pref("CT2233703.IsOpenThankYouPage", true);
    Found : user_pref("CT2233703.IsOpenUninstallPage", false);
    Found : user_pref("CT2233703.LanguagePackLastCheckTime", "Tue Oct 05 2010 14:37:02 GMT+0300 (FLE Daylight Ti[...]
    Found : user_pref("CT2233703.LanguagePackReloadIntervalMM", 1440);
    Found : user_pref("CT2233703.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Found : user_pref("CT2233703.LastLogin_2.6.0.15", "Tue Oct 05 2010 18:37:06 GMT+0300 (FLE Daylight Time)");
    Found : user_pref("CT2233703.LatestVersion", "2.7.2.0");
    Found : user_pref("CT2233703.Locale", "en");
    Found : user_pref("CT2233703.LoginCache", 4);
    Found : user_pref("CT2233703.MCDetectTooltipHeight", "83");
    Found : user_pref("CT2233703.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Found : user_pref("CT2233703.MCDetectTooltipWidth", "295");
    Found : user_pref("CT2233703.RadioIsPodcast", false);
    Found : user_pref("CT2233703.RadioLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE Daylight Time)");
    Found : user_pref("CT2233703.RadioLastUpdateIPServer", "3");
    Found : user_pref("CT2233703.RadioLastUpdateServer", "129141247792900000");
    Found : user_pref("CT2233703.RadioMediaID", "11027882");
    Found : user_pref("CT2233703.RadioMediaType", "Media Player");
    Found : user_pref("CT2233703.RadioMenuSelectedID", "EBRadioMenu_CT2233703_RECENT11027882");
    Found : user_pref("CT2233703.RadioShrinked", "expanded");
    Found : user_pref("CT2233703.RadioStationName", "DANCE%20radio");
    Found : user_pref("CT2233703.RadioStationURL", "hxxp://www.abradio.cz/asx/danceradio32.asx");
    Found : user_pref("CT2233703.RadioVolume", "50");
    Found : user_pref("CT2233703.SHRINK_TOOLBAR", 1);
    Found : user_pref("CT2233703.SavedHomepage", "resource:/browserconfig.properties");
    Found : user_pref("CT2233703.SearchBoxWidth", 213);
    Found : user_pref("CT2233703.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Found : user_pref("CT2233703.SearchFromAddressBarIsInit", true);
    Found : user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT223[...]
    Found : user_pref("CT2233703.SearchInNewTabEnabled", true);
    Found : user_pref("CT2233703.SearchInNewTabIntervalMM", 1440);
    Found : user_pref("CT2233703.SearchInNewTabLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE Daylight [...]
    Found : user_pref("CT2233703.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Found : user_pref("CT2233703.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Found : user_pref("CT2233703.SettingsCheckIntervalMin", 120);
    Found : user_pref("CT2233703.SettingsLastCheckTime", "Tue Oct 05 2010 19:13:55 GMT+0300 (FLE Daylight Time)"[...]
    Found : user_pref("CT2233703.SettingsLastUpdate", "1285580322");
    Found : user_pref("CT2233703.ThirdPartyComponentsInterval", 504);
    Found : user_pref("CT2233703.ThirdPartyComponentsLastCheck", "Tue Sep 21 2010 07:27:05 GMT+0300 (FLE Dayligh[...]
    Found : user_pref("CT2233703.ThirdPartyComponentsLastUpdate", "1246790578");
    Found : user_pref("CT2233703.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
    Found : user_pref("CT2233703.UserID", "UN73440700604169263");
    Found : user_pref("CT2233703.ValidationData_Search", 1);
    Found : user_pref("CT2233703.ValidationData_Toolbar", 2);
    Found : user_pref("CT2233703.WeatherNetwork", "");
    Found : user_pref("CT2233703.WeatherPollDate", "Tue Oct 05 2010 20:06:47 GMT+0300 (FLE Daylight Time)");
    Found : user_pref("CT2233703.WeatherUnit", "C");
    Found : user_pref("CT2233703.alertChannelId", "631527");
    Found : user_pref("CT2233703.clientLogIsEnabled", false);
    Found : user_pref("CT2233703.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Found : user_pref("CT2233703.myStuffEnabled", true);
    Found : user_pref("CT2233703.myStuffPublihserMinWidth", 400);
    Found : user_pref("CT2233703.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Found : user_pref("CT2233703.myStuffServiceIntervalMM", 1440);
    Found : user_pref("CT2233703.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Found : user_pref("CT2233703.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
    Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868126/863926/LT", "\"0\"")[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/LT", "\"0\"")[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2474641", [...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2836015", [...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2474641",[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2836015",[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2474641/CT2474641[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2836015/CT2836015[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/41/247/CT2474641/Images/Buttons2.xml-13-[...]
    Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
    Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
    Found : user_pref("CommunityToolbar.EngineOwnerGuid", "[email protected]");
    Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
    Found : user_pref("CommunityToolbar.IsEngineShown", true);
    Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2474641");
    Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ff19b72a-36ed-4066-8865-a580ae938cce}");
    Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "free_i-dressup");
    Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
    Found : user_pref("CommunityToolbar.ToolbarsList", "CT2233703,ConduitEngine");
    Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2233703");
    Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 20 2011 16:21:50 GMT+03[...]
    Found : user_pref("CommunityToolbar.alert.alertEnabled", true);
    Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 07:26:46 GMT+0300 (FLE D[...]
    Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Found : user_pref("CommunityToolbar.alert.locale", "en");
    Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 07:26:28 GMT+0300 (FLE Dayli[...]
    Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Found : user_pref("CommunityToolbar.alert.userId", "3d1f366e-96cd-4541-ac38-95403a68ab6e");
    Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE[...]
    Found : user_pref("CommunityToolbar.globalUserId", "1e1335e2-459f-4cd3-8003-370f6f6c09c7");
    Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Found : user_pref("ConduitEngine.CommunitiesChangesLastCheckTime", "0");
    Found : user_pref("ConduitEngine.FirstTime", true);
    Found : user_pref("ConduitEngine.FirstTimeFF3", true);
    Found : user_pref("ConduitEngine.GroupingInvalidateCache", false);
    Found : user_pref("ConduitEngine.GroupingLastCheckTime", "0");
    Found : user_pref("ConduitEngine.GroupingLastServerUpdateTime", "0");
    Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Found : user_pref("ConduitEngine.HideEngineAfterRestart", false);
    Found : user_pref("ConduitEngine.Initialize", true);
    Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Found : user_pref("ConduitEngine.InstalledDate", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standard Time)");
    Found : user_pref("ConduitEngine.InvalidateCache", false);
    Found : user_pref("ConduitEngine.IsGrouping", false);
    Found : user_pref("ConduitEngine.IsMulticommunity", false);
    Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standar[...]
    Found : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standard Time)"[...]
    Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
    Found : user_pref("ConduitEngine.RadioLastCheckTime", "0");
    Found : user_pref("ConduitEngine.RadioLastUpdateIPServer", "0");
    Found : user_pref("ConduitEngine.RadioLastUpdateServer", "0");
    Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Dec 18 2010 16:34:56 GMT+0200 (FLE Standard Ti[...]
    Found : user_pref("ConduitEngine.UserID", "UN90538513078182939");
    Found : user_pref("ConduitEngine.engineLocale", "en-US");
    Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE S[...]
    Found : user_pref("ConduitEngine.initDone", true);
    Found : user_pref("avg.install.userHPSettings", "hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e000[...]
    Found : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
    Found : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Found : user_pref("browser.search.defaultthis.engineName", "Free i-Dressup Customized Web Search");
    Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2474641&Sea[...]
    Found : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Found : user_pref("extensions.BabylonToolbar.admin", false);
    Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Found : user_pref("extensions.BabylonToolbar.id", "d6d6c88e00000000000000241d9db367");
    Found : user_pref("extensions.BabylonToolbar.instlDay", "15618");
    Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
    Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
    Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
    Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112546");
    Found : user_pref("extensions.BabylonToolbar_i.hardId", "d6d6c88e00000000000000241d9db367");
    Found : user_pref("extensions.BabylonToolbar_i.id", "d6d6c88e00000000000000241d9db367");
    Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15463");
    Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
    Found : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");
    Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.715:30:31");
    Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Found : user_pref("extensions.searchya.aflt", "foxtab");
    Found : user_pref("extensions.searchya.autoRvrt", false);
    Found : user_pref("extensions.searchya.cntry", "LT");
    Found : user_pref("extensions.searchya.dfltLng", "");
    Found : user_pref("extensions.searchya.dfltSrch", true);
    Found : user_pref("extensions.searchya.dnsErr", true);
    Found : user_pref("extensions.searchya.envrmnt", "production");
    Found : user_pref("extensions.searchya.excTlbr", false);
    Found : user_pref("extensions.searchya.hdrMd5", "7A000F8F204326082CB9F14FDCCB1828");
    Found : user_pref("extensions.searchya.hmpg", false);
    Found : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=&cd=2XzuyEtN2Y1[...]
    Found : user_pref("extensions.searchya.id", "00241D9DB367C88E");
    Found : user_pref("extensions.searchya.instlDay", "15542");
    Found : user_pref("extensions.searchya.instlRef", "");
    Found : user_pref("extensions.searchya.isDcmntCmplt", true);
    Found : user_pref("extensions.searchya.isdcmntcmplt", true);
    Found : user_pref("extensions.searchya.lastVrsnTs", "1.5.20.08:55:8");
    Found : user_pref("extensions.searchya.mntrvrsn", "1.3.0");
    Found : user_pref("extensions.searchya.newTab", false);
    Found : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=&cd=2XzuyEtN2[...]
    Found : user_pref("extensions.searchya.prdct", "searchya");
    Found : user_pref("extensions.searchya.propectorlck", 81410137);
    Found : user_pref("extensions.searchya.prtkHmpg", 1);
    Found : user_pref("extensions.searchya.prtnrId", "searchya");
    Found : user_pref("extensions.searchya.sg", "none");
    Found : user_pref("extensions.searchya.smplGrp", "none");
    Found : user_pref("extensions.searchya.srchPrvdr", "Search");
    Found : user_pref("extensions.searchya.tlbrId", "base");
    Found : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=&cd=2XzuyEt[...]
    Found : user_pref("extensions.searchya.vrsn", "1.5.20.0");
    Found : user_pref("extensions.searchya.vrsnTs", "1.5.20.08:55:8");
    Found : user_pref("extensions.searchya.vrsni", "1.5.20.0");
    Found : user_pref("extensions.searchya_i.newTab", false);
    Found : user_pref("extensions.searchya_i.smplGrp", "none");
    Found : user_pref("extensions.searchya_i.vrsnTs", "1.5.20.08:55:8");

    -\\ Google Chrome v23.0.1271.64

    File : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [33852 octets] - [09/11/2012 20:42:09]

    ########## EOF - C:\AdwCleaner[R1].txt - [33913 octets] ##########
     
  4. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,883
    OK run AdwCleaner again
    Now press delete
    It will clear the problems & then offer to reboot
    please let it reboot & then post the log it makes
    The logfile will also be saved in C:\AdwCleaner[S1].txt

    once it reboots, let us know if you still have any problems
     
  5. infernos

    infernos Thread Starter

    Joined:
    Nov 9, 2012
    Messages:
    4
    I've done everything you said and while I can't say for sure evrything is fixed (the redirects used to be really sporadic - everything would look ok for a while and then it would start redirecting to mydomainadvisor again) but so far it looks fine. Here's the log:

    # AdwCleaner v2.007 - Logfile created 11/09/2012 at 20:49:51
    # Updated 06/11/2012 by Xplode
    # Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
    # User : Ieva - IEVA-PC
    # Boot Mode : Normal
    # Running from : C:\Users\Ieva\Desktop\AdwCleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : Browser Manager
    Stopped & Deleted : RelevantKnowledge

    ***** [Files / Folders] *****

    Deleted on reboot : C:\Program Files\RelevantKnowledge
    Deleted on reboot : C:\ProgramData\Browser Manager
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
    File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
    File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\user.js
    File Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\searchplugins\browsemngr.xml
    File Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\searchplugins\Conduit.xml
    File Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\searchplugins\search.xml
    File Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\searchplugins\SweetIm.xml
    Folder Deleted : C:\Program Files\Common Files\Software Update Utility
    Folder Deleted : C:\Program Files\Conduit
    Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\[email protected]
    Folder Deleted : C:\Program Files\SweetIM
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\blekko toolbars
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
    Folder Deleted : C:\ProgramData\SweetIM
    Folder Deleted : C:\Users\Ieva\AppData\Local\blekkotb
    Folder Deleted : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
    Folder Deleted : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Folder Deleted : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Folder Deleted : C:\Users\Ieva\AppData\Local\Temp\Conduit
    Folder Deleted : C:\Users\Ieva\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Ieva\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Ieva\AppData\Roaming\Media Finder
    Folder Deleted : C:\Users\Ieva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Browser Manager
    Folder Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\[email protected]
    Folder Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\Conduit
    Folder Deleted : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\ConduitEngine
    Folder Deleted : C:\Windows\Installer\{FB697452-8CA4-46B4-98B1-165C922A2EF3}

    ***** [Registry] *****

    Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~2\browse~1\23762~1.17\{16cdf~1\browse~1.dll
    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DataMngr
    Key Deleted : HKCU\Software\DataMngr_Toolbar
    Key Deleted : HKCU\Software\Headlight
    Key Deleted : HKCU\Software\MediaFinder
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1973277F-87B0-4EA3-9ED2-470A91D284CF}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33AA308B-B565-4376-AC66-59EE9B6AD13E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{54B24FA9-87E8-47FC-8589-F9D382D8B299}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5B45AC88-523C-431E-86D7-F339B2EE262E}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6801410E-CC88-42D6-A93B-909E95645407}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8769ADCE-DBA5-48E9-AFB5-67B12CDF2E61}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8B0C188C-F6F3-484D-8225-E40262DDE633}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EEE6C35D-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
    Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.searchyaESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\gencrawler_gc.GenCrawler
    Key Deleted : HKLM\SOFTWARE\Classes\I
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9A2DCB-F5DB-40D0-8E62-3B47DD476A77}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59B23951-2232-4AFB-81D4-64A8A16D457A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E522F1-9E90-47DD-A2CE-39B0C00274A0}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8E096DFB-6AB7-45C7-BF64-B313C7096529}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{996A9940-2F2C-4486-A479-439C4A15F278}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B7D44BA-376C-456F-B289-5034270322FD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BD8FF26-2C71-4D35-9FE2-AD8D25AECC36}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BCE6E914-AEF0-4FEE-8FC8-06F9B42BF890}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD8D5FFA-4F92-48AD-BFBE-7896916656F5}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C92E6D80-EC54-45CC-AC4B-A7CF42F11B52}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D1CB564E-F38A-4F2A-8257-60E3F8BE9F34}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F293BBC0-DA7E-4CF1-9EEA-CE90CFE0DF86}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FEFBC559-C3C7-4287-B05B-49D489B80749}
    Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore
    Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaappCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd
    Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyadskBnd.1
    Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr
    Key Deleted : HKLM\SOFTWARE\Classes\ironsource.searchyaHlpr.1
    Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
    Key Deleted : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
    Key Deleted : HKLM\SOFTWARE\Classes\MF
    Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
    Key Deleted : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
    Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
    Key Deleted : HKLM\SOFTWARE\Classes\sim-packages
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\SWEETIE.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook
    Key Deleted : HKLM\SOFTWARE\Classes\sweetim_urlsearchhook.toolbarurlsearchhook.1
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15F6BCB7-BB0F-4A66-8762-4765B05597EB}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{69332529-EEC8-4D0D-9FD3-202C4AE8E589}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EEE6C35F-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2233703
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.sweetie.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DataMngr
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
    Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
    Key Deleted : HKLM\Software\Iminent
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25927741-5E5B-4D27-8D8B-9188FE64373F}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CA4520F3-AE13-4FB1-A513-58E23991C86D}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{D08D9F98-1C78-4704-87E6-368B0023D831}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{FB697452-8CA4-46B4-98B1-165C922A2EF3}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\searchya
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
    Key Deleted : HKU\S-1-5-21-447599058-4001135061-4274216376-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]
    Value Deleted : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{33AA308B-B565-4376-AC66-59EE9B6AD13E}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EEE6C35B-6118-11DC-9C72-001320C79847}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchya.com/?s=0&a=foxtab&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtByEtC0Dzy0D0BtAyCyB0Czzzz0EtN0D0Tzu0CtBtDtBtN1L2XzutBtFtCtFtDtFtBzyzy&cr=1265626548 --> hxxp://www.google.com
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e00000000000000241d9db367 --> hxxp://www.google.com
    Deleted : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page]

    -\\ Mozilla Firefox v16.0.2 (lt)

    Profile name : default
    File : C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\prefs.js

    C:\Users\Ieva\AppData\Roaming\Mozilla\Firefox\Profiles\v294rfgw.default\user.js ... Deleted !

    Deleted : user_pref("CT2233703.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2233703.CTID", "CT2233703");
    Deleted : user_pref("CT2233703.CurrentServerDate", "5-10-2010");
    Deleted : user_pref("CT2233703.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2233703.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2233703.EMailNotifierPollDate", "Tue Oct 05 2010 20:14:04 GMT+0300 (FLE Daylight Time)"[...]
    Deleted : user_pref("CT2233703.FirstServerDate", "30-8-2010");
    Deleted : user_pref("CT2233703.FirstTime", true);
    Deleted : user_pref("CT2233703.FirstTimeFF3", true);
    Deleted : user_pref("CT2233703.FirstTimeSettingsDone", true);
    Deleted : user_pref("CT2233703.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2233703.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2233703.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2233703.Initialize", true);
    Deleted : user_pref("CT2233703.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2233703.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2233703.InstallationType", "UnknownIntegration");
    Deleted : user_pref("CT2233703.InstalledDate", "Mon Aug 30 2010 15:09:06 GMT+0300 (FLE Daylight Time)");
    Deleted : user_pref("CT2233703.InvalidateCache", false);
    Deleted : user_pref("CT2233703.IsGrouping", false);
    Deleted : user_pref("CT2233703.IsMulticommunity", false);
    Deleted : user_pref("CT2233703.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2233703.IsOpenUninstallPage", false);
    Deleted : user_pref("CT2233703.LanguagePackLastCheckTime", "Tue Oct 05 2010 14:37:02 GMT+0300 (FLE Daylight Ti[...]
    Deleted : user_pref("CT2233703.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2233703.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2233703.LastLogin_2.6.0.15", "Tue Oct 05 2010 18:37:06 GMT+0300 (FLE Daylight Time)");
    Deleted : user_pref("CT2233703.LatestVersion", "2.7.2.0");
    Deleted : user_pref("CT2233703.Locale", "en");
    Deleted : user_pref("CT2233703.LoginCache", 4);
    Deleted : user_pref("CT2233703.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2233703.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2233703.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2233703.RadioIsPodcast", false);
    Deleted : user_pref("CT2233703.RadioLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE Daylight Time)");
    Deleted : user_pref("CT2233703.RadioLastUpdateIPServer", "3");
    Deleted : user_pref("CT2233703.RadioLastUpdateServer", "129141247792900000");
    Deleted : user_pref("CT2233703.RadioMediaID", "11027882");
    Deleted : user_pref("CT2233703.RadioMediaType", "Media Player");
    Deleted : user_pref("CT2233703.RadioMenuSelectedID", "EBRadioMenu_CT2233703_RECENT11027882");
    Deleted : user_pref("CT2233703.RadioShrinked", "expanded");
    Deleted : user_pref("CT2233703.RadioStationName", "DANCE%20radio");
    Deleted : user_pref("CT2233703.RadioStationURL", "hxxp://www.abradio.cz/asx/danceradio32.asx");
    Deleted : user_pref("CT2233703.RadioVolume", "50");
    Deleted : user_pref("CT2233703.SHRINK_TOOLBAR", 1);
    Deleted : user_pref("CT2233703.SavedHomepage", "resource:/browserconfig.properties");
    Deleted : user_pref("CT2233703.SearchBoxWidth", 213);
    Deleted : user_pref("CT2233703.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Deleted : user_pref("CT2233703.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2233703.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT223[...]
    Deleted : user_pref("CT2233703.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2233703.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2233703.SearchInNewTabLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE Daylight [...]
    Deleted : user_pref("CT2233703.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2233703.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2233703.SettingsCheckIntervalMin", 120);
    Deleted : user_pref("CT2233703.SettingsLastCheckTime", "Tue Oct 05 2010 19:13:55 GMT+0300 (FLE Daylight Time)"[...]
    Deleted : user_pref("CT2233703.SettingsLastUpdate", "1285580322");
    Deleted : user_pref("CT2233703.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2233703.ThirdPartyComponentsLastCheck", "Tue Sep 21 2010 07:27:05 GMT+0300 (FLE Dayligh[...]
    Deleted : user_pref("CT2233703.ThirdPartyComponentsLastUpdate", "1246790578");
    Deleted : user_pref("CT2233703.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
    Deleted : user_pref("CT2233703.UserID", "UN73440700604169263");
    Deleted : user_pref("CT2233703.ValidationData_Search", 1);
    Deleted : user_pref("CT2233703.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT2233703.WeatherNetwork", "");
    Deleted : user_pref("CT2233703.WeatherPollDate", "Tue Oct 05 2010 20:06:47 GMT+0300 (FLE Daylight Time)");
    Deleted : user_pref("CT2233703.WeatherUnit", "C");
    Deleted : user_pref("CT2233703.alertChannelId", "631527");
    Deleted : user_pref("CT2233703.clientLogIsEnabled", false);
    Deleted : user_pref("CT2233703.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Deleted : user_pref("CT2233703.myStuffEnabled", true);
    Deleted : user_pref("CT2233703.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2233703.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2233703.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2233703.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2233703.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "");
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/868126/863926/LT", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/LT", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2474641", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2836015", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2474641",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2836015",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63428984078257[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2474641/CT2474641[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2836015/CT2836015[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/41/247/CT2474641/Images/Buttons2.xml-13-[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634[...]
    Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
    Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "[email protected]");
    Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
    Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
    Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2474641");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{ff19b72a-36ed-4066-8865-a580ae938cce}");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "free_i-dressup");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2233703,ConduitEngine");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2233703");
    Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Fri May 20 2011 16:21:50 GMT+03[...]
    Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
    Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Jun 29 2011 07:26:46 GMT+0300 (FLE D[...]
    Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.locale", "en");
    Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Jun 29 2011 07:26:28 GMT+0300 (FLE Dayli[...]
    Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.alert.userId", "3d1f366e-96cd-4541-ac38-95403a68ab6e");
    Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Tue Oct 05 2010 14:37:01 GMT+0300 (FLE[...]
    Deleted : user_pref("CommunityToolbar.globalUserId", "1e1335e2-459f-4cd3-8003-370f6f6c09c7");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("ConduitEngine.CommunitiesChangesLastCheckTime", "0");
    Deleted : user_pref("ConduitEngine.FirstTime", true);
    Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
    Deleted : user_pref("ConduitEngine.GroupingInvalidateCache", false);
    Deleted : user_pref("ConduitEngine.GroupingLastCheckTime", "0");
    Deleted : user_pref("ConduitEngine.GroupingLastServerUpdateTime", "0");
    Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", false);
    Deleted : user_pref("ConduitEngine.Initialize", true);
    Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Deleted : user_pref("ConduitEngine.InstalledDate", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standard Time)");
    Deleted : user_pref("ConduitEngine.InvalidateCache", false);
    Deleted : user_pref("ConduitEngine.IsGrouping", false);
    Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
    Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standar[...]
    Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE Standard Time)"[...]
    Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
    Deleted : user_pref("ConduitEngine.RadioLastCheckTime", "0");
    Deleted : user_pref("ConduitEngine.RadioLastUpdateIPServer", "0");
    Deleted : user_pref("ConduitEngine.RadioLastUpdateServer", "0");
    Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Sat Dec 18 2010 16:34:56 GMT+0200 (FLE Standard Ti[...]
    Deleted : user_pref("ConduitEngine.UserID", "UN90538513078182939");
    Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
    Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Sat Dec 18 2010 16:34:57 GMT+0200 (FLE S[...]
    Deleted : user_pref("ConduitEngine.initDone", true);
    Deleted : user_pref("avg.install.userHPSettings", "hxxp://isearch.babylon.com/?babsrc=HP_ss&mntrId=d6d6c88e000[...]
    Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
    Deleted : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
    Deleted : user_pref("browser.search.defaultthis.engineName", "Free i-Dressup Customized Web Search");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2474641&Sea[...]
    Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
    Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
    Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.id", "d6d6c88e00000000000000241d9db367");
    Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15618");
    Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
    Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
    Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
    Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112546");
    Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "d6d6c88e00000000000000241d9db367");
    Deleted : user_pref("extensions.BabylonToolbar_i.id", "d6d6c88e00000000000000241d9db367");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15463");
    Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
    Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "about:home");
    Deleted : user_pref("extensions.BabylonToolbar_i.ovrDmn", "isearch.babylon.com");
    Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.715:30:31");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
    Deleted : user_pref("extensions.searchya.aflt", "foxtab");
    Deleted : user_pref("extensions.searchya.autoRvrt", false);
    Deleted : user_pref("extensions.searchya.cntry", "LT");
    Deleted : user_pref("extensions.searchya.dfltLng", "");
    Deleted : user_pref("extensions.searchya.dfltSrch", true);
    Deleted : user_pref("extensions.searchya.dnsErr", true);
    Deleted : user_pref("extensions.searchya.envrmnt", "production");
    Deleted : user_pref("extensions.searchya.excTlbr", false);
    Deleted : user_pref("extensions.searchya.hdrMd5", "7A000F8F204326082CB9F14FDCCB1828");
    Deleted : user_pref("extensions.searchya.hmpg", false);
    Deleted : user_pref("extensions.searchya.hmpgUrl", "hxxp://www.searchya.com/?s=0&a=foxtab&chnl=&cd=2XzuyEtN2Y1[...]
    Deleted : user_pref("extensions.searchya.id", "00241D9DB367C88E");
    Deleted : user_pref("extensions.searchya.instlDay", "15542");
    Deleted : user_pref("extensions.searchya.instlRef", "");
    Deleted : user_pref("extensions.searchya.isDcmntCmplt", true);
    Deleted : user_pref("extensions.searchya.isdcmntcmplt", true);
    Deleted : user_pref("extensions.searchya.lastVrsnTs", "1.5.20.08:55:8");
    Deleted : user_pref("extensions.searchya.mntrvrsn", "1.3.0");
    Deleted : user_pref("extensions.searchya.newTab", false);
    Deleted : user_pref("extensions.searchya.newTabUrl", "hxxp://www.searchya.com/?s=2&a=foxtab&chnl=&cd=2XzuyEtN2[...]
    Deleted : user_pref("extensions.searchya.prdct", "searchya");
    Deleted : user_pref("extensions.searchya.propectorlck", 81410137);
    Deleted : user_pref("extensions.searchya.prtkHmpg", 1);
    Deleted : user_pref("extensions.searchya.prtnrId", "searchya");
    Deleted : user_pref("extensions.searchya.sg", "none");
    Deleted : user_pref("extensions.searchya.smplGrp", "none");
    Deleted : user_pref("extensions.searchya.srchPrvdr", "Search");
    Deleted : user_pref("extensions.searchya.tlbrId", "base");
    Deleted : user_pref("extensions.searchya.tlbrSrchUrl", "hxxp://www.searchya.com/?s=3&a=foxtab&chnl=&cd=2XzuyEt[...]
    Deleted : user_pref("extensions.searchya.vrsn", "1.5.20.0");
    Deleted : user_pref("extensions.searchya.vrsnTs", "1.5.20.08:55:8");
    Deleted : user_pref("extensions.searchya.vrsni", "1.5.20.0");
    Deleted : user_pref("extensions.searchya_i.newTab", false);
    Deleted : user_pref("extensions.searchya_i.smplGrp", "none");
    Deleted : user_pref("extensions.searchya_i.vrsnTs", "1.5.20.08:55:8");

    -\\ Google Chrome v23.0.1271.64

    File : C:\Users\Ieva\AppData\Local\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[R1].txt - [33983 octets] - [09/11/2012 20:42:09]
    AdwCleaner[S1].txt - [34113 octets] - [09/11/2012 20:49:51]

    ########## EOF - C:\AdwCleaner[S1].txt - [34174 octets] ##########
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,883
    Download to Desktop: DDS by sUBs from one of the below locations
    http://download.bleepingcomputer.com/sUBs/dds.com
    http://download.bleepingcomputer.com/sUBs/dds.exe
    double click DDS to run it
    Make sure there is a check mark in DDS txt
    place a check mark in the attach.txt box and then press start
    Do not select any other options unless specifically told to
    When complete, DDS.txt will openand attach.txt will be minimized on your taskbar, click on it to open it
    Save both reports to your desktop.
    DDS.txt
    Attach.txt
    post the contents of both logs back here.
     
  7. infernos

    infernos Thread Starter

    Joined:
    Nov 9, 2012
    Messages:
    4
    DDS (Ver_2012-11-07.01) - NTFS_x86
    Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2
    Run by Ieva at 22:13:49 on 2012-11-10
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3070.1322 [GMT 2:00]
    .
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    ============== Running Processes ================
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\spoolsv.exe
    C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE
    C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Windows\system32\PnkBstrA.exe
    C:\Program Files\Microsoft\BingBar\SeaPort.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
    C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
    c:\Program Files\Microsoft Security Client\NisSrv.exe
    C:\Windows\system32\WUDFHost.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
    C:\Windows\Samsung\PanelMgr\SSMMgr.exe
    C:\Program Files\Microsoft Security Client\msseces.exe
    C:\Program Files\Common Files\Java\Java Update\jusched.exe
    C:\Users\Ieva\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
    C:\Users\Ieva\AppData\Local\Akamai\netsession_win.exe
    C:\Program Files\McAfee Security Scan\3.0.285\SSScheduler.exe
    C:\Users\Ieva\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
    C:\Users\Ieva\AppData\Local\Akamai\netsession_win.exe
    C:\Windows\system32\SearchIndexer.exe
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Last.fm\LastFM.exe
    C:\Windows\system32\mspaint.exe
    C:\Windows\system32\mspaint.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Mozilla Firefox\plugin-container.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
    C:\Windows\system32\taskhost.exe
    C:\Windows\system32\SearchProtocolHost.exe
    C:\Windows\system32\SearchFilterHost.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\System32\svchost.exe -k Akamai
    C:\Windows\system32\svchost.exe -k imgsvc
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
    C:\Windows\system32\svchost.exe -k SDRSVC
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.google.com
    uSearch Bar = Preserve
    mStart Page = hxxp://www.google.com
    uProxyOverride = 127.0.0.1:9421;<local>
    BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} -
    uRun: [Google Update] "c:\users\ieva\appdata\local\google\update\GoogleUpdate.exe" /c
    uRun: [Octoshape Streaming Services] "c:\users\ieva\appdata\roaming\octoshape\octoshape streaming services\OctoshapeClient.exe" -inv:bootrun
    uRun: [msnmsgr] ~"c:\program files\windows live\messenger\msnmsgr.exe" /background
    uRun: [Akamai NetSession Interface] "c:\users\ieva\appdata\local\akamai\netsession_win.exe"
    mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
    mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
    mRun: [Samsung PanelMgr] c:\windows\samsung\panelmgr\SSMMgr.exe /autorun
    mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\3.0.285\SSScheduler.exe
    mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
    mPolicies-System: ConsentPromptBehaviorUser = dword:3
    mPolicies-System: EnableUIADesktopToggle = dword:0
    IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
    DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
    DPF: {CAFEEFAC-0017-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_06-windows-i586.cab
    TCP: NameServer = 217.147.34.15 217.147.34.16
    TCP: Interfaces\{B476A002-6B28-4BE4-AD45-C938AA70DC5C} : DHCPNameServer = 217.147.34.15 217.147.34.16
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
    SSODL: WebCheck - <orphaned>
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\users\ieva\appdata\roaming\mozilla\firefox\profiles\v294rfgw.default\
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - google.com
    FF - prefs.js: network.proxy.type - 0
    FF - component: c:\users\ieva\appdata\roaming\mozilla\firefox\profiles\v294rfgw.default\extensions\[email protected]\components\RadioWMPCoreGecko19.dll
    FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nppl3260.dll
    FF - plugin: c:\program files\k-lite codec pack\real\browser\plugins\nprpjplug.dll
    FF - plugin: c:\program files\microsoft silverlight\5.1.10516.0\npctrlui.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\users\ieva\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
    FF - plugin: c:\users\ieva\appdata\roaming\mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\windows\system32\adobe\director\np32dsw_1166636.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\npmproxy.dll
    FF - ExtSQL: 2012-11-06 16:35; {0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}; c:\users\ieva\appdata\roaming\mozilla\firefox\profiles\v294rfgw.default\extensions\{0c8fbd76-bdeb-4c52-9b24-d587ce7b9dc3}.xpi
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
    R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2009-7-14 20992]
    R2 ES lite Service;ES lite Service for program management.;c:\program files\gigabyte\easysaver\essvr.exe [2009-12-3 68136]
    R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
    R2 SSPORT;SSPORT;c:\windows\system32\drivers\SSPORT.SYS [2008-1-3 5120]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
    R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-1 139776]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
    S3 BBSvc;Bing Bar Update Service;c:\program files\microsoft\bingbar\BBSvc.EXE [2011-4-1 183560]
    S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\3.0.285\McCHSvc.exe [2012-9-5 234776]
    S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-6-9 52224]
    S3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\wat\WatAdminSvc.exe [2010-5-28 1343400]
    .
    =============== Created Last 30 ================
    .
    2012-11-10 07:45:52 6918632 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{019f3a46-86b7-4306-b56e-d937c9cfa7b4}\mpengine.dll
    2012-11-09 05:20:05 6918632 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
    2012-11-02 08:40:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2012-10-31 05:20:34 -------- d-----w- c:\program files\Free M4a to MP3 Converter
    2012-10-30 19:10:52 -------- d-----w- c:\users\ieva\Incomplete
    2012-10-30 19:09:51 -------- d-----w- c:\users\ieva\appdata\roaming\VideoConverterFox
    2012-10-20 07:10:26 740784 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{c41241a3-d7eb-427c-a92f-4a0b53662a8a}\gapaengine.dll
    2012-10-13 06:46:25 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
    2012-10-13 06:46:25 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
    .
    ==================== Find3M ====================
    .
    2012-11-10 07:34:09 17488 ----a-w- c:\windows\gdrv.sys
    2012-10-31 05:38:01 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2012-10-31 05:38:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2012-09-14 18:28:53 2048 ----a-w- c:\windows\system32\tzres.dll
    2012-09-13 11:58:51 821736 ----a-w- c:\windows\system32\npdeployJava1.dll
    2012-09-13 11:58:51 746984 ----a-w- c:\windows\system32\deployJava1.dll
    2012-08-31 17:18:09 1211760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-08-30 19:03:50 99272 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-30 19:03:50 193552 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-30 17:12:02 3968880 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2012-08-30 17:12:02 3914096 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-08-24 16:57:48 172544 ----a-w- c:\windows\system32\wintrust.dll
    2012-08-24 06:59:17 1800704 ----a-w- c:\windows\system32\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- c:\windows\system32\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- c:\windows\system32\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- c:\windows\system32\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- c:\windows\system32\mshtml.tlb
    2012-08-22 17:16:54 1292144 ----a-w- c:\windows\system32\drivers\tcpip.sys
    2012-08-22 17:16:46 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
    2012-08-22 17:16:46 240496 ----a-w- c:\windows\system32\drivers\netio.sys
    2012-08-22 17:16:36 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
    2012-08-21 20:12:27 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
    2012-08-20 17:40:31 169984 ----a-w- c:\windows\system32\winsrv.dll
    2012-08-20 17:40:01 293376 ----a-w- c:\windows\system32\KernelBase.dll
    2012-08-20 17:37:58 271360 ----a-w- c:\windows\system32\conhost.exe
    2012-08-20 15:33:28 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
    .
    ============= FINISH: 22:20:16,46 ===============


    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-07.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume1
    Install Date: 2009.12.03 06:55:50
    System Uptime: 2012.11.10 09:36:06 (13 hours ago)
    .
    Motherboard: Gigabyte Technology Co., Ltd. | | G31M-S2C
    Processor: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz | Socket 775 | 1584/266mhz
    .
    ==== Disk Partitions =========================
    .
    A: is Removable
    C: is FIXED (NTFS) - 466 GiB total, 428,971 GiB free.
    D: is CDROM ()
    E: is Removable
    F: is Removable
    G: is Removable
    H: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: MpKsl162d3540
    Device ID: ROOT\LEGACY_MPKSL162D3540\0000
    Manufacturer:
    Name: MpKsl162d3540
    PNP Device ID: ROOT\LEGACY_MPKSL162D3540\0000
    Service: MpKsl162d3540
    .
    ==== System Restore Points ===================
    .
    RP638: 2012.10.14 10:29:53 - Windows Update
    RP639: 2012.10.14 19:00:03 - Windows Backup
    RP640: 2012.10.18 07:10:35 - Windows Update
    RP641: 2012.10.21 10:11:24 - Windows Update
    RP642: 2012.10.21 19:00:03 - Windows Backup
    RP643: 2012.10.24 18:41:50 - Windows Update
    RP644: 2012.10.28 08:53:41 - Windows Update
    RP645: 2012.10.28 19:00:04 - Windows Backup
    RP646: 2012.11.01 11:38:02 - Windows Update
    RP647: 2012.11.01 21:36:59 - Windows Update
    RP648: 2012.11.02 10:38:59 - Installed Java 7 Update 9
    RP649: 2012.11.04 19:00:04 - Windows Backup
    RP650: 2012.11.05 15:06:02 - Windows Update
    RP651: 2012.11.09 07:19:20 - Windows Update
    .
    ==== Installed Programs ======================
    .
    1ClickDownloader
    7-Zip 4.65
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 9 Lite
    Adobe Shockwave Player 11.6
    Akamai NetSession Interface
    Akamai NetSession Interface Service
    Bing Bar
    D3DX10
    EasySaver B9.0410.1
    Far Manager v1.70
    Google Chrome
    Internet Explorer Toolbar 4.6 by SweetPacks
    Java 7 Update 9
    Java Auto Updater
    Java(TM) 6 Update 31
    K-Lite Mega Codec Pack 5.1.0
    Last.fm 1.5.4.27091
    McAfee Security Scan Plus
    Microsoft .NET Framework 4 Client Profile
    Microsoft Application Error Reporting
    Microsoft Office File Validation Add-In
    Microsoft Office Outlook Connector
    Microsoft Office Professional Edition 2003
    Microsoft Security Client
    Microsoft Security Essentials
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Mozilla Firefox 16.0.2 (x86 lt)
    Mozilla Maintenance Service
    Mozilla Thunderbird (2.0.0.23)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Norton Security Scan
    Octoshape Streaming Services
    Photobie -- photo editing software from Photobie Design
    PunkBuster Services
    Readiris Pro 10
    Realtek High Definition Audio Driver
    Samsung SCX-4300 Series
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    SmarThru 4
    Sonarca Sound Recorder Free 3.8.3
    SweetIM for Messenger 3.7
    swMSM
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live ID Sign-in Assistant
    Windows Live Installer
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2012.11.09 20:49:50, Error: Service Control Manager [7031] - The Browser Manager service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
    2012.11.09 13:56:46, Error: Microsoft-Windows-Application-Experience [205] - The Program Compatibility Assistant service failed to perform the phase two initialization.
    .
    ==== End Of File ===========================
     
  8. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,883
    I can't see any obvious problems there now
    if you get any problems come back

    go here http://www.thespykiller.co.uk/index.php?page=3 for info on how to tighten your security settings and how to help prevent future attacks.
    and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests. Download & use the PSI version ( not the OSI, in your browser java version) as I no longer recommend having Java installed on the computer at all, unless it is absolutely necessary, because of the too high risk of malware infiltration
    Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
     
  9. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1076077