Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possibly infected with zeroaccess


  • This topic is locked This topic is locked
10 replies to this topic

#1 Ass4ssinXIV

Ass4ssinXIV

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 September 2012 - 07:03 PM

First time poster here, and I'll need some help in figuring out if I am infected with zero access. :blink:

I just overcame the Live Security Platinum virus, using a combination of Malwarebytes, Hitman Pro, and RogueKiller. While running RogueKiller and cleaning my registry, it said I am infected with zero access, and opened a link to a page in french, with a youtube video. Upon research, I stumbled across this site, and ran combofix. I'll post the log to anyone interested and who maybe able to help.

Edited by Ass4ssinXIV, 03 September 2012 - 07:03 PM.


BC AdBot (Login to Remove)

 


#2 Ass4ssinXIV

Ass4ssinXIV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 03 September 2012 - 07:04 PM

ComboFix 12-09-03.07 - Scott 09/03/2012 18:42:08.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1245 [GMT -4:00]
Running from: c:\users\Scott\Downloads\ComboFix.exe
AV: Windows Live OneCare *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
FW: Windows Live OneCare *Disabled* {87676AF9-B8BC-7418-1F63-59FBEF2E291D}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Live OneCare *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
.
ADS - system32: deleted 24 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\blekkotb_031\blEKkotb_019x.dll
c:\program files\Brand Affinity Technologies
c:\program files\Mozilla Firefox\searchplugins\search.xml
c:\program files\Search Toolbar
c:\program files\Search Toolbar\icon.ico
c:\program files\Search Toolbar\SearchToolbarUninstall.exe
c:\program files\Search Toolbar\SearchToolbarUpdater.exe
c:\users\lll\AppData\Local\assembly\tmp
c:\users\Scott\AppData\Local\assembly\tmp
c:\users\Scott\AppData\Local\Temp\AFF1.tmp\F_IN_BOX.dll
c:\users\Scott\AppData\Roaming\masve.dll
c:\windows\system32\Cache
c:\windows\system32\Cache\26167ad62093c729.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\618b34aa536d0b34.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\Cache\fc4142d28e206fe8.fb
c:\windows\system32\Cache\ff01eb631908dd63.fb
c:\windows\system32\drivers\etc\lmhosts
.
.
((((((((((((((((((((((((( Files Created from 2012-08-03 to 2012-09-03 )))))))))))))))))))))))))))))))
.
.
2012-09-03 22:36 . 2012-09-03 22:36 27424 ----a-w- c:\windows\system32\drivers\hitmanpro36.sys
2012-09-03 21:56 . 2012-09-03 21:56 -------- d-----w- c:\program files\ESET
2012-09-03 21:38 . 2012-09-03 21:38 14080 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-09-03 21:32 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{00163BF2-85D4-4C59-8780-2E48782C55EF}\mpengine.dll
2012-09-03 21:32 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{4D500902-CE37-412E-88BA-C126E0314510}\mpengine.dll
2012-09-03 21:32 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{44274D1B-DC15-4814-BFA4-D5FA46931F9D}\mpengine.dll
2012-09-03 21:32 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{B253628E-75C6-4431-8208-0C92D4BB9AE8}\mpengine.dll
2012-09-03 21:27 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{DA9938FE-9E49-4281-8253-B1D61C10FC2B}\mpengine.dll
2012-09-03 21:27 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{F404BF3D-F251-46EF-977C-A0F9FDFE5BB2}\mpengine.dll
2012-09-03 21:27 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{35E2A72B-BA36-418F-9B5E-14A623E5C8B6}\mpengine.dll
2012-09-03 21:27 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{3296F772-3212-461D-B0CB-0C8B8BFDF1AD}\mpengine.dll
2012-09-03 20:36 . 2012-09-03 20:36 -------- d-----w- c:\program files\HitmanPro
2012-09-03 20:35 . 2012-09-03 21:23 -------- d-----w- c:\programdata\HitmanPro
2012-09-03 20:27 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{810B025F-1EB2-462A-B84A-6FB930CE0804}\mpengine.dll
2012-09-03 20:27 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{0D3182AA-1006-4075-B581-C4D8F4734EB5}\mpengine.dll
2012-09-03 20:27 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{1B341067-706E-451A-93FC-D179622167BC}\mpengine.dll
2012-09-03 20:27 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{8DE262FA-0578-49A0-B66D-2589A1D15B41}\mpengine.dll
2012-09-03 20:22 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{AEEC4D19-0D63-4C3E-BE83-043A5987B8EE}\mpengine.dll
2012-09-03 20:22 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{026BE7A4-C2FD-49BA-8DB5-FC2F8B8ACC73}\mpengine.dll
2012-09-03 20:22 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{B14F868D-3783-4188-BC2B-009CEFDFB26C}\mpengine.dll
2012-09-03 20:22 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{43577A0F-4F3B-4C40-AD26-0E9857932777}\mpengine.dll
2012-09-03 10:39 . 2012-09-03 10:39 -------- d-----w- c:\users\Scott\AppData\Roaming\Malwarebytes
2012-09-03 10:38 . 2012-09-03 10:38 -------- d-----w- c:\programdata\Malwarebytes
2012-09-03 10:38 . 2012-09-03 10:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-03 10:38 . 2012-07-03 17:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 10:33 . 2012-09-03 10:33 -------- d-----w- c:\program files\RegistryFix8
2012-09-03 10:27 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{A5D6C4C6-6DEF-4A93-892D-3CF6EBE80261}\mpengine.dll
2012-09-03 10:27 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{F30C72F5-D45E-40B7-834F-3CEA46F082A1}\mpengine.dll
2012-09-03 10:27 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{AA0BE970-6257-48FD-AD14-333B2AE14B21}\mpengine.dll
2012-09-03 10:27 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{B622E831-A2F8-4177-9329-66BA67EB5BA8}\mpengine.dll
2012-09-03 10:25 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{24A66338-0075-46B6-AE68-3ECA3693E04E}\mpengine.dll
2012-09-03 10:25 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{110BDDF2-5DF7-4336-98FE-F1913935209F}\mpengine.dll
2012-09-03 10:25 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{72EEB1AC-EF53-4AC0-A2E8-68AD70A3FD32}\mpengine.dll
2012-09-03 10:25 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{1B8DBC6F-EB19-4119-AC35-69EC2D993B4F}\mpengine.dll
2012-09-03 10:08 . 2012-09-03 10:08 -------- d-----w- c:\users\lll\AppData\Local\blekkotb_031
2012-09-03 10:04 . 2012-09-03 10:04 -------- d-----w- c:\users\Scott\AppData\Local\{CD93028E-F5AE-11E1-8270-B8AC6F996F26}
2012-09-03 10:04 . 2012-09-03 10:05 -------- d-----w- c:\programdata\036DFF98005616EDB9434AEC2F3B707C
2012-09-03 10:02 . 2012-09-03 20:17 -------- d-----w- c:\users\Scott\AppData\Roaming\xsecva
2012-09-02 19:35 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{54CA38DF-0A63-4CC3-8D8A-6A812CCD83F7}\mpengine.dll
2012-09-02 19:35 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{86B60E7E-F79A-4B72-B8D5-58636A0C319D}\mpengine.dll
2012-09-02 19:35 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{E32AFCE8-6C81-44B3-A2E8-E8B125D6453C}\mpengine.dll
2012-09-02 19:35 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{79B99EB7-7717-473A-A36D-43D606FE316B}\mpengine.dll
2012-09-02 19:31 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{AB0982BB-7129-45D2-B728-2B4A9A6A56F2}\mpengine.dll
2012-09-02 19:31 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{611FDEF4-803D-4DDB-9BA7-295C871461ED}\mpengine.dll
2012-09-02 19:31 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D9A611CE-E7B2-486B-AC5C-936AD3AB36F1}\mpengine.dll
2012-09-02 19:31 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{98BBCDCC-1AFD-4F0A-BBEF-9CE2A8E837A2}\mpengine.dll
2012-09-02 18:14 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{E0D59C65-3486-48EF-A29A-1C2136BC1F92}\mpengine.dll
2012-09-02 18:14 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{B3A72B15-E7DF-45F5-9AD2-743E5046FC96}\mpengine.dll
2012-09-02 18:14 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{31DC4B43-57C2-44D4-86B9-00E0D3C02AA3}\mpengine.dll
2012-09-02 18:14 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D798B7AA-A17A-418B-B318-9FC5CE7CE490}\mpengine.dll
2012-09-02 06:32 . 2012-09-02 08:27 -------- d-----r- c:\program files\Skype
2012-08-27 00:40 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7EC70308-D9D6-4140-89E7-3685BD288355}\mpengine.dll
2012-08-27 00:40 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{ED445310-A67C-4276-9F43-5857DE32C5E7}\mpengine.dll
2012-08-27 00:40 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{4A77786E-8950-4B1F-80FC-1E2F6F057ED2}\mpengine.dll
2012-08-27 00:40 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{E682BB61-0505-4C89-991F-59B74DDC2D68}\mpengine.dll
2012-08-27 00:35 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{83884E01-D4BA-4FCD-B8F5-3B71862FDA63}\mpengine.dll
2012-08-27 00:35 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{9C23D7F6-C966-4B6A-97BE-9658F7847452}\mpengine.dll
2012-08-27 00:35 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{B6F0C95D-01E5-4C7B-9C4B-2AE5006592DA}\mpengine.dll
2012-08-27 00:35 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{6A4B321A-33F0-4484-BE44-901968449AAC}\mpengine.dll
2012-08-27 00:13 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{5A20C3F9-7DFB-42F6-98E9-4EC15F3A7CAB}\mpengine.dll
2012-08-27 00:13 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{55A8B147-FB13-4814-B21A-05739F63D26F}\mpengine.dll
2012-08-27 00:13 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{2F95E7B9-4667-462B-BC07-977A35003FCF}\mpengine.dll
2012-08-27 00:13 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{E1CF42C3-7166-49D7-B24D-271ED842A02E}\mpengine.dll
2012-08-27 00:07 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7278763E-38A8-4C00-B261-EB3464B62E59}\mpengine.dll
2012-08-27 00:07 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{528E98EC-1EF3-4666-9706-6AA0DC9D74B6}\mpengine.dll
2012-08-27 00:07 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D4FB15A0-70EA-4840-9054-AC46A1060A85}\mpengine.dll
2012-08-27 00:07 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{57B18717-E1EF-42DE-B0B1-9F2AD375DD34}\mpengine.dll
2012-08-26 20:14 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{6A4F09AA-FC00-4ADA-AAE2-5C4B4B5B021A}\mpengine.dll
2012-08-26 20:14 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{CEB33909-E16F-4669-8921-E23AD2C7DFDD}\mpengine.dll
2012-08-26 20:14 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{CEB976D5-E79D-4A26-BADF-D1AEB823325E}\mpengine.dll
2012-08-26 20:14 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D25126A6-E790-4100-B055-0A477CFD7315}\mpengine.dll
2012-08-26 20:09 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{F2D7FBE2-4B33-49C6-8C22-5C261B1DA9C6}\mpengine.dll
2012-08-26 20:09 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{D6E2B848-D0DA-4539-B053-381AA228A25B}\mpengine.dll
2012-08-26 20:09 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{56E40087-CE22-4D00-B9CE-2755B37AB043}\mpengine.dll
2012-08-26 20:09 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{3F327BFA-097E-4F09-8EFC-4B7A04FBA03B}\mpengine.dll
2012-08-25 02:04 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{4BC8D9D4-B3F4-49CB-BC3F-8E5F5C7ACD12}\mpengine.dll
2012-08-25 02:04 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{06682111-6362-4320-9FE0-85506B908908}\mpengine.dll
2012-08-25 02:04 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{46FC38E6-9F04-4DA7-B92A-A1C23A6F188B}\mpengine.dll
2012-08-25 02:04 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{BA733142-834D-42EB-80EF-5C6FB18DD08F}\mpengine.dll
2012-08-25 01:58 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{F7E3611B-0344-4E62-875D-C9B7DDDD6A8C}\mpengine.dll
2012-08-25 01:58 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{BEC8F1EA-9A1F-4CD1-85F7-CC933D6F1370}\mpengine.dll
2012-08-25 01:58 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{5118F8E4-7901-48D3-B3C9-FA51FBAEF25F}\mpengine.dll
2012-08-25 01:58 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7C38E830-C14A-466F-9B6F-5AC21D97FF51}\mpengine.dll
2012-08-24 03:59 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{853A02C1-F5A7-418A-AB5F-D767518E7147}\mpengine.dll
2012-08-24 03:59 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{F41E1FBA-8D25-4E76-AE3F-5AC45983D1EA}\mpengine.dll
2012-08-24 03:59 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{C2606E3E-2A66-44AF-902E-063E4B39B306}\mpengine.dll
2012-08-24 03:59 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{FB1F5D5F-44A5-4B16-A284-1CD80EFA4D2F}\mpengine.dll
2012-08-24 03:53 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{82EA0C8A-7B7D-48C8-A909-D9C3DE3286D8}\mpengine.dll
2012-08-24 03:53 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{85045CC4-D2DF-4519-AACB-347FDEA38C39}\mpengine.dll
2012-08-24 03:53 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{1516AE17-F6DF-4140-9339-8AF5A7FC0723}\mpengine.dll
2012-08-24 03:53 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{B29F5C94-79B1-4E8D-AB47-BC2C9C955C9F}\mpengine.dll
2012-08-24 03:47 . 2006-08-29 14:39 1388544 ----a-w- c:\windows\system32\temp.003
2012-08-24 03:47 . 2000-08-04 10:22 21776 ----a-w- c:\windows\system32\msxml2a.dll
2012-08-24 03:47 . 2006-08-29 14:39 44032 ----a-w- c:\windows\system32\temp.001
2012-08-24 03:47 . 2006-08-29 14:39 1172992 ----a-w- c:\windows\system32\temp.002
2012-08-24 03:47 . 2006-08-29 14:39 5532 ----a-w- c:\windows\system32\Stdole.tlb
2012-08-24 03:47 . 2006-08-29 14:39 26624 ----a-w- c:\windows\system32\msxmlr.dll
2012-08-24 03:47 . 2004-08-04 04:56 151552 ----a-w- c:\windows\system32\temp.000
2012-08-24 03:46 . 2012-09-03 04:02 -------- d-----w- C:\KBPD 2 Student
2012-08-24 01:53 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{FE584F53-22AF-49AC-8B2B-A471839AB527}\mpengine.dll
2012-08-24 01:53 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{48614761-8D03-456C-8717-D48C8657D36D}\mpengine.dll
2012-08-24 01:53 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{99925A84-4A69-4A17-8DD5-EC14D2A31E82}\mpengine.dll
2012-08-24 01:53 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{A583029E-26AA-4D55-B717-98B3D92CA0A9}\mpengine.dll
2012-08-24 01:48 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{9F83FF23-539B-4768-9AE8-A3C49610A1EC}\mpengine.dll
2012-08-24 01:48 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{E6696CDC-DBC7-4AAD-870A-FEFB84019406}\mpengine.dll
2012-08-24 01:48 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{A0BCD74F-2EA5-429C-967C-C498DB942903}\mpengine.dll
2012-08-24 01:48 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7907C540-0139-422F-A5F4-9C254A5E0110}\mpengine.dll
2012-08-22 16:26 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{DC6D8532-540E-4617-B864-A31E1928B6C2}\mpengine.dll
2012-08-22 16:26 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{95597855-4907-4502-8731-FD295DE8ED91}\mpengine.dll
2012-08-22 16:26 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{41956E36-028A-484B-B8A3-A8BB225C6EB2}\mpengine.dll
2012-08-22 16:26 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{40D864FB-6A65-4691-8967-F7BC33A044BE}\mpengine.dll
2012-08-22 16:20 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{B4AEEE5D-8269-4A39-B278-DC65F78C17E4}\mpengine.dll
2012-08-22 16:20 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{CCD47C23-4A17-4974-8D39-EE2C8ED7AA9F}\mpengine.dll
2012-08-22 16:20 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{A75CA7A9-DA2C-4567-AAA7-920D6AFED345}\mpengine.dll
2012-08-22 16:20 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{260353DF-7D19-4975-B1EB-1B1D863BD7C2}\mpengine.dll
2012-08-20 05:23 . 2012-08-23 19:22 -------- d-----w- c:\users\Scott\AppData\Local\ManyCam
2012-08-20 05:23 . 2012-08-20 05:23 -------- d-----w- c:\programdata\ManyCam
2012-08-16 21:19 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{F3365910-5076-49A2-8A93-6EAB4DDAD8A9}\mpengine.dll
2012-08-16 21:19 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{4F704C69-CFFC-4356-85C2-5182146DD631}\mpengine.dll
2012-08-16 21:19 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{8E0E2212-BC00-4891-B06F-EA823F37ED50}\mpengine.dll
2012-08-16 21:19 . 2009-08-22 02:06 5395280 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{BD8C4505-FB2E-4603-AC13-FA950E326B49}\mpengine.dll
2012-08-16 21:15 . 2012-09-03 22:23 -------- d-----w- c:\users\Guest.StephieLoo-PC
2012-08-16 21:14 . 2008-05-15 20:15 3308624 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{F5560683-1FB9-4DEB-A943-3DF67EE47348}\mpengine.dll
2012-08-16 21:14 . 2009-08-22 02:06 5395280 ------w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{45FAC000-973C-452C-9728-FFF7FD2239F8}\mpengine.dll
2012-08-16 21:14 . 2008-05-15 20:15 3308624 ----a-w- c:\programdata\Microsoft\OneCare Protection\Definition Updates\{7B1F15B4-CBE4-43CF-946B-D37FA866AAD2}\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 02:22 . 2012-04-09 08:12 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-15 02:22 . 2011-09-20 22:50 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-06 02:06 . 2012-06-08 19:10 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06 . 2010-07-22 18:31 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-07 00:59 . 2012-06-07 00:59 1070152 ------w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}]
2012-01-04 23:02 233288 ----a-w- c:\program files\Expat Shield\HssIE\ExpatIE.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-09 17:51 3911776 ----a-w- c:\program files\uTorrentBar\tbuTor.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-06-07 01:33 1519304 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FA3FEDF6-1A34-4076-9F25-A26A2DE6A401}]
2011-12-04 05:05 88576 ----a-w- c:\program files\RebateRobot\RebateRobot.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-07 1519304]
"{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}"= "c:\program files\uTorrentBar\tbuTor.dll" [2010-12-09 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-12-09 3911776]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WindowsWelcomeCenter"="oobefldr.dll" [2009-04-11 2153472]
"Akamai NetSession Interface"="c:\users\Scott\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-10 39408]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-06-01 399736]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2012-06-28 2160024]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"blekkotb_XP"="reg.exe delete HKCU\Software\blekkotb" [X]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-10-17 6295552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-03-10 835584]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-08-22 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-08-22 145944]
"Intuit SyncManager"="c:\program files\Common Files\Intuit\Sync\IntuitSyncManager.exe" [2008-09-09 623880]
"ISBMgr.exe"="c:\program files\Sony\ISB Utility\ISBMgr.exe" [2008-04-04 317280]
"OneCareUI"="c:\program files\Microsoft Windows OneCare Live\winssnotify.exe" [2010-02-05 65256]
"Microsoft Default Manager"="c:\program files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-02-03 233304]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2011-11-12 268640]
"InstaLAN"="c:\program files\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe" [2011-11-14 1884064]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-07 1564872]
"Skytel"="Skytel.exe" [2008-10-17 1826816]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-02-03 103896]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"RMAlert"="c:\program files\PC Tools Registry Mechanic\Alert.exe" [2012-02-03 1018328]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
.
c:\users\Guest.StephieLoo-PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
2008-10-18 02:19 98304 ----a-w- c:\windows\System32\VESWinlogon.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro36.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro36CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^QuickBooks Update Agent.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\QuickBooks Update Agent.lnk
backup=c:\windows\pss\QuickBooks Update Agent.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Snagit 10.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 10.lnk
backup=c:\windows\pss\Snagit 10.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-21 04:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-09-23 09:47 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\B2C_AGENT]
2011-09-28 06:39 404568 ----a-w- c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-06-05 23:52 421160 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-11-29 21:38 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
2008-11-10 07:57 39408 ----a-w- c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2011-04-22 12:21 247728 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2011-06-01 01:16 399736 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOMyMemCenter]
2008-02-29 21:39 679936 ----a-w- c:\program files\Sony\VAIO My Memory Center\VAIO MyMemCenter.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIORegistration]
2007-10-17 23:40 20480 ----a-w- c:\program files\Sony\First Experience\WelcomeLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VAIOSurvey]
2008-07-25 19:21 385024 ----a-w- c:\program files\Sony\VAIO Survey\VAIO Sat Survey.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VWLASU]
2008-05-20 21:48 24576 ----a-w- c:\program files\Sony\VAIO Wireless Wizard\AutoLaunchWLASU.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2010-10-29 21:12 1652736 ----a-r- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YSearchProtection]
2009-02-23 13:05 111856 ----a-w- c:\program files\Yahoo!\Search Protection\SearchProtection.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-3025375510-3529732864-2286197025-1000]
"EnableNotifications"=dword:00000001
"EnableNotificationsRef"=dword:00000001
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-09 02:22]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 16:53]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-11 16:53]
.
2012-09-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025375510-3529732864-2286197025-1000Core.job
- c:\users\Stephie Loo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-10 22:13]
.
2012-09-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3025375510-3529732864-2286197025-1000UA.job
- c:\users\Stephie Loo\AppData\Local\Google\Update\GoogleUpdate.exe [2009-08-10 22:13]
.
2010-04-03 c:\windows\Tasks\Install_NSS.job
- c:\program files\DivX\Symantec\scstubinstaller.exe [2009-11-14 00:49]
.
2012-09-02 c:\windows\Tasks\Norton Security Scan for Scott.job
- c:\progra~1\NORTON~2\Engine\360~1.31\Nss.exe [2011-10-26 06:45]
.
2011-03-09 c:\windows\Tasks\User_Feed_Synchronization-{711FC9FB-8F09-417C-A4AF-9C4FD2DB8FFD}.job
- c:\windows\system32\msfeedssync.exe [2012-03-30 07:02]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=3966C83844E0604A4E34444FE585BDBA&tbp=homepage
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5e93365d-db26-47ac-839e-325ccb7c231d%7D&mid=37d6efeb463cf4d0a5b95b45853162ec-e1719dda20e7abb1a24919b4ec6f6335c689908f&ds=AVG&v=10.2.0.3&lang=us&pr=fr&d=2011-12-12%2009%3A37%3A10&sap=ku&q=
FF - user.js: extentions.y2layers.installId - 15c49ef5-24c5-47be-8b1b-042a9b4f17e3
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{c95a4e8e-816d-4655-8c79-d736da1adb6d} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-Easy-Hide-IP - c:\program files\Easy-Hide-IP\easy-hide-ip.exe
HKLM-Run-ROC_roc_dec12 - c:\program files\AVG Secure Search\ROC_roc_dec12.exe
HKLM-Run-HF_G_Jul - c:\program files\AVG Secure Search\HF_G_Jul.exe
HKU-Default-RunOnce-FlashPlayerUpdate - c:\windows\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe
MSConfigStartUp-dfrgicli - c:\users\STEPHI~1\AppData\Local\Temp\iashtend.dll
MSConfigStartUp-Gamevance - c:\program files\Gamevance\gamevance32.exe
MSConfigStartUp-Lwiridono - c:\users\Stephie Loo\AppData\Local\KBDMAp.dll
MSConfigStartUp-My Web Search Bar Search Scope Monitor - c:\progra~1\MYWEBS~1\bar\2.bin\m3SrchMn.exe
MSConfigStartUp-MyWebSearch Email Plugin - c:\progra~1\MYWEBS~1\bar\2.bin\mwsoemon.exe
MSConfigStartUp-Xkudemidaribiyi - c:\users\Stephie Loo\AppData\Local\alisigegobe.dll
AddRemove-AOL Emergency Connect Utility 1.0 - c:\program files\Common Files\AOL\ECU\uninst.exe
AddRemove-Search Toolbar - c:\program files\Search Toolbar\SearchToolbarUninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-09-03 19:17
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\collsvc.exe\" \"/service\" \"/counter=\Processor(_Total)\% Processor Time:5\" \"/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:5\" \"/counter=\Network Interface(*)\Bytes Total/sec:5\" \"/directory=inteldata\""
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,c6,3f,5c,c6,61,7a,49,bf,73,76,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,fd,c6,3f,5c,c6,61,7a,49,bf,73,76,\
.
[HKEY_USERS\S-1-5-21-3025375510-3529732864-2286197025-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3025375510-3529732864-2286197025-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\windows\RtkAudioService.exe
c:\program files\HitmanPro\hmpsched.exe
c:\program files\Belkin\Router Setup and Monitor\BelkinService.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Expat Shield\bin\openvpnas.exe
c:\program files\Expat Shield\HssWPR\hsssrv.exe
c:\program files\Expat Shield\bin\hsswd.exe
c:\program files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files\LeapFrog\LeapFrog Connect\CommandService.exe
c:\program files\Microsoft Windows OneCare Live\OcHealthMon.exe
c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft Application Virtualization Client\sftvsa.exe
c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe
c:\program files\TomTom HOME 2\TomTomHOMEService.exe
c:\program files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
c:\program files\Sony\VAIO Event Service\VESMgr.exe
c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
c:\program files\Viewpoint\Common\ViewpointService.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DllHost.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Sony\VAIO Event Service\VESMgrSub.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\igfxext.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Microsoft Application Virtualization Client\sftlist.exe
c:\program files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
c:\program files\Microsoft Windows OneCare Live\winss.exe
c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
c:\program files\HitmanPro\HitmanPro.exe
c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
c:\program files\Expat Shield\bin\openvpntray.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\wermgr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\Sony\VAIO Power Management\SPMService.exe
c:\program files\Sony\VAIO Power Management\SPMgr.exe
c:\program files\Sony\VAIO Care\VCsystray.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Completion time: 2012-09-03 19:26:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-03 23:25
.
Pre-Run: 31,308,800,000 bytes free
Post-Run: 34,030,800,896 bytes free
.
- - End Of File - - BF84F593A7076A3C74734F9D480BB3ED

#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:44 PM

Posted 06 September 2012 - 08:00 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download and run this DDS Scanning Tool. Nothing will be deleted. It will just give me some additional information about your system.

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
    • DDS.scr <- not recommended if you use Chrome to download this .scr file. Use the other options.
    • DDS.pif
    • DDS.COM
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
Please note: You may have to disable any script protection running if the scan fails to run.

Please just paste the contents of the DDS.txt log in your next post. DO NOT attach the log.
===

Third party programs if not up to date can be the cause infiltration of an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.

Please post the logs for my review.

Please let me know of any remaining issues with this computer.

#4 Ass4ssinXIV

Ass4ssinXIV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 06 September 2012 - 02:16 PM

.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.5.1
Run by Scott at 15:13:42 on 2012-09-06
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2938.1101 [GMT -4:00]
.
AV: Windows Live OneCare *Disabled/Updated* {BF5CEBDC-F2D3-7540-343C-F0CE11FD6E66}
SP: Windows Live OneCare *Disabled/Updated* {043D0A38-D4E9-7ACE-0E8C-CBBC6A7A24DB}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Windows Live OneCare *Disabled* {87676AF9-B8BC-7418-1F63-59FBEF2E291D}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Program Files\HitmanPro\hmpsched.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Belkin\Router Setup and Monitor\BelkinService.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Expat Shield\bin\openvpnas.exe
C:\Program Files\Expat Shield\HssWPR\hsssrv.exe
C:\Program Files\Expat Shield\bin\hsswd.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe
C:\Program Files\Microsoft Windows OneCare Live\OcHealthMon.exe
C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
C:\Windows\system32\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
C:\Program Files\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\DllHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\igfxext.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\Dwm.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\Program Files\Expat Shield\bin\openvpntray.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\LeapFrog\LeapFrog Connect\Monitor.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Users\Scott\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\ManyCam\Bin\ManyCam.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Users\Scott\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Sony\VAIO Power Management\SPMService.exe
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Windows\Explorer.exe
C:\Windows\system32\notepad.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\ehome\ehsched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\windows defender\MSASCui.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Scott\Downloads\adwcleaner.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=3966C83844E0604A4E34444FE585BDBA&tbp=homepage
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://us.rd.yahoo.com/customize/ie/defaults/sb/msgr9/*http://www.yahoo.com/ext/search/search.html
uInternet Settings,ProxyOverride = *.local;127.0.0.1:9421;<local>
uURLSearchHooks: UrlSearchHook Class: {00000000-6e41-4fd3-8538-502f5495e5fc} - c:\program files\ask.com\GenericAskToolbar.dll
uURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
mURLSearchHooks: H - No File
mURLSearchHooks: YTNavAssistPlugin Class: {81017ea9-9aa8-4a6a-9734-7af40e7d593f} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: SnagIt Toolbar Loader: {00c6482d-c502-44c8-8409-fce54ad9c208} - c:\program files\techsmith\snagit 10\SnagitBHO.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
BHO: Expat Shield Class: {3706ee7c-3cad-445d-8a43-03ebc3b75908} - c:\program files\expat shield\hssie\ExpatIE.dll
BHO: Search Helper: {6ebf7485-159f-4bff-a14f-b9e3aac4465b} - c:\program files\microsoft\search enhancement pack\search helper\SEPsearchhelperie.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
BHO: MSN Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
BHO: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: RebateRobot BHO: {fa3fedf6-1a34-4076-9f25-a26a2de6a401} - c:\program files\rebaterobot\RebateRobot.dll
BHO: SingleInstance Class: {fdad4da1-61a2-4fd8-9c17-86f7ac245081} - c:\program files\yahoo!\companion\installs\cpn5\YTSingleInstance.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.1125.0\msneshellx.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn6\yt.dll
TB: uTorrentBar Toolbar: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - c:\program files\utorrentbar\tbuTor.dll
TB: Conduit Engine: {30f9b915-b755-4826-820b-08fba6bd249d} - c:\program files\conduitengine\ConduitEngine.dll
TB: Snagit: {8ff5e183-abde-46eb-b09e-d2aab95cabe3} - c:\program files\techsmith\snagit 10\SnagitIEAddin.dll
TB: Ask Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
uRun: [Akamai NetSession Interface] "c:\users\scott\appdata\local\akamai\netsession_win.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [Intuit SyncManager] c:\program files\common files\intuit\sync\IntuitSyncManager.exe startup
mRun: [ISBMgr.exe] "c:\program files\sony\isb utility\ISBMgr.exe"
mRun: [OneCareUI] "c:\program files\microsoft windows onecare live\winssnotify.exe"
mRun: [Microsoft Default Manager] "c:\program files\microsoft\search enhancement pack\default manager\DefMgr.exe" -resume
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [Monitor] "c:\program files\leapfrog\leapfrog connect\Monitor.exe"
mRun: [InstaLAN] "c:\program files\belkin\router setup and monitor\BelkinRouterMonitor.exe" startup
mRun: [ApnUpdater] "c:\program files\ask.com\updater\Updater.exe"
mRun: [Skytel] Skytel.exe
mRun: [SSDMonitor] c:\program files\common files\pc tools\smonitor\SSDMonitor.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RMAlert] "c:\program files\pc tools registry mechanic\Alert.exe" /PRODUCT=RM /R
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - c:\progra~1\micros~3\office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL
DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - hxxp://download.divx.com/player/DivXBrowserPlugin.cab
DPF: {784797A8-342D-4072-9486-03C8D0F2F0A1} - hxxps://www.battlefieldheroes.com/static/updater/BFHUpdater_5.0.31.0.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {B3E32D88-8E7F-468F-B0E2-3A300FD4A82C} - hxxp://myitlab.pearsoned.com/Pegasus/Modules/SIMIntegration/Resources/ax/stub.cab
DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} - hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx
DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab
DPF: {DAF7E6E6-D53A-439A-B28D-12271406B8A9} - hxxp://mobileapps.blackberry.com/devicesoftware/AxLoader.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{8B1C0EB6-6F4B-4407-8B1F-6A97BC19E03C} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
TCP: Interfaces\{D10402C1-9CDE-4582-A6B7-6C0D33B0E7BC} : DhcpNameServer = 192.168.2.1
Handler: intu-help-qb2 - {84D77A00-41B5-4b8b-8ADF-86486D72E749} - c:\program files\intuit\quickbooks 2009\HelpAsyncPluggableProtocol.dll
Handler: qbwc - {FC598A64-626C-4447-85B8-53150405FD57} - c:\windows\system32\mscoree.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll
Notify: igfxcui - igfxdev.dll
Notify: VESWinlogon - VESWinlogon.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\scott\appdata\roaming\mozilla\firefox\profiles\4gpwynx2.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B5e93365d-db26-47ac-839e-325ccb7c231d%7D&mid=37d6efeb463cf4d0a5b95b45853162ec-e1719dda20e7abb1a24919b4ec6f6335c689908f&ds=AVG&v=10.2.0.3&lang=us&pr=fr&d=2011-12-12%2009%3A37%3A10&sap=ku&q=
.
---- FIREFOX POLICIES ----
FF - user.js: extentions.y2layers.installId - 15c49ef5-24c5-47be-8b1b-042a9b4f17e3
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R?2 cvhsvc;Client Virtualization Handler;c:\program files\common files\microsoft shared\virtualization handler\CVHSVC.EXE [2012-1-4 822624]
R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [2010-12-19 64288]
R1 ElRawDisk;ElRawDisk;c:\windows\system32\drivers\rsdrv.sys [2012-6-20 22312]
R1 StarPortLite;StarPort Storage Controller (Lite);c:\windows\system32\drivers\StarPortLite.sys [2012-3-4 95592]
R1 TsVp;TsVp;c:\windows\system32\drivers\tsvp.sys [2010-9-28 27240]
R2 ExpatShieldService;Expat Shield Service;c:\program files\expat shield\bin\openvpnas.exe [2012-1-17 331608]
R2 ExpatSrv;Expat Shield Routing Service;c:\program files\expat shield\hsswpr\hsssrv.exe [2012-1-4 363336]
R2 ExpatWd;Expat Shield Monitoring Service;c:\program files\expat shield\bin\hsswd.exe -product expat --> c:\program files\expat shield\bin\hsswd.exe -product Expat [?]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\hitmanpro\hmpsched.exe [2012-9-3 105832]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-9-3 655944]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
R2 OcHealthMon;Windows Live OneCare Health Monitor;c:\program files\microsoft windows onecare live\OcHealthMon.exe [2010-2-5 26120]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\common files\pc tools\smonitor\StartManSvc.exe [2012-4-14 793048]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-4-18 11032]
R2 sftlist;Application Virtualization Client;c:\program files\microsoft application virtualization client\sftlist.exe [2011-10-1 508776]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 TomTomHOMEService;TomTomHOMEService;c:\program files\tomtom home 2\TomTomHOMEService.exe [2011-4-22 92592]
R2 uCamMonitor;CamMonitor;c:\program files\arcsoft\magic-i visual effects 2\uCamMonitor.exe [2008-11-10 104960]
R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2008-10-29 415584]
R2 VCFw;VAIO Content Folder Watcher;c:\program files\common files\sony shared\vaio content folder watcher\VCFw.exe [2008-9-3 446464]
R2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\sony\vcm intelligent analyzing manager\VcmIAlzMgr.exe [2008-11-10 337184]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\viewpoint\common\ViewpointService.exe [2009-6-20 24652]
R3 andnetadb;ADB Interface DriverNet;c:\windows\system32\drivers\lgandnetadb.sys [2012-2-8 25856]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\drivers\ArcSoftKsUFilter.sys [2008-11-10 17920]
R3 ManyCam;ManyCam Virtual Webcam;c:\windows\system32\drivers\mcvidrv.sys [2012-1-11 32000]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-9-3 22344]
R3 mcaudrv_simple;ManyCam Virtual Microphone;c:\windows\system32\drivers\mcaudrv.sys [2012-2-22 22400]
R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2008-10-29 9344]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfslh.sys [2011-10-1 579944]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplaylh.sys [2011-10-1 194408]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirlh.sys [2011-10-1 21864]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvollh.sys [2011-10-1 19304]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\microsoft application virtualization client\sftvsa.exe [2011-10-1 219496]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\drivers\ts_athw.sys [2010-4-10 1629992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1ca62ef85c15dd9;Google Update Service (gupdate1ca62ef85c15dd9);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 133104]
S2 HitmanPro36CrusaderBoot;HitmanPro 3.6 Crusader (Boot);c:\program files\hitmanpro\HitmanPro.exe [2012-9-3 7758424]
S2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2008-10-29 104992]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-9 250056]
S3 AndNetDiag;LGE AndroidNet USB Serial Port;c:\windows\system32\drivers\lgandnetdiag.sys [2012-2-8 23040]
S3 AndNetGps;LGE AndroidNet USB GPS NMEA Port;c:\windows\system32\drivers\lgandnetgps.sys [2012-2-8 22272]
S3 ANDNetModem;LGE AndroidNet USB Modem;c:\windows\system32\drivers\lgandnetmodem.sys [2012-2-8 27776]
S3 andnetndis;LGE AndroidNet NDIS Ethernet Adapter;c:\windows\system32\drivers\lgandnetndis.sys [2012-2-8 70400]
S3 CV2K1;CommView Network Monitor;c:\windows\system32\drivers\cv2k1.sys [2010-9-28 19560]
S3 ExpatTrayService;Expat Shield Tray Service;c:\program files\expat shield\bin\EXPATTrayService.exe [2012-1-17 77520]
S3 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr.sys [2012-3-27 39272]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-3-8 1492840]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-11-11 133104]
S3 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2009-6-18 53168]
S3 osppsvc;Office Software Protection Platform;c:\program files\common files\microsoft shared\officesoftwareprotectionplatform\OSPPSVC.EXE [2010-1-9 4640000]
S3 SampleCollector;Intel® Sample Collector;c:\program files\sony\vaio care\collsvc.exe [2009-9-14 122880]
S3 SOHCImp;VAIO Media plus Content Importer;c:\program files\sony\vaio media plus\SOHCImp.exe [2008-11-10 103712]
S3 SOHDms;VAIO Media plus Digital Media Server;c:\program files\sony\vaio media plus\SOHDms.exe [2008-11-10 353568]
S3 SOHDs;VAIO Media plus Device Searcher;c:\program files\sony\vaio media plus\SOHDs.exe [2008-11-10 62752]
S3 TsVlb;TsVlb;c:\windows\system32\drivers\tsvlb.sys [2010-9-28 20072]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\common files\sony shared\vcmxml\VcmXmlIfHelper.exe [2008-11-10 83232]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== Created Last 30 ================
.
2012-09-03 23:30:41 12872 ----a-w- c:\windows\system32\bootdelete.exe
2012-09-03 23:26:05 -------- d-----w- c:\users\scott\appdata\local\temp
2012-09-03 23:16:50 -------- d-----w- C:\$RECYCLE.BIN
2012-09-03 23:16:41 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{4be84f3a-0dda-41ee-b716-1212367509e5}\mpengine.dll
2012-09-03 23:16:41 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{cda70ade-ebbf-426b-b25e-3c3f9444e9b1}\mpengine.dll
2012-09-03 23:16:40 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{982ed3ce-0058-4bfc-8ccc-38b5722bb9a7}\mpengine.dll
2012-09-03 23:16:39 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{7a18baf9-f952-4a1f-8bd9-0b87d80404b7}\mpengine.dll
2012-09-03 23:12:49 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{7d0b30f3-f7b4-4ed5-bded-49f9b62b3f30}\mpengine.dll
2012-09-03 23:12:48 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{6fde3d92-bec1-4f6f-b6bd-3d6ae83cb456}\mpengine.dll
2012-09-03 23:12:47 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{5d25e7fc-2ea2-4cc8-adf4-f996e7c278fc}\mpengine.dll
2012-09-03 23:12:47 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{096744d2-b043-4cd4-b754-1c8fee2dce6a}\mpengine.dll
2012-09-03 22:35:48 98816 ----a-w- c:\windows\sed.exe
2012-09-03 22:35:48 518144 ----a-w- c:\windows\SWREG.exe
2012-09-03 22:35:48 256000 ----a-w- c:\windows\PEV.exe
2012-09-03 22:35:48 208896 ----a-w- c:\windows\MBR.exe
2012-09-03 22:35:38 -------- d-----w- C:\ComboFix
2012-09-03 22:29:57 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{3dbc485c-8f02-4956-9164-186e0b4ec840}\mpengine.dll
2012-09-03 22:29:56 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{20c46b84-707f-4359-a4ab-85d28e54c463}\mpengine.dll
2012-09-03 22:29:55 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{54b4eb54-9788-4423-903f-5afc62167728}\mpengine.dll
2012-09-03 22:29:55 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{8af1a38a-abd5-4cd1-903f-90857951d3d7}\mpengine.dll
2012-09-03 22:25:46 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{59a694ce-61bf-4806-8f47-407c503496d4}\mpengine.dll
2012-09-03 22:25:45 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{ad375868-1583-4d78-bfab-0b74c077b76a}\mpengine.dll
2012-09-03 22:25:44 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{5998b762-3c5c-4bc6-89dc-587016ceda22}\mpengine.dll
2012-09-03 22:25:44 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{67044eea-5f80-41b0-a061-732af1fbf34b}\mpengine.dll
2012-09-03 21:56:51 -------- d-----w- c:\program files\ESET
2012-09-03 21:32:39 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{00163bf2-85d4-4c59-8780-2e48782c55ef}\mpengine.dll
2012-09-03 21:32:38 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{4d500902-ce37-412e-88ba-c126e0314510}\mpengine.dll
2012-09-03 21:32:36 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{44274d1b-dc15-4814-bfa4-d5fa46931f9d}\mpengine.dll
2012-09-03 21:32:35 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{b253628e-75c6-4431-8208-0c92d4bb9ae8}\mpengine.dll
2012-09-03 21:27:04 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{da9938fe-9e49-4281-8253-b1d61c10fc2b}\mpengine.dll
2012-09-03 21:27:03 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{f404bf3d-f251-46ef-977c-a0f9fdfe5bb2}\mpengine.dll
2012-09-03 21:27:02 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{35e2a72b-ba36-418f-9b5e-14a623e5c8b6}\mpengine.dll
2012-09-03 21:27:02 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{3296f772-3212-461d-b0cb-0c8b8bfdf1ad}\mpengine.dll
2012-09-03 20:36:06 -------- d-----w- c:\program files\HitmanPro
2012-09-03 20:35:33 -------- d-----w- c:\programdata\HitmanPro
2012-09-03 20:27:46 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{810b025f-1eb2-462a-b84a-6fb930ce0804}\mpengine.dll
2012-09-03 20:27:45 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{0d3182aa-1006-4075-b581-c4d8f4734eb5}\mpengine.dll
2012-09-03 20:27:44 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{1b341067-706e-451a-93fc-d179622167bc}\mpengine.dll
2012-09-03 20:27:42 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{8de262fa-0578-49a0-b66d-2589a1d15b41}\mpengine.dll
2012-09-03 20:22:26 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{aeec4d19-0d63-4c3e-be83-043a5987b8ee}\mpengine.dll
2012-09-03 20:22:25 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{026be7a4-c2fd-49ba-8db5-fc2f8b8acc73}\mpengine.dll
2012-09-03 20:22:23 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{b14f868d-3783-4188-bc2b-009cefdfb26c}\mpengine.dll
2012-09-03 20:22:22 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{43577a0f-4f3b-4c40-ad26-0e9857932777}\mpengine.dll
2012-09-03 10:39:02 -------- d-----w- c:\users\scott\appdata\roaming\Malwarebytes
2012-09-03 10:38:49 -------- d-----w- c:\programdata\Malwarebytes
2012-09-03 10:38:48 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-03 10:38:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-09-03 10:33:28 -------- d-----w- c:\program files\RegistryFix8
2012-09-03 10:27:50 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{a5d6c4c6-6def-4a93-892d-3cf6ebe80261}\mpengine.dll
2012-09-03 10:27:50 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{f30c72f5-d45e-40b7-834f-3cea46f082a1}\mpengine.dll
2012-09-03 10:27:49 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{aa0be970-6257-48fd-ad14-333b2ae14b21}\mpengine.dll
2012-09-03 10:27:48 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{b622e831-a2f8-4177-9329-66ba67eb5ba8}\mpengine.dll
2012-09-03 10:25:09 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{24a66338-0075-46b6-ae68-3eca3693e04e}\mpengine.dll
2012-09-03 10:25:09 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{110bddf2-5df7-4336-98fe-f1913935209f}\mpengine.dll
2012-09-03 10:25:08 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{72eeb1ac-ef53-4ac0-a2e8-68ad70a3fd32}\mpengine.dll
2012-09-03 10:25:07 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{1b8dbc6f-eb19-4119-ac35-69ec2d993b4f}\mpengine.dll
2012-09-03 10:04:50 -------- d-----w- c:\users\scott\appdata\local\{CD93028E-F5AE-11E1-8270-B8AC6F996F26}
2012-09-03 10:04:48 -------- d-----w- c:\programdata\036DFF98005616EDB9434AEC2F3B707C
2012-09-03 10:02:53 -------- d-----w- c:\users\scott\appdata\roaming\xsecva
2012-09-02 19:35:34 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{54ca38df-0a63-4cc3-8d8a-6a812ccd83f7}\mpengine.dll
2012-09-02 19:35:33 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{86b60e7e-f79a-4b72-b8d5-58636a0c319d}\mpengine.dll
2012-09-02 19:35:32 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{e32afce8-6c81-44b3-a2e8-e8b125d6453c}\mpengine.dll
2012-09-02 19:35:31 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{79b99eb7-7717-473a-a36d-43d606fe316b}\mpengine.dll
2012-09-02 19:31:29 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{ab0982bb-7129-45d2-b728-2b4a9a6a56f2}\mpengine.dll
2012-09-02 19:31:28 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{611fdef4-803d-4ddb-9ba7-295c871461ed}\mpengine.dll
2012-09-02 19:31:28 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{d9a611ce-e7b2-486b-ac5c-936ad3ab36f1}\mpengine.dll
2012-09-02 19:31:27 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{98bbcdcc-1afd-4f0a-bbef-9ce2a8e837a2}\mpengine.dll
2012-09-02 18:14:58 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{e0d59c65-3486-48ef-a29a-1c2136bc1f92}\mpengine.dll
2012-09-02 18:14:57 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{b3a72b15-e7df-45f5-9ad2-743e5046fc96}\mpengine.dll
2012-09-02 18:14:57 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{31dc4b43-57c2-44d4-86b9-00e0d3c02aa3}\mpengine.dll
2012-09-02 18:14:56 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{d798b7aa-a17a-418b-b318-9fc5ce7ce490}\mpengine.dll
2012-09-02 06:32:44 -------- d-----r- c:\program files\Skype
2012-08-27 00:40:54 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{7ec70308-d9d6-4140-89e7-3685bd288355}\mpengine.dll
2012-08-27 00:40:54 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{ed445310-a67c-4276-9f43-5857de32c5e7}\mpengine.dll
2012-08-27 00:40:53 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{4a77786e-8950-4b1f-80fc-1e2f6f057ed2}\mpengine.dll
2012-08-27 00:40:51 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{e682bb61-0505-4c89-991f-59b74ddc2d68}\mpengine.dll
2012-08-27 00:35:26 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{83884e01-d4ba-4fcd-b8f5-3b71862fda63}\mpengine.dll
2012-08-27 00:35:26 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{9c23d7f6-c966-4b6a-97be-9658f7847452}\mpengine.dll
2012-08-27 00:35:25 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{b6f0c95d-01e5-4c7b-9c4b-2ae5006592da}\mpengine.dll
2012-08-27 00:35:24 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{6a4b321a-33f0-4484-be44-901968449aac}\mpengine.dll
2012-08-27 00:13:05 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{5a20c3f9-7dfb-42f6-98e9-4ec15f3a7cab}\mpengine.dll
2012-08-27 00:13:04 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{55a8b147-fb13-4814-b21a-05739f63d26f}\mpengine.dll
2012-08-27 00:13:04 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{2f95e7b9-4667-462b-bc07-977a35003fcf}\mpengine.dll
2012-08-27 00:13:03 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{e1cf42c3-7166-49d7-b24d-271ed842a02e}\mpengine.dll
2012-08-27 00:07:36 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{7278763e-38a8-4c00-b261-eb3464b62e59}\mpengine.dll
2012-08-27 00:07:35 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{528e98ec-1ef3-4666-9706-6aa0dc9d74b6}\mpengine.dll
2012-08-27 00:07:34 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{d4fb15a0-70ea-4840-9054-ac46a1060a85}\mpengine.dll
2012-08-27 00:07:33 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{57b18717-e1ef-42de-b0b1-9f2ad375dd34}\mpengine.dll
2012-08-26 20:14:16 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{6a4f09aa-fc00-4ada-aae2-5c4b4b5b021a}\mpengine.dll
2012-08-26 20:14:16 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{ceb33909-e16f-4669-8921-e23ad2c7dfdd}\mpengine.dll
2012-08-26 20:14:15 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{ceb976d5-e79d-4a26-badf-d1aeb823325e}\mpengine.dll
2012-08-26 20:14:15 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{d25126a6-e790-4100-b055-0a477cfd7315}\mpengine.dll
2012-08-26 20:09:57 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{f2d7fbe2-4b33-49c6-8c22-5c261b1da9c6}\mpengine.dll
2012-08-26 20:09:56 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{d6e2b848-d0da-4539-b053-381aa228a25b}\mpengine.dll
2012-08-26 20:09:55 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{56e40087-ce22-4d00-b9ce-2755b37ab043}\mpengine.dll
2012-08-26 20:09:53 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{3f327bfa-097e-4f09-8efc-4b7a04fba03b}\mpengine.dll
2012-08-25 02:04:10 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{4bc8d9d4-b3f4-49cb-bc3f-8e5f5c7acd12}\mpengine.dll
2012-08-25 02:04:09 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{06682111-6362-4320-9fe0-85506b908908}\mpengine.dll
2012-08-25 02:04:09 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{46fc38e6-9f04-4da7-b92a-a1c23a6f188b}\mpengine.dll
2012-08-25 02:04:08 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{ba733142-834d-42eb-80ef-5c6fb18dd08f}\mpengine.dll
2012-08-25 01:58:04 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{f7e3611b-0344-4e62-875d-c9b7dddd6a8c}\mpengine.dll
2012-08-25 01:58:04 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{bec8f1ea-9a1f-4cd1-85f7-cc933d6f1370}\mpengine.dll
2012-08-25 01:58:04 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{5118f8e4-7901-48d3-b3c9-fa51fbaef25f}\mpengine.dll
2012-08-25 01:58:03 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{7c38e830-c14a-466f-9b6f-5ac21d97ff51}\mpengine.dll
2012-08-24 03:59:32 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{853a02c1-f5a7-418a-ab5f-d767518e7147}\mpengine.dll
2012-08-24 03:59:31 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{f41e1fba-8d25-4e76-ae3f-5ac45983d1ea}\mpengine.dll
2012-08-24 03:59:29 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{c2606e3e-2a66-44af-902e-063e4b39b306}\mpengine.dll
2012-08-24 03:59:27 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{fb1f5d5f-44a5-4b16-a284-1cd80efa4d2f}\mpengine.dll
2012-08-24 03:53:44 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{82ea0c8a-7b7d-48c8-a909-d9c3de3286d8}\mpengine.dll
2012-08-24 03:53:44 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{85045cc4-d2df-4519-aacb-347fdea38c39}\mpengine.dll
2012-08-24 03:53:42 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{1516ae17-f6df-4140-9339-8af5a7fc0723}\mpengine.dll
2012-08-24 03:53:41 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{b29f5c94-79b1-4e8d-ab47-bc2c9c955c9f}\mpengine.dll
2012-08-24 03:47:08 21776 ----a-w- c:\windows\system32\msxml2a.dll
2012-08-24 03:47:08 1388544 ----a-w- c:\windows\system32\temp.003
2012-08-24 03:47:07 44032 ----a-w- c:\windows\system32\temp.001
2012-08-24 03:47:07 1172992 ----a-w- c:\windows\system32\temp.002
2012-08-24 03:47:06 5532 ----a-w- c:\windows\system32\Stdole.tlb
2012-08-24 03:47:06 26624 ----a-w- c:\windows\system32\msxmlr.dll
2012-08-24 03:47:06 151552 ----a-w- c:\windows\system32\temp.000
2012-08-24 03:46:00 -------- d-----w- C:\KBPD 2 Student
2012-08-24 01:53:31 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{fe584f53-22af-49ac-8b2b-a471839ab527}\mpengine.dll
2012-08-24 01:53:31 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{48614761-8d03-456c-8717-d48c8657d36d}\mpengine.dll
2012-08-24 01:53:30 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{99925a84-4a69-4a17-8dd5-ec14d2a31e82}\mpengine.dll
2012-08-24 01:53:27 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{a583029e-26aa-4d55-b717-98b3d92ca0a9}\mpengine.dll
2012-08-24 01:48:02 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{9f83ff23-539b-4768-9ae8-a3c49610a1ec}\mpengine.dll
2012-08-24 01:48:02 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{e6696cdc-dbc7-4aad-870a-fefb84019406}\mpengine.dll
2012-08-24 01:48:01 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{a0bcd74f-2ea5-429c-967c-c498db942903}\mpengine.dll
2012-08-24 01:48:00 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{7907c540-0139-422f-a5f4-9c254a5e0110}\mpengine.dll
2012-08-22 16:26:49 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{dc6d8532-540e-4617-b864-a31e1928b6c2}\mpengine.dll
2012-08-22 16:26:48 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{95597855-4907-4502-8731-fd295de8ed91}\mpengine.dll
2012-08-22 16:26:48 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{41956e36-028a-484b-b8a3-a8bb225c6eb2}\mpengine.dll
2012-08-22 16:26:47 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{40d864fb-6a65-4691-8967-f7bc33a044be}\mpengine.dll
2012-08-22 16:20:17 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{b4aeee5d-8269-4a39-b278-dc65f78c17e4}\mpengine.dll
2012-08-22 16:20:16 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{ccd47c23-4a17-4974-8d39-ee2c8ed7aa9f}\mpengine.dll
2012-08-22 16:20:15 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{a75ca7a9-da2c-4567-aaa7-920d6afed345}\mpengine.dll
2012-08-22 16:20:14 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{260353df-7d19-4975-b1eb-1b1d863bd7c2}\mpengine.dll
2012-08-20 05:23:46 -------- d-----w- c:\users\scott\appdata\local\ManyCam
2012-08-20 05:23:46 -------- d-----w- c:\programdata\ManyCam
2012-08-16 21:19:55 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{f3365910-5076-49a2-8a93-6eab4ddad8a9}\mpengine.dll
2012-08-16 21:19:55 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{4f704c69-cffc-4356-85c2-5182146dd631}\mpengine.dll
2012-08-16 21:19:55 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{8e0e2212-bc00-4891-b06f-ea823f37ed50}\mpengine.dll
2012-08-16 21:19:54 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{bd8c4505-fb2e-4603-ac13-fa950e326b49}\mpengine.dll
2012-08-16 21:14:14 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{f5560683-1fb9-4deb-a943-3df67ee47348}\mpengine.dll
2012-08-16 21:14:13 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{45fac000-973c-452c-9728-fff7fd2239f8}\mpengine.dll
2012-08-16 21:14:13 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{7b1f15b4-cbe4-43cf-946b-d37fa866aad2}\mpengine.dll
2012-08-16 21:14:12 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{fef8d778-8884-4544-b5d7-3a52a559964e}\mpengine.dll
2012-08-15 07:36:50 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{d903b1c3-3a23-4a20-8173-6527b74a5fa3}\mpengine.dll
2012-08-15 07:36:50 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{49c8d716-a7cd-4cf6-8d44-882e9ad25afa}\mpengine.dll
2012-08-15 07:36:49 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{12d8a86c-9908-4baf-a4b5-3b2da1862649}\mpengine.dll
2012-08-15 07:36:49 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{a00f7b16-adfd-4d3c-a15c-2a98d3868237}\mpengine.dll
2012-08-15 07:30:45 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{2fe2f8d1-3572-4c60-becb-cb9a52482a12}\mpengine.dll
2012-08-15 07:30:45 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{c33d4418-6412-42d2-af84-213648c3d809}\mpengine.dll
2012-08-15 07:30:44 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{2bb9d4d3-fc7a-47ee-a529-581ec0c05305}\mpengine.dll
2012-08-15 07:30:44 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{1c5e3ccb-a7f1-48d8-b5f1-47c20c507e73}\mpengine.dll
2012-08-15 07:04:59 -------- d-----w- C:\afca7e5c0cda9ff863ad8a5f631811b4
2012-08-15 06:07:19 623616 ----a-w- c:\windows\system32\localspl.dll
2012-08-14 02:28:07 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{52263c84-4980-42f0-841f-9edb646182d7}\mpengine.dll
2012-08-14 02:28:07 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{cc029629-c71d-4514-b793-a1e02de5b6f6}\mpengine.dll
2012-08-14 02:28:06 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{ba06ed40-f47f-4fcd-809b-cabb99a6634f}\mpengine.dll
2012-08-14 02:28:06 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{d490fc44-75f1-4f6b-ae73-9557ead883e1}\mpengine.dll
2012-08-14 02:22:31 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{11bd6121-9683-4eaa-a213-1acc1bd94f34}\mpengine.dll
2012-08-14 02:22:31 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{5832af30-365a-4d86-8fa1-be6f54b2139f}\mpengine.dll
2012-08-14 02:22:30 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{1167d996-3bdd-477d-a0a5-32d196c5c7ae}\mpengine.dll
2012-08-14 02:22:30 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{5ef442d4-9539-43e9-9837-7391e732a12d}\mpengine.dll
2012-08-13 17:35:32 5115584 ----a-w- c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
2012-08-12 05:48:41 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{2ea71915-40bc-4104-bb50-061121875d34}\mpengine.dll
2012-08-12 05:48:41 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{26b6299f-a999-41d3-97d2-d9710cda3af8}\mpengine.dll
2012-08-12 05:48:40 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{a4e5ebec-4837-4e35-aedd-4f79e8330c11}\mpengine.dll
2012-08-12 05:48:39 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{4bc29fd0-824c-41a2-890d-7b9e09f04c12}\mpengine.dll
2012-08-12 05:44:07 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{ad587c5b-c284-417f-b66d-ce727f9ee7e7}\mpengine.dll
2012-08-12 05:44:07 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{d568daeb-c80a-43cd-8a3a-171eb35bb73e}\mpengine.dll
2012-08-12 05:44:07 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{d53fa52f-c5cd-42eb-aeef-297cf6dfd624}\mpengine.dll
2012-08-12 05:44:06 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{ca25c98f-511f-4521-a030-09851cdad1a6}\mpengine.dll
2012-08-10 07:04:54 -------- d-----w- c:\users\scott\appdata\local\{3E0DCCFD-5A8E-4ACA-BB53-408C938B4ED5}
2012-08-10 07:04:43 -------- d-----w- c:\users\scott\appdata\local\{3CEE8BA7-5737-4375-9390-34F2D7550B25}
2012-08-09 19:00:22 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{c2dc6eb5-b5bb-4d79-9e20-3746f448726b}\mpengine.dll
2012-08-09 19:00:21 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{4c3f09d3-d511-4d4e-bfcb-384864087afc}\mpengine.dll
2012-08-09 19:00:21 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{9ddb6c6d-ce3e-4e55-8d17-80306abd67e1}\mpengine.dll
2012-08-09 19:00:21 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{b5321671-22a7-41a6-b308-c5960c336f9b}\mpengine.dll
2012-08-09 18:54:53 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{ff38062f-0bc3-4b12-8715-3e1d9341a0dd}\mpengine.dll
2012-08-09 18:54:52 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{a0d92967-6774-44e8-808f-c292a1722a32}\mpengine.dll
2012-08-09 18:54:52 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{2d517496-336c-47e4-8a8d-9bab34e5bd32}\mpengine.dll
2012-08-09 18:54:51 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{56ef9aae-d416-4990-b4fa-b2f6e7f6fe8f}\mpengine.dll
2012-08-09 06:10:02 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{8289f618-d433-4f14-954d-1742354212e7}\mpengine.dll
2012-08-09 06:10:02 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{73b2d34e-8240-4bcb-87ad-f6942072857c}\mpengine.dll
2012-08-09 06:10:01 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{f2897db9-ff4b-4e2e-925c-e138c9db6a9b}\mpengine.dll
2012-08-09 06:10:01 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{8fd65e23-816a-45c8-81fc-a789970b07bf}\mpengine.dll
2012-08-09 06:05:39 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{378cf202-75bb-44c1-9070-a702f3b499ba}\mpengine.dll
2012-08-09 06:05:39 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{10f66117-0d1a-4c81-bff8-ea11a79d6b18}\mpengine.dll
2012-08-09 06:05:36 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{d825eab8-20e1-4cb3-a24f-98fc89fd4101}\mpengine.dll
2012-08-09 06:05:35 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{a12997f9-5336-4dc6-9cc8-6da7ce1817b5}\mpengine.dll
2012-08-08 00:53:56 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{9e63a448-21db-4a18-abf2-d7ec19f0e609}\mpengine.dll
2012-08-08 00:53:55 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{876d0889-0a3a-40db-88dc-5850a70fef4f}\mpengine.dll
2012-08-08 00:53:54 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{551c37fe-23a8-4b70-944c-9900b28be94a}\mpengine.dll
2012-08-08 00:53:53 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{f62f22a4-1b74-4ded-a4fd-852cbaa9f813}\mpengine.dll
2012-08-08 00:49:22 3308624 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{bd94b715-eac2-469e-991a-31921eb08756}\mpengine.dll
2012-08-08 00:49:22 3308624 ------w- c:\programdata\microsoft\onecare protection\definition updates\{506c95b5-bac8-4332-8f46-961cb482e0eb}\mpengine.dll
2012-08-08 00:49:21 5395280 ------w- c:\programdata\microsoft\onecare protection\definition updates\{5a5832df-1608-4ee1-bc54-8603f905c840}\mpengine.dll
2012-08-08 00:49:20 5395280 ----a-w- c:\programdata\microsoft\onecare protection\definition updates\{c226ef3c-83d3-4516-9eee-3adec7838b36}\mpengine.dll
.
==================== Find3M ====================
.
2012-08-15 02:22:51 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-08-15 02:22:51 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-06 02:06:30 772544 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-06 02:06:20 687544 ----a-w- c:\windows\system32\deployJava1.dll
2012-07-04 14:02:46 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-06-29 00:16:58 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-06-29 00:09:01 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-06-29 00:08:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-06-29 00:04:43 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-06-29 00:00:45 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 15:14:11.86 ===============

#5 Ass4ssinXIV

Ass4ssinXIV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 06 September 2012 - 02:19 PM

Results of screen317's Security Check version 0.99.50
Windows Vista Service Pack 2 x86 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Live OneCare
(On Access scanning disabled!)
Error obtaining update status for antivirus!
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Microsoft Windows OneCare Live AntiSpyware and AntiVirus
Malwarebytes Anti-Malware version 1.62.0.1300
JavaFX 2.1.1
Java™ 6 Update 30
Java™ 7 Update 5
Java™ SE Runtime Environment 6
Java version out of Date!
Adobe Flash Player 11.3.300.271
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (3.6.25) Firefox out of Date!
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSASCui.exe
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
windows defender MSASCui.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

#6 Ass4ssinXIV

Ass4ssinXIV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 06 September 2012 - 02:21 PM

# AdwCleaner v2.000 - Logfile created 09/06/2012 at 15:20:41
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Scott - STEPHIELOO-PC
# Boot Mode : Normal
# Running from : C:\Users\Scott\Downloads\adwcleaner (1).exe
# Option [Search]


***** [Services] *****

Found : Viewpoint Manager Service

***** [Files / Folders] *****

File Found : C:\Program Files\Mozilla Firefox\.autoreg
File Found : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Found : C:\user.js
File Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\searchplugins\Askcom.xml
File Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\searchplugins\Conduit.xml
File Found : C:\Users\Stephie Loo\AppData\Roaming\Mozilla\Firefox\Profiles\jti1yhw4.default\searchplugins\Askcom.xml
File Found : C:\Users\Stephie Loo\AppData\Roaming\Mozilla\Firefox\Profiles\jti1yhw4.default\searchplugins\mywebsearch.xml
Folder Found : C:\Program Files\Ask.com
Folder Found : C:\Program Files\BabylonToolbar
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\Crawler
Folder Found : C:\Program Files\Dogpile Bundle Toolbar
Folder Found : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Found : C:\Program Files\PriceGong
Folder Found : C:\Program Files\uTorrentBar
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\Anti-phishing Domain Advisor
Folder Found : C:\ProgramData\Ask
Folder Found : C:\ProgramData\Babylon
Folder Found : C:\ProgramData\blekko toolbars
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\ProgramData\Trymedia
Folder Found : C:\ProgramData\Viewpoint
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\lll\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\lll\AppData\LocalLow\AVG Secure Search
Folder Found : C:\Users\lll\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\lll\AppData\LocalLow\Conduit
Folder Found : C:\Users\lll\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\lll\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\lll\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\lll\AppData\LocalLow\PriceGong
Folder Found : C:\Users\lll\AppData\LocalLow\uTorrentBar
Folder Found : C:\Users\Scott\AppData\Local\APN
Folder Found : C:\Users\Scott\AppData\Local\Conduit
Folder Found : C:\Users\Scott\AppData\LocalLow\AskToolbar
Folder Found : C:\Users\Scott\AppData\LocalLow\BabylonToolbar
Folder Found : C:\Users\Scott\AppData\LocalLow\boost_interprocess
Folder Found : C:\Users\Scott\AppData\LocalLow\Conduit
Folder Found : C:\Users\Scott\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Scott\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\Scott\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\Scott\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Scott\AppData\LocalLow\uTorrentBar
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\Conduit
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\ConduitCommon
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\ConduitEngine
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\CT2786678
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\ffxtlbr@babylon.com
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\plugin@yontoo.com
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\toolbar@ask.com
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\wecarereminder@bryan
Folder Found : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\FCTB
Folder Found : C:\Users\Stephie Loo\AppData\Local\AskToolbar
Folder Found : C:\Users\Stephie Loo\AppData\Local\OpenCandy
Folder Found : C:\Users\Stephie Loo\AppData\LocalLow\ConduitEngine
Folder Found : C:\Users\Stephie Loo\AppData\LocalLow\facemoods.com
Folder Found : C:\Users\Stephie Loo\AppData\LocalLow\FunWebProducts
Folder Found : C:\Users\Stephie Loo\AppData\LocalLow\MyWebSearch
Folder Found : C:\Users\Stephie Loo\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Stephie Loo\AppData\LocalLow\ShoppingReport2
Folder Found : C:\Users\Stephie Loo\AppData\LocalLow\uTorrentBar
Folder Found : C:\Users\Stephie Loo\AppData\LocalLow\Viewpoint
Folder Found : C:\Users\Stephie Loo\AppData\Roaming\Mozilla\Firefox\Profiles\jti1yhw4.default\extensions\toolbar@ask.com
Folder Found : C:\Users\Stephie Loo\AppData\Roaming\OpenCandy
Folder Found : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Found : HKCU\Software\APN
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\CompeteInc
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Found : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AE42AC4-6A97-4436-9FEF-FC05F6812572}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\Software\APN
Key Found : HKLM\Software\AskToolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\BabylonToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Found : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Found : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2AE42AC4-6A97-4436-9FEF-FC05F6812572}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Found : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Found : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Found : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\SOFTWARE\FCTB000060231
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79C2FC74-9DAC-4B37-B32B-62B438062939}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1F09023-6AB6-47BE-9510-3211380BA933}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AE42AC4-6A97-4436-9FEF-FC05F6812572}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\uTorrentBar
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-3025375510-3529732864-2286197025-1001\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKU\S-1-5-21-3025375510-3529732864-2286197025-1001\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=3966C83844E0604A4E34444FE585BDBA&tbp=homepage

-\\ Mozilla Firefox v3.6.25 (en-US)

Profile name : default
File : C:\Users\Stephie Loo\AppData\Roaming\Mozilla\Firefox\Profiles\jti1yhw4.default\prefs.js

Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.cbid", "OE");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Found : user_pref("extensions.asktb.dtid", "VIN003YYUS");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.avg.com/route/?d=4bc88b8e&v=6.0[...]
Found : user_pref("extensions.asktb.fresh-install", false);
Found : user_pref("extensions.asktb.guid", "8CFF24BB-FCC7-4B7C-B554-A0D15113F536");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "<html><head><meta hxxp-equiv=\"Content-Ty[...]
Found : user_pref("extensions.asktb.if", "su");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1306559366288");
Found : user_pref("extensions.asktb.locale", "en_US");
Found : user_pref("extensions.asktb.o", "16046");
Found : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.r", "2");
Found : user_pref("extensions.asktb.sa", "YES");
Found : user_pref("extensions.asktb.saguid", "A2D88656-DC25-42C5-BC18-3E170C939153");
Found : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.search-suggestions-uri", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li[...]
Found : user_pref("extensions.asktb.silent-upgrade", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.to", "16104");
Found : user_pref("extensions.asktb.version", "5.11.3.15590");
Found : user_pref("browser.search.defaultenginename", "Blekko");
Found : user_pref("browser.search.selectedEngine", "Blekko");
Found : user_pref("browser.search.order.1", "Blekko");
Found : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=39[...]

Profile name : default
File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\prefs.js

Found : user_pref("CT2786678..clientLogIsEnabled", true);
Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2786678.AppTrackingLastCheckTime", "Thu Dec 29 2011 01:20:32 GMT-0500 (Eastern Standard[...]
Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Found : user_pref("CT2786678.CTID", "CT2786678");
Found : user_pref("CT2786678.CurrentServerDate", "29-12-2011");
Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Wed Dec 28 2011 04:14:31 GMT-0500 (Eastern Standa[...]
Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Found : user_pref("CT2786678.EMailNotifierPollDate", "Thu Dec 29 2011 01:20:21 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Thu Dec 29 2011 01:20:28 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Thu Dec 29 2011 01:20:24 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Thu Dec 29 2011 01:20:23 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Thu Dec 29 2011 01:20:23 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Thu Dec 29 2011 01:20:27 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Thu Dec 29 2011 01:20:27 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Thu Dec 29 2011 01:20:23 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Thu Dec 29 2011 01:20:28 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Thu Dec 29 2011 01:20:27 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Thu Dec 29 2011 01:20:27 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Thu Dec 29 2011 01:20:23 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2786678.FirstServerDate", "26-6-2011");
Found : user_pref("CT2786678.FirstTime", true);
Found : user_pref("CT2786678.FirstTimeFF3", true);
Found : user_pref("CT2786678.FixPageNotFoundErrors", false);
Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Found : user_pref("CT2786678.HomePageProtectorEnabled", false);
Found : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
Found : user_pref("CT2786678.Initialize", true);
Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Found : user_pref("CT2786678.InstalledDate", "Sun Jun 26 2011 04:03:19 GMT-0400 (Eastern Daylight Time)");
Found : user_pref("CT2786678.IsAlertDBUpdated", true);
Found : user_pref("CT2786678.IsGrouping", false);
Found : user_pref("CT2786678.IsMulticommunity", false);
Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Wed Dec 28 2011 04:14:26 GMT-0500 (Eastern Standar[...]
Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2786678.LastLogin_3.3.3.2", "Thu Dec 29 2011 01:20:21 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT2786678.LastLogin_3.8.1.0", "Thu Dec 29 2011 01:22:03 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT2786678.LatestVersion", "3.8.1.0");
Found : user_pref("CT2786678.Locale", "en");
Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Found : user_pref("CT2786678.MCDetectTooltipShow", false);
Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2786678.SavedHomepage", "About:Blank");
Found : user_pref("CT2786678.SearchBoxWidth", 122);
Found : user_pref("CT2786678.SearchEngineBeforeUnload", "AVG Secure Search");
Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Wed Dec 28 2011 04:14:25 GMT-0500 (Eastern Stand[...]
Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2786678.SearchProtectorEnabled", false);
Found : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Dec 28 2011 04:14:23 GMT-0500 (Eastern Standard [...]
Found : user_pref("CT2786678.SettingsLastCheckTime", "Thu Dec 29 2011 01:20:20 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("CT2786678.SettingsLastUpdate", "1325059723");
Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Fri Dec 23 2011 00:49:19 GMT-0500 (Eastern Sta[...]
Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2786678.UserID", "UN34630137262510859");
Found : user_pref("CT2786678.ValidationData_Toolbar", 1);
Found : user_pref("CT2786678.WeatherNetwork", "");
Found : user_pref("CT2786678.WeatherPollDate", "Thu Dec 29 2011 01:20:28 GMT-0500 (Eastern Standard Time)");
Found : user_pref("CT2786678.WeatherUnit", "F");
Found : user_pref("CT2786678.alertChannelId", "1178763");
Found : user_pref("CT2786678.approveUntrustedApps", false);
Found : user_pref("CT2786678.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT2786678.backendstorage.cbfirsttime", "546875204E6F7620303320323031312031333A33383A35322[...]
Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F6D6F746865726C6573732E636F6D2F73656[...]
Found : user_pref("CT2786678.backendstorage.url_history_time", "31333235303635323738383330");
Found : user_pref("CT2786678.components.1000034", false);
Found : user_pref("CT2786678.components.1000234", false);
Found : user_pref("CT2786678.components.129295698017012804", false);
Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Thu Dec 29 2011 01:20:22 GMT-0500 (Eastern [...]
Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2786678.initDone", true);
Found : user_pref("CT2786678.isAppTrackingManagerOn", true);
Found : user_pref("CT2786678.myStuffEnabled", true);
Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Found : user_pref("CT2786678.testingCtid", "");
Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Wed Dec 28 2011 04:14:26 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Dec 29 2011 01:22:03 GMT-0500 (Eastern S[...]
Found : user_pref("CT2786678.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"a11[...]
Found : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Found : user_pref("CommunityToolbar.IsEngineShown", true);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Scott\\AppData\\Roaming\\Mozilla\\F[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4bc88b8e&[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,ConduitEngine");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,ConduitEngine");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 26 2011 04:03:16 GMT-04[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Dec 28 2011 04:14:35 GMT-0500 (Easte[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Dec 28 2011 04:14:23 GMT-0500 (Eastern S[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "aace0e28-6b7b-4bea-9dd3-79e3cce6af4d");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Dec 29 2011 01:22:10 GMT-0500 (Eas[...]
Found : user_pref("CommunityToolbar.globalUserId", "13bea898-c1f5-4bd5-ab32-73b826618873");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "ConduitEngine");
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Dec 29 2011 01:22:1[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Dec 29 2011 01:22:22 GMT-050[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Dec 29 2011 01:22:03 GMT-0500 (E[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "032a3363-e3de-4de5-9ac3-0baa1788c3e0");
Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Dec 29 2011 01:20:36 GMT-0500 (Eastern Stan[...]
Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Dec 28 2011 04:14:36 GMT-0500 (Eastern St[...]
Found : user_pref("ConduitEngine.FirstServerDate", "06/26/2011 11");
Found : user_pref("ConduitEngine.FirstTime", true);
Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Found : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Found : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Found : user_pref("ConduitEngine.Initialize", true);
Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Found : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Found : user_pref("ConduitEngine.InstalledDate", "Sun Jun 26 2011 04:03:19 GMT-0400 (Eastern Daylight Time)"[...]
Found : user_pref("ConduitEngine.IsMulticommunity", false);
Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Found : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Dec 28 2011 04:14:35 GMT-0500 (Eastern Sta[...]
Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Dec 29 2011 01:20:26 GMT-0500 (Eastern Standard Ti[...]
Found : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Found : user_pref("ConduitEngine.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13"[...]
Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Found : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Dec 29 2011 01:20:26 GMT-0500 (Eastern Standar[...]
Found : user_pref("ConduitEngine.Uninstall", true);
Found : user_pref("ConduitEngine.UserID", "UN23361543788315753");
Found : user_pref("ConduitEngine.engineLocale", "en-US");
Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Dec 28 2011 04:14:35 GMT-0500 (Easte[...]
Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Dec 29 2011 01:20:26 GMT-0500 (East[...]
Found : user_pref("ConduitEngine.initDone", true);
Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Found : user_pref("browser.search.defaultengine", "Ask.com");
Found : user_pref("browser.search.defaultenginename", "Ask.com");
Found : user_pref("browser.search.defaultthis.engineName", "Conduit Engine Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine[...]
Found : user_pref("browser.search.order.1", "Ask.com");
Found : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 15);
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Found : user_pref("extensions.BabylonToolbar.lastDP", 15);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Found : user_pref("extensions.BabylonToolbar.newTab", false);
Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Found : user_pref("extensions.BabylonToolbar.propectorlck", 70355558);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Found : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Found : user_pref("extensions.asktb.abar-war-timeout", "4000");
Found : user_pref("extensions.asktb.apn_dbr", "cr_17.0.963.79");
Found : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Found : user_pref("extensions.asktb.cbid", "5I");
Found : user_pref("extensions.asktb.config-updated", false);
Found : user_pref("extensions.asktb.cr-o", "102868cr");
Found : user_pref("extensions.asktb.crumb", "2012.03.19+16.17.42-toolbar016iad-US-Tm9yZm9sayxWQSxVbml0ZWQgU3[...]
Found : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Found : user_pref("extensions.asktb.displaybehavior", "");
Found : user_pref("extensions.asktb.displaytext", "");
Found : user_pref("extensions.asktb.dtid", "YYYYYYNCUS");
Found : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Found : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USVA0557");
Found : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Found : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://isearch.avg.com/search?cid=%7B5e93365d[...]
Found : user_pref("extensions.asktb.guid", "2648aa59-2bca-4f2f-98d1-3fcfe46466da");
Found : user_pref("extensions.asktb.hpr", "YES");
Found : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Found : user_pref("extensions.asktb.if", "first");
Found : user_pref("extensions.asktb.l", "dis");
Found : user_pref("extensions.asktb.last-config-req", "1334022523422");
Found : user_pref("extensions.asktb.last-v", "3.14.1.100010");
Found : user_pref("extensions.asktb.locale", "en_US");
Found : user_pref("extensions.asktb.location", "Norfolk,VA,United States");
Found : user_pref("extensions.asktb.lstation", "");
Found : user_pref("extensions.asktb.new-tab-enabled", true);
Found : user_pref("extensions.asktb.news-native-on", true);
Found : user_pref("extensions.asktb.o", "102868");
Found : user_pref("extensions.asktb.pstate", "");
Found : user_pref("extensions.asktb.qsrc", "2871");
Found : user_pref("extensions.asktb.sa", "YES");
Found : user_pref("extensions.asktb.saguid", "21E205A5-65B3-4C48-A83C-82873D410C9E");
Found : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Found : user_pref("extensions.asktb.search-suggestions-enabled", true);
Found : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Found : user_pref("extensions.asktb.socialmini-first", true);
Found : user_pref("extensions.asktb.socialmini-interval", "1200000");
Found : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Found : user_pref("extensions.asktb.socialmini-max-items", "30");
Found : user_pref("extensions.asktb.socialmini-native-on", true);
Found : user_pref("extensions.asktb.socialmini-speed", "10000");
Found : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Found : user_pref("extensions.asktb.themeid", "");
Found : user_pref("extensions.asktb.timeinstalled", "3/19/2012 7:18:51 PM");
Found : user_pref("extensions.asktb.to", "");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.DNSCatch", false);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.FirstLaunchShown", true);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.LastDate", 15);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.customNewTab", false);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.currentOffset", -133);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.CaptureType", 3);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20120315.connection_e[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20120315.invalid_cert[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20120315.server_error[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20120315.success", 0)[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.currentOffset", -315);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.dcaConfigInterval", "1440");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.enableVoicebox", false);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.epochTimeInterval", "1440");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.eulaVersion", 20110301);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSInterval", "1440");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSRshInterval", "1440");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSSerpInterval", "1440");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSShoppingcartInterval", "1440"[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigModification", "Fri, 02 Ma[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigTime", "1331795592860");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigUrl", "hxxps://dcs-config.[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaStatus", 1);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEpochTime", "1331795566560");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEpochTimeUrl", "hxxps://dcs.consume[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEventSendAttemptDate", "20120315");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEventSendSuccessDate", "20120315");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSModification", "Thu, 08 M[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSRshModification", "Tue, 1[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSRshTime", "1331795575914"[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSRshUrl", "hxxps://dcs-fil[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSSerpModification", "Thu, [...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSSerpTime", "1331795556370[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSSerpUrl", "hxxps://dcs-fi[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSShoppingcartModification"[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSShoppingcartTime", "13317[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSShoppingcartUrl", "hxxps:[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSTime", "1331795556346");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSUrl", "hxxps://dcs-files.[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPingTime", "1331795592483");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPrivacyRulesModification", "Mon, 05[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPrivacyRulesTime", "1331795551266")[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPrivacyRulesUrl", "hxxps://dcs-file[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastWhitelistModification", "Fri, 09 Ma[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastWhitelistTime", "1331795574112");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastWhitelistUrl", "hxxps://dcs-files.c[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.panelID", "freecausefox");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.pingInterval", "1440");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyFailures", 0);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyFailuresThreshold", 15);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyRulesInterval", "1440");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.probationLength", 14400);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.rulesVersion", "1743");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.userID", "FCZ3F9L44634621");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.version", "1.7.0.9392");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.whitelistInterval", "1440");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dcaConfigInterval", 86400000);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.enableUserIdentification", false);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.epochTimeInterval", 86400000);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.eulaVersion", 0);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.externalJSInterval", 86400000);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.externalJSSerpInterval", 86400000);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.externalJSShoppingcartInterval", 86400000);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.installDate", "12292011");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastDcaConfigModification", "");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastDcaConfigTime", "1325063678452");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastDcaConfigUrl", "hxxps://dcs-config.cons[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastEpochTime", "1325063674484");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSModification", "Mon, 28 Nov 2[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSSerpModification", "Mon, 28 N[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSSerpTime", "1325063685110");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSSerpUrl", "hxxps://dcs-files.[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSShoppingcartModification", "W[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSShoppingcartTime", "132506368[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSShoppingcartUrl", "hxxps://dc[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSTime", "1325063680415");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSUrl", "hxxps://dcs-files.cons[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPingTime", 1325063668);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPrivacyRulesModification", "Tue, 20 Dec[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPrivacyRulesTime", "1325063678315");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPrivacyRulesUrl", "hxxps://dcs-files.co[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastVoiceboxRulesModification", "Tue, 23 Au[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastVoiceboxRulesTime", "1314344721418");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastVoiceboxRulesUrl", "hxxps://dcs-files.c[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastWhitelistModification", "Sat, 24 Dec 20[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastWhitelistTime", "1325063680404");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastWhitelistUrl", "hxxps://dcs-files.consu[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.privacyFailures", 0);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.privacyFailuresThreshold", 15);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.privacyRulesInterval", 86400000);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.probationLength", 14400);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.rulesVersion", "1603");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.version", "1.0.30");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.voicebox.campaigns", "");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.voiceboxRulesInterval", 889032704);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.whitelistInterval", 86400000);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.installDate", "08262011");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.processAddrBar", false);
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.tb_lang", "en");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.user_id", "44634621");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.dcaAlertShown", "1");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.disablecuidinject", "1");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.lastcheck", "Sat%20Dec%2031%202011%2013%3A[...]
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.version", "0");
Found : user_pref("freecause46d606b0a64511df981c0800200c9a66.yahooSearch", false);
Found : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B5e93365d-db26-47ac-839e-325ccb7c231d%[...]

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Stephie Loo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Preferences

Found [l.12] : homepage = "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=3966C83844E0604A4E34444FE585BDBA&tbp=homepage",
Found [l.16] : urls_to_restore_on_startup = [ "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=3966C83844E0604A4E34444FE585BDBA&tbp=homepage" ]
Found [l.57] : keyword = "blekko",
Found [l.60] : search_url = "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=3966C83844E0604A4E34444FE585BDBA&q={searchTerms}",
Found [l.1289] : homepage = "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=3966C83844E0604A4E34444FE585BDBA&tbp=homepage",
Found [l.1832] : urls_to_restore_on_startup = [ "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=3966C83844E0604A4E34444FE585BDBA&tbp=homepage" ]

File : C:\Users\lll\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Users\Stephie Loo\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Scott\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [60321 octets] - [06/09/2012 15:20:41]

########## EOF - C:\AdwCleaner[R1].txt - [60382 octets] ##########

#7 Ass4ssinXIV

Ass4ssinXIV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 06 September 2012 - 02:26 PM

The computer has run fine since I ran the combo of Malwarebytes, Hitman Pro, and RogueKiller <- which detected Zeroaccess. I then ran ESET, which found even more (I have the log if you'd like to see it), and deleted/quarantined. Re-ran Roguekiller, and it did not detect zeroaccess. I am unsure if it is still active in my computer.

Edited by Ass4ssinXIV, 06 September 2012 - 02:27 PM.


#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:44 PM

Posted 07 September 2012 - 06:40 AM

No traces of ZeroAccess infection. Please execute these instructions.

Secure your system by updating 3rd party programs.

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.

Check your present version and update as recommended.
https://www.java.com/en/download/installed.jsp

If present remove the old version(s) of Java using the Add/Remove Programs applet.


Java™ 6 Update 30
Java™ 7 Update 5
Java™ SE Runtime Environment 6


===

Get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.
===

Remove the AdWare, PUP (Potentially Unwanted Program) found.

  • Please close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with OK.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Sn].txt as well - n is the order number.


#9 Ass4ssinXIV

Ass4ssinXIV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 08 September 2012 - 02:39 AM

# AdwCleaner v2.000 - Logfile created 09/08/2012 at 03:29:27
# Updated 30/08/2012 by Xplode
# Operating system : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# User : Scott - STEPHIELOO-PC
# Boot Mode : Normal
# Running from : C:\Users\Scott\Downloads\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : Viewpoint Manager Service

***** [Files / Folders] *****

File Deleted : C:\Program Files\Mozilla Firefox\.autoreg
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml
File Deleted : C:\user.js
File Deleted : C:\Users\Scott\AppData\Local\funmoods.crx
File Deleted : C:\Users\Scott\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Stephie Loo\AppData\Roaming\Mozilla\Firefox\Profiles\jti1yhw4.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Stephie Loo\AppData\Roaming\Mozilla\Firefox\Profiles\jti1yhw4.default\searchplugins\mywebsearch.xml
Folder Deleted : C:\Program Files\Ask.com
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Crawler
Folder Deleted : C:\Program Files\Dogpile Bundle Toolbar
Folder Deleted : C:\Program Files\Funmoods
Folder Deleted : C:\Program Files\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Folder Deleted : C:\Program Files\Playbryte
Folder Deleted : C:\Program Files\PriceGong
Folder Deleted : C:\Program Files\uTorrentBar
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\Program Files\Yontoo
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\ProgramData\Viewpoint
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\lll\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\lll\AppData\LocalLow\AVG Secure Search
Folder Deleted : C:\Users\lll\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\lll\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\lll\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\lll\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\lll\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\lll\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\lll\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Scott\AppData\Local\APN
Folder Deleted : C:\Users\Scott\AppData\Local\Conduit
Folder Deleted : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Folder Deleted : C:\Users\Scott\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Scott\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Scott\AppData\LocalLow\boost_interprocess
Folder Deleted : C:\Users\Scott\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Scott\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Scott\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Scott\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Scott\AppData\LocalLow\Playbryte
Folder Deleted : C:\Users\Scott\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Scott\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\Conduit
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\ConduitCommon
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\ConduitEngine
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\CT2786678
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\playbryte@playbryte.com
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\plugin@yontoo.com
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\extensions\wecarereminder@bryan
Folder Deleted : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\FCTB
Folder Deleted : C:\Users\Stephie Loo\AppData\Local\AskToolbar
Folder Deleted : C:\Users\Stephie Loo\AppData\Local\OpenCandy
Folder Deleted : C:\Users\Stephie Loo\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Stephie Loo\AppData\LocalLow\facemoods.com
Folder Deleted : C:\Users\Stephie Loo\AppData\LocalLow\FunWebProducts
Folder Deleted : C:\Users\Stephie Loo\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\Stephie Loo\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Stephie Loo\AppData\LocalLow\ShoppingReport2
Folder Deleted : C:\Users\Stephie Loo\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Stephie Loo\AppData\LocalLow\Viewpoint
Folder Deleted : C:\Users\Stephie Loo\AppData\Roaming\Mozilla\Firefox\Profiles\jti1yhw4.default\extensions\toolbar@ask.com
Folder Deleted : C:\Users\Stephie Loo\AppData\Roaming\OpenCandy
Folder Deleted : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}

***** [Registry] *****

Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Fun Web Products
Key Deleted : HKCU\Software\AppDataLow\Software\MyWebSearch
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Anti-phishing Domain Advisor
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\BabylonToolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\mywebsearch bar uninstall
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Playbryte
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\PriceGong
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentBar Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2AE42AC4-6A97-4436-9FEF-FC05F6812572}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{835315FC-1BF6-4CA9-80CD-F6C158D40692}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\BHO.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\PriceGongIE.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2AE42AC4-6A97-4436-9FEF-FC05F6812572}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67FA02C4-AB30-4e77-A640-78EE8EC8673B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escrtBtn.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.funmoodsESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Deleted : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BFE569F7-646C-4512-969B-9BE3E580D393}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1561552
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\SOFTWARE\FCTB000060231
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{79C2FC74-9DAC-4B37-B32B-62B438062939}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E1F09023-6AB6-47BE-9510-3211380BA933}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61E0EF7A-9BC0-45ea-9B2F-F3E9F02692BD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{2AE42AC4-6A97-4436-9FEF-FC05F6812572}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Funmoods
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceGong
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Playbryte
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B278D9F8-0FA9-465E-9938-0C392605D8E3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0F0FyBzyyDyByE0BtB0CzzzztA0AtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1195332251 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0F0FyBzyyDyByE0BtB0CzzzztA0AtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1195332251 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=3966C83844E0604A4E34444FE585BDBA&tbp=homepage --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://start.funmoods.com/?f=2&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0F0FyBzyyDyByE0BtB0CzzzztA0AtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1195332251 --> hxxp://www.google.com

-\\ Mozilla Firefox v3.6.25 (en-US)

Profile name : default
File : C:\Users\Stephie Loo\AppData\Roaming\Mozilla\Firefox\Profiles\jti1yhw4.default\prefs.js

C:\Users\Stephie Loo\AppData\Roaming\Mozilla\Firefox\Profiles\jti1yhw4.default\user.js ... Deleted !

Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.cbid", "OE");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.dtid", "VIN003YYUS");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.avg.com/route/?d=4bc88b8e&v=6.0[...]
Deleted : user_pref("extensions.asktb.fresh-install", false);
Deleted : user_pref("extensions.asktb.guid", "8CFF24BB-FCC7-4B7C-B554-A0D15113F536");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "<html><head><meta hxxp-equiv=\"Content-Ty[...]
Deleted : user_pref("extensions.asktb.if", "su");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1306559366288");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.o", "16046");
Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.r", "2");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "A2D88656-DC25-42C5-BC18-3E170C939153");
Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.search-suggestions-uri", "hxxp://ss.websearch.ask.com/query?qsrc=2922&li[...]
Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.to", "16104");
Deleted : user_pref("extensions.asktb.version", "5.11.3.15590");
Deleted : user_pref("browser.search.defaultenginename", "Blekko");
Deleted : user_pref("browser.search.selectedEngine", "Blekko");
Deleted : user_pref("browser.search.order.1", "Blekko");
Deleted : user_pref("keyword.URL", "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=39[...]

Profile name : default
File : C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\prefs.js

C:\Users\Scott\AppData\Roaming\Mozilla\Firefox\Profiles\4gpwynx2.default\user.js ... Deleted !

Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Thu Dec 29 2011 01:20:32 GMT-0500 (Eastern Standard[...]
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "29-12-2011");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Wed Dec 28 2011 04:14:31 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Thu Dec 29 2011 01:20:21 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Thu Dec 29 2011 01:20:28 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Thu Dec 29 2011 01:20:24 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Thu Dec 29 2011 01:20:23 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Thu Dec 29 2011 01:20:23 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Thu Dec 29 2011 01:20:27 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Thu Dec 29 2011 01:20:27 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Thu Dec 29 2011 01:20:23 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Thu Dec 29 2011 01:20:28 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Thu Dec 29 2011 01:20:27 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Thu Dec 29 2011 01:20:27 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Thu Dec 29 2011 01:20:23 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "26-6-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=&SearchSource=13");
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Sun Jun 26 2011 04:03:19 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Wed Dec 28 2011 04:14:26 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Thu Dec 29 2011 01:20:21 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2786678.LastLogin_3.8.1.0", "Thu Dec 29 2011 01:22:03 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.8.1.0");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.SavedHomepage", "About:Blank");
Deleted : user_pref("CT2786678.SearchBoxWidth", 122);
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "AVG Secure Search");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Wed Dec 28 2011 04:14:25 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Wed Dec 28 2011 04:14:23 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Thu Dec 29 2011 01:20:20 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1325059723");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Fri Dec 23 2011 00:49:19 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN34630137262510859");
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Thu Dec 29 2011 01:20:28 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "F");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Deleted : user_pref("CT2786678.backendstorage.cb_firstuse0100", "31");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "546875204E6F7620303320323031312031333A33383A35322[...]
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F6D6F746865726C6573732E636F6D2F73656[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333235303635323738383330");
Deleted : user_pref("CT2786678.components.1000034", false);
Deleted : user_pref("CT2786678.components.1000234", false);
Deleted : user_pref("CT2786678.components.129295698017012804", false);
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Thu Dec 29 2011 01:20:22 GMT-0500 (Eastern [...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Wed Dec 28 2011 04:14:26 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Dec 29 2011 01:22:03 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"a11[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Scott\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.1.0");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.avg.com/route/?d=4bc88b8e&[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,ConduitEngine");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,ConduitEngine");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jun 26 2011 04:03:16 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Dec 28 2011 04:14:35 GMT-0500 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Dec 28 2011 04:14:23 GMT-0500 (Eastern S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "aace0e28-6b7b-4bea-9dd3-79e3cce6af4d");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Dec 29 2011 01:22:10 GMT-0500 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "13bea898-c1f5-4bd5-ab32-73b826618873");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "ConduitEngine");
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Dec 29 2011 01:22:1[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Dec 29 2011 01:22:22 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Dec 29 2011 01:22:03 GMT-0500 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "032a3363-e3de-4de5-9ac3-0baa1788c3e0");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Dec 29 2011 01:20:36 GMT-0500 (Eastern Stan[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Wed Dec 28 2011 04:14:36 GMT-0500 (Eastern St[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "06/26/2011 11");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Deleted : user_pref("ConduitEngine.InstalledDate", "Sun Jun 26 2011 04:03:19 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Dec 28 2011 04:14:35 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Thu Dec 29 2011 01:20:26 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SavedHomepage", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13"[...]
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Dec 29 2011 01:20:26 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("ConduitEngine.Uninstall", true);
Deleted : user_pref("ConduitEngine.UserID", "UN23361543788315753");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Dec 28 2011 04:14:35 GMT-0500 (Easte[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Thu Dec 29 2011 01:20:26 GMT-0500 (East[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "Conduit Engine Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=ConduitEngine[...]
Deleted : user_pref("browser.search.order.1", "Ask.com");
Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Deleted : user_pref("extensions.BabylonToolbar.aflt", "orgnl");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 15);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 15);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 70355558);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "free");
Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Deleted : user_pref("extensions.asktb.apn_dbr", "cr_17.0.963.79");
Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Deleted : user_pref("extensions.asktb.cbid", "5I");
Deleted : user_pref("extensions.asktb.config-updated", false);
Deleted : user_pref("extensions.asktb.cr-o", "102868cr");
Deleted : user_pref("extensions.asktb.crumb", "2012.03.19+16.17.42-toolbar016iad-US-Tm9yZm9sayxWQSxVbml0ZWQgU3[...]
Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Deleted : user_pref("extensions.asktb.displaybehavior", "");
Deleted : user_pref("extensions.asktb.displaytext", "");
Deleted : user_pref("extensions.asktb.dtid", "YYYYYYNCUS");
Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USVA0557");
Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Deleted : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://isearch.avg.com/search?cid=%7B5e93365d[...]
Deleted : user_pref("extensions.asktb.guid", "2648aa59-2bca-4f2f-98d1-3fcfe46466da");
Deleted : user_pref("extensions.asktb.hpr", "YES");
Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Deleted : user_pref("extensions.asktb.if", "first");
Deleted : user_pref("extensions.asktb.l", "dis");
Deleted : user_pref("extensions.asktb.last-config-req", "1334022523422");
Deleted : user_pref("extensions.asktb.last-v", "3.14.1.100010");
Deleted : user_pref("extensions.asktb.locale", "en_US");
Deleted : user_pref("extensions.asktb.location", "Norfolk,VA,United States");
Deleted : user_pref("extensions.asktb.lstation", "");
Deleted : user_pref("extensions.asktb.new-tab-enabled", true);
Deleted : user_pref("extensions.asktb.news-native-on", true);
Deleted : user_pref("extensions.asktb.o", "102868");
Deleted : user_pref("extensions.asktb.pstate", "");
Deleted : user_pref("extensions.asktb.qsrc", "2871");
Deleted : user_pref("extensions.asktb.sa", "YES");
Deleted : user_pref("extensions.asktb.saguid", "21E205A5-65B3-4C48-A83C-82873D410C9E");
Deleted : user_pref("extensions.asktb.search-plugin-suggestions-url", "hxxp://ss.websearch.ask.com/query?qsrc=[...]
Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Deleted : user_pref("extensions.asktb.socialmini-first", true);
Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Deleted : user_pref("extensions.asktb.themeid", "");
Deleted : user_pref("extensions.asktb.timeinstalled", "3/19/2012 7:18:51 PM");
Deleted : user_pref("extensions.asktb.to", "");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.DNSCatch", false);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.FirstLaunchShown", true);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.LastDate", 15);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.customNewTab", false);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.currentOffset", -133);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.CaptureType", 3);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20120315.connection_e[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20120315.invalid_cert[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20120315.server_error[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.clickSendingStats.20120315.success", 0)[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.currentOffset", -315);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.dcaConfigInterval", "1440");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.enableVoicebox", false);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.epochTimeInterval", "1440");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.eulaVersion", 20110301);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSInterval", "1440");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSRshInterval", "1440");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSSerpInterval", "1440");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.externalJSShoppingcartInterval", "1440"[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigModification", "Fri, 02 Ma[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigTime", "1331795592860");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaConfigUrl", "hxxps://dcs-config.[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastDcaStatus", 1);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEpochTime", "1331795566560");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEpochTimeUrl", "hxxps://dcs.consume[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEventSendAttemptDate", "20120315");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastEventSendSuccessDate", "20120315");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSModification", "Thu, 08 M[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSRshModification", "Tue, 1[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSRshTime", "1331795575914"[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSRshUrl", "hxxps://dcs-fil[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSSerpModification", "Thu, [...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSSerpTime", "1331795556370[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSSerpUrl", "hxxps://dcs-fi[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSShoppingcartModification"[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSShoppingcartTime", "13317[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSShoppingcartUrl", "hxxps:[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSTime", "1331795556346");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastExternalJSUrl", "hxxps://dcs-files.[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPingTime", "1331795592483");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPrivacyRulesModification", "Mon, 05[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPrivacyRulesTime", "1331795551266")[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastPrivacyRulesUrl", "hxxps://dcs-file[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastWhitelistModification", "Fri, 09 Ma[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastWhitelistTime", "1331795574112");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.lastWhitelistUrl", "hxxps://dcs-files.c[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.panelID", "freecausefox");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.pingInterval", "1440");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyFailures", 0);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyFailuresThreshold", 15);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.privacyRulesInterval", "1440");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.probationLength", 14400);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.rulesVersion", "1743");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.userID", "FCZ3F9L44634621");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.version", "1.7.0.9392");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dca.whitelistInterval", "1440");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.dcaConfigInterval", 86400000);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.enableUserIdentification", false);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.epochTimeInterval", 86400000);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.eulaVersion", 0);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.externalJSInterval", 86400000);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.externalJSSerpInterval", 86400000);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.externalJSShoppingcartInterval", 86400000);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.installDate", "12292011");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastDcaConfigModification", "");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastDcaConfigTime", "1325063678452");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastDcaConfigUrl", "hxxps://dcs-config.cons[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastEpochTime", "1325063674484");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSModification", "Mon, 28 Nov 2[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSSerpModification", "Mon, 28 N[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSSerpTime", "1325063685110");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSSerpUrl", "hxxps://dcs-files.[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSShoppingcartModification", "W[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSShoppingcartTime", "132506368[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSShoppingcartUrl", "hxxps://dc[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSTime", "1325063680415");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastExternalJSUrl", "hxxps://dcs-files.cons[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPingTime", 1325063668);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPrivacyRulesModification", "Tue, 20 Dec[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPrivacyRulesTime", "1325063678315");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastPrivacyRulesUrl", "hxxps://dcs-files.co[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastVoiceboxRulesModification", "Tue, 23 Au[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastVoiceboxRulesTime", "1314344721418");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastVoiceboxRulesUrl", "hxxps://dcs-files.c[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastWhitelistModification", "Sat, 24 Dec 20[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastWhitelistTime", "1325063680404");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.lastWhitelistUrl", "hxxps://dcs-files.consu[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.privacyFailures", 0);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.privacyFailuresThreshold", 15);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.privacyRulesInterval", 86400000);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.probationLength", 14400);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.rulesVersion", "1603");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.version", "1.0.30");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.voicebox.campaigns", "");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.voiceboxRulesInterval", 889032704);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.dca.whitelistInterval", 86400000);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.installDate", "08262011");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.processAddrBar", false);
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.tb_lang", "en");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.user_id", "44634621");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.dcaAlertShown", "1");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.disablecuidinject", "1");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.vars.lastcheck", "Sat%20Dec%2031%202011%2013%3A[...]
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.version", "0");
Deleted : user_pref("freecause46d606b0a64511df981c0800200c9a66.yahooSearch", false);
Deleted : user_pref("keyword.URL", "hxxp://isearch.avg.com/search?cid=%7B5e93365d-db26-47ac-839e-325ccb7c231d%[...]
Deleted : user_pref("browser.startup.homepage", "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2Xzu[...]
Deleted : user_pref("backup.old.browser.search.selectedEngine", "AVG Secure Search");
Deleted : user_pref("backup.old.browser.search.defaultenginename", "Ask.com");

-\\ Google Chrome v [Unable to get version]

File : C:\Users\Stephie Loo\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

File : C:\Users\Scott\AppData\Local\Google\Chrome\User Data\Default\Preferences

Deleted [l.12] : homepage = "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0F0FyBzyyDyByE0BtB0CzzzztA0AtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1195332251",
Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0F0FyBzyyDyByE0BtB0CzzzztA0AtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1195332251" ]
Deleted [l.57] : keyword = "blekko",
Deleted [l.60] : search_url = "hxxp://blekko.com/ws/?source=c3348dd4&tbp=rbox&toolbarid=blekkotb_031&u=3966C83844E0604A4E34444FE585BDBA&q={searchTerms}",
Deleted [l.1365] : homepage = "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0F0FyBzyyDyByE0BtB0CzzzztA0AtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1195332251",
Deleted [l.2061] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0F0FyBzyyDyByE0BtB0CzzzztA0AtN0D0Tzu0StByDtCtN1L2XzutBtFtCtFtCtFtAtCtB&cr=1195332251" ]

File : C:\Users\lll\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

-\\ Opera v12.1.1532.0

File : C:\Users\Stephie Loo\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] File is clean.

File : C:\Users\Scott\AppData\Roaming\Opera\Opera\operaprefs.ini

Deleted : Home URL=hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1QzutDtD0F0FyBzyyDyByE[...]

*************************

AdwCleaner[R1].txt - [60452 octets] - [06/09/2012 15:20:41]
AdwCleaner[S2].txt - [66950 octets] - [08/09/2012 03:29:27]

########## EOF - C:\AdwCleaner[S2].txt - [67011 octets] ##########

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,754 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:44 PM

Posted 08 September 2012 - 08:21 AM

Looking good.

Any remaining issues?
===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on adwcleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

Delete the other tools we used.

Surf Safely, and Think Prevention!
===

#11 Ass4ssinXIV

Ass4ssinXIV
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:12:44 AM

Posted 08 September 2012 - 09:58 AM

Everything seems good to go. I really appreciate your help.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users