Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

TrojanKiller Free Version Found Malware, but Trial Period is Up- Please Help


  • This topic is locked This topic is locked
15 replies to this topic

#1 faye raye

faye raye

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:12 PM

Posted 05 December 2012 - 12:31 AM

Hello. A while back I downloaded a great program called GridinSoft TrojanKiller, but alas it was only a trial and I don't want to purchase it. It can still scan, but not remove the threats, so what else could I use to remove these? The log:


Trojan Killer v.2.1.2.1
Report file date: 12/4/2012 6:07:24 PM

Scanning for 643739 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Microsoft Windows XP (version 5.1)
Username: Dashel R
Computer name: NO1

Starting the file scan:

Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----- c:\program files\dell photo aio printer 922\dlbtbmgr.exe ---- Startup
Unknown
Dell Photo AIO Printer 922
MD5: DB3F27C3B733AD71C85C33971CFDEC67:290816
RIC: A67DEB49F34476F4802F75764AD56E51:29728
EP: 55 8B EC 6A FF 68 90 61 40 00 68 D4 2B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 AC 60 40 00 33 D2 8A D4 89 15 D4 9F 40 00 8B C8 81 E1 FF 00 00 00 89 0D D0
SEC:
.text:60000020:608728DB4E9A0F7542306B29D3242BF6:20480
.rdata:40000040:74DE8F692D0D76EF9A7D2E3962E6525E:4096
.data:C0000040:D2D4845258D4F1038A45A16391BD4605:12288
.rsrc:40000040:F9C93E20EC2734AF0FB183CB0B43C658:249856


----- HKLM\SOFTWARE\Microsoft\ESENT\Process\Install ---- Registry
Rogue.HomeAntivirus2010


----- HKLM\SOFTWARE\Microsoft\ESENT\Process\Install\DEBUG ---- Registry
Rogue.HomeAntivirus2010


----- C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\dw.log ---- General
Spy.Trace
MD5: 10DD570EE773A2105F184687C2F1A00C:666
EP: 00
SEC:


----- HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} ---- Registry
AdWare.ISearch


----- C:\Documents and Settings\Dashel R\Application Data\FCSB000063941\Toolbar\Uninst.exe ---- General
Trojan.Win32.HighRisk
MD5: 523CE213A42E09C6E6C0868FBDD1B08B:59118
RIC: 70AFE73F60D9D073C409FD36588C8393:13784
EP: 81 EC 80 01 00 00 53 55 56 33 DB 57 89 5C 24 18 C7 44 24 10 C0 91 40 00 33 F6 C6 44 24 14 20 FF 15 30 70 40 00 68 01 80 00 00 FF 15 B0 70 40 00 53 FF 15 7C 72 40 00 6A 08 A3 98 3F 42 00 E8 E1 2A
SEC:
.text:60000020:B52FF3F8255A9EAD6B6C8B540EF52207:22528
.rdata:40000040:0F7B157B78F399340E80AA07581634EB:4608
.data:C0000040:25604635913362182573DFA85051AAC0:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:7990377A97647F74ADDAEB0ED8F779E8:16896


----- C:\Documents and Settings\Dashel R\Local Settings\temp\SCC.dll ---- General
Broken.Executable (Broken PE file - Section 1 starts beyond the end of file (Offset@ 4C400, Total filesize 97644)
MD5: 8C511BCC423EB7CDCBA8F9A5D50EDBEF:97644
EP: 00
SEC:
.text:60000020:69E394EB06117FBEFF5671A60F72C35E:96620
.rdata:40000040:00000000000000000000000000000000:70656
:C0000040:00000000000000000000000000000000:0
:40000040:00000000000000000000000000000000:0
:42000040:00000000000000000000000000000000:0


----- C:\Documents and Settings\Dashel R\Local Settings\Temporary Internet Files\Content.IE5\98W1AU09\SCC[1].dll ---- General
Broken.Executable (Broken PE file - Section 1 starts beyond the end of file (Offset@ 4C400, Total filesize 78604)
MD5: 53DC73A758FFD2EA96301EC8DFE9A01C:78604
EP: 00
SEC:
.text:60000020:1C626817410DD5E11EED643AEA9E1890:77580
.rdata:40000040:00000000000000000000000000000000:70656
:C0000040:00000000000000000000000000000000:0
:40000040:00000000000000000000000000000000:0
:42000040:00000000000000000000000000000000:0


----- C:\Documents and Settings\Dashel R\Local Settings\Temporary Internet Files\Content.IE5\993ROZ2U\SCC[1].dll ---- General
Broken.Executable (Broken PE file - Section 1 starts beyond the end of file (Offset@ 4C400, Total filesize 99004)
MD5: 94A9A7D93AFEF799EBCE6FC4BC4566D8:99004
EP: 00
SEC:
.text:60000020:E5FDFFEF2E90C0608E7204EC661D44DD:97980
.rdata:40000040:00000000000000000000000000000000:70656
:C0000040:00000000000000000000000000000000:0
:40000040:00000000000000000000000000000000:0
:42000040:00000000000000000000000000000000:0


----- C:\Documents and Settings\Dashel R\Local Settings\Temporary Internet Files\Content.IE5\YDSPHS8C\tbedrs[1].dll ---- General
Broken.Executable (Broken PE file - Section 1 starts beyond the end of file (Offset@ 1A400, Total filesize 3284)
MD5: 5154AD250A4746E1E440B08C253B923E:3284
EP: 00
SEC:
.text:60000020:C30E27C5187B7620DFE8D39AC6357C67:2260
.rdata:40000040:00000000000000000000000000000000:29696
:C0000040:00000000000000000000000000000000:0
:40000040:00000000000000000000000000000000:0
:42000040:00000000000000000000000000000000:0


----- C:\Documents and Settings\Dashel R\Start Menu\Programs\FormatFactory\Uninstall.lnk ---- General
Trojan.Agent.146056
MD5: 59D7E0102B1686188429ABFD30AB4352:641
EP: 00
SEC:


----- C:\Program Files\aawsepersonal.exe ---- General
Suspicious!SB
ProdVer:
FileVer: 1.0.5.0
Company: Lavasoft
NAC: B6B4A6B7234F1F5DEE071E9A7EEB38A9:8
MD5: 13028A5BBAFF94C2F138BBEBB3BF389E:2636408
RIC: 02C8776534FCB3D5551E42C6C360E1FF:744
EP: 55 8B EC 81 EC 2C 05 00 00 53 56 57 6A 01 5E 6A 04 89 75 E8 FF 15 54 40 40 00 FF 15 50 40 40 00 8B F8 89 7D F4 8A 07 3C 22 0F 85 CC 00 00 00 8A 47 01 47 89 7D F4 33 DB 3A C3 74 0D 3C 22 74 09 8A
SEC:
.text:60000020:C71643C087E2557D0B1D36C694ECCCCF:8704
.rdata:40000040:C8CFB67D59A05AEFA27A9FECD141F5EF:2048
.data:C0000040:C7C41671D08E5CD17AE9B12731E3DE24:1024
.rsrc:40000040:EB9F35BA7D5F5ACD20152BC2AD533FAB:2048


----- C:\Program Files\Conduit\Community Alerts\Alert0.dll ---- General
Broken.Executable (Broken PE file - Section 1 starts beyond the end of file (Offset@ 66C00, Total filesize 92157)
MD5: 8C1F9F3A216FAB8B6F7A93EC60325B42:92157
EP: 00
SEC:
.text:60000020:F25BEA39B7A96CCF84CCE775BF51B342:91133
.rdata:40000040:00000000000000000000000000000000:124928
:C0000040:00000000000000000000000000000000:0
:40000040:00000000000000000000000000000000:0
:42000040:00000000000000000000000000000000:0


----- C:\Program Files\Freecorder\tbFre1.dll ---- General
Broken.Executable (Broken PE file - Section 2 starts beyond the end of file (Offset@ 21800, Total filesize 122030)
MD5: 144343DCC01C92595BF0A7188C1B02CD:122030
EP: 00
SEC:
.text:60000020:AB67DC6F34998F830C0FF3EA9DFBE080:106496
.rdata:40000040:878E0C1ED8D3F548B92C5FDEA45CD973:14510
.data:C0000040:00000000000000000000000000000000:6656
:40000040:00000000000000000000000000000000:0
:42000040:00000000000000000000000000000000:0


----- C:\Program Files\FreeTime\FormatFactory\uninst.exe ---- General
Trojan.Agent.146056
MD5: 7CBD6724BFE814A8482A432CD3A9B34C:151293
RIC: B02D8BC526FEB04EA663B7A1FBD16C33:5392
EP: 81 EC 80 01 00 00 53 55 56 33 DB 57 89 5C 24 18 C7 44 24 10 28 91 40 00 33 F6 C6 44 24 14 20 FF 15 30 70 40 00 68 01 80 00 00 FF 15 B4 70 40 00 53 FF 15 7C 72 40 00 6A 08 A3 38 3F 42 00 E8 BA 2C
SEC:
.text:60000020:7EBFADE271F75CB4C180603AB653AF42:23552
.rdata:40000040:9D6E96915262C9D1129A16FA0B02A19A:4608
.data:C0000040:DBF10679C897D0EDEEE280FFFDAD552F:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:70414EAA124A84AFB7D07B157E372D07:102912


----- C:\Program Files\Shop to Win 20\Uninst.exe ---- General
Trojan.Win32.HighRisk
MD5: 523CE213A42E09C6E6C0868FBDD1B08B:59118
RIC: 70AFE73F60D9D073C409FD36588C8393:13784
EP: 81 EC 80 01 00 00 53 55 56 33 DB 57 89 5C 24 18 C7 44 24 10 C0 91 40 00 33 F6 C6 44 24 14 20 FF 15 30 70 40 00 68 01 80 00 00 FF 15 B0 70 40 00 53 FF 15 7C 72 40 00 6A 08 A3 98 3F 42 00 E8 E1 2A
SEC:
.text:60000020:B52FF3F8255A9EAD6B6C8B540EF52207:22528
.rdata:40000040:0F7B157B78F399340E80AA07581634EB:4608
.data:C0000040:25604635913362182573DFA85051AAC0:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:7990377A97647F74ADDAEB0ED8F779E8:16896


Scan completed

Scan result: 16 detected items
Scan completed in: Scan completed in 1 hour(s) 33 min. 4 sec.
Files were scanned: 14887

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:12 AM

Posted 05 December 2012 - 02:34 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  • Close any open browsers, and all other programs working. Make sure you save your file if working on a document.
  • Do not install any other programs until this if fixed.[/b]
  • Double click on ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
  • Some Rookit infection may damage your boot sector. The Windows Recovery Console may be needed to restore it. Do not bypass this installation. You may regret it.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click ComboFix's window while it's running. That may cause it to stall

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
===

Third party programs if not up to date can be the cause of infiltration an infection.

Please run this security check for my review.

Download Security Check by screen317 from here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
===

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A log file will automatically open after the scan has finished.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Rn].txt (n is a number).

Please post the logs and let me know if the problem persists.

#3 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:12 PM

Posted 05 December 2012 - 08:34 PM

Would it be all right to use an already downloaded ComboFix?

#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:12 AM

Posted 06 December 2012 - 09:12 AM

Yes provided it comes from one of the sites I gave you.

You may be prompted to update, please do.

#5 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:12 PM

Posted 13 December 2012 - 07:01 PM

It's been a couple of days since I've been able to get back to this. Here's the logs.

ComboFix:

ComboFix 12-12-07.01 - Dashel R 12/09/2012 23:12:47.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.256 [GMT -6:00]
Running from: c:\documents and settings\Dashel R\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dashel R\Application Data\PriceGong
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\1.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\2229.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\4489.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\450.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\946.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\a.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\b.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\c.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\d.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\e.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\f.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\g.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\h.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\i.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\j.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\k.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\l.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\m.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\n.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\o.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\p.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\q.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\r.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\s.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\t.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\u.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\v.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\w.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\wlu.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\x.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\y.txt
c:\documents and settings\Dashel R\Application Data\PriceGong\Data\z.txt
c:\documents and settings\Dashel R\Application Data\Toolbar4
c:\windows\EventSystem.log
c:\windows\Tasks\Protected Search.job
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Files Created from 2012-11-10 to 2012-12-10 )))))))))))))))))))))))))))))))
.
.
2012-12-10 00:36 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{00C7F623-5A56-46EB-96EE-CB1552B31C38}\mpengine.dll
2012-12-10 00:30 . 2012-12-10 00:30 -------- d-----w- C:\Install iTunes
2012-12-10 00:30 . 2012-12-10 00:30 -------- d-----w- C:\Install ICQ
2012-12-10 00:30 . 2012-12-10 00:30 -------- d-----w- C:\AOL Instant Messenger
2012-12-10 00:30 . 2012-12-10 00:30 -------- d-----w- C:\MAV
2012-12-10 00:28 . 2012-12-10 00:35 -------- d-----w- c:\program files\America Online 9.0c
2012-12-09 17:11 . 2012-12-09 17:11 -------- d-----w- c:\documents and settings\Dashel R\Application Data\jah
2012-12-09 03:18 . 2012-12-09 03:19 -------- d-----w- c:\program files\OpenLibraries
2012-12-08 03:59 . 2012-12-09 22:28 -------- d-----w- C:\Downloads
2012-12-08 03:55 . 2012-12-09 23:01 -------- d-----w- c:\documents and settings\Dashel R\Application Data\BITS
2012-12-08 03:55 . 2012-12-08 03:55 -------- d-----w- c:\documents and settings\Dashel R\Application Data\FlashgetSetup
2012-12-08 03:54 . 2012-12-08 03:54 -------- d-----w- c:\documents and settings\Dashel R\Application Data\FlashGet
2012-12-08 03:54 . 2012-12-08 03:54 -------- d-----w- c:\program files\FlashGet Network
2012-12-08 02:58 . 2012-12-08 02:58 -------- d-----w- c:\documents and settings\Dashel R\Local Settings\Application Data\Best_Security_Tips
2012-12-08 01:47 . 2012-12-08 01:47 -------- d-----w- c:\documents and settings\Dashel R\Local Settings\Application Data\PutLockerDownloader
2012-12-04 21:53 . 2012-12-08 02:06 -------- d-----w- c:\documents and settings\Dashel R\Downloads
2012-12-04 17:42 . 2012-12-04 17:42 -------- d-----w- c:\documents and settings\Dashel R\Application Data\FCSB000063941
2012-12-04 17:14 . 2012-12-07 00:37 -------- d-----w- c:\documents and settings\Dashel R\Local Settings\Application Data\InternetHelper1.5
2012-12-03 01:59 . 2012-12-03 02:00 -------- d-----w- c:\program files\7-Zip
2012-11-30 01:48 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-11-29 19:13 . 2012-12-01 15:37 -------- d-----w- c:\program files\7-Zip File Manager
2012-11-27 05:18 . 2012-11-28 16:50 -------- d--h--w- c:\program files\InstallJammer Registry
2012-11-26 23:47 . 2012-11-26 23:48 -------- d-----w- c:\documents and settings\Dashel R\Local Settings\Application Data\Deployment
2012-11-26 23:40 . 2012-11-27 23:14 -------- d-----w- c:\program files\Movie Subtitles Searcher
2012-11-26 19:34 . 2012-08-30 09:01 15432 ----a-w- c:\windows\Launcher.exe
2012-11-26 19:32 . 2012-11-29 00:12 -------- d-----w- c:\documents and settings\Dashel R\Local Settings\Application Data\DownTango
2012-11-25 05:28 . 2012-11-25 05:44 -------- d-----w- C:\tmp
2012-11-24 22:35 . 2012-11-24 22:35 -------- d-----w- c:\documents and settings\Dashel R\Application Data\Blender Foundation
2012-11-24 22:26 . 2012-11-24 22:26 -------- d-----w- c:\documents and settings\Dashel R\.thumbnails
2012-11-20 05:16 . 2012-12-05 18:50 -------- d-----w- C:\FFOutput
2012-11-20 04:53 . 2012-11-20 04:53 -------- d-----w- c:\program files\FreeTime
2012-11-18 20:02 . 2012-11-18 20:02 -------- d-----w- c:\documents and settings\Dashel R\Application Data\Import Audio from Video
2012-11-16 21:50 . 2012-11-19 17:03 -------- d-----w- c:\documents and settings\All Users\Application Data\SpeedBit
2012-11-16 21:50 . 1998-12-05 19:18 172032 ----a-w- c:\windows\system32\AniGIF.ocx
2012-11-14 22:52 . 2012-11-14 22:52 -------- d-----w- c:\documents and settings\Dashel R\Application Data\Get from YouTube
2012-11-14 22:39 . 2012-12-09 17:34 -------- d-----w- c:\documents and settings\Dashel R\Application Data\Free Audio Editor
2012-11-14 22:38 . 2005-03-28 21:52 417792 ----a-w- c:\windows\system32\NCTTextToAudio2.dll
2012-11-14 22:38 . 2005-02-24 17:51 348160 ----a-w- c:\windows\system32\NCTWMAFile2.dll
2012-11-14 22:38 . 2005-04-04 23:21 602112 ----a-w- c:\windows\system32\NCTAudioTransform2.dll
2012-11-14 22:38 . 2005-03-28 21:54 479232 ----a-w- c:\windows\system32\NCTAudioVisualization2.dll
2012-11-14 22:38 . 2005-04-25 19:01 458752 ----a-w- c:\windows\system32\NCTAudioRecord2.dll
2012-11-14 22:38 . 2005-04-25 19:01 458752 ----a-w- c:\windows\system32\NCTAudioPlayer2.dll
2012-11-14 22:38 . 2005-05-17 18:37 1986560 ----a-w- c:\windows\system32\NCTAudioFile2.dll
2012-11-14 22:38 . 2005-04-15 18:08 880640 ----a-w- c:\windows\system32\NCTAudioEditor2.dll
2012-11-14 22:38 . 2004-11-04 19:31 835584 ----a-w- c:\windows\system32\NCTAudioCDGrabber2.dll
2012-11-14 22:38 . 2012-11-20 20:47 -------- d-----w- c:\program files\Free Audio Editor
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 16:04 . 2012-09-26 16:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-21 16:04 . 2011-05-19 23:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-22 08:37 . 2008-04-14 06:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-02 18:04 . 2008-04-14 10:42 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 01:54 . 2012-06-10 00:59 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 20:33 . 2012-09-27 20:33 14986 ----a-w- C:\FixitRegBackup.reg
2012-09-25 04:16 . 2012-10-17 02:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 20:59 . 2012-09-21 21:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-21 20:59 . 2010-07-18 23:32 746984 ----a-w- c:\windows\system32\deployJava1.dll
2005-11-22 13:23 . 2005-11-22 10:18 34412848 -c--a-w- c:\program files\iTunesSetup.exe
2005-06-01 18:14 . 2005-06-01 18:09 823296 -c--a-w- c:\program files\winmx353.exe
2005-05-20 09:16 . 2005-05-20 09:15 4354084 -c--a-w- c:\program files\spybotsd13.exe
2005-05-20 09:04 . 2005-05-14 23:58 37700 -c--a-w- c:\program files\PopUpStopperFree.exe
2005-05-12 21:47 . 2005-05-12 21:47 3149616 -c--a-w- c:\program files\dap74.exe
2005-05-12 01:26 . 2005-05-12 01:26 2636408 -c--a-w- c:\program files\aawsepersonal.exe
2005-05-04 01:59 . 2005-05-04 01:36 6179507 -c--a-w- c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08 . 2004-12-30 20:08 7741336 -c--a-w- c:\program files\DivX521XP2K.exe
2012-12-05 21:56 . 2012-12-05 21:52 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
2010-10-18 17:26 3908192 ----a-r- c:\program files\Freecorder\tbFree.dll
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-10-18 17:26 3908192 ----a-w- c:\program files\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1392b8d2-5c05-419f-a8f6-b9f15a596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{1392B8D2-5C05-419F-A8F6-B9F15A596612}"= "c:\program files\Freecorder\tbFree.dll" [2010-10-18 3908192]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\ConduitEngine.dll" [2010-10-18 3908192]
.
[HKEY_CLASSES_ROOT\clsid\{1392b8d2-5c05-419f-a8f6-b9f15a596612}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-06 451856]
"AOL Fast Start"="c:\program files\America Online 9.0c\AOL.EXE" [2004-11-19 50776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Freecorder FLV Service"="c:\program files\Google\New Folder\FLVSrvc.exe" [2010-06-26 167936]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"AOLDialer"="c:\program files\Common Files\AOL\ACS\AOLDial.exe" [2010-07-13 70720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AOL Deskbar Installation"="c:\program files\AOL Deskbar\deskbar.dll" [2004-10-21 390256]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dashel R^Start Menu^Programs^Startup^Seagate NA05YTFH Product Registration.lnk]
path=c:\documents and settings\Dashel R\Start Menu\Programs\Startup\Seagate NA05YTFH Product Registration.lnk
backup=c:\windows\pss\Seagate NA05YTFH Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Absolute StartUp monitor]
2005-04-06 17:14 163840 ----a-w- c:\program files\F-Group\Absolute StartUp\ASMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-07-12 11:17 50776 ----a-w- c:\program files\America Online 9.0\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2010-07-13 20:40 70720 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\FlashGet 3]
2012-03-15 02:05 3090056 ----a-w- c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
2012-08-30 13:47 2369720 ----a-w- c:\documents and settings\Dashel R\My Documents\download\daoshelr\fraps.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Freecorder FLV Service]
2010-06-26 18:09 167936 ----a-r- c:\program files\Freecorder\FLVSrvc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1340131474\EE\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2011-05-04 23:40 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2011-05-04 21:16 136416 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2004-09-09 23:35 1597440 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MemeoBackgroundService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ACDaemon"=2 (0x2)
"0096561348771546mcinstcleanup"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"ImapiService"=3 (0x3)
"SeagateDashboardService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Nes_Snes\\zsnesw.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Dashel R\\My Documents\\Downloads\\vbaserver.exe"=
"c:\\Documents and Settings\\Dashel R\\My Documents\\Downloads\\VisualBoyAdvance.exe"=
"c:\\Program Files\\GBA EMU\\VisualBoyAdvance.exe"=
"c:\\Documents and Settings\\Dashel R\\Desktop\\Games\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\FlashGet Network\\FlashGet 3\\FlashGet3.exe"=
"c:\\Program Files\\America Online 9.0c\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1340131474\\EE\\AOLServiceHost.exe"=
.
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [10/5/2004 10:40 AM 15872]
S0 44135994;44135994;c:\windows\system32\drivers\68351647.sys --> c:\windows\system32\drivers\68351647.sys [?]
S0 ptnnyj;ptnnyj;c:\windows\system32\drivers\ftljtywn.sys --> c:\windows\system32\drivers\ftljtywn.sys [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 mfeavfk06;McAfee Inc.;\Device\mfeavfk06.sys --> \Device\mfeavfk06.sys [?]
S3 mfebopk26;McAfee Inc.;\Device\mfebopk26.sys --> \Device\mfebopk26.sys [?]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver;c:\windows\SYSTEM32\DRIVERS\gtkdrv.sys [1/4/2012 8:28 AM 16128]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\SYSTEM32\DRIVERS\WsAudio_DeviceS(1).sys [3/7/2011 3:38 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\SYSTEM32\DRIVERS\WsAudio_DeviceS(2).sys [3/7/2011 3:41 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\SYSTEM32\DRIVERS\WsAudio_DeviceS(3).sys [3/7/2011 3:42 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\SYSTEM32\DRIVERS\WsAudio_DeviceS(4).sys [3/7/2011 3:42 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\SYSTEM32\DRIVERS\WsAudio_DeviceS(5).sys [3/7/2011 3:43 PM 25704]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 16:04]
.
2012-12-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-12-08 c:\windows\Tasks\ExpressZipReminder.job
- c:\program files\NCH Software\ExpressZip\expresszip.exe [2012-12-03 17:07]
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:12]
.
2012-12-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:12]
.
2012-12-10 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2012-12-10 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1055551
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Download all links by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgetallurl.htm
IE: Download by FlashGet3 - c:\program files\FlashGet Network\FlashGet 3\BHO\fdgeturl.htm
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: YouTube.com
FF - ProfilePath - c:\documents and settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://search.conduit.com/?ctid=CT1055551&SearchSource=13&CUI=SB_CUI
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1055551&SearchSource=2&q=
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://search.babylon.com/?babsrc=TB_def&mntrId=e8402048000000000000001111988017&q=
FF - user.js: extensions.BabylonToolbar.id - e8402048000000000000001111988017
FF - user.js: extensions.BabylonToolbar.appId - {BDB69379-802F-4eaf-B541-F8DE92DD98DB}
FF - user.js: extensions.BabylonToolbar.instlDay - 15654
FF - user.js: extensions.BabylonToolbar.vrsn - 1.8.3.8
FF - user.js: extensions.BabylonToolbar.vrsni - 1.8.3.8
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.8.3.820:10
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
FF - user.js: extensions.funmoods.hmpg - true
FF - user.js: extensions.funmoods.hmpgUrl - hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCzyzzzztDtCyBtBtDyEzztN0D0Tzu0CtAtAyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2077309999
FF - user.js: extensions.funmoods.dfltSrch - true
FF - user.js: extensions.funmoods.srchPrvdr - Search
FF - user.js: extensions.funmoods.dnsErr - true
FF - user.js: extensions.funmoods_i.newTab - true
FF - user.js: extensions.funmoods.newTabUrl - hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCzyzzzztDtCyBtBtDyEzztN0D0Tzu0CtAtAyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2077309999
FF - user.js: extensions.funmoods.tlbrSrchUrl - hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCzyzzzztDtCyBtBtDyEzztN0D0Tzu0CtAtAyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2077309999&q=
FF - user.js: extensions.funmoods.id - 0011119880172048
FF - user.js: extensions.funmoods.instlDay - 15673
FF - user.js: extensions.funmoods.vrsn - 1.5.23.22
FF - user.js: extensions.funmoods.vrsni - 1.5.23.22
FF - user.js: extensions.funmoods_i.vrsnTs - 1.5.23.2216:19
FF - user.js: extensions.funmoods.prtnrId - funmoods
FF - user.js: extensions.funmoods.prdct - funmoods
FF - user.js: extensions.funmoods.aflt - orgnl
FF - user.js: extensions.funmoods_i.smplGrp - none
FF - user.js: extensions.funmoods.tlbrId - base
FF - user.js: extensions.funmoods.instlRef -
FF - user.js: extensions.funmoods.dfltLng -
FF - user.js: extensions.funmoods.excTlbr - false
FF - user.js: extensions.funmoods.autoRvrt - false
FF - user.js: extensions.funmoods.envrmnt - production
FF - user.js: extensions.funmoods.isdcmntcmplt - true
FF - user.js: extensions.funmoods.mntrvrsn - 1.3.0
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - c:\program files\InternetHelper1.5\prxtbInte.dll
URLSearchHooks-{da30eff8-ccc6-4162-a20d-67402a26a215} - c:\program files\Best_Security_Tips\prxtbBest.dll
BHO-{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - c:\program files\InternetHelper1.5\prxtbInte.dll
BHO-{da30eff8-ccc6-4162-a20d-67402a26a215} - c:\program files\Best_Security_Tips\prxtbBest.dll
Toolbar-{1930e38a-deef-4cf4-9bfb-9c4ea3689a9d} - c:\program files\InternetHelper1.5\prxtbInte.dll
Toolbar-{da30eff8-ccc6-4162-a20d-67402a26a215} - c:\program files\Best_Security_Tips\prxtbBest.dll
WebBrowser-{1930E38A-DEEF-4CF4-9BFB-9C4EA3689A9D} - c:\program files\InternetHelper1.5\prxtbInte.dll
HKLM-Run-PHIME2002ASync - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-PHIME2002A - c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE
HKLM-Run-MSPY2002 - c:\windows\system32\IME\PINTLGNT\ImScInst.exe
MSConfigStartUp-Shop To Win - c:\program files\Shop To Win\ShopToWin.exe
MSConfigStartUp-SpeedBitVideoAccelerator - c:\program files\SpeedBit Video Accelerator\VideoAccelerator.exe
AddRemove-Best_Security_Tips Toolbar - c:\program files\Best_Security_Tips\uninstall.exe
AddRemove-Debut - c:\program files\NCH Software\Debut\debut.exe
AddRemove-GridinSoft Trojan Killer - h:\gridinsoft trojan killer\uninst.exe
AddRemove-InternetHelper1.5 Toolbar - c:\program files\InternetHelper1.5\uninstall.exe
AddRemove-Uninstall_is1 - c:\program files\Common Files\DVDVideoSoft\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-09 23:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-12-09 23:39:19
ComboFix-quarantined-files.txt 2012-12-10 05:39
ComboFix2.txt 2012-10-11 00:16
ComboFix3.txt 2012-09-17 03:01
.
Pre-Run: 20,380,794,880 bytes free
Post-Run: 20,760,014,848 bytes free
.
- - End Of File - - 4710E4B7D86AA68B47180E501072DA0E

SecurityCheck:

Results of screen317's Security Check version 0.99.56
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
iPod Reset Utility
Microsoft Security Essentials
`````````Anti-malware/Other Utilities Check:`````````
Out of date Spybot installed!
Ad-Aware
Spybot - Search & Destroy 1.3
Malwarebytes Anti-Malware version 1.65.1.1000
Java 7 Update 9
Adobe Flash Player 11.5.502.110
Adobe Reader 7 Adobe Reader out of Date!
Mozilla Firefox (17.0.1)
````````Process Check: objlist.exe by Laurent````````
Microsoft Security Essentials MSMpEng.exe
Microsoft Security Essentials msseces.exe
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 10%
````````````````````End of Log``````````````````````

AdwCleaner:

# AdwCleaner v2.100 - Logfile created 12/10/2012 at 09:29:59
# Updated 09/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dashel R - NO1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dashel R\My Documents\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Documents and Settings\Dashel R\Local Settings\Application Data\funmoods-speeddial_sf.crx
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Found : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
File Found : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
Folder Found : C:\Documents and Settings\Administrator\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Found : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Dashel R\Application Data\Babylon
Folder Found : C:\Documents and Settings\Dashel R\Application Data\FCSB000063941
Folder Found : C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Conduit
Folder Found : C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\ConduitCommon
Folder Found : C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\CT1060933
Folder Found : C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Found : C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\Smartbar
Folder Found : C:\Documents and Settings\Dashel R\Application Data\Viewpoint
Folder Found : C:\Documents and Settings\Dashel R\Local Settings\Application Data\Best_Security_Tips
Folder Found : C:\Documents and Settings\Dashel R\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Dashel R\Local Settings\Application Data\ConduitEngine
Folder Found : C:\Documents and Settings\Dashel R\Local Settings\Application Data\Freecorder
Folder Found : C:\Documents and Settings\Dashel R\Local Settings\Application Data\InternetHelper1.5
Folder Found : C:\Documents and Settings\Dashel R\Start Menu\Programs\Freecorder
Folder Found : C:\Program Files\Common Files\Software Update Utility
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\ConduitEngine
Folder Found : C:\Program Files\Freecorder
Folder Found : C:\Program Files\Viewpoint
Folder Found : C:\WINDOWS\Freecorder

***** [Registry] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Ask&Record
Key Found : HKCU\Software\Best_Security_Tips
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\conduitEngine
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\FCSB000063941
Key Found : HKCU\Software\Freecorder
Key Found : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InternetHelper1.5
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\PIP
Key Found : HKCU\Software\ShopToWin
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\SweetIM
Key Found : HKCU\Software\Viewpoint
Key Found : HKCU\Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\Software\Best_Security_Tips
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EB583FE1-9458-4EDA-AC68-24D24F17C70F}
Key Found : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ShoppingBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Found : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1CADF178-15E6-47FE-8E8C-60B45EBB3D72}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{1E82D9CC-D977-406D-B408-BB794E5B21C9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B1BCB34F-5DC6-43B4-94B5-DFF4F02E2AF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\dnUpdate
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Found : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Found : HKLM\SOFTWARE\Classes\FCSB000063941.JSOptionsImpl
Key Found : HKLM\SOFTWARE\Classes\FCSB000063941.JSOptionsImpl.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{41D42E90-86D2-4521-9847-625D114F7D30}
Key Found : HKLM\SOFTWARE\Classes\Interface\{622382CB-942C-4580-A2B3-7B06A58D8538}
Key Found : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1055551
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2737658
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3247201
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\conduitEngine
Key Found : HKLM\Software\Freecorder
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Found : HKLM\Software\Iminent
Key Found : HKLM\Software\InternetHelper1.5
Key Found : HKLM\Software\MetaStream
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Found : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{23C5B376-6712-4C6F-9338-DD5F175BE1EC}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68FCF126-C2FE-4B4C-99BD-339A57ED60E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9493C205-B3D0-4203-9DC4-6B9DCDD99DB9}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A6E009CC-DCC6-48F1-986A-6BEF8AC6119E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B62907EC-A180-4DE5-8AFB-0D84F6FB715B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E2C57BA9-CAFD-4DAF-AC71-151A580658F0}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{2E497885-E60B-420A-832D-0148B392E058}_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Best_Security_Tips Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\InternetHelper1.5 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1CADF178-15E6-47FE-8E8C-60B45EBB3D72}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1E82D9CC-D977-406D-B408-BB794E5B21C9}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CF0A6C67-CFD0-40B0-A375-4B9893C2B339}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Found : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Found : HKLM\Software\PIP
Key Found : HKLM\Software\SweetIM
Key Found : HKLM\Software\Viewpoint
Key Found : HKU\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT1055551
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
[HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN2Y1L1QzutDtDtCtCtCtCzyzzzztDtCyBtBtDyEzztN0D0Tzu0CtAtAyEtN1L2XzutBtFtBtFtDtFtAyEyE&cr=2077309999
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
[HKCU\Software\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
[HKCU\Software\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Page] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Bar] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Search - Search Page] = hxxp://search.certified-toolbar.com?si=41460&tid=2937&bs=true&q=
[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Default_Page_URL] = hxxp://search.certified-toolbar.com?si=41460&home=true&tid=2937

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\prefs.js

Found : user_pref("CT1055551.1000082.isDisplayHidden", "true");
Found : user_pref("CT1055551.1000082.state", "{\"state\":\"stopped\",\"text\":\"Adult Alt...\",\"description[...]
Found : user_pref("CT1055551.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1055551.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT1055551.FirstTime", "true");
Found : user_pref("CT1055551.FirstTimeFF3", "true");
Found : user_pref("CT1055551.LoginRevertSettingsEnabled", false);
Found : user_pref("CT1055551.RSS_Template_Notify_gadgetaol_latino.enc", "MH5odHRwOi8vd3d3LmJlc3RzZWN1cml0eXR[...]
Found : user_pref("CT1055551.RSS_Template_Notify_toolbaraol_latino.enc", "MjA=");
Found : user_pref("CT1055551.RevertSettingsEnabled", true);
Found : user_pref("CT1055551.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT105[...]
Found : user_pref("CT1055551.UserID", "UN39035572105878513");
Found : user_pref("CT1055551.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT1055551.autoDisableScopes", -1);
Found : user_pref("CT1055551.browser.search.defaultthis.engineName", true);
Found : user_pref("CT1055551.defaultSearch", "true");
Found : user_pref("CT1055551.embeddedsData", "[{\"appId\":\"128278779734319283\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT1055551.enableAlerts", "always");
Found : user_pref("CT1055551.enableSearchFromAddressBar", "true");
Found : user_pref("CT1055551.firstTimeDialogOpened", "true");
Found : user_pref("CT1055551.fixPageNotFoundError", "true");
Found : user_pref("CT1055551.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT1055551.fixUrls", true);
Found : user_pref("CT1055551.installId", "conduitinstaller.exe");
Found : user_pref("CT1055551.installType", "conduitnsisintegration");
Found : user_pref("CT1055551.isCheckedStartAsHidden", true);
Found : user_pref("CT1055551.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1055551.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT1055551.isNewTabEnabled", true);
Found : user_pref("CT1055551.isPerformedSmartBarTransition", "true");
Found : user_pref("CT1055551.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT1055551.keyword", true);
Found : user_pref("CT1055551.migrateAppsAndComponents", true);
Found : user_pref("CT1055551.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRA[...]
Found : user_pref("CT1055551.openThankYouPage", "false");
Found : user_pref("CT1055551.openUninstallPage", "true");
Found : user_pref("CT1055551.revertSettingsEnabled", "false");
Found : user_pref("CT1055551.search.searchAppId", "128278779734319283");
Found : user_pref("CT1055551.search.searchCount", "0");
Found : user_pref("CT1055551.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT1055551.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT1055551.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT1055551.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]
Found : user_pref("CT1055551.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT1055551.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT1055551.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT1055551.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT1055551.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354935828771");
Found : user_pref("CT1055551.serviceLayer_services_appsMetadata_lastUpdate", "1354935832648");
Found : user_pref("CT1055551.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1354935842376");
Found : user_pref("CT1055551.serviceLayer_services_login_10.13.40.15_lastUpdate", "1354935864837");
Found : user_pref("CT1055551.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1354935837186");
Found : user_pref("CT1055551.serviceLayer_services_searchAPI_lastUpdate", "1354934237891");
Found : user_pref("CT1055551.serviceLayer_services_serviceMap_lastUpdate", "1354934223390");
Found : user_pref("CT1055551.serviceLayer_services_toolbarContextMenu_lastUpdate", "1354935830292");
Found : user_pref("CT1055551.serviceLayer_services_toolbarSettings_lastUpdate", "1354934241059");
Found : user_pref("CT1055551.serviceLayer_services_translation_lastUpdate", "1354935864241");
Found : user_pref("CT1055551.settingsINI", true);
Found : user_pref("CT1055551.shouldFirstTimeDialog", "false");
Found : user_pref("CT1055551.smartbar.CTID", "CT1055551");
Found : user_pref("CT1055551.smartbar.Uninstall", "0");
Found : user_pref("CT1055551.smartbar.homepage", true);
Found : user_pref("CT1055551.smartbar.toolbarName", "Best Security Tips ");
Found : user_pref("CT1055551.startPage", "TRUE");
Found : user_pref("CT1055551.toolbarBornServerTime", "8-12-2012");
Found : user_pref("CT1055551.toolbarCurrentServerTime", "8-12-2012");
Found : user_pref("CT1055551_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("CT1060933..clientLogIsEnabled", false);
Found : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT1060933.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129681785283868963", true);
Found : user_pref("CT1060933.BrowserCompStateIsOpen_129686665230467549", true);
Found : user_pref("CT1060933.CTID", "CT1060933");
Found : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Mon Dec 10 2012 08:47:36 GMT-0600 (Central S[...]
Found : user_pref("CT1060933.CommunitiesChangesLastUrl", "hxxp://grouping.services.conduit.com/GroupingReque[...]
Found : user_pref("CT1060933.CommunityChanged", true);
Found : user_pref("CT1060933.CurrentServerDate", "10-12-2012");
Found : user_pref("CT1060933.DialogsAlignMode", "LTR");
Found : user_pref("CT1060933.DialogsGetterLastCheckTime", "Fri Dec 07 2012 12:54:15 GMT-0600 (Central Standa[...]
Found : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Found : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Mon Dec 03 2012 22:09:43 GMT-0600 (Central [...]
Found : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201073583");
Found : user_pref("CT1060933.DownloadReferralCookieData", "");
Found : user_pref("CT1060933.FirstServerDate", "20-11-2010");
Found : user_pref("CT1060933.FirstTime", true);
Found : user_pref("CT1060933.FirstTimeFF3", true);
Found : user_pref("CT1060933.FixPageNotFoundErrors", true);
Found : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Found : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT1060933.HasUserGlobalKeys", true);
Found : user_pref("CT1060933.HomePageProtectorEnabled", false);
Found : user_pref("CT1060933.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT2737658&SearchSource=[...]
Found : user_pref("CT1060933.Initialize", true);
Found : user_pref("CT1060933.InitializeCommonPrefs", true);
Found : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT1060933.InstalledDate", "Fri Nov 19 2010 20:53:31 GMT-0600 (Central Standard Time)");
Found : user_pref("CT1060933.InvalidateCache", false);
Found : user_pref("CT1060933.IsAlertDBUpdated", true);
Found : user_pref("CT1060933.IsGrouping", false);
Found : user_pref("CT1060933.IsMulticommunity", true);
Found : user_pref("CT1060933.IsOpenThankYouPage", true);
Found : user_pref("CT1060933.IsOpenUninstallPage", true);
Found : user_pref("CT1060933.LanguagePackLastCheckTime", "Sun Dec 09 2012 20:19:00 GMT-0600 (Central Standar[...]
Found : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT1060933.LastLogin_3.15.1.0", "Wed Nov 07 2012 09:36:39 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT1060933.LastLogin_3.16.0.3", "Mon Dec 10 2012 08:39:00 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT1060933.LastLogin_3.2.1.3", "Tue Mar 01 2011 21:44:13 GMT-0600 (Central Standard Time)"[...]
Found : user_pref("CT1060933.LatestVersion", "3.16.0.3");
Found : user_pref("CT1060933.Locale", "en-us");
Found : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Found : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Found : user_pref("CT1060933.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT1060933.RadioIsPodcast", false);
Found : user_pref("CT1060933.RadioLastCheckTime", "Wed Dec 01 2010 12:24:23 GMT-0600 (Central Standard Time)[...]
Found : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Found : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Found : user_pref("CT1060933.RadioMediaID", "21504191");
Found : user_pref("CT1060933.RadioMediaType", "Media Player");
Found : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT106093321504191");
Found : user_pref("CT1060933.RadioStationName", "KFOG");
Found : user_pref("CT1060933.RadioStationURL", "hxxp://live.cumulusstreaming.com/KFOG-FM");
Found : user_pref("CT1060933.SHRINK_TOOLBAR", 1);
Found : user_pref("CT1060933.SearchBoxWidth", 231);
Found : user_pref("CT1060933.SearchEngineBeforeUnload", "Google");
Found : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Found : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Found : user_pref("CT1060933.SearchInNewTabEnabled", true);
Found : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Sun Dec 09 2012 20:18:39 GMT-0600 (Central Stand[...]
Found : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Found : user_pref("CT1060933.SearchInNewTabUserEnabled", false);
Found : user_pref("CT1060933.SearchProtectorEnabled", false);
Found : user_pref("CT1060933.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT1060933.ServiceMapLastCheckTime", "Sun Dec 09 2012 20:18:41 GMT-0600 (Central Standard [...]
Found : user_pref("CT1060933.SettingsLastCheckTime", "Mon Dec 10 2012 08:38:50 GMT-0600 (Central Standard Ti[...]
Found : user_pref("CT1060933.SettingsLastUpdate", "1354706882");
Found : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Thu Nov 15 2012 18:16:09 GMT-0600 (Central Sta[...]
Found : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Found : user_pref("CT1060933.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT1060933.UserID", "UN30014422974265916");
Found : user_pref("CT1060933.ValidationData_Search", 2);
Found : user_pref("CT1060933.ValidationData_Toolbar", 2);
Found : user_pref("CT1060933.alertChannelId", "15651");
Found : user_pref("CT1060933.appApproved.129272674122038321", true);
Found : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Found : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Found : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423");
Found : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6C6E6D6C73727477");
Found : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737274737279787A7D242F4B4947[...]
Found : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Found : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjg=g9!lad", "247E61393F236B256E747329202B6D404E434C317[...]
Found : user_pref("CT1060933.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317[...]
Found : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513[...]
Found : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Found : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Found : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Found : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Found : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Found : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Found : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Found : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Found : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Found : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Found : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Found : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Found : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934235[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g>d", "3C693E3E6D746F717A74467246204A7C4B20254C2051532A28[...]
Found : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Found : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Found : user_pref("CT1060933.backendstorage./9b/556,bi5a>g", "6E6D6C71716F6C756E77787879");
Found : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Found : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]
Found : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "393F693D3D42746E7A76734445777B79207A7C7A4E");
Found : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6C6E6D6D70767172797573");
Found : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Found : user_pref("CT1060933.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Found : user_pref("CT1060933.backendstorage./9b<:222h64<l8daj", "6D7070707673757975732A7979727B7A752121");
Found : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Found : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Found : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Found : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Found : user_pref("CT1060933.backendstorage.cb_experience_000", "3831");
Found : user_pref("CT1060933.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT1060933.backendstorage.cb_user_id_000", "43423838323333393534393439355F46697265666F78")[...]
Found : user_pref("CT1060933.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT1060933.backendstorage.cbfirsttime", "5475652053657020323520323031322030383A33353A32382[...]
Found : user_pref("CT1060933.backendstorage.cbopenmamsettings", "30");
Found : user_pref("CT1060933.backendstorage.printitgreenstatus", "74727565");
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.exipres", "536174204F637420313320323031322030353A[...]
Found : user_pref("CT1060933.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Found : user_pref("CT1060933.backendstorage.url_history0001", "687474703A2F2F7777772E696F72722E6F72672F74616[...]
Found : user_pref("CT1060933.components.1000082", false);
Found : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Thu Nov 15 2012 18:16:14 GMT-0600 (Central [...]
Found : user_pref("CT1060933.homepageProtectorEnableByLogin", true);
Found : user_pref("CT1060933.initDone", true);
Found : user_pref("CT1060933.isAppTrackingManagerOn", true);
Found : user_pref("CT1060933.myStuffEnabled", true);
Found : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Found : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,111,129272674122038321[...]
Found : user_pref("CT1060933.revertSettingsEnabled", false);
Found : user_pref("CT1060933.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT1060933.searchProtectorEnableByLogin", true);
Found : user_pref("CT1060933.testingCtid", "");
Found : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Mon Dec 10 2012 00:07:33 GMT-0600 (Central S[...]
Found : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Thu Nov 15 2012 18:16:14 GMT-0600 (Central S[...]
Found : user_pref("CT1060933.usagesFlag", 2);
Found : user_pref("CT2737658.1000082.isDisplayHidden", "true");
Found : user_pref("CT2737658.1000082.state", "{\"state\":\"stopped\",\"text\":\"Classic R...\",\"description[...]
Found : user_pref("CT2737658.2737658a129531115111807042000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzUyOT[...]
Found : user_pref("CT2737658.CBOpenMAMSettings.enc", "MA==");
Found : user_pref("CT2737658.CT2737658ads1.enc", "JTdCJTIyYWRzJTIyJTNBJTVCJTdCJTIyYWlkJTIyJTNBJTIyMzY3MzIlMj[...]
Found : user_pref("CT2737658.CT2737658current_term.enc", "AA==");
Found : user_pref("CT2737658.CT2737658sdate.enc", "LTE=");
Found : user_pref("CT2737658.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2737658.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT2737658.FirstTime", "true");
Found : user_pref("CT2737658.FirstTimeFF3", "true");
Found : user_pref("CT2737658.LoginRevertSettingsEnabled", false);
Found : user_pref("CT2737658.PrintItGreenStatus.enc", "dHJ1ZQ==");
Found : user_pref("CT2737658.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpd[...]
Found : user_pref("CT2737658.RSSapp2737658a129531115111807042000000ReadItemsArr.enc", "JTdCJTIyaHR0cCUzQSUyR[...]
Found : user_pref("CT2737658.RSSapp2737658a129531115111807042000000cat0.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
Found : user_pref("CT2737658.RSSapp2737658a129531115111807042000000cat1.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
Found : user_pref("CT2737658.RSSapp2737658a129531115111807042000000cat2.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
Found : user_pref("CT2737658.RSSapp2737658a129531115111807042000000cat3.enc", "JTVCJTdCJTIydHlwZSUyMiUzQSUyM[...]
Found : user_pref("CT2737658.RSSapp2737658a129531115111807042000000embeddedVersion.enc", "Mi41LjA=");
Found : user_pref("CT2737658.RSSapp2737658a129531115111807042000000feedsObj.enc", "JTdCJTIyY2hhbm5lbHMlMjIlM[...]
Found : user_pref("CT2737658.RSSapp2737658a129531115111807042000000lastReportTime.enc", "MTM1MjkzODI2NjI2NSA[...]
Found : user_pref("CT2737658.RSSapp2737658a129531115111807042000000newFeeds.enc", "bmV3RmVlZHM=");
Found : user_pref("CT2737658.RevertSettingsEnabled", false);
Found : user_pref("CT2737658.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT273[...]
Found : user_pref("CT2737658.UserID", "UN83790193452216478");
Found : user_pref("CT2737658.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT2737658.autoDisableScopes", -1);
Found : user_pref("CT2737658.browser.search.defaultthis.engineName", true);
Found : user_pref("CT2737658.cbcountry_001.enc", "VVM=");
Found : user_pref("CT2737658.cbfirsttime.enc", "V2VkIE5vdiAxNCAyMDEyIDE3OjExOjE5IEdNVC0wNjAwIChDZW50cmFsIFN0[...]
Found : user_pref("CT2737658.defaultSearch", "true");
Found : user_pref("CT2737658.embeddedsData", "[{\"appId\":\"129258407936791975\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT2737658.enableAlerts", "always");
Found : user_pref("CT2737658.enableSearchFromAddressBar", "true");
Found : user_pref("CT2737658.firstTimeDialogOpened", "true");
Found : user_pref("CT2737658.fixPageNotFoundError", "true");
Found : user_pref("CT2737658.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT2737658.fixUrls", true);
Found : user_pref("CT2737658.hxxp___cdn_printitgreen_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPW5vLGhzY3JvbGw[...]
Found : user_pref("CT2737658.installId", "condui~1.exe");
Found : user_pref("CT2737658.installType", "conduitnsisintegration");
Found : user_pref("CT2737658.isCheckedStartAsHidden", true);
Found : user_pref("CT2737658.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2737658.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT2737658.isNewTabEnabled", true);
Found : user_pref("CT2737658.isPerformedSmartBarTransition", "true");
Found : user_pref("CT2737658.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT2737658.keyword", true);
Found : user_pref("CT2737658.migrateAppsAndComponents", true);
Found : user_pref("CT2737658.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"about%3Ablank\",\"EB_MAIN_FRA[...]
Found : user_pref("CT2737658.openThankYouPage", "false");
Found : user_pref("CT2737658.openUninstallPage", "true");
Found : user_pref("CT2737658.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Found : user_pref("CT2737658.price-gong.isManagedApp", "true");
Found : user_pref("CT2737658.revertSettingsEnabled", "false");
Found : user_pref("CT2737658.search.searchAppId", "129258407936791975");
Found : user_pref("CT2737658.search.searchCount", "0");
Found : user_pref("CT2737658.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT2737658.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT2737658.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT2737658.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT2737658.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT2737658.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT2737658.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT2737658.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT2737658.serviceLayer_services_app.twitter.user-cnet_lastUpdate", "1352937325551");
Found : user_pref("CT2737658.serviceLayer_services_app.twitter.user-cnnbrk_lastUpdate", "1352937324890");
Found : user_pref("CT2737658.serviceLayer_services_app.twitter.user-computeractive_lastUpdate", "13529373263[...]
Found : user_pref("CT2737658.serviceLayer_services_app.twitter.user-dailymirror_lastUpdate", "1352937324505"[...]
Found : user_pref("CT2737658.serviceLayer_services_app.twitter.user-google_lastUpdate", "1352937325787");
Found : user_pref("CT2737658.serviceLayer_services_app.twitter.user-techcrunch_lastUpdate", "1352937325248")[...]
Found : user_pref("CT2737658.serviceLayer_services_app.twitter.user-time_lastUpdate", "1352937324215");
Found : user_pref("CT2737658.serviceLayer_services_app.twitter.user-wired_lastUpdate", "1352937305762");
Found : user_pref("CT2737658.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1352934342896");
Found : user_pref("CT2737658.serviceLayer_services_appsMetadata_lastUpdate", "1352934344419");
Found : user_pref("CT2737658.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1352934379498");
Found : user_pref("CT2737658.serviceLayer_services_login_10.13.40.15_lastUpdate", "1352934797903");
Found : user_pref("CT2737658.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1352934379498");
Found : user_pref("CT2737658.serviceLayer_services_searchAPI_lastUpdate", "1352934292576");
Found : user_pref("CT2737658.serviceLayer_services_serviceMap_lastUpdate", "1352934276158");
Found : user_pref("CT2737658.serviceLayer_services_toolbarContextMenu_lastUpdate", "1352934379497");
Found : user_pref("CT2737658.serviceLayer_services_toolbarSettings_lastUpdate", "1352934285390");
Found : user_pref("CT2737658.serviceLayer_services_translation_lastUpdate", "1352934349608");
Found : user_pref("CT2737658.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Found : user_pref("CT2737658.serviceLayer_services_userApps_lastUpdate", "1352936682676");
Found : user_pref("CT2737658.settingsINI", true);
Found : user_pref("CT2737658.shouldFirstTimeDialog", "true");
Found : user_pref("CT2737658.smartbar.CTID", "CT2737658");
Found : user_pref("CT2737658.smartbar.Uninstall", "0");
Found : user_pref("CT2737658.smartbar.homepage", true);
Found : user_pref("CT2737658.smartbar.toolbarName", "FreeOnlineRadioPlayerRecorder ");
Found : user_pref("CT2737658.toolbarBornServerTime", "15-11-2012");
Found : user_pref("CT2737658.toolbarCurrentServerTime", "15-11-2012");
Found : user_pref("CT2737658_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=15651&fid=15317", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/?aid=909619&fid=905414", "\"0\""[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Found : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Found : user_pref("CommunityToolbar.EngineOwner", "");
Found : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.IsEngineShown", false);
Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Dashel R\\Applicat[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.16.0.3");
Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://freecorder.com/fc6/gadget/video.html", "-[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.applian.com/freecorder-gadget/loader.[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://freecorder.com/fc6/gadget/video.html", "833x2[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pricegong.conduitapps.com/v4//agreement/agree[...]
Found : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT1060933");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Sep 26 2011 19:43:54 GMT-05[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Sep 23 2012 17:42:12 GMT-0500 (Centr[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sun Sep 23 2012 17:26:15 GMT-0500 (Central D[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "5f4bb92c-6dcf-44c1-b1b7-574cca759a6f");
Found : user_pref("CommunityToolbar.globalUserId", "c1b6f757-ad69-4694-8cf2-6179ef09a0fc");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.killedEngine", true);
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Nov 28 2012 23:11:1[...]
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Wed Nov 28 2012 23:11:15 GMT-060[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Nov 28 2012 23:11:07 GMT-0600 (C[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "e80a712e-0c53-4d91-9ed9-2e61bf2cbccb");
Found : user_pref("CommunityToolbar.undefined", "");
Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT1055551&SearchSource=1[...]
Found : user_pref("Smartbar.ConduitSearchEngineList", "Best Security Tips Customized Web Search");
Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1055551[...]
Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.babylon.com/?affID=116216&tt=4512[...]
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT1055551");
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.newtab.url", "hxxp://newtab.certified-toolbar.com/nff?si=41460&tid=2937&new=true"[...]
Found : user_pref("browser.search.defaultengine", "Web Search");
Found : user_pref("browser.search.defaultenginename", "Funmoods");
Found : user_pref("browser.search.order.1", "Web Search");
Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT1055551&SearchSource=13&CUI[...]
Found : user_pref("extensions.BabylonToolbar.admin", false);
Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Found : user_pref("extensions.BabylonToolbar.id", "e8402048000000000000001111988017");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15654");
Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=[...]
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://isearch.babylon.com/?affID=116216&tt=4512[...]
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.820:10:09");
Found : user_pref("extensions.funmoods.aflt", "orgnl");
Found : user_pref("extensions.funmoods.autoRvrt", false);
Found : user_pref("extensions.funmoods.cntry", "US");
Found : user_pref("extensions.funmoods.cv", "cv5");
Found : user_pref("extensions.funmoods.dfltLng", "");
Found : user_pref("extensions.funmoods.dfltSrch", true);
Found : user_pref("extensions.funmoods.dnsErr", true);
Found : user_pref("extensions.funmoods.envrmnt", "production");
Found : user_pref("extensions.funmoods.excTlbr", false);
Found : user_pref("extensions.funmoods.hdrMd5", "F2219BE90D1DCC832AA10491EF0CC360");
Found : user_pref("extensions.funmoods.hmpg", true);
Found : user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=orgnl&chnl=&cd=2XzuyEtN2Y[...]
Found : user_pref("extensions.funmoods.id", "0011119880172048");
Found : user_pref("extensions.funmoods.instlDay", "15673");
Found : user_pref("extensions.funmoods.instlRef", "");
Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Found : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2216:19:32");
Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Found : user_pref("extensions.funmoods.newTab", true);
Found : user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=orgnl&chnl=&cd=2XzuyEtN[...]
Found : user_pref("extensions.funmoods.prdct", "funmoods");
Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods.sg", "none");
Found : user_pref("extensions.funmoods.smplGrp", "none");
Found : user_pref("extensions.funmoods.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods.tlbrId", "base");
Found : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=orgnl&chnl=&cd=2XzuyE[...]
Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Found : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2216:19:32");
Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2216:19:32");
Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1055551&SearchSource=2&q=[...]
Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT2737658&SearchSource=13[...]
Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Found : user_pref("smartbar.originalHomepage", "hxxp://isearch.babylon.com/?affID=116216&tt=4512_6&babsrc=HP[...]
Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.babylon.com/?affID=116216&tt=4512_6&b[...]

*************************

AdwCleaner[R1].txt - [55971 octets] - [10/12/2012 09:29:59]

########## EOF - C:\AdwCleaner[R1].txt - [56032 octets] ##########


But, I also ran TrojanKiller again after all of these, and here's those results:


Trojan Killer v.2.1.4.0
Report file date: 12/13/2012 2:35:05 AM

Scanning for 554672 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Microsoft Windows XP (version 5.1)
Username: Dashel R
Computer name: NO1

Starting the file scan:

Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----- c:\program files\dell photo aio printer 922\dlbtbmgr.exe ---- Startup
Unknown
Dell Photo AIO Printer 922
MD5: DB3F27C3B733AD71C85C33971CFDEC67:290816
FUZ: 3072:msHeNMDAuD3or+r9hEWr9hE5snPKNtxr9hEKnPKNtRr9hEanPKNtsCWEiTG:m+e2DFZ9ZhyN/ZRyNPZhyNW5E
RIC: A67DEB49F34476F4802F75764AD56E51:29728
RFH: 384:8oTHIXjX5ZLrn0o5Ga59IvHrKneNqj7AeED:8oTIXjX5ZLrn0Kh59IvLrYvp
EP: 55 8B EC 6A FF 68 90 61 40 00 68 D4 2B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 AC 60 40 00 33 D2 8A D4 89 15 D4 9F 40 00 8B C8 81 E1 FF 00 00 00 89 0D D0
SEC:
.text:60000020:608728DB4E9A0F7542306B29D3242BF6:20480
.rdata:40000040:74DE8F692D0D76EF9A7D2E3962E6525E:4096
.data:C0000040:D2D4845258D4F1038A45A16391BD4605:12288
.rsrc:40000040:F9C93E20EC2734AF0FB183CB0B43C658:249856


----- HKLM\SOFTWARE\Microsoft\ESENT\Process\Install ---- Registry
Rogue.HomeAntivirus2010


----- HKLM\SOFTWARE\Microsoft\ESENT\Process\Install\DEBUG ---- Registry
Rogue.HomeAntivirus2010


----- C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\dw.log ---- General
Spy.Trace
MD5: 456058A450FC62809E2BA8B5792F3409:650
FUZ: 12:q/VkOVNnBVNSVNmrVNN9VNnx+VNl+VNC+VN0+VN/VeR+Vs:KVfVQVCVVViVqVfVVVGR+Vs
EP: 00
SEC:


----- HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} ---- Registry
AdWare.ISearch


----- C:\WINDOWS\system32\secushr.dat ---- General
Malware.Trace
MD5: 9E57651AB4DCE305A848BECA8675C0A2:598
FUZ: 12:8UVyFgV6yLxsAB0H4zwqIpyguLPFgnN0W/LAR/AeOu2hQVgQKZmmG6wH7n:TQc6yLFBVzfyywnGAmoeOu2hQKL3JAn
EP: 00
SEC:


----- C:\WINDOWS\System32\mpg4c32.dll ---- General
not-a-virus.RiskTool.Win32.Disabler
ProdVer: 4.1.00.3927
FileVer: 4.1.00.3927
Name : Microsoft MPEG-4 Video Codec
Company: Microsoft Corporation
NAC: 107A27059D4E525FA3DA1C630B7DCF15:49
MD5: 016BE824802F3869A7DA2F2B6329B563:413760
FUZ: 6144:I08QUDyW/Z7CJtPkXK7o1yBDc8My7hFMMhmny7jdJXRRmRdl:YxsLOcpcyzD4yf/RRm3
EP: 53 55 56 8B 74 24 14 85 F6 57 B8 01 00 00 00 75 13 8B 0D 54 38 26 1C 85 C9 75 09 33 C0 5F 5E 5D 5B C2 0C 00 8B 7C 24 1C 8B 5C 24 14 83 FE 01 74 05 83 FE 02 75 28 8B 0D 5C E5 2A 1C 85 C9 74 05 57
SEC:
.text:60000020:0A0E5547E55B644E721814AB9C213E3A:232960
.data:C0000040:64F2F1EA39CC5860E40F8D34852E3B31:164352
.rsrc:40000040:AB80CE22AA27A046045E5DAD236A7F61:2560
.reloc:42000040:1A39DAC04F496C079D6178211B77CE12:10752


----- C:\Program Files\Free Audio Editor\ConduitInstaller.exe ---- General
Trojan.Win32.HighRisk
ProdVer:
FileVer: 5.5.0.13
Company: Conduit
NAC: 2B527A1E021684107CEE797A5A85F86B:7
MD5: 34E4DA7E4D32B4DC5153D1CEDB6E5F08:210816
FUZ: 6144:Ie34/dZdazTH6N0tkl3KKJDvQQ9+AAD6aO5Z:g7dafO0Md2eaO5Z
RIC: F00E9D9F29BAD0B3F02CCF494A4F3A1F:744
EP: 81 EC 80 01 00 00 53 55 56 33 DB 57 89 5C 24 18 C7 44 24 10 60 91 40 00 33 F6 C6 44 24 14 20 FF 15 30 70 40 00 68 01 80 00 00 FF 15 B0 70 40 00 53 FF 15 7C 72 40 00 6A 08 A3 18 EC 42 00 E8 F1 2B
SEC:
.text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24064
.rdata:40000040:DC77F8A1E6985A4361C55642680DDB4F:5120
.data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:42620DDD732650C1AD460CE48007F436:3072


Scan completed

Scan result: 8 detected items
Scan completed in: Scan completed in 3 hour(s) 14 min. 16 sec.
Files were scanned: 15649

#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:12 AM

Posted 14 December 2012 - 11:58 AM

For your Added security, please get the latest version of the Adobe Reader.
http://get.adobe.com/reader/
Before your download I suggest you unckeck the box on the top right "Yes, install McAfee Security Scan Plus - optional" this is not required if you are not a McAfee subscriber. While the installation is in progress you can also deny the installation of any other programs that may be suggested.

When installed remove your old version of the Reader using the Add/Remove Programs applet if present.

===

Remove the AdWare, PUP (Potentially Unwanted Program) installed on your computer.

  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that log file with your next answer.
  • You can find the log file at C:\AdwCleaner[Sn].txt (n is a number)..

Please post the log and let me know if the problem persists.

#7 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:12 PM

Posted 17 December 2012 - 03:25 PM

Here's ADWCleaner:

# AdwCleaner v2.101 - Logfile created 12/17/2012 at 08:49:45
# Updated 16/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Dashel R - NO1
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Dashel R\My Documents\Downloads\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\Dashel R\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\Dashel R\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\Dashel R\Local Settings\Application Data\Freecorder
Folder Deleted : C:\Documents and Settings\Dashel R\Start Menu\Programs\Freecorder
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Freecorder
Folder Deleted : C:\Program Files\Viewpoint
Folder Deleted : C:\WINDOWS\Freecorder

***** [Registry] *****

Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\Freecorder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F8E88598-7C3E-486E-B892-73C81D9F440D}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1060933
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\Freecorder
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{7F836093-02BC-4580-BFE7-60E4938EBFE0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ADBBFE1E-9247-4DA8-BC59-D3CB54F411E9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1392B8D2-5C05-419F-A8F6-B9F15A596612}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F8E88598-7C3E-486E-B892-73C81D9F440D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Freecorder Toolbar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{1392B8D2-5C05-419F-A8F6-B9F15A596612}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (en-US)

Profile name : default
File : C:\Documents and Settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\prefs.js

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [56102 octets] - [10/12/2012 09:29:59]
AdwCleaner[R3].txt - [2207 octets] - [14/12/2012 19:53:22]
AdwCleaner[R4].txt - [5745 octets] - [17/12/2012 08:49:24]
AdwCleaner[S1].txt - [56895 octets] - [10/12/2012 09:31:47]
AdwCleaner[S2].txt - [2303 octets] - [14/12/2012 19:54:44]
AdwCleaner[S3].txt - [5074 octets] - [17/12/2012 08:49:45]

########## EOF - C:\AdwCleaner[S3].txt - [5134 octets] ##########

TrojanKiller is still showing these things, though:


Trojan Killer v.2.1.4.0
Report file date: 12/17/2012 8:59:10 AM

Scanning for 554672 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Microsoft Windows XP (version 5.1)
Username: Dashel R
Computer name: NO1

Starting the file scan:

Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----- c:\program files\dell photo aio printer 922\dlbtbmgr.exe ---- Startup
Unknown
Dell Photo AIO Printer 922
MD5: DB3F27C3B733AD71C85C33971CFDEC67:290816
FUZ: 3072:msHeNMDAuD3or+r9hEWr9hE5snPKNtxr9hEKnPKNtRr9hEanPKNtsCWEiTG:m+e2DFZ9ZhyN/ZRyNPZhyNW5E
RIC: A67DEB49F34476F4802F75764AD56E51:29728
RFH: 384:8oTHIXjX5ZLrn0o5Ga59IvHrKneNqj7AeED:8oTIXjX5ZLrn0Kh59IvLrYvp
EP: 55 8B EC 6A FF 68 90 61 40 00 68 D4 2B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 AC 60 40 00 33 D2 8A D4 89 15 D4 9F 40 00 8B C8 81 E1 FF 00 00 00 89 0D D0
SEC:
.text:60000020:608728DB4E9A0F7542306B29D3242BF6:20480
.rdata:40000040:74DE8F692D0D76EF9A7D2E3962E6525E:4096
.data:C0000040:D2D4845258D4F1038A45A16391BD4605:12288
.rsrc:40000040:F9C93E20EC2734AF0FB183CB0B43C658:249856


----- HKLM\SOFTWARE\Microsoft\ESENT\Process\Install ---- Registry
Rogue.HomeAntivirus2010


----- HKLM\SOFTWARE\Microsoft\ESENT\Process\Install\DEBUG ---- Registry
Rogue.HomeAntivirus2010


----- C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\dw.log ---- General
Spy.Trace
MD5: CEE8986E3852608595EC3F5519554178:195
FUZ: 6:qox0uACuXYcVNjUG0uACuXYcVNn/glkuACuXYcVs:qox+VNjz+VNn/glOVs
EP: 00
SEC:


----- HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} ---- Registry
AdWare.ISearch


----- C:\WINDOWS\system32\secushr.dat ---- General
Malware.Trace
MD5: 9E57651AB4DCE305A848BECA8675C0A2:598
FUZ: 12:8UVyFgV6yLxsAB0H4zwqIpyguLPFgnN0W/LAR/AeOu2hQVgQKZmmG6wH7n:TQc6yLFBVzfyywnGAmoeOu2hQKL3JAn
EP: 00
SEC:


----- C:\WINDOWS\System32\mpg4c32.dll ---- General
not-a-virus.RiskTool.Win32.Disabler
ProdVer: 4.1.00.3927
FileVer: 4.1.00.3927
Name : Microsoft MPEG-4 Video Codec
Company: Microsoft Corporation
NAC: 107A27059D4E525FA3DA1C630B7DCF15:49
MD5: 016BE824802F3869A7DA2F2B6329B563:413760
FUZ: 6144:I08QUDyW/Z7CJtPkXK7o1yBDc8My7hFMMhmny7jdJXRRmRdl:YxsLOcpcyzD4yf/RRm3
EP: 53 55 56 8B 74 24 14 85 F6 57 B8 01 00 00 00 75 13 8B 0D 54 38 26 1C 85 C9 75 09 33 C0 5F 5E 5D 5B C2 0C 00 8B 7C 24 1C 8B 5C 24 14 83 FE 01 74 05 83 FE 02 75 28 8B 0D 5C E5 2A 1C 85 C9 74 05 57
SEC:
.text:60000020:0A0E5547E55B644E721814AB9C213E3A:232960
.data:C0000040:64F2F1EA39CC5860E40F8D34852E3B31:164352
.rsrc:40000040:AB80CE22AA27A046045E5DAD236A7F61:2560
.reloc:42000040:1A39DAC04F496C079D6178211B77CE12:10752


----- C:\Documents and Settings\Dashel R\Local Settings\temp\ct2737658\statisticsStub.exe ---- General
Trojan.Win32.HighRisk
ProdVer:
FileVer: 2.0.0.0
Company: Conduit
NAC: 2B527A1E021684107CEE797A5A85F86B:7
MD5: 38D13DFC123FA0A5DDA3ED8D33AFAA89:203656
FUZ: 6144:aFJ0uXZdazTH6N0tkl3KKJDvQQ9+AAD6aOEU:opdafO0Md2eaOEU
RIC: F00E9D9F29BAD0B3F02CCF494A4F3A1F:744
EP: 81 EC 80 01 00 00 53 55 56 33 DB 57 89 5C 24 18 C7 44 24 10 60 91 40 00 33 F6 C6 44 24 14 20 FF 15 30 70 40 00 68 01 80 00 00 FF 15 B0 70 40 00 53 FF 15 7C 72 40 00 6A 08 A3 18 1C 45 00 E8 F1 2B
SEC:
.text:60000020:C52A72DEB0170941D392EC38C6AEAFD0:24064
.rdata:40000040:DC77F8A1E6985A4361C55642680DDB4F:5120
.data:C0000040:723AD80DF002DC5421798F4307ABE5CF:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:98CE8753F8DA74891EF14D3F04E060A8:3072


----- C:\Documents and Settings\Dashel R\Local Settings\temp\nsu12.tmp\System.dll ---- General
Trojan.Win32.Inject
MD5: 0AE9C427FE7BBBBF1368C1C6D3933AE7:10752
FUZ: 96:vCCshwlpqUsYghN/9uvZ7CLWNCSiiVTQYBGVXRvuBDlSriklbuba1iLc+cEyzo7e:BzqUuh/uLCXIkYBGV9uVlSblbubbwtl
EP: 8B 44 24 04 83 7C 24 08 01 A3 28 40 00 10 75 3B 68 2C 40 00 10 6A 40 6A 04 68 3C 40 00 10 FF 15 3C 30 00 10 33 C0 C6 05 3C 40 00 10 C2 A3 2C 40 00 10 A3 34 40 00 10 A3 4C 40 00 10 A3 38 40 00 10
SEC:
.text:60000020:604D1CE07D681D1E3BFFB3E214E76399:7680
.rdata:40000040:355AB277B5EB9D99413DAA79EFB1B95D:1024
.data:C0000040:7EFC083F629FC33C21EA4CE53753EE7C:512
.reloc:42000040:2DA1CD6CFF73629430BB64E0C5356A40:512


----- C:\Program Files\Free Audio Editor\ConduitInstaller.exe ---- General
Trojan.Win32.HighRisk
ProdVer:
FileVer: 5.5.0.13
Company: Conduit
NAC: 2B527A1E021684107CEE797A5A85F86B:7
MD5: 34E4DA7E4D32B4DC5153D1CEDB6E5F08:210816
FUZ: 6144:Ie34/dZdazTH6N0tkl3KKJDvQQ9+AAD6aO5Z:g7dafO0Md2eaO5Z
RIC: F00E9D9F29BAD0B3F02CCF494A4F3A1F:744
EP: 81 EC 80 01 00 00 53 55 56 33 DB 57 89 5C 24 18 C7 44 24 10 60 91 40 00 33 F6 C6 44 24 14 20 FF 15 30 70 40 00 68 01 80 00 00 FF 15 B0 70 40 00 53 FF 15 7C 72 40 00 6A 08 A3 18 EC 42 00 E8 F1 2B
SEC:
.text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24064
.rdata:40000040:DC77F8A1E6985A4361C55642680DDB4F:5120
.data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:42620DDD732650C1AD460CE48007F436:3072


Scan completed

Scan result: 10 detected items
Scan completed in: Scan completed in 3 hour(s) 12 min. 16 sec.
Files were scanned: 15504

#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:12 AM

Posted 18 December 2012 - 09:48 AM

----- c:\program files\dell photo aio printer 922\dlbtbmgr.exe ---- Startup
Unknown.
Dell Photo AIO Printer 922

This is required for your printer.

===

----- C:\WINDOWS\System32\mpg4c32.dll ---- General
not-a-virus.RiskTool.Win32.Disabler
ProdVer: 4.1.00.3927
FileVer: 4.1.00.3927
Name : Microsoft MPEG-4 Video Codec
Company: Microsoft Corporation

Not a problem.
+++

Before removing or modifying this registry key HKLM\SOFTWARE\Microsoft\ESENT\Process\Install I need more information.

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :reg
    HKLM\SOFTWARE\Microsoft\ESENT\Process\Install /sub

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

Open notepad and copy/paste the text in the quote box below into it:

File::
C:\DOCUME~1\DASHEL~1\LOCALS~1\Temp\dw.log
C:\Program Files\Free Audio Editor\ConduitInstaller.exe
C:\WINDOWS\system32\secushr.dat

Folder::
C:\Documents and Settings\Dashel R\Local Settings\temp\nsu12.tmp
C:\Documents and Settings\Dashel R\Local Settings\temp\ct2737658

Registry::
[-HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF}]


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Please post the logs for my review.

#9 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:12 PM

Posted 18 December 2012 - 01:00 PM

Here you are:

SystemLook 30.07.11 by jpshortstuff
Log created at 09:53 on 18/12/2012 by Dashel R
Administrator - Elevation successful

========== reg ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Install]
(No values found)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Install\DEBUG]
"Trace Level"=""


-= EOF =-

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:12 AM

Posted 18 December 2012 - 02:07 PM

Open notepad and copy/paste the text in the quote box below into it:

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Install]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ESENT\Process\Install\DEBUG]


Save this as CFScript.txt on your desktop.

Posted Image

Referring to the picture above, drag CFScript into ComboFix.exe
Then post the resultant log.

Let me know what problem persists.

#11 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:12 PM

Posted 18 December 2012 - 04:32 PM

Here you are:

ComboFix 12-12-17.02 - Dashel R 12/18/2012 12:53:54.5.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.267 [GMT -6:00]
Running from: c:\documents and settings\Dashel R\My Documents\Downloads\ComboFix.exe
Command switches used :: c:\documents and settings\Dashel R\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
FILE ::
"c:\docume~1\DASHEL~1\LOCALS~1\Temp\dw.log"
"c:\program files\Free Audio Editor\ConduitInstaller.exe"
"c:\windows\system32\secushr.dat"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Dashel R\Local Settings\temp\ct2737658
c:\documents and settings\Dashel R\Local Settings\temp\ct2737658\statisticsStub.exe
c:\documents and settings\Dashel R\Local Settings\temp\nsu12.tmp
c:\documents and settings\Dashel R\Local Settings\temp\nsu12.tmp\System.dll
c:\documents and settings\Dashel R\Local Settings\temp\nsu12.tmp\uninstaller.ini
c:\windows\system32\KGyGaAvL.sys
.
.
((((((((((((((((((((((((( Files Created from 2012-11-18 to 2012-12-18 )))))))))))))))))))))))))))))))
.
.
2012-12-18 16:06 . 2012-12-18 16:06 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD8CDC12-CA75-47B3-BCE2-B0EE379A2CE1}\MpKslb9b8d8d6.sys
2012-12-17 18:15 . 2012-12-17 18:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2012-12-17 18:14 . 2012-12-17 18:15 -------- d-----w- c:\program files\Viewpoint
2012-12-15 05:14 . 2012-12-16 08:39 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD8CDC12-CA75-47B3-BCE2-B0EE379A2CE1}\offreg.dll
2012-12-15 02:35 . 2012-12-15 03:17 -------- d-----w- C:\Download
2012-12-13 23:48 . 2012-12-13 23:48 -------- d-----w- c:\documents and settings\Dashel R\Application Data\All Free Video Joiner
2012-12-13 23:48 . 2012-12-14 02:39 -------- d-----w- c:\program files\All Free Video Joiner
2012-12-13 01:32 . 2012-12-13 01:32 -------- d-----w- c:\documents and settings\Dashel R\Local Settings\Application Data\Deshaker
2012-12-12 18:17 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD8CDC12-CA75-47B3-BCE2-B0EE379A2CE1}\mpengine.dll
2012-12-10 18:09 . 2012-12-11 18:08 86016 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-10 18:09 . 2012-12-11 18:08 262144 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-10 05:44 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-12-10 00:30 . 2012-12-10 00:30 -------- d-----w- C:\Install iTunes
2012-12-10 00:30 . 2012-12-10 00:30 -------- d-----w- C:\Install ICQ
2012-12-10 00:30 . 2012-12-10 00:30 -------- d-----w- C:\AOL Instant Messenger
2012-12-10 00:30 . 2012-12-10 00:30 -------- d-----w- C:\MAV
2012-12-10 00:28 . 2012-12-18 00:27 -------- d-----w- c:\program files\America Online 9.0c
2012-12-09 17:11 . 2012-12-09 17:11 -------- d-----w- c:\documents and settings\Dashel R\Application Data\jah
2012-12-08 03:55 . 2012-12-14 14:08 -------- d-----w- c:\documents and settings\Dashel R\Application Data\BITS
2012-12-08 03:54 . 2012-12-08 03:54 -------- d-----w- c:\program files\FlashGet Network
2012-12-08 01:47 . 2012-12-08 01:47 -------- d-----w- c:\documents and settings\Dashel R\Local Settings\Application Data\PutLockerDownloader
2012-12-04 21:53 . 2012-12-08 02:06 -------- d-----w- c:\documents and settings\Dashel R\Downloads
2012-11-27 05:18 . 2012-11-28 16:50 -------- d--h--w- c:\program files\InstallJammer Registry
2012-11-26 23:47 . 2012-11-26 23:48 -------- d-----w- c:\documents and settings\Dashel R\Local Settings\Application Data\Deployment
2012-11-26 23:40 . 2012-11-27 23:14 -------- d-----w- c:\program files\Movie Subtitles Searcher
2012-11-26 19:34 . 2012-08-30 09:01 15432 ----a-w- c:\windows\Launcher.exe
2012-11-26 19:32 . 2012-11-29 00:12 -------- d-----w- c:\documents and settings\Dashel R\Local Settings\Application Data\DownTango
2012-11-25 05:28 . 2012-11-25 05:44 -------- d-----w- C:\tmp
2012-11-24 22:35 . 2012-11-24 22:35 -------- d-----w- c:\documents and settings\Dashel R\Application Data\Blender Foundation
2012-11-24 22:26 . 2012-11-24 22:26 -------- d-----w- c:\documents and settings\Dashel R\.thumbnails
2012-11-20 05:16 . 2012-12-05 18:50 -------- d-----w- C:\FFOutput
2012-11-20 04:53 . 2012-11-20 04:53 -------- d-----w- c:\program files\FreeTime
2012-11-18 20:02 . 2012-11-18 20:02 -------- d-----w- c:\documents and settings\Dashel R\Application Data\Import Audio from Video
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 00:51 . 2012-09-26 16:00 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-13 00:51 . 2011-05-19 23:55 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25 . 2008-04-14 06:00 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-11-06 00:41 . 2008-04-14 10:39 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-11-02 02:02 . 2008-04-14 10:41 375296 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 12:17 . 2008-04-14 10:42 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-01 12:17 . 2008-04-14 10:42 916992 ----a-w- c:\windows\system32\wininet.dll
2012-11-01 12:17 . 2008-04-14 10:41 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-11-01 00:35 . 2008-04-14 05:07 385024 ----a-w- c:\windows\system32\html.iec
2012-10-02 18:04 . 2008-04-14 10:42 58368 ----a-w- c:\windows\system32\synceng.dll
2012-09-30 01:54 . 2012-06-10 00:59 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-27 20:33 . 2012-09-27 20:33 14986 ----a-w- C:\FixitRegBackup.reg
2012-09-25 04:16 . 2012-10-17 02:55 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-09-21 20:59 . 2012-09-21 21:05 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-21 20:59 . 2010-07-18 23:32 746984 ----a-w- c:\windows\system32\deployJava1.dll
2005-06-01 18:14 . 2005-06-01 18:09 823296 -c--a-w- c:\program files\winmx353.exe
2005-05-20 09:16 . 2005-05-20 09:15 4354084 -c--a-w- c:\program files\spybotsd13.exe
2005-05-20 09:04 . 2005-05-14 23:58 37700 -c--a-w- c:\program files\PopUpStopperFree.exe
2005-05-12 21:47 . 2005-05-12 21:47 3149616 -c--a-w- c:\program files\dap74.exe
2005-05-04 01:59 . 2005-05-04 01:36 6179507 -c--a-w- c:\program files\4UWMAMP3Converter.exe
2004-12-30 20:08 . 2004-12-30 20:08 7741336 -c--a-w- c:\program files\DivX521XP2K.exe
2012-12-05 21:56 . 2012-12-05 21:52 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB2509553\SP3QFE\tcpip.sys
[7] 2008-06-20 . AD978A1B783B5719720CFF204B666C8E . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\ERDNT\cache\tcpip.sys
[7] 2008-06-20 . 9AEFA14BD6B182D61E3119FA5F436D3D . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DLLCACHE\tcpip.sys
[-] 2008-06-20 . 4AFB3B0919649F95C1964AA1FAD27D73 . 361600 . . [5.1.2600.5625] . . c:\windows\SYSTEM32\DRIVERS\tcpip.sys
[-] 2008-06-20 . 744E57C99232201AE98C49168B918F48 . 360960 . . [5.1.2600.3394] . . c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[-] 2008-04-14 . 93EA8D04EC73A85DB02EB8805988F733 . 361344 . . [5.1.2600.5512] . . c:\windows\$NtUninstallKB2509553$\tcpip.sys
[-] 2007-10-30 . 90CAFF4B094573449A0872A0F919B178 . 360064 . . [5.1.2600.3244] . . c:\windows\$NtUninstallKB951748_0$\tcpip.sys
[-] 2007-10-30 . 64798ECFA43D78C7178375FCDD16D8C8 . 360832 . . [5.1.2600.3244] . . c:\windows\$hf_mig$\KB941644\SP2QFE\tcpip.sys
[-] 2006-04-20 . B2220C618B42A2212A59D91EBD6FC4B4 . 360576 . . [5.1.2600.2892] . . c:\windows\$hf_mig$\KB917953\SP2QFE\tcpip.sys
[-] 2006-04-20 . 1DBF125862891817F374F407626967F4 . 359808 . . [5.1.2600.2892] . . c:\windows\$NtUninstallKB941644$\tcpip.sys
[-] 2006-01-13 . 5562CC0A47B2AEF06D3417B733F3C195 . 360448 . . [5.1.2600.2827] . . c:\windows\$hf_mig$\KB913446\SP2QFE\tcpip.sys
[-] 2006-01-13 . 583E063FDC888CA30D05C2724B0D7EF4 . 359808 . . [5.1.2600.2827] . . c:\windows\$NtUninstallKB917953$\tcpip.sys
[-] 2005-05-25 . 63FDFEA54EB53DE2D863EE454937CE1E . 359936 . . [5.1.2600.2685] . . c:\windows\$hf_mig$\KB893066\SP2QFE\tcpip.sys
[-] 2005-05-25 . 88763A98A4C26C409741B4AA162720C9 . 359808 . . [5.1.2600.2685] . . c:\windows\$NtUninstallKB913446$\tcpip.sys
[-] 2004-08-04 . 9F4B36614A0FC234525BA224957DE55C . 359040 . . [5.1.2600.2180] . . c:\windows\$NtUninstallKB893066$\tcpip.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SandboxieControl"="c:\program files\Sandboxie\SbieCtrl.exe" [2012-02-06 451856]
"AOL Fast Start"="c:\program files\America Online 9.0c\AOL.EXE" [2005-07-12 50776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="c:\windows\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-12 44032]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-11-16 127035]
"SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-06-30 1388544]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-11 417792]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-24 926896]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-04 44544]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=c:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^America Online 9.0 Tray Icon.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk
backup=c:\windows\pss\America Online 9.0 Tray Icon.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^Dashel R^Start Menu^Programs^Startup^Seagate NA05YTFH Product Registration.lnk]
path=c:\documents and settings\Dashel R\Start Menu\Programs\Startup\Seagate NA05YTFH Product Registration.lnk
backup=c:\windows\pss\Seagate NA05YTFH Product Registration.lnkStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Absolute StartUp monitor]
2005-04-06 17:14 163840 ----a-w- c:\program files\F-Group\Absolute StartUp\ASMon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Fast Start]
2005-07-12 12:17 50776 ----a-w- c:\program files\America Online 9.0c\aol.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOLDialer]
2010-07-13 20:40 70720 ----a-r- c:\program files\Common Files\AOL\ACS\AOLDial.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ArcSoft Connection Service]
2010-10-28 01:17 207424 ----a-w- c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dscactivate]
2007-11-15 15:24 16384 ----a-w- c:\program files\Dell Support Center\gs_agent\custom\dsca.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Fraps]
2012-08-30 13:47 2369720 ----a-w- c:\documents and settings\Dashel R\My Documents\download\daoshelr\fraps.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HostManager]
2010-03-08 07:27 41800 ----a-w- c:\program files\Common Files\AOL\1340131474\EE\aolsoftware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2009-11-12 22:33 141600 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo AutoSync]
2011-05-04 23:40 144608 ----a-w- c:\program files\Memeo\AutoSync\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Memeo Backup Premium]
2011-05-04 21:16 136416 ----a-w- c:\program files\Memeo\AutoBackupPro\MemeoLauncher2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ------w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2009-11-11 05:08 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seagate Dashboard]
2011-06-01 16:42 79112 ----a-w- c:\program files\Seagate\Seagate Dashboard\MemeoLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Weather]
2004-09-09 23:35 1597440 ----a-w- c:\program files\AWS\WeatherBug\Weather.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MemeoBackgroundService"=2 (0x2)
"iPod Service"=3 (0x3)
"gusvc"=3 (0x3)
"gupdatem"=3 (0x3)
"gupdate"=2 (0x2)
"Apple Mobile Device"=2 (0x2)
"ACDaemon"=2 (0x2)
"0096561348771546mcinstcleanup"=2 (0x2)
"Bonjour Service"=2 (0x2)
"AOL TopSpeedMonitor"=2 (0x2)
"AOL ACS"=2 (0x2)
"ImapiService"=3 (0x3)
"SeagateDashboardService"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Messenger\\MSMSGS.EXE"=
"c:\\Program Files\\Nes_Snes\\zsnesw.exe"=
"c:\\Program Files\\America Online 9.0a\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AolCoach\\en_en\\player\\AOLNySEV.exe"=
"c:\\Program Files\\AIM\\aim.exe"=
"c:\\WINDOWS\\SYSTEM32\\DPVSETUP.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\SYSTEM32\\dplaysvr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\Dashel R\\My Documents\\Downloads\\vbaserver.exe"=
"c:\\Documents and Settings\\Dashel R\\My Documents\\Downloads\\VisualBoyAdvance.exe"=
"c:\\Program Files\\GBA EMU\\VisualBoyAdvance.exe"=
"c:\\Documents and Settings\\Dashel R\\Desktop\\Games\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\Seagate\\Seagate Dashboard\\HipServAgent\\HipServAgent.exe"=
"c:\\Program Files\\America Online 9.0c\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\1340131474\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
.
R1 MpKslb9b8d8d6;MpKslb9b8d8d6;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{DD8CDC12-CA75-47B3-BCE2-B0EE379A2CE1}\MpKslb9b8d8d6.sys [12/18/2012 10:06 AM 29904]
R2 {09BB444F-B2E2-4009-BAF2-7B727681223E};BuddyVM;c:\program files\VMLaunch\BuddyVM.sys [10/5/2004 10:40 AM 15872]
S0 44135994;44135994;c:\windows\system32\drivers\68351647.sys --> c:\windows\system32\drivers\68351647.sys [?]
S0 ptnnyj;ptnnyj;c:\windows\system32\drivers\ftljtywn.sys --> c:\windows\system32\drivers\ftljtywn.sys [?]
S3 CCCP106;CIF USB Camera (2110A);c:\windows\system32\DRIVERS\cccp106.sys --> c:\windows\system32\DRIVERS\cccp106.sys [?]
S3 mfeavfk06;McAfee Inc.;\Device\mfeavfk06.sys --> \Device\mfeavfk06.sys [?]
S3 mfebopk26;McAfee Inc.;\Device\mfebopk26.sys --> \Device\mfebopk26.sys [?]
S3 WsAudio_DeviceS(1);WsAudio_DeviceS(1);c:\windows\SYSTEM32\DRIVERS\WsAudio_DeviceS(1).sys [3/7/2011 3:38 PM 25704]
S3 WsAudio_DeviceS(2);WsAudio_DeviceS(2);c:\windows\SYSTEM32\DRIVERS\WsAudio_DeviceS(2).sys [3/7/2011 3:41 PM 25704]
S3 WsAudio_DeviceS(3);WsAudio_DeviceS(3);c:\windows\SYSTEM32\DRIVERS\WsAudio_DeviceS(3).sys [3/7/2011 3:42 PM 25704]
S3 WsAudio_DeviceS(4);WsAudio_DeviceS(4);c:\windows\SYSTEM32\DRIVERS\WsAudio_DeviceS(4).sys [3/7/2011 3:42 PM 25704]
S3 WsAudio_DeviceS(5);WsAudio_DeviceS(5);c:\windows\SYSTEM32\DRIVERS\WsAudio_DeviceS(5).sys [3/7/2011 3:43 PM 25704]
S4 0096561348771546mcinstcleanup;McAfee Application Installer Cleanup (0096561348771546);c:\docume~1\DASHEL~1\LOCALS~1\Temp\009656~1.EXE -cleanup -nolog --> c:\docume~1\DASHEL~1\LOCALS~1\Temp\009656~1.EXE -cleanup -nolog [?]
S4 MemeoBackgroundService;MemeoBackgroundService;c:\program files\Memeo\AutoBackupPro\MemeoBackgroundService.exe [5/4/2011 3:16 PM 25824]
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-26 00:51]
.
2012-12-12 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
2012-12-18 c:\windows\Tasks\ExpressZipDowngrade.job
- c:\program files\NCH Software\ExpressZip\expresszip.exe [2012-12-03 17:07]
.
2012-12-18 c:\windows\Tasks\ExpressZipReminder.job
- c:\program files\NCH Software\ExpressZip\expresszip.exe [2012-12-03 17:07]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:12]
.
2012-12-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-18 22:12]
.
2012-12-18 c:\windows\Tasks\Microsoft Antimalware Scheduled Scan.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
2012-12-18 c:\windows\Tasks\MpIdleTask.job
- c:\program files\Microsoft Security Client\MpCmdRun.exe [2012-09-12 22:25]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uDefault_Search_URL = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mSearch Bar = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AIM Search - c:\program files\AIM Toolbar\AIMBar.dll/aimsearch.htm
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
Trusted Zone: YouTube.com
FF - ProfilePath - c:\documents and settings\Dashel R\Application Data\Mozilla\Firefox\Profiles\abg9ebcp.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
MSConfigStartUp-FlashGet 3 - c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
MSConfigStartUp-Freecorder FLV Service - c:\program files\Freecorder\FLVSrvc.exe
AddRemove-Freecorder4.1 - c:\windows\Freecorder\uninstall.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-12-18 13:12
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-329806685-2581723038-1583669757-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2012-12-18 13:20:45
ComboFix-quarantined-files.txt 2012-12-18 19:20
ComboFix2.txt 2012-12-10 05:39
ComboFix3.txt 2012-10-11 00:16
ComboFix4.txt 2012-09-17 03:01
.
Pre-Run: 22,028,374,016 bytes free
Post-Run: 22,214,742,016 bytes free
.
- - End Of File - - 1F0FD34C15DDA5AD28854FD152B2C6B6

#12 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:12 PM

Posted 18 December 2012 - 06:25 PM

And here is the TrojanKiller done after ComboFix now:


Trojan Killer v.2.1.4.0
Report file date: 12/18/2012 1:38:38 PM

Scanning for 554672 virus strains and unwanted programs.

Licensed: UNREGISTERED
Windows version: Microsoft Windows XP (version 5.1)
Username: Dashel R
Computer name: NO1

Starting the file scan:

Startup collected
BHO plugins collected
Service collected
ActiveX collected
Files collected
Scanning process...
----- c:\program files\dell photo aio printer 922\dlbtbmgr.exe ---- Startup
Unknown
Dell Photo AIO Printer 922
MD5: DB3F27C3B733AD71C85C33971CFDEC67:290816
FUZ: 3072:msHeNMDAuD3or+r9hEWr9hE5snPKNtxr9hEKnPKNtRr9hEanPKNtsCWEiTG:m+e2DFZ9ZhyN/ZRyNPZhyNW5E
RIC: A67DEB49F34476F4802F75764AD56E51:29728
RFH: 384:8oTHIXjX5ZLrn0o5Ga59IvHrKneNqj7AeED:8oTIXjX5ZLrn0Kh59IvLrYvp
EP: 55 8B EC 6A FF 68 90 61 40 00 68 D4 2B 40 00 64 A1 00 00 00 00 50 64 89 25 00 00 00 00 83 EC 58 53 56 57 89 65 E8 FF 15 AC 60 40 00 33 D2 8A D4 89 15 D4 9F 40 00 8B C8 81 E1 FF 00 00 00 89 0D D0
SEC:
.text:60000020:608728DB4E9A0F7542306B29D3242BF6:20480
.rdata:40000040:74DE8F692D0D76EF9A7D2E3962E6525E:4096
.data:C0000040:D2D4845258D4F1038A45A16391BD4605:12288
.rsrc:40000040:F9C93E20EC2734AF0FB183CB0B43C658:249856


----- HKLM\SOFTWARE\Microsoft\ESENT\Process\Install ---- Registry
Rogue.HomeAntivirus2010


----- HKLM\SOFTWARE\Microsoft\ESENT\Process\Install\DEBUG ---- Registry
Rogue.HomeAntivirus2010


----- HKLM\SOFTWARE\Classes\Interface\{CABBB49A-4D7B-415B-8250-15C3B854E9FF} ---- Registry
AdWare.ISearch


----- C:\WINDOWS\system32\secushr.dat ---- General
Malware.Trace
MD5: 9E57651AB4DCE305A848BECA8675C0A2:598
FUZ: 12:8UVyFgV6yLxsAB0H4zwqIpyguLPFgnN0W/LAR/AeOu2hQVgQKZmmG6wH7n:TQc6yLFBVzfyywnGAmoeOu2hQKL3JAn
EP: 00
SEC:


----- C:\WINDOWS\System32\mpg4c32.dll ---- General
not-a-virus.RiskTool.Win32.Disabler
ProdVer: 4.1.00.3927
FileVer: 4.1.00.3927
Name : Microsoft MPEG-4 Video Codec
Company: Microsoft Corporation
NAC: 107A27059D4E525FA3DA1C630B7DCF15:49
MD5: 016BE824802F3869A7DA2F2B6329B563:413760
FUZ: 6144:I08QUDyW/Z7CJtPkXK7o1yBDc8My7hFMMhmny7jdJXRRmRdl:YxsLOcpcyzD4yf/RRm3
EP: 53 55 56 8B 74 24 14 85 F6 57 B8 01 00 00 00 75 13 8B 0D 54 38 26 1C 85 C9 75 09 33 C0 5F 5E 5D 5B C2 0C 00 8B 7C 24 1C 8B 5C 24 14 83 FE 01 74 05 83 FE 02 75 28 8B 0D 5C E5 2A 1C 85 C9 74 05 57
SEC:
.text:60000020:0A0E5547E55B644E721814AB9C213E3A:232960
.data:C0000040:64F2F1EA39CC5860E40F8D34852E3B31:164352
.rsrc:40000040:AB80CE22AA27A046045E5DAD236A7F61:2560
.reloc:42000040:1A39DAC04F496C079D6178211B77CE12:10752


----- C:\Program Files\Free Audio Editor\ConduitInstaller.exe ---- General
Trojan.Win32.HighRisk
ProdVer:
FileVer: 5.5.0.13
Company: Conduit
NAC: 2B527A1E021684107CEE797A5A85F86B:7
MD5: 34E4DA7E4D32B4DC5153D1CEDB6E5F08:210816
FUZ: 6144:Ie34/dZdazTH6N0tkl3KKJDvQQ9+AAD6aO5Z:g7dafO0Md2eaO5Z
RIC: F00E9D9F29BAD0B3F02CCF494A4F3A1F:744
EP: 81 EC 80 01 00 00 53 55 56 33 DB 57 89 5C 24 18 C7 44 24 10 60 91 40 00 33 F6 C6 44 24 14 20 FF 15 30 70 40 00 68 01 80 00 00 FF 15 B0 70 40 00 53 FF 15 7C 72 40 00 6A 08 A3 18 EC 42 00 E8 F1 2B
SEC:
.text:60000020:856B32EB77DFD6FB67F21D6543272DA5:24064
.rdata:40000040:DC77F8A1E6985A4361C55642680DDB4F:5120
.data:C0000040:7922D4CE117D7D5B3AC2CFFE4B0B5E4F:1024
.ndata:C0000080:00000000000000000000000000000000:0
.rsrc:40000040:42620DDD732650C1AD460CE48007F436:3072


Scan completed

Scan result: 7 detected items
Scan completed in: Scan completed in 1 hour(s) 37 min. 54 sec.
Files were scanned: 15480

#13 nasdaq

nasdaq

  • Malware Response Team
  • 38,767 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:12 AM

Posted 19 December 2012 - 09:05 AM

The rest of the reported Items are in the registry or not a problem.
Since the registry entries are empty just leave them nothing to worry about.

===

If all is well:

Time for some housekeeping

The following will implement some cleanup procedures as well as reset System Restore points:

Click Start > Run and copy/paste the following bold text into the Run box and click OK:

ComboFix /Uninstall
===

To remove AdwCleaner.

Please double click on AdwCleaner.exe to run the tool.
Click on Uninstall.
Confirm with Yes.

If you decide to keep the AdwCleaner tool make sure delete your version and download the latest before running it.

Delete the other tools we used.
You can Keep the DDS tool as most forum will ask to see a log before suggesting a fix.

Surf Safely, and Think Prevention!
===

#14 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:12 PM

Posted 20 December 2012 - 11:13 AM

Thank you!

#15 faye raye

faye raye
  • Topic Starter

  • Members
  • 150 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:10:12 PM

Posted 20 December 2012 - 08:34 PM

Wait a minute, so those won't hurt the PC?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users