Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unusual traffic from your computer network from Google


  • This topic is locked This topic is locked
9 replies to this topic

#1 smestarz

smestarz

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 29 April 2013 - 08:06 AM

I tried to start google seach website http://www.google.com
and this instruction was shown

I fear maybe there is some sort of Trojan or Malaware on my system

DDS.TXT
------------------------

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.17.2
Run by SmestarZ at 17:50:00 on 2013-04-29
Microsoft Windows XP Professional  5.1.2600.3.1252.1.1033.18.1919.528 [GMT 5.5:30]
.
AV: Norton 360 Premier Edition *Enabled/Updated* {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton 360 Premier Edition *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\AskBarDis\bar\bin\AskService.exe
C:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
C:\WINDOWS\system32\ASTSRV.EXE
C:\WINDOWS\ATKKBService.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\NLSSRV32.EXE
c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
C:\Program Files\QipGuard\QipGuard.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\Program Files\Reliance Netconnect - Broadband+\bin\MonServiceUDisk.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\WINDOWS\system32\fxssvc.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Norton 360 Premier Edition\Engine\3.8.3.6\ccSvcHst.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\bgsmsnd.exe
C:\Program Files\Yuna Software\Messenger Plus!\PlusService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Program Files\MTNL 3G\Mumbai\Resource\driver\MctlSuc.exe
C:\Program Files\ASUS\PC Probe II\Probe2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Documents and Settings\SmestarZ\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Documents and Settings\SmestarZ\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\ASUS\AASP\1.00.33\aaCenter.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Outlook Express\msimn.exe
C:\Program Files\Tencent\QQIntl\Bin\QQ.exe
C:\Program Files\Tencent\QQIntl\Bin\TXPlatform.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Mozilla Firefox 4.0\firefox.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox 4.0\plugin-container.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Yuna Software\Messenger Plus! for Skype\Messenger Plus! for Skype.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Live\Contacts\wlcomm.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE
C:\Program Files\Microsoft\Office Live\OfficeLiveSignIn.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Windows Live\Messenger\wlcsdk.exe
C:\Program Files\FlashGet\flashget.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.co.in/
uSearch Bar = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
uSearch Page = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
uDefault_Page_URL = hxxp://qip.ru
uDefault_Search_URL = hxxp://search.qip.ru
uProxyOverride = local;<local>
uSearchAssistant = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus
uURLSearchHooks: QIPBHO Class: {95289393-33EA-4F8D-B952-483415B9C955} - c:\documents and settings\smestarz\application

data\microsoft\internet explorer\qipsearchbar.dll
dURLSearchHooks: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0

\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478D38-C3F9-4efb-9B51-7695ECA05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: {178192A4-D7CB-4B00-AEBF-68AFAFB22D94} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common

files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: AskBar BHO: {201f27d4-3704-41d6-89c1-aa35e39143ed} - c:\program files\askbardis\bar\bin\askBar.dll
BHO: FGCatchUrl: {2F364306-AA45-47B5-9F9D-39A8B94E7EF7} - c:\program files\flashget\jccatch.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
BHO: Messenger Plus! Community SmartbarEngine: {31ad400d-1b06-4e33-a59a-90c2c140cba0} -
BHO: {36646C2D-D6F0-47D6-B852-F2EE336513AD} - <orphaned>
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search &

destroy\SDHelper.dll
BHO: pdfMachine: {56CF4856-ECB4-4e46-A897-A378821F97B9} - c:\windows\system32\bgstb.dll
BHO: {5886D29D-EEFB-4378-A598-C96985C1ECB3} - <orphaned>
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Symantec NCO BHO: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360 premier edition\engine\3.8.3.6

\CoIEPlg.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360 premier

edition\engine\3.8.3.6\IPSBHO.dll
BHO: Search Helper: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - c:\program files\microsoft\search enhancement pack\search

helper\SearchHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft

shared\windows live\WindowsLiveLogin.dll
BHO: QIPBHO Class: {95289393-33EA-4F8D-B952-483415B9C955} - c:\documents and settings\smestarz\application

data\microsoft\internet explorer\qipsearchbar.dll
BHO: {9b339f6e-ddcd-401b-8764-230adbd01761} - <orphaned>
BHO: {A057A204-BACC-4D26-C39E-35F1D2A32EC8} - <orphaned>
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google

toolbar\GoogleToolbar_32.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program

files\google\googletoolbarnotifier\5.7.6406.1642\swg.dll
BHO: {d8fb4583-db9d-4c7b-85be-294c13a3e5c4} - <orphaned>
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Windows Live Toolbar Helper: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - c:\program files\windows live\toolbar\wltcore.dll
BHO: {ED9BD301-E3BC-4C91-BDC0-8CE95542DC7D} - <orphaned>
BHO: FlashGet GetFlash Class: {F156768E-81EF-470C-9057-481BA8380DBA} - c:\program files\flashget\getflash.dll
BHO: SingleInstance Class: {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - c:\program files\yahoo!\companion\installs\cpn0

\YTSingleInstance.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\3.8.3.6

\CoIEPlg.dll
TB: Ask Toolbar: {3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\program files\askbardis\bar\bin\askBar.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
TB: Dr.eye WebPage Translation: {92B255FE-94E2-4BCA-958D-3926CE38913F} - c:\program

files\inventec\dreye\dreyemt\DreyeIEBar.dll
TB: pdfMachine: {56CF4856-ECB4-4e46-A897-A378821F97B9} - c:\windows\system32\bgstb.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\ConduitEngine.dll
TB: &Windows Live Toolbar: {21FA44EF-376D-4D53-9B0F-8A89D3229068} - c:\program files\windows live\toolbar\wltcore.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360 premier edition\engine\3.8.3.6

\CoIEPlg.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Yahoo! Toolbar: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: Messenger Plus! Community Smartbar: {ae07101b-46d4-4a98-af68-0333ea26e113} -
TB: Ask Toolbar: {3041d03e-fd4b-44e0-b742-2d9b88305f98} - c:\program files\askbardis\bar\bin\askBar.dll
EB: Adobe PDF: {182EC0BE-5110-49C8-A062-BEB1D02A220B} - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [SpybotSD TeaTimer] c:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [Google Update] "c:\documents and settings\smestarz\local settings\application data\google\update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "c:\documents and settings\smestarz\local settings\application

data\akamai\netsession_win.exe"
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [AlcoholAutomount] "c:\program files\alcohol soft\alcohol 120\AxAutoMntSrv.exe" -automount
mRun: [ALUAlert] c:\program files\symantec\liveupdate\ALuNotify.exe
mRun: [Google Desktop Search] "c:\program files\google\google desktop search\GoogleDesktop.exe" /startup
mRun: [bgsmsnd.exe] c:\windows\system32\bgsmsnd.exe
mRun: [NeroFilterCheck] c:\program files\common files\nero\lib\NeroCheck.exe
mRun: [combofix] "c:\combofix\cf30556.cfxxe" /c "c:\combofix\C.bat"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe"
mRun: [BigDogPath] c:\windows\VM_STI.EXE USB PC Camera 301P
mRun: [PlusService] c:\program files\yuna software\messenger plus!\PlusService.exe
mRun: [MessengerPlusForSkypeService] "c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe"
mRun: [S301MM] c:\program files\mtnl 3g\mumbai\resource\driver\MctlSuc.exe
mRun: [Launch PC Probe II] "c:\program files\asus\pc probe ii\Probe2.exe" 1
mRun: [KernelFaultCheck] c:\windows\system32\dumprep 0 -k
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
uPolicies-Explorer: NoDriveAutoRun = dword:67108863
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDrives = dword:0
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:323
mPolicies-Explorer: NoDriveAutoRun = dword:67108863
IE: &Download All with FlashGet - c:\program files\flashget\jc_all.htm
IE: &Download with FlashGet - c:\program files\flashget\jc_link.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\adobe\acrobat 8.0

\acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\adobe\acrobat 8.0

\acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\adobe\acrobat 8.0\acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google

toolbar\component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows

live\writer\WriterBrowserExtension.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program

files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - c:\program files\flashget\FlashGet.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search &

destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
DPF: {459E93B6-150E-45D5-8D4B-45C66FC035FE} - hxxp://apps.corel.com/nos_dl_manager_dev/plugin/IEGetPlugin.ocx
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} - hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.4.1.cab
DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase8942.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} -

hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211069580828
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} -

hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1211072747562
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: NameServer = 113.193.1.60 113.193.0.148
TCP: Interfaces\{FAF06DCC-267A-43D1-A270-A7CC6AA4DB02} : DHCPNameServer = 113.193.1.60 113.193.0.148
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet

explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Handler: symres - {AA1061FE-6C41-421f-9344-69640C9732AB} - c:\program files\norton 360 premier edition\engine\3.8.3.6

\CoIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: iifcCsQI - <no file>
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Notification Packages =  :\windows\system32\srr
Hosts: 127.0.0.1   http://www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\smestarz\application data\mozilla\firefox\profiles\jrkau6t8.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&SearchSource=3&q=

{searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\smestarz\local settings\application data\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\common files\tencent\npqscall\npqscall.dll
FF - plugin: c:\program files\common files\tencent\txsso\1.2.1.38\bin\npSSOAxCtrlForPTLogin.dll
FF - plugin: c:\program files\foxit software\foxit phantompdf\plugins\npFoxitPhantomPDFPlugin.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\microsoft\office live\npOLW.dll
FF - plugin: c:\program files\mozilla firefox 4.0\plugins\np-mswmp.dll
FF - plugin: c:\program files\mozilla firefox 4.0\plugins\nppdf32.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_146.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2013-04-12 19:11; {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}; c:\program files\mozilla firefox 4.0

\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - ExtSQL: 2013-04-28 21:44; {8545daff-ad1e-493f-a37e-eed1ac79682b}; c:\documents and settings\all users\application

data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\norton\IPSFFPlgn
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(extensions.BabylonToolbar_i.babTrack,

affID=112542&tt=2912_4
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 080ae3c7000000000000005345000000
FF - user.js: extensions.BabylonToolbar_i.hardId - 080ae3c7000000000000005345000000
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15543
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1714:57:04
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\0308030.006\SymEFA.sys [2011-10-11 310320]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\system32\drivers\n360\0308030.006\BHDrvx86.sys [2011-10-11 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\system32\drivers\n360\0308030.006\cchpx86.sys [2011-10-11 467592]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\ipsdefs\20130426.001\IDSXpx86.sys [2013-4-27 373728]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\SASDIFSV.SYS [2008-5-28 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-5-28 67664]
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREDrv.sys [2010-4-5 95024]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCORE.EXE [2010-7-26 116608]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-4 14336]
R2 ASKService;ASKService;c:\program files\askbardis\bar\bin\AskService.exe [2012-5-28 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\askbardis\bar\bin\ASKUpgrade.exe [2012-5-28 234888]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2010-12-18 54760]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-4-5 398184]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2011-6-4 682344]
R2 MsgPlusService;Messenger Plus! Service;c:\program files\yuna software\messenger plus! for skype\MsgPlusForSkypeService.exe

[2012-7-15 125952]
R2 N360;Norton 360;c:\program files\norton 360 premier edition\engine\3.8.3.6\ccSvcHst.exe [2011-10-11 117648]
R2 nlsX86cc;NLS Service;c:\windows\system32\NLSSRV32.EXE [2011-1-12 68928]
R2 QipGuard;QipGuard;c:\program files\qipguard\QipGuard.exe [2012-1-28 191440]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c

service\c2c_service.exe [2012-11-22 3290304]
R2 StarWindServiceAE;StarWind AE Service;c:\program files\alcohol soft\alcohol 120\starwind\StarWindServiceAE.exe [2009-12-24

370688]
R2 UDisk Monitor;UDisk Monitor;c:\program files\reliance netconnect - broadband+\bin\MonServiceUDisk.exe [2011-2-16 512000]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\l151x86.sys [2008-5-17

36864]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys

[2013-4-6 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-4 21104]
R3 NAVENG;NAVENG;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\virusdefs\20130427.007\NAVENG.SYS [2013-4-28 93296]
R3 NAVEX15;NAVEX15;c:\documents and settings\all users\application data\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}

\norton\definitions\virusdefs\20130427.007\NAVEX15.SYS [2013-4-28 1603824]
S0 xmasscsi;xmasscsi;c:\windows\system32\drivers\xmasscsi.sys --> c:\windows\system32\drivers\xmasscsi.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319

\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-2-28 161384]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [2013-4-5 1684736]
S3 cnnctfy2MP;cnnctfy2MP;c:\windows\system32\drivers\cnnctfy2.sys --> c:\windows\system32\drivers\cnnctfy2.sys [?]
S3 cpuz132;cpuz132;c:\windows\system32\drivers\cpuz132_x32.sys [2009-6-16 12672]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2010-4-28 704872]
S3 GoogleDesktopManager-110309-193829;Google Desktop Manager 5.9.911.3589;c:\program files\google\google desktop

search\GoogleDesktop.exe [2010-4-15 30192]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\4034.tmp --> c:\windows\system32\4034.tmp [?]
S3 NLNdisMP;NLNdisMP;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32\drivers\nlndis.sys [?]
S3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\drivers\nlndis.sys --> c:\windows\system32

\drivers\nlndis.sys [?]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\program files\sisoftware\sisoftware sandra professional business

2010\RpcAgentSrv.exe [2011-9-18 93336]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-5-28 12872]
S3 SE31bus;Sony Ericsson Device 049 Driver driver (WDM);c:\windows\system32\drivers\SE31bus.sys [2009-1-31 61600]
S3 SE31mdfl;Sony Ericsson Device 049 USB WMC Modem Filter;c:\windows\system32\drivers\SE31mdfl.sys [2009-1-31 9360]
S3 SE31mdm;Sony Ericsson Device 049 USB WMC Modem Driver;c:\windows\system32\drivers\SE31mdm.sys [2009-1-31 97184]
S3 SE31mgmt;Sony Ericsson Device 049 USB WMC Device Management Drivers (WDM);c:\windows\system32\drivers\SE31mgmt.sys [2009-

1-31 88688]
S3 u302bus;HSPADataCard WMC Bus Driver (WDM);c:\windows\system32\drivers\u302bus.sys [2012-12-6 119112]
S3 u302mdfl;HSPADataCard Modem Filter;c:\windows\system32\drivers\u302mdfl.sys [2012-12-6 14920]
S3 u302mdm;HSPADataCard Modem Driver;c:\windows\system32\drivers\u302mdm.sys [2012-12-6 135880]
S3 u302mgmt;HSPADataCard USB Device Management Drivers (WDM);c:\windows\system32\drivers\u302mgmt.sys [2012-12-6 129992]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319

\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S3 Wwbpras2;Wooweb-Pro Ras Driver Service;c:\windows\system32\drivers\wwbpras2.sys --> c:\windows\system32

\drivers\wwbpras2.sys [?]
S3 ztemtusbser;ZTEMT Legacy Serial Communication;c:\windows\system32\drivers\CT_ZTEMT_U_USBSER.sys [2011-2-16 104704]
.
=============== File Associations ===============
.
FileExt: .txt: txtfile=c:\windows\notepad.exe %1
FileExt: .chm: chm.file="hh.exe" %1
.
=============== Created Last 30 ================
.
2013-04-14 04:29:17   --------   d-----w-   c:\documents and settings\smestarz\application data\OpenCandy
2013-04-12 13:41:11   --------   d-----w-   c:\program files\Mozilla Firefox 4.0
2013-04-08 15:21:10   --------   d-----w-   c:\windows\system32\RTCOM
2013-04-05 15:59:29   290816   ----a-w-   c:\windows\vncutil.exe
2013-04-05 15:59:17   41472   ----a-w-   c:\windows\system32\RtkCoInstXP.dll
2013-04-05 15:59:17   122880   ----a-w-   c:\windows\RtkAudioService.exe
2013-04-05 15:59:09   1389056   ----a-w-   c:\windows\system32\drivers\Monfilt.sys
2013-04-05 15:59:02   1684736   ----a-w-   c:\windows\system32\drivers\Ambfilt.sys
.
==================== Find3M  ====================
.
2013-04-08 14:36:48   13761   ----a-w-   c:\documents and settings\all users\application data\xmlD9.tmp
2013-04-08 14:36:14   9486   ----a-w-   c:\documents and settings\all users\application data\xmlD8.tmp
2013-03-21 05:47:38   94112   ----a-w-   c:\windows\system32\WindowsAccessBridge.dll
2013-03-21 05:47:35   143872   ----a-w-   c:\windows\system32\javacpl.cpl
2013-03-21 05:47:34   861088   ----a-w-   c:\windows\system32\npDeployJava1.dll
2013-03-21 05:47:34   782240   ----a-w-   c:\windows\system32\deployJava1.dll
.
============= FINISH: 17:51:33.85 ===============


ATTACH.TXT


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 17-05-2008 9:27:19 PM
System Uptime: 28-04-2013 9:44:12 PM (20 hours ago)
.
Motherboard: ASUSTeK Computer INC. |  | M2A-MX
Processor: AMD Athlon™ 64 X2 Dual Core Processor 5200+ | Socket AM2 | 2693/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 105 GiB total, 37.156 GiB free.
D: is FIXED (NTFS) - 360 GiB total, 119.283 GiB free.
E: is FIXED (NTFS) - 391 GiB total, 65.785 GiB free.
G: is FIXED (NTFS) - 541 GiB total, 100.036 GiB free.
S: is FIXED (NTFS) - 1863 GiB total, 306.171 GiB free.
Y: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1018: 29-01-2013 10:04:41 PM - System Checkpoint
RP1019: 31-01-2013 3:34:52 AM - System Checkpoint
RP1020: 01-02-2013 3:53:22 AM - System Checkpoint
RP1021: 02-02-2013 4:30:03 AM - System Checkpoint
RP1022: 03-02-2013 5:31:58 AM - System Checkpoint
RP1023: 04-02-2013 5:47:04 AM - System Checkpoint
RP1024: 05-02-2013 4:51:45 PM - System Checkpoint
RP1025: 06-02-2013 5:40:18 PM - System Checkpoint
RP1026: 07-02-2013 7:36:17 PM - System Checkpoint
RP1027: 08-02-2013 11:54:03 PM - System Checkpoint
RP1028: 10-02-2013 1:10:09 AM - System Checkpoint
RP1029: 11-02-2013 1:40:29 AM - System Checkpoint
RP1030: 12-02-2013 5:30:11 PM - System Checkpoint
RP1031: 13-02-2013 11:24:51 PM - System Checkpoint
RP1032: 15-02-2013 12:59:23 AM - System Checkpoint
RP1033: 16-02-2013 1:47:41 AM - System Checkpoint
RP1034: 17-02-2013 3:48:23 AM - System Checkpoint
RP1035: 18-02-2013 4:16:20 AM - System Checkpoint
RP1036: 19-02-2013 5:15:41 AM - System Checkpoint
RP1037: 20-02-2013 5:44:26 AM - System Checkpoint
RP1038: 21-02-2013 7:12:22 AM - System Checkpoint
RP1039: 23-02-2013 5:08:24 AM - System Checkpoint
RP1040: 24-02-2013 5:09:47 AM - System Checkpoint
RP1041: 25-02-2013 5:33:54 AM - System Checkpoint
RP1042: 26-02-2013 11:41:50 PM - Removed USB PC Camera 301P
RP1043: 27-02-2013 12:16:47 AM - Update to an unsigned driver
RP1044: 28-02-2013 1:05:58 AM - System Checkpoint
RP1045: 02-03-2013 3:14:16 AM - System Checkpoint
RP1046: 03-03-2013 5:12:46 AM - System Checkpoint
RP1047: 04-03-2013 5:24:52 AM - System Checkpoint
RP1048: 06-03-2013 12:09:18 AM - System Checkpoint
RP1049: 07-03-2013 10:13:41 PM - System Checkpoint
RP1050: 09-03-2013 4:56:32 PM - System Checkpoint
RP1051: 10-03-2013 11:30:45 PM - System Checkpoint
RP1052: 12-03-2013 7:35:55 AM - System Checkpoint
RP1053: 13-03-2013 9:00:14 AM - System Checkpoint
RP1054: 15-03-2013 11:29:03 PM - System Checkpoint
RP1055: 16-03-2013 11:39:03 PM - System Checkpoint
RP1056: 18-03-2013 3:34:44 AM - System Checkpoint
RP1057: 19-03-2013 3:50:32 AM - System Checkpoint
RP1058: 20-03-2013 3:58:53 AM - System Checkpoint
RP1059: 21-03-2013 11:16:55 AM - Removed Java 7 Update 11
RP1060: 22-03-2013 4:45:18 PM - System Checkpoint
RP1061: 23-03-2013 6:14:33 PM - System Checkpoint
RP1062: 24-03-2013 9:17:05 PM - System Checkpoint
RP1063: 25-03-2013 10:05:21 PM - System Checkpoint
RP1064: 27-03-2013 1:47:53 PM - System Checkpoint
RP1065: 28-03-2013 3:49:05 PM - System Checkpoint
RP1066: 29-03-2013 11:48:34 PM - System Checkpoint
RP1067: 31-03-2013 12:11:32 AM - System Checkpoint
RP1068: 01-04-2013 3:17:31 AM - System Checkpoint
RP1069: 05-04-2013 12:05:39 PM - Installed ATI Catalyst Control Center
RP1070: 05-04-2013 9:28:55 PM - Installed Realtek High Definition Audio Driver
RP1071: 05-04-2013 9:39:08 PM - Reinstalled the sound drivers. have to restart
RP1072: 08-04-2013 8:28:42 PM - Removed Realtek High Definition Audio Driver
RP1073: 08-04-2013 8:50:29 PM - Installed Realtek High Definition Audio Driver
RP1074: 09-04-2013 9:17:17 PM - System Checkpoint
RP1075: 11-04-2013 12:44:41 AM - System Checkpoint
RP1076: 12-04-2013 3:12:36 AM - System Checkpoint
RP1077: 14-04-2013 9:34:26 AM - Restarting
RP1078: 14-04-2013 9:56:01 AM - Restarted, now going to install that software
RP1079: 20-04-2013 2:03:19 PM - System Checkpoint
RP1080: 27-04-2013 12:21:31 AM - System Checkpoint
RP1081: 28-04-2013 5:31:59 PM - Installed USB PC Camera 301P
RP1082: 28-04-2013 6:47:26 PM - Removed USB PC Camera 301P
RP1083: 28-04-2013 10:04:49 PM - Unsigned driver install
.
==== Installed Programs ======================
.
4100 USB Scanner
AAA Logo 2008 2.10
AAA Logo Business Edition 3.10
ABBYY FineReader 5.0 Sprint
Able2Extract v6.0
ACDSee 10 Photo Manager
Actual RAR Repair v.3.0
Adobe Acrobat 8 Professional - English, Français, Deutsch
Adobe Acrobat 8.1.2 Professional
Adobe AIR
Adobe Download Assistant
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader Japanese Fonts
Adobe Reader Korean Fonts
Adobe Reader X (10.1.6)
Advanced Archive Password Recovery
Advanced OE Password Recovery
Akamai NetSession Interface
Akamai NetSession Interface Service
Any Flv Player 2.5.1
Any Video Converter 3.0.1
Ashampoo Music Studio 3
ASIO4ALL
ASUS ATI Driver
ASUS Enhanced Display Driver
ASUS SmartDoctor
ASUSUpdate
Atheros Communications Inc.® L1 Gigabit Ethernet Driver
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
AutoStreamer
Avidemux 2.5 (32-bit)
AVIVO Codecs
Before You Know It 3.6
Boilsoft Video Splitter 6.11
BroadGun pdfMachine
Camersoft Skype Recorder 1.2.22
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CCleaner
COMDisable Beta
Compatibility Pack for the 2007 Office system
Conduit Engine
Cool & Quiet
Corel Graphics - Windows Shell Extension
CorelDRAW Graphics Suite X5
CorelDRAW Graphics Suite X5 - Capture
CorelDRAW Graphics Suite X5 - Common
CorelDRAW Graphics Suite X5 - Connect
CorelDRAW Graphics Suite X5 - Custom Data
CorelDRAW Graphics Suite X5 - Draw
CorelDRAW Graphics Suite X5 - EN
CorelDRAW Graphics Suite X5 - Filters
CorelDRAW Graphics Suite X5 - FontNav
CorelDRAW Graphics Suite X5 - IPM
CorelDRAW Graphics Suite X5 - PHOTO-PAINT
CorelDRAW Graphics Suite X5 - Photozoom Plugin
CorelDRAW Graphics Suite X5 - Redist
CorelDRAW Graphics Suite X5 - Setup Files
CorelDRAW Graphics Suite X5 - VBA
CorelDRAW Graphics Suite X5 - VideoBrowser
CorelDRAW Graphics Suite X5 - VSTA
CorelDRAW Graphics Suite X5 - WT
CorelDRAW® Graphics Suite X5
COWON Media Center - jetAudio Plus VX
CPUID CPU-Z 1.51
DBF to MDB Converter 2.20
dBpoweramp Music Converter
Deluge 1.3.5
DFX for Winamp
Dr.eye 8.1 Professional
Dr.eye 8.1 Professional Dict
DSL USB Driver
DVDInfoPro 6.5.1.5
ERUNT 1.1j
FL Studio 10
FlashGet 1.9.6.1073
Foxit PhantomPDF
FPAdjust
gBurner
Ghostscript GPL 8.64 (Msi Setup)
Google Chrome
Google Desktop
Google Talk (remove only)
Google Toolbar for Internet Explorer
Google Update Helper
HandBrake 0.9.5
High Definition Audio Driver Package - KB888111
HijackThis 2.0.2
Horas
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Windows XP (KB942288-v3)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB954708)
hp LaserJet 1010 Series
iBall iBall 2.2
IBM ViaVoice TTS Runtime v6.701 -  US English
ICE Book Reader Professional v8.10
iKu 2
IL Download Manager
ImgBurn
Inkscape 0.48.2
IrfanView (remove only)
Java 7 Update 17
Java Auto Updater
Java™ 6 Update 29
Junk Mail filter update
K-Lite Codec Pack 9.8.5 (Full)
Korean Fonts Support For Adobe Reader 9
LightScribe  1.4.124.1
LINE
Lizardtech DjVu Control
Magic ISO Maker v5.4 (build 0239)
Malwarebytes Anti-Malware version 1.70.0.1100
MediaInfo 0.7.51
Messenger Plus! 6
Messenger Plus! Community Smartbar
Messenger Plus! for Skype
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Office Live Add-in 1.3
Microsoft Office Outlook Connector
Microsoft Office Professional Edition 2003
Microsoft Office Word Viewer 2003
Microsoft Reader
Microsoft Search Enhancement Pack
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable - KB2467175
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft XML Parser
mIRC
MKVToolNix 6.1.0
Mozilla Firefox 20.0.1 (x86 en-US)
Mozilla Maintenance Service
Mp3tag v2.54
MSN Backup
MSN Webcam Recorder 24.0
MSVCRT
MTNL 3G version 1.0
Nero 8 Essentials
neroxml
Norton 360 Premier Edition
novaPDF Professional Desktop 7.2 printer
oDC (remove only)
OpenSubtitlesPlayer V4.X
Opera 12.12
Paint.NET v3.5.10
PC Probe II
pdfFactory Pro
PFConfig 1.0.144
Picasa 3
picture-shark 1.0
PowerDVD
PowerISO
Privoxy (remove only)
QIP 2005 8080
QIP 2005 Uninstall
QIP 2012 4.0.7102
QIP Infium 1.0
QIP Internet Guardian
QuickSFV (Remove only)
RAR Password Cracker
Realtek High Definition Audio Driver
Recovery Toolbox for RAR 1.1
Reliance Netconnect - Broadband+
Router Screenshot Grabber 1.0.115
Segoe UI
SiSoftware Sandra Professional Business 2010
Skins
Skype Click to Call
Skype™ 6.3
Smart Link 56K Voice Modem
SmartFTP Client
SmartFTP Client 4.0 Setup Files (remove only)
Sohail's Gmail Notifier for Google Apps (Multiple Accounts)
Sony Ericsson PC Suite 1.20.224
Sophos Anti-Rootkit 1.5.0
Spybot - Search & Destroy
SUPERAntiSpyware Professional
Supertintin 1.1.0.0731
Symantec Technical Support Web Controls
Tencent QQ
TeraCopy 2.1
Trillian
Ulead Photo Express 4.0 My Custom Edition
Visual Basic for Applications ® Core
Visual Basic for Applications ® Core - English
Visual C++ 2008 x86 Runtime - (v9.0.30729)
Visual C++ 2008 x86 Runtime - v9.0.30729.01
VLC media player 1.1.11
Vuze
Vuze Toolbar
WebFldrs XP
Winamp
WinArchiver
Windows Driver Package - Advanced Micro Devices (AmdK8) Processor  (05/27/2006 1.3.2.0)
Windows Feature Pack for Storage (32-bit) - IMAPI update for Blu-Ray
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live OneCare safety scanner
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Toolbar
Windows Live Upload Tool
Windows Live Writer
Windows Media Encoder 9 Series
Windows Media Format 11 runtime
Windows Media Format Runtime
Windows Media Player 11
Windows Media Player Firefox Plugin
Windows XP Service Pack 3
WinHTTrack Website Copier 3.43-9C
Winmx 3.54 3.0 Patch
winqfx16bit
WinRAR archiver
WinZip 14.5
Xerox Phaser 3117
Yahoo! Messenger
Yahoo! Software Update
Yahoo! Toolbar
.
==== Event Viewer Messages From Past Week ========
.
28-04-2013 9:47:42 PM, error: Service Control Manager [7023]  - The Security Center service terminated with the following error:  %%16389
28-04-2013 9:46:54 PM, error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  xmasscsi
28-04-2013 9:46:54 PM, error: Service Control Manager [7022]  - The Windows Firewall/Internet Connection Sharing (ICS) service hung on starting.
28-04-2013 9:44:59 PM, error: Service Control Manager [7023]  - The IPSEC Services service terminated with the following error:  The specified module could not be found.
26-04-2013 1:52:34 PM, error: Service Control Manager [7011]  - Timeout (30000 milliseconds) waiting for a transaction response from the Dnscache service.
.
==== End Of File ===========================

Please do advice me if there is any spyware, Malaware,
A week ago, in order to know the condition of my harddisk, i did install a software called
Crystal disk info

Thanking you

Edit: Moved topic from XP to the more appropriate forum. ~ Animal

BC AdBot (Login to Remove)

 


#2 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 29 April 2013 - 12:39 PM


Hello smestarz

I would like to welcome you to the Malware Removal section of the forum.

Around here they call me Gringo and I will be glad to help you with your malware problems.


Very Important --> Please read this post completely, I have spent my time to put together somethings for you to keep in mind while I am helping you to make things go easier, faster and smoother for both of us!

  • Please do not run any tools unless instructed to do so.
    • We ask you to run different tools in a specific order to ensure the malware is completely removed from your machine, and running any additional tools may detect false positives, interfere with our tools, or cause unforeseen damage or system instability.
  • Please do not attach logs or use code boxes, just copy and paste the text.
    • Due to the high volume of logs we receive it helps to receive everything in the same format, and code boxes make the logs very difficult to read. Also, attachments require us to download and open the reports when it is easier to just read the reports in your post.
  • Please read every post completely before doing anything.
    • Pay special attention to the NOTE: lines, these entries identify an individual issue or important step in the cleanup process.
  • Please provide feedback about your experience as we go.
    • A short statement describing how the computer is working helps us understand where to go next, for example: I am still getting redirected, the computer is running normally, etc. Please do not describe the computer as "the same", this requires the extra step of looking back at your previous post.
NOTE: At the top of your post, click on the "Follow This Topic" Button, make sure that the "Receive notification" box is checked and that it is set to "Instantly" - This will send you an e-mail as soon as I reply to your topic, allowing us to resolve the issue faster.

NOTE: Backup any files that cannot be replaced. Removing malware can be unpredictable and this step can save a lot of heartaches if things don't go as planed. You can put them on a CD/DVD, external drive or a pen drive, anywhere except on the computer.

NOTE: It is good practice to copy and paste the instructions into notepad and print them in case it is necessary for you to go offline during the cleanup process. To open notepad, navigate to Start Menu > All Programs > Accessories > Notepad. Please remember to copy the entire post so you do not miss any instructions.




These are the programs I would like you to run next, if you have any problems with these just skip it and run the next one.

-Security Check-
  • Download Security Check by screen317 from here.
    • Save it to your Desktop.
    • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
-AdwCleaner-
  • Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • Confirm each time with Ok.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the content of that logfile with your next answer.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
--RogueKiller--
  • Download & SAVE to your Desktop RogueKiller for 32bit or Roguekiller for 64bit
    • Quit all programs that you may have started.
    • Please disconnect any USB or external drives from the computer before you run this scan!
    • For Vista or Windows 7, right-click and select "Run as Administrator to start"
    • For Windows XP, double-click to start.
    • Wait until Prescan has finished ...
    • Then Click on "Scan" button
    • Wait until the Status box shows "Scan Finished"
    • click on "delete"
    • Wait until the Status box shows "Deleting Finished"
    • Click on "Report" and copy/paste the content of the Notepad into your next reply.
    • The log should be found in RKreport[1].txt on your Desktop
    • Exit/Close RogueKiller+
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#3 smestarz

smestarz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 29 April 2013 - 01:04 PM

Hello Gringo

 

Thank you for your advice

 

The google error has already gone before, Maybe it was hitch in the website but also maybe it was good time to check the system if there are any adware, Malaware etc

 

# AdwCleaner v2.300 - Logfile created 04/29/2013 at 23:04:11
# Updated 28/04/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : SmestarZ - SACHINE
# Boot Mode : Normal
# Running from : C:\Documents and Settings\SmestarZ\Desktop\AdwCleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\SmestarZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
File Deleted : C:\Documents and Settings\SmestarZ\Application Data\Microsoft\Internet Explorer\qipsearchbar.dll
File Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\bProtector_extensions.rdf
File Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\searchplugins\BrowserProtect.xml
File Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\searchplugins\Conduit.xml
File Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\searchplugins\Messenger Plus Smartbar Search.xml
File Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\searchplugins\Plusnetwork.xml
File Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\searchplugins\qip-search.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml
File Deleted : C:\user.js
File Deleted : C:\WINDOWS\system32\conduitEngine.tmp
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Linkury
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\Babylon
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\Conduit
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\CT2786678
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\extensions\{32a1fd71-835e-4b11-8e54-886fda0b4c89}
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\OpenCandy
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\PriceGong
Folder Deleted : C:\Documents and Settings\SmestarZ\Application Data\Tencent
Folder Deleted : C:\Documents and Settings\SmestarZ\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\SmestarZ\Local Settings\Application Data\ConduitEngine
Folder Deleted : C:\Documents and Settings\SmestarZ\Local Settings\Application Data\Smartbar
Folder Deleted : C:\Program Files\AskBarDis
Folder Deleted : C:\Program Files\Common Files\Tencent
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\ConduitEngine
Folder Deleted : C:\Program Files\Linkury
Folder Deleted : C:\Program Files\Tencent

***** [Registry] *****

Key Deleted : HKCU\Software\5bede88e13fbf46
Key Deleted : HKCU\Software\AppDataLow\AskBarDis
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\AskBarDis
Key Deleted : HKCU\Software\AskToolbar
Key Deleted : HKCU\Software\Blabbers
Key Deleted : HKCU\Software\BrowserCompanion
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\conduitEngine
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\Google\Chrome\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{A55F9C95-2BB1-4EA2-BC77-DFAAB78832CE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MenuOrder\Start Menu2\Programs\BrowserProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D63D12F-3B48-468F-A8EF-6D7E6838F185}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\PriceGong
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SmartbarBackup
Key Deleted : HKCU\Software\SmartbarLog
Key Deleted : HKCU\Software\TENCENT
Key Deleted : HKCU\Toolbar
Key Deleted : HKLM\SOFTWARE\5bede88e13fbf46
Key Deleted : HKLM\Software\AskBarDis
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\NCTAudioCDGrabber2.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{0702A2B6-13AA-4090-9E01-BCDC85DD933F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{08993A7C-E764-4172-9627-BFB5EA6897B2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{128A6C66-AC6A-4617-8268-AB7F47B7215E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1D63D12F-3B48-468F-A8EF-6D7E6838F185}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3041D03E-FD4B-44E0-B742-2D9B88305F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{56561B2A-FB5D-363A-9631-4C03D6054209}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{571715D7-3395-4DF0-B43C-784836209E60}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5EB0259D-AB79-4AE6-A6E6-24FFE21C3DA4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{622FD888-4E91-4D68-84D4-7262FD0811BF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{63E471BB-23F1-3A92-8D43-4079E7B7FA8E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8FC1EE75-72B3-4A23-B987-2B1C4C8A611B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9AFB8248-617F-460D-9366-D71CDEDA3179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A717364F-69F3-3A24-ADD5-3901A57F880E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B0DE3308-5D5A-470D-81B9-634FC078393B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B397BC55-576C-39E6-BF64-9E2A96317447}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B973AB12-952F-31C4-A321-E8FA6FE4421E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CADAF6BE-BF50-4669-8BFD-C27BD4E6181B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CCB08265-B35D-30B2-A6AF-6986CA957358}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD92622E-49B9-33B7-98D1-EC51049457D7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E041E037-FA4B-364A-B440-7A1051EA0301}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EC5983DF-8DE2-31B5-989F-850F265E7F3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BandObjectAttribute
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.BHO
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBar
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.IESmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarDisplayState
Key Deleted : HKLM\SOFTWARE\Classes\IESmartBar.SmartbarMenuForm
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2BEF239C-752E-4001-8048-F256E0D8CD93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4634804A-F0B0-4A74-A550-FC0EEF8A4362}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{49C00A51-6E59-41FE-B3FA-2D2157FAD67B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4C07EA4F-5F52-4222-B170-4CD9ED33BAEA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6DFF5DBA-AE3A-46DB-B301-ECFFC6DB2982}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C44FEFF4-EF0C-4CF7-83D0-92B4266A32B9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DE34CD67-F1C8-4001-9A23-B8A68F63F377}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F131923C-381D-4E4C-A472-4A17118FD742}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.BHO
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.DockingPanel
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkuryMenuForm
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBar
Key Deleted : HKLM\SOFTWARE\Classes\LinkurySmartBar.LinkurySmartBarBandObject
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1098640
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2124320
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2722653
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4B1C1E16-6B34-430E-B074-5928ECA4C150}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6517DD27-EA6F-4947-9DEA-F9C487BB1020}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6CB9D494-2482-4277-9E45-22F36C471461}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D2E5FA06-DCC7-46F9-BEFF-BFD06F69B9B2}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D896B49-51BB-4635-9F76-797DD7D80B4D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9F4A770D-2B11-4F1B-9B66-FBCDC3580AF6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{DE864882-5A7E-4ABC-BE22-F738232B1AFF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{201F27D4-3704-41D6-89C1-AA35E39143ED}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31AD400D-1B06-4E33-A59A-90C2C140CBA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D63D12F-3B48-468F-A8EF-6D7E6838F185}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\025176A3BF9264F4FACAEA2AEB6618F6
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\631F9E25D3C0BA340B38F99CF7E07A4F
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\649A52D257CA5DB4EAAE8BA9EB23E467
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6B5DE4CAAA0AB4444A13CA48C2C2FEBD
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9671A38E305589F45A57F69B86BD9926
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9C0BA5BDCBE75A44496E56FFA50D24FF
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Ask Toolbar_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\Software\TENCENT
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{3041D03E-FD4B-44E0-B742-2D9B88305F98}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Search_URL] = hxxp://search.qip.ru --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Default_Page_URL] = hxxp://qip.ru --> hxxp://www.google.com
Replaced : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.babylon.com/?affID=112542&tt=2912_4&babsrc=NT_ss&mntrId=080ae3c7000000000000005345000000 --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://www.plusnetwork.com/?sp=ctbar&q={searchTerms}&dp=MessengerPlus --> hxxp://www.google.com

-\\ Mozilla Firefox v20.0.1 (en-US)

File : C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\prefs.js

C:\Documents and Settings\SmestarZ\Application Data\Mozilla\Firefox\Profiles\jrkau6t8.default\user.js ... Deleted !

Deleted : user_pref("CT2124320.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2124320.CT2467812.CommunityChanged", true);
Deleted : user_pref("CT2124320.CT2467814.CommunityChanged", true);
Deleted : user_pref("CT2124320.CT2467816.CommunityChanged", true);
Deleted : user_pref("CT2124320.CT2467819.CommunityChanged", true);
Deleted : user_pref("CT2124320.CT2467820.CommunityChanged", true);
Deleted : user_pref("CT2124320.CT2467821.CommunityChanged", true);
Deleted : user_pref("CT2124320.CTID", "CT2124320");
Deleted : user_pref("CT2124320.CommunitiesChangesLastCheckTime", "Thu Aug 05 2010 10:17:43 GMT+0530 (India Sta[...]
Deleted : user_pref("CT2124320.CommunityChanged", true);
Deleted : user_pref("CT2124320.CurrentServerDate", "5-8-2010");
Deleted : user_pref("CT2124320.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2124320.DownloadReferralCookieData", "");
Deleted : user_pref("CT2124320.EMailNotifierPollDate", "Thu Aug 05 2010 10:17:46 GMT+0530 (India Standard Time[...]
Deleted : user_pref("CT2124320.FeedLastCount128746792544906908", 286);
Deleted : user_pref("CT2124320.FeedPollDate128746777097562523", "Thu Aug 05 2010 16:17:49 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2124320.FeedPollDate128746777252093961", "Thu Aug 05 2010 16:18:02 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2124320.FeedPollDate128746777461468985", "Thu Aug 05 2010 16:18:03 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2124320.FeedPollDate128746790824594437", "Thu Aug 05 2010 16:17:49 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2124320.FeedPollDate128746790988031938", "Thu Aug 05 2010 16:17:49 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2124320.FeedPollDate128746791145844439", "Thu Aug 05 2010 16:17:49 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2124320.FeedPollDate128746791280844460", "Thu Aug 05 2010 16:17:50 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2124320.FeedPollDate128746791444750814", "Thu Aug 05 2010 16:17:50 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2124320.FeedPollDate128746791615375007", "Thu Aug 05 2010 16:17:50 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2124320.FeedPollDate128746791787562545", "Thu Aug 05 2010 16:18:03 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2124320.FeedTTL128746777252093961", 60);
Deleted : user_pref("CT2124320.FeedTTL128746777461468985", 60);
Deleted : user_pref("CT2124320.FeedTTL128746791787562545", 5);
Deleted : user_pref("CT2124320.FirstServerDate", "5-8-2010");
Deleted : user_pref("CT2124320.FirstTime", true);
Deleted : user_pref("CT2124320.FirstTimeFF3", true);
Deleted : user_pref("CT2124320.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2124320.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2124320.GroupingLastCheckTime", "Thu Aug 05 2010 10:17:43 GMT+0530 (India Standard Time[...]
Deleted : user_pref("CT2124320.GroupingLastErrorCode", "");
Deleted : user_pref("CT2124320.GroupingLastResponse", true);
Deleted : user_pref("CT2124320.GroupingLastServerUpdateTime", "129253248931500000");
Deleted : user_pref("CT2124320.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2124320.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2124320.Initialize", true);
Deleted : user_pref("CT2124320.InitializeCommonPrefs", true);
Deleted : user_pref("CT2124320.InstallationAndCookieDataSentCount", 2);
Deleted : user_pref("CT2124320.InstalledDate", "Thu Aug 05 2010 10:17:43 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2124320.InvalidateCache", false);
Deleted : user_pref("CT2124320.IsGrouping", true);
Deleted : user_pref("CT2124320.IsMulticommunity", false);
Deleted : user_pref("CT2124320.IsOpenThankYouPage", false);
Deleted : user_pref("CT2124320.IsOpenUninstallPage", true);
Deleted : user_pref("CT2124320.LanguagePackLastCheckTime", "Thu Aug 05 2010 10:19:07 GMT+0530 (India Standard [...]
Deleted : user_pref("CT2124320.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2124320.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2124320.LastLogin_2.7.1.3", "Thu Aug 05 2010 14:18:38 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2124320.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2124320.Locale", "en-us");
Deleted : user_pref("CT2124320.LoginCache", 4);
Deleted : user_pref("CT2124320.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2124320.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2124320.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2124320.RadioIsPodcast", false);
Deleted : user_pref("CT2124320.RadioLastCheckTime", "Thu Aug 05 2010 10:18:14 GMT+0530 (India Standard Time)")[...]
Deleted : user_pref("CT2124320.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2124320.RadioLastUpdateServer", "128929877726170000");
Deleted : user_pref("CT2124320.RadioMediaID", "9627042");
Deleted : user_pref("CT2124320.RadioMediaType", "Media Player");
Deleted : user_pref("CT2124320.RadioMenuSelectedID", "EBRadioMenu_CT21243209627042");
Deleted : user_pref("CT2124320.RadioStationName", "BBC%20live%205%20");
Deleted : user_pref("CT2124320.RadioStationURL", "hxxp://www.bbc.co.uk/fivelive/live/live.asx");
Deleted : user_pref("CT2124320.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2124320.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2124320.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2124320.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT212[...]
Deleted : user_pref("CT2124320.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2124320.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2124320.SearchInNewTabLastCheckTime", "Thu Aug 05 2010 10:18:26 GMT+0530 (India Standar[...]
Deleted : user_pref("CT2124320.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2124320.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2124320.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2124320.SettingsLastCheckTime", "Thu Aug 05 2010 10:17:43 GMT+0530 (India Standard Time[...]
Deleted : user_pref("CT2124320.SettingsLastUpdate", "1280844093");
Deleted : user_pref("CT2124320.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2124320.ThirdPartyComponentsLastCheck", "Thu Aug 05 2010 10:17:43 GMT+0530 (India Stand[...]
Deleted : user_pref("CT2124320.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2124320.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2124320.UserID", "UN06137501726173844");
Deleted : user_pref("CT2124320.WeatherNetwork", "");
Deleted : user_pref("CT2124320.WeatherPollDate", "Thu Aug 05 2010 10:17:44 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2124320.WeatherUnit", "C");
Deleted : user_pref("CT2124320.clientLogIsEnabled", false);
Deleted : user_pref("CT2124320.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2124320.myStuffEnabled", true);
Deleted : user_pref("CT2124320.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2124320.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2124320.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2124320.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2124320.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2722653.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2722653.CT2722928.CommunityChanged", true);
Deleted : user_pref("CT2722653.CT2723775.CommunityChanged", true);
Deleted : user_pref("CT2722653.CT2723826.CommunityChanged", true);
Deleted : user_pref("CT2722653.CT2723964.CommunityChanged", true);
Deleted : user_pref("CT2722653.CT2724069.CommunityChanged", true);
Deleted : user_pref("CT2722653.CT2724135.CommunityChanged", true);
Deleted : user_pref("CT2722653.CTID", "CT2722653");
Deleted : user_pref("CT2722653.CommunitiesChangesLastCheckTime", "Thu Aug 05 2010 10:17:50 GMT+0530 (India Sta[...]
Deleted : user_pref("CT2722653.CommunityChanged", true);
Deleted : user_pref("CT2722653.CurrentServerDate", "5-8-2010");
Deleted : user_pref("CT2722653.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2722653.DownloadReferralCookieData", "");
Deleted : user_pref("CT2722653.EMailNotifierPollDate", "Thu Aug 05 2010 10:16:15 GMT+0530 (India Standard Time[...]
Deleted : user_pref("CT2722653.FirstServerDate", "5-8-2010");
Deleted : user_pref("CT2722653.FirstTime", true);
Deleted : user_pref("CT2722653.FirstTimeFF3", true);
Deleted : user_pref("CT2722653.FirstTimeSettingsDone", true);
Deleted : user_pref("CT2722653.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2722653.GroupingLastCheckTime", "Thu Aug 05 2010 10:16:15 GMT+0530 (India Standard Time[...]
Deleted : user_pref("CT2722653.GroupingLastErrorCode", "");
Deleted : user_pref("CT2722653.GroupingLastResponse", true);
Deleted : user_pref("CT2722653.GroupingLastServerUpdateTime", "129251305082730000");
Deleted : user_pref("CT2722653.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2722653.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2722653.HasUserGlobalKeys", true);
Deleted : user_pref("CT2722653.Initialize", true);
Deleted : user_pref("CT2722653.InitializeCommonPrefs", true);
Deleted : user_pref("CT2722653.InstallationAndCookieDataSentCount", 1);
Deleted : user_pref("CT2722653.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2722653.InstalledDate", "Thu Aug 05 2010 10:16:15 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2722653.InvalidateCache", false);
Deleted : user_pref("CT2722653.IsGrouping", true);
Deleted : user_pref("CT2722653.IsMulticommunity", false);
Deleted : user_pref("CT2722653.IsOpenThankYouPage", false);
Deleted : user_pref("CT2722653.IsOpenUninstallPage", true);
Deleted : user_pref("CT2722653.LanguagePackLastCheckTime", "Thu Aug 05 2010 10:16:35 GMT+0530 (India Standard [...]
Deleted : user_pref("CT2722653.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2722653.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2722653.LastLogin_2.7.1.3", "Thu Aug 05 2010 10:16:35 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2722653.LatestVersion", "2.1.0.18");
Deleted : user_pref("CT2722653.Locale", "en");
Deleted : user_pref("CT2722653.LoginCache", 4);
Deleted : user_pref("CT2722653.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2722653.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2722653.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2722653.RadioIsPodcast", false);
Deleted : user_pref("CT2722653.RadioLastCheckTime", "Thu Aug 05 2010 10:16:35 GMT+0530 (India Standard Time)")[...]
Deleted : user_pref("CT2722653.RadioLastUpdateIPServer", "3");
Deleted : user_pref("CT2722653.RadioLastUpdateServer", "129248073136400000");
Deleted : user_pref("CT2722653.RadioMediaID", "21072953");
Deleted : user_pref("CT2722653.RadioMediaType", "Media Player");
Deleted : user_pref("CT2722653.RadioMenuSelectedID", "EBRadioMenu_CT272265321072953");
Deleted : user_pref("CT2722653.RadioStationName", "BBC%20live%205%20");
Deleted : user_pref("CT2722653.RadioStationURL", "hxxp://www.bbc.co.uk/fivelive/live/live.asx");
Deleted : user_pref("CT2722653.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
Deleted : user_pref("CT2722653.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2722653.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT272[...]
Deleted : user_pref("CT2722653.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2722653.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2722653.SearchInNewTabLastCheckTime", "Thu Aug 05 2010 10:16:35 GMT+0530 (India Standar[...]
Deleted : user_pref("CT2722653.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2722653.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
Deleted : user_pref("CT2722653.SettingsCheckIntervalMin", 120);
Deleted : user_pref("CT2722653.SettingsLastCheckTime", "Thu Aug 05 2010 10:15:50 GMT+0530 (India Standard Time[...]
Deleted : user_pref("CT2722653.SettingsLastUpdate", "1280649708");
Deleted : user_pref("CT2722653.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2722653.ThirdPartyComponentsLastCheck", "Thu Aug 05 2010 10:15:50 GMT+0530 (India Stand[...]
Deleted : user_pref("CT2722653.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2722653.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
Deleted : user_pref("CT2722653.UserID", "UN66748948188618163");
Deleted : user_pref("CT2722653.WeatherNetwork", "");
Deleted : user_pref("CT2722653.WeatherPollDate", "Thu Aug 05 2010 10:17:34 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2722653.WeatherUnit", "C");
Deleted : user_pref("CT2722653.clientLogIsEnabled", false);
Deleted : user_pref("CT2722653.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
Deleted : user_pref("CT2722653.myStuffEnabled", true);
Deleted : user_pref("CT2722653.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2722653.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2722653.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2722653.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2722653.testingCtid", "");
Deleted : user_pref("CT2722653.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
Deleted : user_pref("CT2786678..clientLogIsEnabled", true);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Thu Nov 17 2011 17:33:05 GMT+0530 (India Standard T[...]
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129575151151403741", true);
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2786678.CurrentServerDate", "16-1-2012");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Mon Jan 16 2012 07:42:55 GMT+0530 (India Standard[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Sat Aug 20 2011 14:01:46 GMT+0530 (India Standard Time[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 550);
Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Thu Mar 24 2011 08:49:36 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Thu Mar 24 2011 08:49:36 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Thu Mar 24 2011 08:49:35 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Thu Mar 24 2011 08:49:35 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Thu Mar 24 2011 08:49:36 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Thu Mar 24 2011 08:49:36 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Thu Mar 24 2011 08:49:36 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Thu Mar 24 2011 08:49:36 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Thu Mar 24 2011 08:49:36 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Thu Mar 24 2011 08:49:36 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Thu Mar 24 2011 08:49:36 GMT+0530 (India Stan[...]
Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "28-12-2010");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingInvalidateCache", false);
Deleted : user_pref("CT2786678.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2786678.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://www.google.co.in/ig");
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Tue Dec 28 2010 18:27:31 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2786678.InvalidateCache", false);
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Mon Jan 16 2012 07:42:53 GMT+0530 (India Standard [...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Thu Mar 24 2011 05:50:09 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Tue Jun 21 2011 17:36:01 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2786678.LastLogin_3.5.0.12", "Mon Aug 15 2011 18:49:57 GMT+0530 (India Standard Time)")[...]
Deleted : user_pref("CT2786678.LastLogin_3.6.0.10", "Thu Sep 22 2011 09:49:04 GMT+0530 (India Standard Time)")[...]
Deleted : user_pref("CT2786678.LastLogin_3.7.0.6", "Wed Nov 09 2011 04:01:01 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2786678.LastLogin_3.8.0.8", "Fri Nov 18 2011 07:52:59 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2786678.LastLogin_3.9.0.3", "Mon Jan 16 2012 11:42:49 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2786678.LatestVersion", "3.9.0.3");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipShow", false);
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.RadioLastCheckTime", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2786678.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2786678.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2786678.SearchBoxWidth", 150);
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "free-downloads.net Customized Web Search");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Mon Jan 16 2012 07:42:53 GMT+0530 (India Standar[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", true);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Mon Jan 16 2012 07:42:50 GMT+0530 (India Standard Ti[...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Mon Jan 16 2012 07:42:47 GMT+0530 (India Standard Time[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1325059723");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Mon Jan 16 2012 07:42:47 GMT+0530 (India Stand[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarDisabled", true);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN39820729911040287");
Deleted : user_pref("CT2786678.ValidationData_Search", 2);
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Mon Jan 16 2012 07:42:49 GMT+0530 (India Standard Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "C");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.backendstorage./9b+7e+x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e,x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e-x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e.x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e/x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el8:", "6E6D706F736F726D7778");
Deleted : user_pref("CT2786678.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737675797578737D7E242F4B4947[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7e0x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e1x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e2x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e3x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e4x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e5x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e6x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e7x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e8x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e9x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e:x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e;x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e<x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e=x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e>x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e?x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7e@x305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7eax305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT2786678.backendstorage./9b+7ebx305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7ecx305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7edx305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b+7etx305", "2423");
Deleted : user_pref("CT2786678.backendstorage./9b-0?3g>d", "6A693F6C726D40437A4543787B204C7D4B7C25517E23542A27[...]
Deleted : user_pref("CT2786678.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT2786678.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT2786678.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");
Deleted : user_pref("CT2786678.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484776213F3E484F4E4D464[...]
Deleted : user_pref("CT2786678.backendstorage./9b5ba==9cjag", "3B703C6C3F4144737A6F7771474979777E7C4F7922");
Deleted : user_pref("CT2786678.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D706F706B73737371787176");
Deleted : user_pref("CT2786678.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT2786678.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT2786678.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT2786678.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT2786678.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT2786678.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "536174204F637420303820323031312032323A30323A30302[...]
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E74702D6C696E6B2E636F6D2F636[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333138303931373233393134");
Deleted : user_pref("CT2786678.components.1000034", false);
Deleted : user_pref("CT2786678.components.129295698017012804", false);
Deleted : user_pref("CT2786678.components.129309485163350924", false);
Deleted : user_pref("CT2786678.components.129309489763975460", false);
Deleted : user_pref("CT2786678.components.129315411424256896", false);
Deleted : user_pref("CT2786678.components.129513460540910967", false);
Deleted : user_pref("CT2786678.components.129526967958500204", false);
Deleted : user_pref("CT2786678.components.129579220236217502", true);
Deleted : user_pref("CT2786678.components.5690698542593514850", false);
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Mon Jan 16 2012 11:42:51 GMT+0530 (India St[...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", true);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Mon Jan 16 2012 07:42:53 GMT+0530 (India Sta[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Mon Jan 16 2012 07:42:55 GMT+0530 (India Sta[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2722653");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1114923/1110627/IN", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1115198/1110902/IN", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116045/1111749/IN", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116096/1111800/IN", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116234/1111938/IN", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116338/1112042/IN", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1116404/1112108/IN", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/IN", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1341008/1336676/IN", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/IN", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=1/11/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/27/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=12/30/2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/17/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"dbf[...]
Deleted : user_pref("CommunityToolbar.EngineHiddenByUser", true);
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT2786678");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\SmestarZ\\Applicat[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://in.search.yahoo.com/search?ei=utf[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2722653,CT2124320,ConduitEngine,CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2722653,CT2124320,ConduitEngine,CT2786678");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Jun 04 2011 09:27:32 GMT+05[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 17 2011 20:37:01 GMT+0530 (India[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 00:11:38 GMT+0530 (India Sta[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "a52feb96-964a-4c05-b87f-f6af402c7103");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Aug 20 2011 19:12:47 GMT+0530 (Ind[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "aee322a9-31b0-43d4-8268-3f83cb16a61a");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Jan 16 2012 07:42:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Jan 16 2012 07:42:57 GMT+053[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Jan 16 2012 07:42:48 GMT+0530 (I[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "531182f6-35d9-4a78-b469-38144c7d3cb8");
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Thu Jun 02 2011 17:52:32 GMT+0530 (India Standa[...]
Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Jun 20 2011 20:37:34 GMT+0530 (India Stan[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "12/28/2010 15");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.FixPageNotFoundErrors", false);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstallationType", "UnknownIntegration");
Deleted : user_pref("ConduitEngine.InstalledDate", "Tue Dec 28 2010 18:27:29 GMT+0530 (India Standard Time)");
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", false);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Jun 21 2011 20:37:32 GMT+0530 (India Stand[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Mar 24 2011 06:49:13 GMT+0530 (India Standard Time[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Tue Jun 21 2011 21:11:42 GMT+0530 (India Standard Time[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=C[...]
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Tue Jun 21 2011 21:11:39 GMT+0530 (India Standard [...]
Deleted : user_pref("ConduitEngine.UserID", "UN81551634871710788");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Jun 21 2011 20:37:36 GMT+0530 (India[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Tue Jun 21 2011 17:36:07 GMT+0530 (Indi[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Deleted : user_pref("browser.search.defaultthis.engineName", "free-downloads.net Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT1098640&Sea[...]
Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112542&tt=2912_4");
Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "080ae3c7000000000000005345000000");
Deleted : user_pref("extensions.BabylonToolbar_i.id", "080ae3c7000000000000005345000000");
Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15543");
Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Deleted : user_pref("extensions.BabylonToolbar_i.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112542&tt=2912_[...]
Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1714:57:04");
Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Deleted : user_pref("extensions.helperbar.SmartbarDisabled", false);
Deleted : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Deleted : user_pref("extensions.snipit.askTbInstalled", true);
Deleted : user_pref("gm-notifier.ui.counter.showInbox", true);
Deleted : user_pref("searchreset.backup.browser.newtab.url", "hxxp://www1.delta-search.com/?affID=121562&babsr[...]
Deleted : user_pref("searchreset.backup.browser.search.defaultenginename", "Search the web (Babylon)");
Deleted : user_pref("searchreset.backup.keyword.URL", "hxxp://www.plusnetwork.com/?sp=addr&q=");
Deleted : user_pref("surfcanyon.ac", true);
Deleted : user_pref("surfcanyon.fractions", "0.0_0.0\r\n");
Deleted : user_pref("surfcanyon.last_checked_ts", "1266992469279");

-\\ Google Chrome v26.0.1410.64

File : C:\Documents and Settings\SmestarZ\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

Deleted [l.2035] : homepage = "hxxp://search.babylon.com/?affID=112542&tt=2912_4&babsrc=HP_ss&mntrId=080ae3c7000000[...]
Deleted [l.2414] : urls_to_restore_on_startup = [ "hxxp://search.babylon.com/?affID=112542&tt=2912_4&babsrc=HP_s[...]

-\\ Opera v12.12.1707.0

File : C:\Documents and Settings\SmestarZ\Application Data\Opera\Opera\operaprefs.ini

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [61686 octets] - [29/04/2013 22:59:58]
AdwCleaner[R2].txt - [62338 octets] - [29/04/2013 23:03:35]
AdwCleaner[S1].txt - [402 octets] - [29/04/2013 23:02:42]
AdwCleaner[S2].txt - [61921 octets] - [29/04/2013 23:04:11]

########## EOF - C:\AdwCleaner[S2].txt - [61982 octets] ##########
 



#4 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 29 April 2013 - 01:09 PM


Hello smestarz

looks like it was time for a spring cleaning anyway. I Would like you to do the following.

Please print out or make a copy in notepad of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.

Run Combofix:

You may be asked to install or update the Recovery Console (Win XP Only) if this happens please allow it to do so (you will need to be connected to the internet for this)

Before you run Combofix I will need you to turn off any security software you have running, If you do not know how to do this you can find out >here< or >here<

Combofix may need to reboot your computer more than once to do its job this is normal.

You can download Combofix from one of these links. I want you to save it to the desktop and run it from there.1. Close any open browsers or any other programs that are open.
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.

Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall

Note 2: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." Please restart the computer

"information and logs"
  • In your next post I need the following
  • Log from Combofix
  • let me know of any problems you may have had
  • How is the computer doing now?
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#5 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 03 May 2013 - 05:25 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#6 smestarz

smestarz
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Local time:11:06 AM

Posted 03 May 2013 - 07:05 AM

Greetings,

 

Sorry for the delay in replying to you.

 

I just downloaded Combofix again and shall reply the results



#7 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 03 May 2013 - 07:59 AM

OK I will be looking for it


gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#8 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 07 May 2013 - 01:37 AM


Greetings


I have not heard from you in a couple of days so I am coming by to check on you to see if you are having problems or you just need some more time.

Also to remind you that it is very important that we finish the process completely so as to not get reinfected. I will let you know when we are complete and I will ask to remove our tools




Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#9 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 10 May 2013 - 03:15 AM



Hello

48 Hour bump

It has been more than 48 hours since my last post.
  • do you still need help with this?
  • do you need more time?
  • are you having problems following my instructions?
  • if after 48hrs you have not replied to this thread then it will have to be closed!
Gringo
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University

#10 gringo_pr

gringo_pr

    Bleepin Gringo


  • Malware Response Team
  • 136,772 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto rico
  • Local time:01:36 AM

Posted 14 May 2013 - 01:35 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
I Close My Topics If You Have Not Replied In 5 Days If You Will Be Longer Please Let Me Know

If I Have Not Replied To One Of My Topics In 48 Hrs Please Bump The Topic



My help is free, however, if you wish to make a small donation to show your appreciation or to help me continue the fight against Malware, then click here -->btn_donate_SM.gif<-- Don't worry every little bit helps.

Proud Graduate Of Malware Removal University




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users