Solved Infected with PUP.Infoatom and win32

Status
Not open for further replies.
Spirit

Spirit

Posts: 17   +0
From what I can figure out my computer appears to be infected with PUP.Infoatom and win32 viruses.

My computer is running extremely slow. I ran MBAM last night and it showed the infoatom. This morning I ran Avast and it caught the win32.

My OS is Windows XP
I normally use Firefox for browsing
I am a gamer and don't do any banking etc online

Thank you in advance for your help.

I read the information of what I need to add to my first post. Hopefully, I got it correct for you to help me.

Here is the dds log:

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
Run by spirit paglia at 9:50:48 on 2013-02-27
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.550 [GMT -7:00]
.
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
============== Running Processes ================
.
C:\WINDOWS\Explorer.EXE
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\wudfhost.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\SearchProtect\bin\CltMngSvc.exe
C:\Program Files\Pogo Games\PGMTrusted.exe
C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
C:\Program Files\TeamViewer\Version4\TeamViewer.exe
C:\Program Files\AVAST Software\Avast\avastUI.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Updater19962\Updater19962.exe
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\bin\cltmng.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.pogo.com/friends.do?pageSection=cp_home_header_friends
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} - c:\program files\supreme savings\Supreme Savings.dll
BHO: UnfriendApp: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - c:\program files\unfriendapp\ie\common.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [Updater19962.exe] c:\documents and settings\spirit paglia\local settings\application data\updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300
uRun: [SearchProtect] c:\documents and settings\spirit paglia\application data\searchprotect\bin\cltmng.exe
mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342726595812
TCP: NameServer = 192.168.0.1 205.171.3.25
TCP: Interfaces\{C677BA83-D099-483F-B4A5-5778883989FC} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\spirit paglia\application data\mozilla\firefox\profiles\po8ykea7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN36138580159123249
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/friends.do
FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: c:\program files\videodownloadconverter_4zei\installr\3.bin\NP4zEISb.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
FF - plugin: c:\windows\system32\npdeployJava1.dll
FF - plugin: c:\windows\system32\Npindeo.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - ExtSQL: 2013-02-24 12:17; addon@defaulttab.com; c:\documents and settings\spirit paglia\application data\mozilla\firefox\profiles\po8ykea7.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-02-26 21:02; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
FF - ExtSQL: !HIDDEN! 2009-11-15 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
============= SERVICES / DRIVERS ===============
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-26 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-26 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-26 21256]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-26 44808]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-2-20 93984]
R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-8 54752]
R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2012-1-4 519888]
R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
.
=============== File Associations ===============
.
ShellExec: QSync.exe: Open="c:\program files\logitech\video\QSync.exe"
.
=============== Created Last 30 ================
.
2013-02-27 09:37:35 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-27 09:37:25 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-27 07:34:19 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2013-02-27 07:34:19 24984 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-02-27 07:34:19 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-02-27 07:34:18 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
2013-02-27 07:34:18 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
2013-02-27 07:34:18 193576 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
2013-02-27 07:34:18 134552 ----a-w- c:\program files\mozilla firefox\mozglue.dll
2013-02-27 07:34:18 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
2013-02-27 07:34:17 2989464 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
2013-02-27 07:34:16 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
2013-02-27 03:57:00 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-27 03:56:16 41224 ----a-w- c:\windows\avastSS.scr
2013-02-27 03:55:41 -------- d-----w- c:\program files\AVAST Software
2013-02-27 03:55:41 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
2013-02-24 19:35:06 -------- d-----w- c:\program files\DomaIQ Uninstaller
2013-02-24 19:33:48 -------- d-----w- c:\program files\Tuguu SL
2013-02-24 19:33:48 -------- d-----w- c:\documents and settings\spirit paglia\application data\player
2013-02-24 19:33:45 -------- d-----w- c:\documents and settings\spirit paglia\application data\SwvUpdater
2013-02-24 19:33:16 -------- d-----w- c:\program files\SearchProtect
2013-02-24 19:33:07 -------- d-----w- c:\documents and settings\spirit paglia\application data\SearchProtect
2013-02-24 19:22:52 -------- d-----w- c:\program files\Conduit
2013-02-24 19:22:31 -------- d-----w- c:\documents and settings\spirit paglia\local settings\application data\Conduit
2013-02-24 19:15:54 -------- d-----w- c:\documents and settings\spirit paglia\local settings\application data\Updater19962
2013-02-24 19:15:07 -------- d-----w- c:\documents and settings\spirit paglia\application data\DefaultTab
2013-02-24 19:15:00 -------- d-----w- c:\program files\Supreme Savings
2013-02-22 00:42:17 -------- d-----w- c:\documents and settings\all users\application data\APN
2013-02-21 03:12:56 -------- d-----w- c:\program files\UnfriendApp
2013-02-08 09:13:04 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
==================== Find3M ====================
.
2013-02-27 09:37:01 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-27 09:37:01 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-26 18:45:22 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-26 18:45:22 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-23 23:49:01 896424 ----a-w- C:\jre-7u11-windows-i586-iftw.exe
2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40:59 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 23:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-02 13:11:21 458 ----a-w- c:\program files\070220117112129.bat
2010-08-08 06:12:46 475 ----a-w- c:\program files\080820100124629.bat
.
============= FINISH: 9:51:12.29 ===============
Here is the attached log: (one place says to post it like this, but this log says do not post unless asked....so sorry if I wasn't supposed to post it or if I should have zipped it.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 9/25/2005 10:01:00 PM
System Uptime: 2/27/2013 1:12:35 AM (8 hours ago)
.
Motherboard: Dell Computer Corp. | | 0TC667
Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2394/533mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 71 GiB total, 47.281 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP441: 2/25/2013 9:36:06 AM - System Checkpoint
RP442: 2/25/2013 3:58:24 PM - Software Distribution Service 3.0
RP443: 2/26/2013 4:48:29 PM - System Checkpoint
RP444: 2/26/2013 8:55:41 PM - avast! Free Antivirus Setup
RP445: 2/26/2013 9:22:33 PM - Removed Avira SearchFree Toolbar.
RP446: 2/27/2013 12:41:15 AM - Removed Java 7 Update 15
RP447: 2/27/2013 12:51:03 AM - Installed Java 7 Update 15
RP448: 2/27/2013 1:02:25 AM - Removed Java 7 Update 15
RP449: 2/27/2013 1:06:30 AM - Removed Java(TM) 6 Update 38
RP450: 2/27/2013 2:32:40 AM - Installed Java 7 Update 15
RP451: 2/27/2013 2:36:00 AM - Removed Java 7 Update 15
RP452: 2/27/2013 2:36:54 AM - Installed Java 7 Update 15
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader 7.0
Adobe Shockwave Player
Agatha Christie Bundle - 3 in 1
Alice's Magical Mahjong
Amazing Adventures SE Bundle
AOLIcon
ArcSoft Software Suite
avast! Free Antivirus
Awakening The Dreamless Castle
Bejeweled 3
Belarc Advisor 7.2
Big City Adventure Vancouver
Big Fish Games Client
Bonjour
CCleaner
Chuzzle
Control Center for KODAK Webcams
Dark Tales: Edgar Allan Poe's the Premature Burial (remove only)
DefaultTab
Dell Driver Reset Tool
Dell Media Experience
Dell Picture Studio v3.0
Dell Support 3.1
Dell System Restore
Diner Dash Family Style
Dr Lynch Grave Secrets
Escape the Emerald Star
Escape Whisper Valley
Fairy Godmother Tycoon
ffdshow [rev 2527] [2008-12-19]
FlashPlayer
Fotki XP Publishing Wizard
Gogii 4-Pack
Harvest Mania To Go
Haunted Manor Lord of Mirrors
Haunted Past: Realm of Ghosts Collector's Edition (remove only)
Hidden Expedition: Titanic
Hidden Object Heroes Bundle
HijackThis 2.0.2
Hotel Solitaire
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows XP (KB954550-v5)
Intel(R) 537EP V9x DF PCI Modem
Intel(R) Extreme Graphics 2 Driver
Intel(R) PRO Network Adapters and Drivers
Intel(R) PROSet for Wired Connections
Internet Explorer Default Page
Java 7 Update 15
Java Auto Updater
Jewel Quest III (remove only)
Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only)
Jigsaw 365
Junk Mail filter update
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam
Logitech® Camera Driver
Lottso! Deluxe
Luxor Adventures
Macromedia Flash Player
Magic Match
Mahjong Garden Deluxe
Mahjong Garden To Go
Mahjong Journey of Enlightenment
Mahjong Memoirs
Mahjong World
Malwarebytes Anti-Malware version 1.70.0.1100
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 1.1 Security Update (KB2742597)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft IntelliPoint 6.01
Microsoft IntelliType Pro 6.01
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition Installer
Microsoft Plus! Photo Story 2 LE
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Sync Framework Runtime Native v1.0 (x86)
Microsoft Sync Framework Services Native v1.0 (x86)
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Modem Event Monitor
Modem Helper
Modem On Hold
Mozilla Firefox 20.0 (x86 en-US)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 6 Service Pack 2 (KB973686)
Mystery Case Files - Dire Grove
Mystery Case Files: Huntsville ™
NetZeroInstallers
Nora Roberts - Vision In White
Operation Mania
Photo Click
PICTUREKA! MUSEUM MAYHEM
Pogo Games (remove only)
Polly Pride Pet Detective
PowerDVD 5.5
Princess Isabella A Witch’s Curse
QuickBooks Simple Start Special Edition
QuickTime
Qwest Installer
Rainbow Web
RealPlayer Basic
Saints and Sinners Bingo
Sandlot Games Client Services
Search Protect by conduit
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 7 (KB969897)
Security Update for Windows Internet Explorer 7 (KB972260)
Security Update for Windows Internet Explorer 7 (KB974455)
Security Update for Windows Internet Explorer 7 (KB976325)
Security Update for Windows Internet Explorer 7 (KB978207)
Security Update for Windows Internet Explorer 7 (KB982381)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2559049)
Security Update for Windows Internet Explorer 8 (KB2586448)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2699988)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2792100)
Security Update for Windows Internet Explorer 8 (KB2797052)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB971961)
Security Update for Windows Internet Explorer 8 (KB981332)
Security Update for Windows Internet Explorer 8 (KB982381)
Segoe UI
Shutter Island
Skype™ 5.10
Slingo
Slingo Quest
Software Version Updater
Sonic DLA
Sonic RecordNow Audio
Sonic RecordNow Copy
Sonic RecordNow Data
Sonic Update Manager
Spin & Win
Supreme Savings
TeamViewer 4
The Clockwork Man 2 (remove only)
The Poppit! Show
Tri Peaks 2 Quest For The Ruby Ring
UnfriendApp
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 7 (KB976749)
Update for Windows Internet Explorer 7 (KB980182)
Update for Windows Internet Explorer 8 (KB976662)
URGE
Vacation Quest: Australia (remove only)
Way To Go! Bowling
WebCyberCoach 3.2 Dell
WebFldrs XP
Windows Defender Signatures
Windows Genuine Advantage Notifications (KB905474)
Windows Genuine Advantage v1.3.0254.0
Windows Genuine Advantage Validation Tool (KB892130)
Windows Imaging Component
Windows Internet Explorer 7
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live Mail
Windows Live Messenger
Windows Live Photo Gallery
Windows Live Sign-in Assistant
Windows Live Sync
Windows Live Upload Tool
Windows Live Writer
Windows Media Format 11 runtime
Windows Media Player 10
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver
WinZip
Word Riot Deluxe
Word Whomp( TM) Underground
WordPerfect Office 12
World Class Solitaire
Yahoo! Messenger
Zombie Bowl-O-Rama
Zuma’s Revenge
.
==== Event Viewer Messages From Past Week ========
.
2/26/2013 9:23:27 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
2/26/2013 12:46:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
2/26/2013 12:46:06 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2013 10:51:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
2/25/2013 10:51:21 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
2/25/2013 10:50:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
2/25/2013 10:49:42 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
.
==== End Of File ===========================
 
I think I am supposed to post this MBAM log too.

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.02.24.01

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
spirit paglia :: SPIRIT [administrator]

2/27/2013 10:20:37 AM
MBAM-log-2013-02-27 (10-35-08).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199551
Time elapsed: 14 minute(s), 16 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 8
HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken.
HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken.
HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken.
HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken.
HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> No action taken.

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 1
C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater (PUP.Software.Updater) -> No action taken.

Files Detected: 4
C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater\Updater.exe (PUP.Software.Updater) -> No action taken.
C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater\Updater.xml (PUP.Software.Updater) -> No action taken.
C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater) -> No action taken.
C:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.

(end)
 
Hello, and welcome to TechSpot.


rulesx.png
Please see here for the board rules and other FAQ.

Please feel free to introduce yourself, after you follow the steps below to get started.

Information
  • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
  • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
  • If you have already asked for help somewhere, please post the link to the topic you were helped.
  • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
  • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


ComboFix scan

Please download ComboFix
combofix.gif
by sUBs
From TechSpot

Direct Link (alternative)

Please save the file to your Desktop.

Important information about ComboFix


After the download:
  • Close any open browsers.
  • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
  • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
Running ComboFix:
  • Double click on ComboFix.exe & follow the prompts.
  • When ComboFix finishes, it will produce a report for you.
  • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
Troubleshooting ComboFix

Safe Mode:

If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

(To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
logo appears. A list of options will appear, select "Safe Mode.")

Re-downloading:

If this doesn't work either, try the same method (above method), but try to download it again, except name
ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
 
Here you go.... and thank you!

I will be gone for the day so will do the next step tonight.

ComboFix 13-02-26.01 - spirit paglia 02/27/2013 12:00:41.2.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.567 [GMT -7:00]
Running from: c:\documents and settings\spirit paglia\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\11D.tmp
C:\11E.tmp
c:\documents and settings\All Users\Application Data\AMMYY
c:\documents and settings\All Users\Application Data\AMMYY\hr
c:\documents and settings\All Users\Application Data\AMMYY\hr3
c:\documents and settings\All Users\Application Data\AMMYY\settings.bin
c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\All Users\Application Data\TEMP\1A6AFE3D.TMP
c:\documents and settings\All Users\Application Data\TEMP\4EFDF5FB.TMP
c:\documents and settings\All Users\Application Data\TEMP\5635DE41.TMP
c:\documents and settings\All Users\Application Data\TEMP\D0F51BEA.TMP
c:\documents and settings\spirit paglia\Application Data\DefaultTab\DefaultTab
c:\documents and settings\spirit paglia\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
c:\documents and settings\spirit paglia\Local Settings\Application Data\Updater19962\Updater19962.exe
c:\documents and settings\spirit paglia\WINDOWS
C:\install.exe
c:\program files\Common
c:\windows\system32\SET103.tmp
c:\windows\system32\SET105.tmp
c:\windows\system32\SET111.tmp
c:\windows\system32\SETC9.tmp
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\msvcr71.dll.001
c:\windows\system32\URTTemp\msvcr71.dll.002
c:\windows\system32\URTTemp\msvcr71.dll.003
c:\windows\system32\URTTemp\msvcr71.dll.004
c:\windows\system32\URTTemp\msvcr71.dll.005
c:\windows\system32\URTTemp\msvcr71.dll.006
c:\windows\system32\URTTemp\msvcr71.dll.007
c:\windows\system32\URTTemp\msvcr71.dll.008
c:\windows\system32\URTTemp\msvcr71.dll.009
c:\windows\system32\URTTemp\msvcr71.dll.010
c:\windows\system32\URTTemp\msvcr71.dll.011
c:\windows\system32\URTTemp\msvcr71.dll.012
c:\windows\system32\URTTemp\msvcr71.dll.013
c:\windows\system32\URTTemp\msvcr71.dll.int
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\XSxS
.
.
((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
.
.
2013-02-27 09:37 . 2013-02-27 09:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
2013-02-27 09:37 . 2013-02-27 09:37 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-02-27 09:36 . 2013-02-27 09:36 -------- d-----w- c:\program files\Java
2013-02-27 07:34 . 2013-02-20 22:57 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-02-27 07:34 . 2013-02-20 22:57 170232 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-02-27 07:34 . 2013-02-20 22:57 24984 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe
2013-02-27 07:34 . 2013-02-20 22:57 193576 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
2013-02-27 07:34 . 2013-02-20 22:57 134552 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
2013-02-27 07:34 . 2013-02-20 22:57 115608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
2013-02-27 07:34 . 2013-02-20 22:57 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2013-02-27 07:34 . 2013-02-20 22:57 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2013-02-27 07:34 . 2013-02-20 22:57 2989464 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
2013-02-27 07:34 . 2013-02-20 22:57 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2013-02-27 03:57 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-02-27 03:57 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-02-27 03:57 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2013-02-27 03:57 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-02-27 03:57 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-02-27 03:57 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2013-02-27 03:57 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2013-02-27 03:56 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2013-02-27 03:56 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
2013-02-27 03:56 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2013-02-27 03:55 . 2013-02-27 03:55 -------- d-----w- c:\program files\AVAST Software
2013-02-27 03:55 . 2013-02-27 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
2013-02-24 19:35 . 2013-02-24 19:35 -------- d-----w- c:\program files\DomaIQ Uninstaller
2013-02-24 19:33 . 2013-02-24 19:33 -------- d-----w- c:\documents and settings\spirit paglia\Application Data\player
2013-02-24 19:33 . 2013-02-24 19:33 -------- d-----w- c:\program files\Tuguu SL
2013-02-24 19:33 . 2013-02-24 19:33 -------- d-----w- c:\documents and settings\spirit paglia\Application Data\SwvUpdater
2013-02-24 19:33 . 2013-02-24 19:33 -------- d-----w- c:\program files\SearchProtect
2013-02-24 19:33 . 2013-02-24 19:33 -------- d-----w- c:\documents and settings\spirit paglia\Application Data\SearchProtect
2013-02-24 19:22 . 2013-02-24 19:22 -------- d-----w- c:\program files\Conduit
2013-02-24 19:22 . 2013-02-25 16:42 -------- d-----w- c:\documents and settings\spirit paglia\Local Settings\Application Data\Conduit
2013-02-24 19:15 . 2013-02-27 19:16 -------- d-----w- c:\documents and settings\spirit paglia\Local Settings\Application Data\Updater19962
2013-02-24 19:15 . 2013-02-27 19:16 -------- d-----w- c:\documents and settings\spirit paglia\Application Data\DefaultTab
2013-02-24 19:15 . 2013-02-24 19:16 -------- d-----w- c:\program files\Supreme Savings
2013-02-22 00:42 . 2013-02-22 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
2013-02-21 03:12 . 2013-02-21 03:12 -------- d-----w- c:\program files\UnfriendApp
2013-02-08 09:13 . 2013-02-08 09:13 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-27 09:37 . 2012-05-18 22:26 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-02-27 09:37 . 2010-04-15 12:15 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-02-26 18:45 . 2012-05-25 22:33 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-26 18:45 . 2011-06-28 20:56 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-26 03:55 . 2004-08-10 17:51 552448 ----a-w- c:\windows\system32\oleaut32.dll
2013-01-23 23:49 . 2013-01-23 23:46 896424 ----a-w- C:\jre-7u11-windows-i586-iftw.exe
2013-01-07 01:16 . 2004-08-10 17:51 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:36 . 2004-08-04 03:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-10 17:51 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-10 17:51 1292288 ----a-w- c:\windows\system32\quartz.dll
2013-01-02 06:49 . 2004-08-10 17:51 148992 ----a-w- c:\windows\system32\mpg2splt.ax
2012-12-26 20:16 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2012-12-26 20:16 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-26 20:16 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-24 06:40 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
2012-12-16 12:23 . 2004-08-10 17:50 290560 ----a-w- c:\windows\system32\atmfd.dll
2012-12-14 23:49 . 2009-11-28 07:20 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-02 13:11 . 2011-07-02 13:11 458 ----a-w- c:\program files\070220117112129.bat
2010-08-08 06:12 . 2010-08-08 06:12 475 ----a-w- c:\program files\080820100124629.bat
2013-02-20 22:57 . 2013-02-27 07:26 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
"SearchProtect"="c:\documents and settings\spirit paglia\Application Data\SearchProtect\bin\cltmng.exe" [2013-02-20 2674464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-02-20 2674464]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Pogo Games\\PogoDGC.exe"=
"c:\\Program Files\\Pogo Games\\WebUpdater.exe"=
.
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/26/2013 8:57 PM 738504]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/26/2013 8:57 PM 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/26/2013 8:57 PM 21256]
R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\SearchProtect\bin\CltMngSvc.exe [2/20/2013 5:38 AM 93984]
R2 PGMTrusted;PGMTrusted;c:\program files\Pogo Games\PGMTrusted.exe [1/4/2012 7:40 AM 519888]
R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10/7/2009 5:50 AM 185640]
S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 18:45]
.
2013-02-27 c:\windows\Tasks\AmiUpdXp.job
- c:\documents and settings\spirit paglia\Application Data\SwvUpdater\Updater.exe [2013-02-24 19:28]
.
2013-02-27 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-27 23:50]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
uStart Page = hxxp://www.pogo.com/friends.do?pageSection=cp_home_header_friends
TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
FF - ProfilePath - c:\documents and settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN36138580159123249
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/friends.do
FF - ExtSQL: 2013-02-24 12:17; addon@defaulttab.com; c:\documents and settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\extensions\addon@defaulttab.com.xpi
FF - ExtSQL: 2013-02-26 21:02; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
FF - ExtSQL: !HIDDEN! 2009-11-15 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
HKCU-Run-Updater19962.exe - c:\documents and settings\spirit paglia\Local Settings\Application Data\Updater19962\Updater19962.exe
AddRemove-DefaultTab - c:\documents and settings\spirit paglia\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-02-27 12:19
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,32,39,ac,30,4c,0d,48,a2,2f,2a,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,32,39,ac,30,4c,0d,48,a2,2f,2a,\
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(3536)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\System32\wudfhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre7\bin\jqs.exe
c:\program files\TeamViewer\Version4\TeamViewer.exe
c:\windows\system32\wbem\unsecapp.exe
.
**************************************************************************
.
Completion time: 2013-02-27 12:31:24 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-27 19:31
.
Pre-Run: 50,654,711,808 bytes free
Post-Run: 51,209,388,032 bytes free
.
- - End Of File - - 32680296410F15D26801D71550929FE0
 
You're welcome!

TDSSKiller Scan

Please download and run TDSSKiller to your desktop as outlined below:

Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

For Windows XP, double-click to start.
For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

tdss_1.jpg


-------------------------

Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

tdss_2.jpg


------------------------

Click the Start Scan button.

tdss_3.jpg


-----------------------

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue


tdss_4.jpg


----------------------

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


tdss_5.jpg



--------------------

A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

Sometimes these logs can be very large, in that case please attach it.

-------------------

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue
If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
Skip and click on Continue

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


OTL Quick Scan

Please download OTL by OldTimer to your Desktop.
  • Close all windows and double click OTL.exe.
  • Click Quick Scan button and let the program run uninterrupted.
  • It will produce a log for you called OTL.txt, please post it in your next reply.
  • You may need to use two posts to get it all.
 
I will do this in two posts.

Thanks for your help!

Here is the TDSSKiller. I never said anything about CURE, so I am not sure that it was done correctly.

19:31:12.0906 9672 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
19:31:13.0671 9672 ============================================================
19:31:13.0671 9672 Current date / time: 2013/02/27 19:31:13.0671
19:31:13.0671 9672 SystemInfo:
19:31:13.0671 9672
19:31:13.0671 9672 OS Version: 5.1.2600 ServicePack: 3.0
19:31:13.0671 9672 Product type: Workstation
19:31:13.0671 9672 ComputerName: SPIRIT
19:31:13.0671 9672 UserName: spirit paglia
19:31:13.0671 9672 Windows directory: C:\WINDOWS
19:31:13.0671 9672 System windows directory: C:\WINDOWS
19:31:13.0671 9672 Processor architecture: Intel x86
19:31:13.0671 9672 Number of processors: 1
19:31:13.0671 9672 Page size: 0x1000
19:31:13.0671 9672 Boot type: Normal boot
19:31:13.0671 9672 ============================================================
19:31:15.0593 9672 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
19:31:15.0593 9672 ============================================================
19:31:15.0593 9672 \Device\Harddisk0\DR0:
19:31:15.0593 9672 MBR partitions:
19:31:15.0593 9672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x8E060B6
19:31:15.0593 9672 ============================================================
19:31:15.0640 9672 C: <-> \Device\Harddisk0\DR0\Partition1
19:31:15.0640 9672 ============================================================
19:31:15.0640 9672 Initialize success
19:31:15.0640 9672 ============================================================
19:32:40.0281 10044 ============================================================
19:32:40.0281 10044 Scan started
19:32:40.0281 10044 Mode: Manual; SigCheck; TDLFS;
19:32:40.0281 10044 ============================================================
19:32:41.0062 10044 ================ Scan system memory ========================
19:32:41.0062 10044 System memory - ok
19:32:41.0078 10044 ================ Scan services =============================
19:32:41.0312 10044 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
19:32:41.0593 10044 Aavmker4 - ok
19:32:41.0656 10044 Abiosdsk - ok
19:32:41.0687 10044 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
19:32:43.0312 10044 abp480n5 - ok
19:32:43.0375 10044 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
19:32:43.0640 10044 ACPI - ok
19:32:43.0718 10044 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
19:32:44.0046 10044 ACPIEC - ok
19:32:44.0156 10044 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:32:44.0203 10044 AdobeFlashPlayerUpdateSvc - ok
19:32:44.0234 10044 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
19:32:44.0593 10044 adpu160m - ok
19:32:44.0671 10044 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
19:32:45.0156 10044 aec - ok
19:32:45.0203 10044 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
19:32:45.0375 10044 AFD - ok
19:32:45.0421 10044 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
19:32:45.0765 10044 agp440 - ok
19:32:45.0796 10044 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
19:32:46.0125 10044 agpCPQ - ok
19:32:46.0171 10044 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
19:32:46.0406 10044 Aha154x - ok
19:32:46.0421 10044 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
19:32:46.0750 10044 aic78u2 - ok
19:32:46.0781 10044 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
19:32:47.0250 10044 aic78xx - ok
19:32:47.0296 10044 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
19:32:47.0625 10044 Alerter - ok
19:32:47.0671 10044 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
19:32:48.0062 10044 ALG - ok
19:32:48.0109 10044 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
19:32:48.0437 10044 AliIde - ok
19:32:48.0484 10044 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
19:32:48.0796 10044 alim1541 - ok
19:32:48.0859 10044 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
19:32:49.0281 10044 amdagp - ok
19:32:49.0390 10044 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
19:32:49.0578 10044 amsint - ok
19:32:49.0593 10044 AppMgmt - ok
19:32:49.0640 10044 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
19:32:50.0015 10044 asc - ok
19:32:50.0062 10044 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
19:32:50.0296 10044 asc3350p - ok
19:32:50.0343 10044 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
19:32:50.0671 10044 asc3550 - ok
19:32:50.0734 10044 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
19:32:50.0781 10044 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
19:32:50.0781 10044 ASCTRM - detected UnsignedFile.Multi.Generic (1)
19:32:50.0906 10044 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
19:32:51.0015 10044 aspnet_state - ok
19:32:51.0062 10044 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
19:32:51.0093 10044 aswFsBlk - ok
19:32:51.0156 10044 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
19:32:51.0171 10044 aswMon2 - ok
19:32:51.0218 10044 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
19:32:51.0265 10044 AswRdr - ok
19:32:51.0343 10044 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
19:32:51.0421 10044 aswSnx - ok
19:32:51.0578 10044 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
19:32:51.0625 10044 aswSP - ok
19:32:51.0703 10044 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
19:32:51.0734 10044 aswTdi - ok
19:32:51.0765 10044 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
19:32:52.0140 10044 AsyncMac - ok
19:32:52.0171 10044 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
19:32:52.0484 10044 atapi - ok
19:32:52.0500 10044 Atdisk - ok
19:32:52.0531 10044 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
19:32:52.0921 10044 Atmarpc - ok
19:32:52.0984 10044 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
19:32:53.0281 10044 AudioSrv - ok
19:32:53.0328 10044 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
19:32:53.0859 10044 audstub - ok
19:32:53.0984 10044 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
19:32:54.0046 10044 avast! Antivirus - ok
19:32:54.0093 10044 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
19:32:54.0109 10044 BANTExt ( UnsignedFile.Multi.Generic ) - warning
19:32:54.0109 10044 BANTExt - detected UnsignedFile.Multi.Generic (1)
19:32:54.0187 10044 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
19:32:54.0546 10044 Beep - ok
19:32:54.0625 10044 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
19:32:55.0046 10044 BITS - ok
19:32:55.0109 10044 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
19:32:55.0187 10044 Bonjour Service - ok
19:32:55.0234 10044 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
19:32:55.0390 10044 Browser - ok
19:32:55.0390 10044 bvrp_pci - ok
19:32:55.0406 10044 catchme - ok
19:32:55.0421 10044 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
19:32:55.0765 10044 cbidf - ok
19:32:55.0906 10044 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
19:32:56.0250 10044 cbidf2k - ok
19:32:56.0265 10044 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
19:32:56.0609 10044 CCDECODE - ok
19:32:56.0640 10044 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
19:32:56.0812 10044 cd20xrnt - ok
19:32:56.0843 10044 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
19:32:57.0265 10044 Cdaudio - ok
19:32:57.0328 10044 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
19:32:57.0625 10044 Cdfs - ok
19:32:57.0656 10044 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
19:32:58.0093 10044 Cdrom - ok
19:32:58.0187 10044 Changer - ok
19:32:58.0250 10044 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
19:32:58.0578 10044 CiSvc - ok
19:32:58.0640 10044 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
19:32:58.0953 10044 ClipSrv - ok
19:32:59.0062 10044 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:32:59.0250 10044 clr_optimization_v2.0.50727_32 - ok
19:32:59.0312 10044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
19:32:59.0484 10044 clr_optimization_v4.0.30319_32 - ok
19:32:59.0531 10044 [ 1CDFB108952A68CB8DAAC67177850560 ] CltMngSvc C:\Program Files\SearchProtect\bin\CltMngSvc.exe
19:32:59.0609 10044 CltMngSvc - ok
19:32:59.0656 10044 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
19:33:00.0000 10044 CmdIde - ok
19:33:00.0046 10044 COMSysApp - ok
19:33:00.0109 10044 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
19:33:00.0546 10044 Cpqarray - ok
19:33:00.0609 10044 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
19:33:00.0906 10044 CryptSvc - ok
19:33:00.0953 10044 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
19:33:01.0296 10044 dac2w2k - ok
19:33:01.0328 10044 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
19:33:01.0750 10044 dac960nt - ok
19:33:01.0796 10044 [ 100FF3D9E16AFB3163BD6F9AAAAB7C55 ] DCamUSBSQTECH C:\WINDOWS\system32\Drivers\SQcaptur.sys
19:33:01.0875 10044 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - warning
19:33:01.0875 10044 DCamUSBSQTECH - detected UnsignedFile.Multi.Generic (1)
19:33:01.0953 10044 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
19:33:02.0109 10044 DcomLaunch - ok
19:33:02.0156 10044 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
19:33:02.0578 10044 Dhcp - ok
19:33:02.0625 10044 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
19:33:02.0968 10044 Disk - ok
19:33:02.0984 10044 dmadmin - ok
19:33:03.0031 10044 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
19:33:03.0437 10044 dmboot - ok
19:33:03.0500 10044 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
19:33:03.0781 10044 dmio - ok
19:33:03.0812 10044 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
19:33:04.0218 10044 dmload - ok
19:33:04.0265 10044 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
19:33:04.0656 10044 dmserver - ok
19:33:04.0781 10044 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
19:33:05.0140 10044 DMusic - ok
19:33:05.0187 10044 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
19:33:05.0296 10044 Dnscache - ok
19:33:05.0390 10044 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
19:33:05.0734 10044 Dot3svc - ok
19:33:05.0781 10044 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
19:33:06.0187 10044 dpti2o - ok
19:33:06.0250 10044 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
19:33:06.0531 10044 drmkaud - ok
19:33:06.0578 10044 [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
19:33:06.0640 10044 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
19:33:06.0640 10044 drvmcdb - detected UnsignedFile.Multi.Generic (1)
19:33:06.0671 10044 [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
19:33:06.0843 10044 drvnddm ( UnsignedFile.Multi.Generic ) - warning
19:33:06.0843 10044 drvnddm - detected UnsignedFile.Multi.Generic (1)
19:33:06.0859 10044 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
19:33:06.0968 10044 E100B - ok
19:33:07.0062 10044 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
19:33:07.0390 10044 EapHost - ok
19:33:07.0484 10044 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
19:33:07.0718 10044 ERSvc - ok
19:33:07.0765 10044 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
19:33:07.0906 10044 Eventlog - ok
19:33:07.0953 10044 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
19:33:08.0109 10044 EventSystem - ok
19:33:08.0140 10044 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
19:33:08.0468 10044 Fastfat - ok
19:33:08.0515 10044 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
19:33:08.0640 10044 FastUserSwitchingCompatibility - ok
19:33:08.0687 10044 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
19:33:09.0109 10044 Fax - ok
19:33:09.0156 10044 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
19:33:09.0468 10044 Fdc - ok
19:33:09.0500 10044 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
19:33:09.0828 10044 Fips - ok
19:33:09.0859 10044 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
19:33:10.0234 10044 Flpydisk - ok
19:33:10.0296 10044 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
19:33:10.0609 10044 FltMgr - ok
19:33:10.0703 10044 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
19:33:10.0734 10044 FontCache3.0.0.0 - ok
19:33:10.0796 10044 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
19:33:10.0828 10044 fssfltr - ok
19:33:10.0984 10044 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
19:33:11.0109 10044 fsssvc - ok
19:33:11.0218 10044 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
19:33:11.0546 10044 Fs_Rec - ok
19:33:11.0609 10044 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
19:33:11.0937 10044 Ftdisk - ok
19:33:11.0968 10044 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
19:33:12.0296 10044 Gpc - ok
19:33:12.0375 10044 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
19:33:12.0687 10044 helpsvc - ok
19:33:12.0750 10044 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
19:33:13.0093 10044 HidServ - ok
19:33:13.0156 10044 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
19:33:13.0593 10044 HidUsb - ok
19:33:13.0640 10044 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
19:33:14.0125 10044 hkmsvc - ok
19:33:14.0171 10044 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
19:33:14.0593 10044 hpn - ok
19:33:14.0656 10044 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
19:33:14.0750 10044 HTTP - ok
19:33:14.0812 10044 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
19:33:15.0750 10044 HTTPFilter - ok
19:33:15.0796 10044 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
19:33:16.0343 10044 i2omgmt - ok
19:33:16.0421 10044 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
19:33:16.0843 10044 i2omp - ok
19:33:16.0906 10044 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
19:33:17.0421 10044 i8042prt - ok
19:33:17.0687 10044 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
19:33:18.0250 10044 ialm - ok
19:33:18.0406 10044 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:33:18.0515 10044 idsvc - ok
19:33:18.0546 10044 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
19:33:19.0000 10044 Imapi - ok
19:33:19.0046 10044 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
19:33:19.0421 10044 ImapiService - ok
19:33:19.0453 10044 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
19:33:19.0781 10044 ini910u - ok
19:33:19.0828 10044 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
19:33:20.0171 10044 IntelC51 - ok
19:33:20.0750 10044 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
19:33:21.0062 10044 IntelC52 - ok
19:33:21.0093 10044 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
19:33:21.0265 10044 IntelC53 - ok
19:33:21.0312 10044 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
19:33:21.0625 10044 IntelIde - ok
19:33:21.0671 10044 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
19:33:22.0093 10044 intelppm - ok
19:33:22.0234 10044 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
19:33:22.0750 10044 Ip6Fw - ok
19:33:22.0781 10044 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
19:33:23.0328 10044 IpFilterDriver - ok
19:33:23.0468 10044 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
19:33:23.0875 10044 IpInIp - ok
19:33:23.0906 10044 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
19:33:24.0406 10044 IpNat - ok
19:33:24.0437 10044 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
19:33:24.0921 10044 IPSec - ok
19:33:24.0953 10044 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
19:33:25.0468 10044 IRENUM - ok
19:33:25.0546 10044 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
19:33:26.0000 10044 isapnp - ok
19:33:26.0312 10044 [ 1758AF653723679E3746FC7DDD93C69B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
19:33:26.0390 10044 JavaQuickStarterService - ok
19:33:26.0578 10044 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
19:33:27.0046 10044 Kbdclass - ok
19:33:27.0156 10044 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
19:33:27.0625 10044 kbdhid - ok
19:33:27.0687 10044 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
19:33:28.0203 10044 kmixer - ok
19:33:28.0250 10044 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
19:33:28.0640 10044 KSecDD - ok
19:33:28.0703 10044 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
19:33:28.0859 10044 lanmanserver - ok
19:33:28.0906 10044 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
19:33:29.0031 10044 lanmanworkstation - ok
19:33:29.0046 10044 lbrtfdc - ok
19:33:29.0093 10044 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
19:33:29.0531 10044 LmHosts - ok
19:33:29.0562 10044 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
19:33:29.0968 10044 Messenger - ok
19:33:29.0984 10044 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
19:33:30.0406 10044 mnmdd - ok
19:33:30.0437 10044 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
19:33:31.0000 10044 mnmsrvc - ok
19:33:31.0046 10044 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
19:33:31.0453 10044 Modem - ok
19:33:31.0484 10044 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
19:33:31.0812 10044 MODEMCSA - ok
19:33:31.0828 10044 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
19:33:31.0984 10044 mohfilt - ok
19:33:32.0046 10044 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
19:33:32.0375 10044 Mouclass - ok
19:33:32.0421 10044 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
19:33:32.0875 10044 MountMgr - ok
19:33:32.0921 10044 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
19:33:33.0343 10044 mraid35x - ok
19:33:33.0406 10044 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
19:33:33.0750 10044 MRxDAV - ok
19:33:33.0812 10044 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
19:33:34.0046 10044 MRxSmb - ok
19:33:34.0093 10044 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
19:33:34.0390 10044 MSDTC - ok
19:33:34.0437 10044 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
19:33:34.0812 10044 Msfs - ok
19:33:34.0937 10044 MSIServer - ok
19:33:34.0968 10044 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
19:33:35.0421 10044 MSKSSRV - ok
19:33:35.0484 10044 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
19:33:35.0812 10044 MSPCLOCK - ok
19:33:35.0843 10044 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
19:33:36.0265 10044 MSPQM - ok
19:33:36.0312 10044 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
 
Cont. TDSSKiller

19:33:36.0593 10044 mssmbios - ok
19:33:36.0640 10044 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
19:33:37.0140 10044 MSTEE - ok
19:33:37.0171 10044 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
19:33:37.0296 10044 Mup - ok
19:33:37.0343 10044 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
19:33:37.0703 10044 NABTSFEC - ok
19:33:37.0796 10044 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
19:33:38.0093 10044 napagent - ok
19:33:38.0156 10044 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
19:33:38.0531 10044 NDIS - ok
19:33:38.0562 10044 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
19:33:38.0875 10044 NdisIP - ok
19:33:38.0921 10044 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
19:33:39.0218 10044 NdisTapi - ok
19:33:39.0250 10044 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
19:33:39.0687 10044 Ndisuio - ok
19:33:39.0718 10044 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
19:33:40.0093 10044 NdisWan - ok
19:33:40.0140 10044 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
19:33:40.0250 10044 NDProxy - ok
19:33:40.0296 10044 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
19:33:40.0671 10044 NetBIOS - ok
19:33:40.0718 10044 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
19:33:41.0125 10044 NetBT - ok
19:33:41.0171 10044 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
19:33:41.0765 10044 NetDDE - ok
19:33:41.0890 10044 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
19:33:42.0234 10044 NetDDEdsdm - ok
19:33:42.0296 10044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
19:33:42.0718 10044 Netlogon - ok
19:33:42.0765 10044 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
19:33:43.0093 10044 Netman - ok
19:33:43.0203 10044 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
19:33:43.0390 10044 NetSvc ( UnsignedFile.Multi.Generic ) - warning
19:33:43.0390 10044 NetSvc - detected UnsignedFile.Multi.Generic (1)
19:33:43.0468 10044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
19:33:43.0609 10044 NetTcpPortSharing - ok
19:33:43.0671 10044 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
19:33:43.0796 10044 Nla - ok
19:33:43.0843 10044 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
19:33:44.0156 10044 Npfs - ok
19:33:44.0203 10044 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
19:33:44.0609 10044 Ntfs - ok
19:33:44.0687 10044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
19:33:45.0000 10044 NtLmSsp - ok
19:33:45.0109 10044 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
19:33:45.0765 10044 NtmsSvc - ok
19:33:45.0781 10044 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
19:33:46.0125 10044 Null - ok
19:33:46.0312 10044 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
19:33:46.0671 10044 nv - ok
19:33:46.0750 10044 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
19:33:47.0093 10044 NwlnkFlt - ok
19:33:47.0140 10044 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
19:33:47.0718 10044 NwlnkFwd - ok
19:33:47.0734 10044 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
19:33:48.0046 10044 Parport - ok
19:33:48.0109 10044 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
19:33:48.0531 10044 PartMgr - ok
19:33:48.0578 10044 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
19:33:49.0140 10044 ParVdm - ok
19:33:49.0156 10044 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
19:33:49.0484 10044 PCI - ok
19:33:49.0515 10044 PCIDump - ok
19:33:49.0578 10044 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
19:33:50.0078 10044 PCIIde - ok
19:33:50.0125 10044 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
19:33:50.0437 10044 Pcmcia - ok
19:33:50.0468 10044 PDCOMP - ok
19:33:50.0468 10044 PDFRAME - ok
19:33:50.0484 10044 PDRELI - ok
19:33:50.0484 10044 PDRFRAME - ok
19:33:50.0500 10044 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
19:33:50.0859 10044 perc2 - ok
19:33:50.0906 10044 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
19:33:51.0312 10044 perc2hib - ok
19:33:51.0453 10044 [ 8BA0E6570112C4F27571A3C21B3A02A6 ] PGMTrusted C:\Program Files\Pogo Games\PGMTrusted.exe
19:33:51.0562 10044 PGMTrusted - ok
19:33:51.0625 10044 [ AE36B05D1BF3E988EF0E713E9BF237CE ] PID_08A0 C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
19:33:52.0140 10044 PID_08A0 - ok
19:33:52.0187 10044 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
19:33:52.0375 10044 PlugPlay - ok
19:33:52.0437 10044 [ 5C71F7CDD1B4BA5F00B87CA05E414AEA ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
19:33:52.0562 10044 Point32 - ok
19:33:52.0593 10044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
19:33:52.0890 10044 PolicyAgent - ok
19:33:52.0953 10044 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
19:33:53.0281 10044 PptpMiniport - ok
19:33:53.0296 10044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
19:33:53.0562 10044 ProtectedStorage - ok
19:33:53.0578 10044 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
19:33:53.0890 10044 PSched - ok
19:33:53.0906 10044 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
19:33:54.0375 10044 Ptilink - ok
19:33:54.0437 10044 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
19:33:54.0500 10044 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
19:33:54.0500 10044 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
19:33:54.0531 10044 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
19:33:54.0859 10044 ql1080 - ok
19:33:54.0906 10044 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
19:33:55.0296 10044 Ql10wnt - ok
19:33:55.0328 10044 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
19:33:55.0671 10044 ql12160 - ok
19:33:55.0703 10044 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
19:33:55.0984 10044 ql1240 - ok
19:33:56.0015 10044 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
19:33:56.0468 10044 ql1280 - ok
19:33:56.0546 10044 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
19:33:56.0875 10044 RasAcd - ok
19:33:56.0921 10044 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
19:33:57.0265 10044 RasAuto - ok
19:33:57.0281 10044 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
19:33:57.0609 10044 Rasl2tp - ok
19:33:57.0640 10044 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
19:33:57.0984 10044 RasMan - ok
19:33:58.0031 10044 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
19:33:58.0343 10044 RasPppoe - ok
19:33:58.0390 10044 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
19:33:58.0828 10044 Raspti - ok
19:33:58.0890 10044 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
19:33:59.0140 10044 Rdbss - ok
19:33:59.0156 10044 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
19:33:59.0453 10044 RDPCDD - ok
19:33:59.0531 10044 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
19:33:59.0843 10044 rdpdr - ok
19:33:59.0906 10044 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
19:34:00.0078 10044 RDPWD - ok
19:34:00.0109 10044 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
19:34:00.0453 10044 RDSessMgr - ok
19:34:00.0515 10044 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
19:34:00.0937 10044 redbook - ok
19:34:01.0015 10044 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
19:34:01.0406 10044 RemoteAccess - ok
19:34:01.0453 10044 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
19:34:01.0765 10044 RpcLocator - ok
19:34:01.0812 10044 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
19:34:02.0015 10044 RpcSs - ok
19:34:02.0046 10044 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
19:34:02.0468 10044 RSVP - ok
19:34:02.0500 10044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
19:34:02.0812 10044 SamSs - ok
19:34:02.0859 10044 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
19:34:03.0359 10044 SCardSvr - ok
19:34:03.0437 10044 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
19:34:03.0734 10044 Schedule - ok
19:34:03.0828 10044 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
19:34:04.0093 10044 Secdrv - ok
19:34:04.0156 10044 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
19:34:04.0453 10044 seclogon - ok
19:34:04.0515 10044 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
19:34:04.0718 10044 senfilt - ok
19:34:04.0781 10044 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
19:34:05.0093 10044 SENS - ok
19:34:05.0265 10044 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
19:34:05.0578 10044 serenum - ok
19:34:05.0625 10044 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
19:34:06.0000 10044 Serial - ok
19:34:06.0093 10044 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
19:34:06.0453 10044 Sfloppy - ok
19:34:06.0515 10044 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
19:34:06.0906 10044 SharedAccess - ok
19:34:06.0937 10044 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
19:34:07.0031 10044 ShellHWDetection - ok
19:34:07.0046 10044 Simbad - ok
19:34:07.0125 10044 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
19:34:07.0562 10044 sisagp - ok
19:34:07.0625 10044 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
19:34:07.0687 10044 SkypeUpdate - ok
19:34:07.0718 10044 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
19:34:08.0031 10044 SLIP - ok
19:34:08.0093 10044 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
19:34:08.0187 10044 smwdm - ok
19:34:08.0281 10044 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
19:34:08.0515 10044 Sparrow - ok
19:34:08.0546 10044 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
19:34:08.0859 10044 splitter - ok
19:34:08.0890 10044 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
19:34:09.0062 10044 Spooler - ok
19:34:09.0109 10044 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
19:34:09.0484 10044 sr - ok
19:34:09.0656 10044 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
19:34:09.0968 10044 srservice - ok
19:34:10.0031 10044 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
19:34:10.0187 10044 Srv - ok
19:34:10.0250 10044 [ 98625722AD52B40305E74AAA83C93086 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
19:34:10.0296 10044 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
19:34:10.0296 10044 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
19:34:10.0343 10044 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
19:34:10.0703 10044 SSDPSRV - ok
19:34:10.0750 10044 [ D79412E3942C8A257253487536D5A994 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
19:34:10.0765 10044 ssrtln ( UnsignedFile.Multi.Generic ) - warning
19:34:10.0765 10044 ssrtln - detected UnsignedFile.Multi.Generic (1)
19:34:10.0843 10044 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
19:34:11.0187 10044 stisvc - ok
19:34:11.0234 10044 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
19:34:11.0578 10044 streamip - ok
19:34:11.0625 10044 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
19:34:12.0031 10044 swenum - ok
19:34:12.0062 10044 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
19:34:12.0406 10044 swmidi - ok
19:34:12.0421 10044 SwPrv - ok
19:34:12.0468 10044 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
19:34:12.0796 10044 symc810 - ok
19:34:12.0828 10044 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
19:34:13.0140 10044 symc8xx - ok
19:34:13.0187 10044 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
19:34:13.0515 10044 sym_hi - ok
19:34:13.0546 10044 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
19:34:13.0984 10044 sym_u3 - ok
19:34:14.0078 10044 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
19:34:14.0390 10044 sysaudio - ok
19:34:14.0437 10044 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
19:34:14.0781 10044 SysmonLog - ok
19:34:14.0843 10044 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
19:34:15.0171 10044 TapiSrv - ok
19:34:15.0234 10044 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
19:34:15.0359 10044 Tcpip - ok
19:34:15.0390 10044 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
19:34:15.0718 10044 TDPIPE - ok
19:34:15.0750 10044 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
19:34:16.0125 10044 TDTCP - ok
19:34:16.0234 10044 [ 392E619012F752D071910917E9307CC9 ] TeamViewer4 C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
19:34:16.0328 10044 TeamViewer4 - ok
19:34:16.0375 10044 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
19:34:16.0687 10044 TermDD - ok
19:34:16.0750 10044 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
19:34:17.0078 10044 TermService - ok
19:34:17.0187 10044 [ D0177776E11B0B3F272EEBD262A69661 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
19:34:17.0203 10044 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
19:34:17.0203 10044 tfsnboio - detected UnsignedFile.Multi.Generic (1)
19:34:17.0218 10044 [ 599804BC938B8305A5422319774DA871 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
19:34:17.0312 10044 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
19:34:17.0312 10044 tfsncofs - detected UnsignedFile.Multi.Generic (1)
19:34:17.0343 10044 [ A1902C00ADC11C4D83F8E3ED947A6A32 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
19:34:17.0406 10044 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
19:34:17.0406 10044 tfsndrct - detected UnsignedFile.Multi.Generic (1)
19:34:17.0421 10044 [ D8DDB3F2B1BEF15CFF6728D89C042C61 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
19:34:17.0500 10044 tfsndres ( UnsignedFile.Multi.Generic ) - warning
19:34:17.0500 10044 tfsndres - detected UnsignedFile.Multi.Generic (1)
19:34:17.0515 10044 [ C4F2DEA75300971CDAEE311007DE138D ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
19:34:17.0593 10044 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
19:34:17.0593 10044 tfsnifs - detected UnsignedFile.Multi.Generic (1)
19:34:17.0609 10044 [ 272925BE0EA919F08286D2EE6F102B0F ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
19:34:17.0625 10044 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
19:34:17.0625 10044 tfsnopio - detected UnsignedFile.Multi.Generic (1)
19:34:17.0640 10044 [ 7B7D955E5CEBC2FB88B03EF875D52A2F ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
19:34:17.0718 10044 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
19:34:17.0718 10044 tfsnpool - detected UnsignedFile.Multi.Generic (1)
19:34:17.0781 10044 [ E3D01263109D800C1967C12C10A0B018 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
19:34:17.0828 10044 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
19:34:17.0828 10044 tfsnudf - detected UnsignedFile.Multi.Generic (1)
19:34:17.0843 10044 [ B9E9C377906E3A65BC74598FFF7F7458 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
19:34:17.0906 10044 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
19:34:17.0906 10044 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
19:34:17.0921 10044 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
19:34:18.0031 10044 Themes - ok
19:34:18.0062 10044 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
19:34:18.0531 10044 TosIde - ok
19:34:18.0578 10044 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
19:34:18.0937 10044 TrkWks - ok
19:34:19.0000 10044 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
19:34:19.0343 10044 Udfs - ok
19:34:19.0375 10044 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
19:34:19.0609 10044 ultra - ok
19:34:19.0671 10044 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
19:34:20.0015 10044 Update - ok
19:34:20.0062 10044 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
19:34:20.0421 10044 upnphost - ok
19:34:20.0437 10044 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
19:34:20.0921 10044 UPS - ok
19:34:20.0953 10044 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
19:34:21.0296 10044 usbaudio - ok
19:34:21.0343 10044 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
19:34:21.0703 10044 usbccgp - ok
19:34:21.0750 10044 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
19:34:22.0078 10044 usbehci - ok
19:34:22.0109 10044 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
19:34:22.0484 10044 usbhub - ok
19:34:22.0546 10044 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
19:34:22.0968 10044 USBSTOR - ok
19:34:23.0000 10044 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
19:34:23.0328 10044 usbuhci - ok
19:34:23.0406 10044 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
19:34:23.0734 10044 usbvideo - ok
19:34:23.0750 10044 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
19:34:24.0062 10044 VgaSave - ok
19:34:24.0093 10044 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
19:34:24.0484 10044 viaagp - ok
19:34:24.0515 10044 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
19:34:24.0890 10044 ViaIde - ok
19:34:24.0968 10044 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
19:34:25.0281 10044 VolSnap - ok
19:34:25.0375 10044 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
19:34:25.0687 10044 VSS - ok
19:34:25.0734 10044 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
19:34:26.0109 10044 w32time - ok
19:34:26.0171 10044 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
19:34:26.0500 10044 Wanarp - ok
19:34:26.0515 10044 wanatw - ok
19:34:26.0515 10044 WDICA - ok
19:34:26.0593 10044 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
19:34:26.0921 10044 wdmaud - ok
19:34:27.0078 10044 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
19:34:27.0484 10044 WebClient - ok
19:34:27.0609 10044 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
19:34:27.0859 10044 winmgmt - ok
19:34:27.0921 10044 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
19:34:28.0093 10044 WmdmPmSN - ok
19:34:28.0140 10044 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
19:34:28.0484 10044 WmiApSrv - ok
19:34:28.0593 10044 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
19:34:28.0671 10044 WMPNetworkSvc - ok
19:34:28.0734 10044 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
19:34:28.0812 10044 WpdUsb - ok
19:34:28.0890 10044 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
19:34:29.0031 10044 WPFFontCache_v0400 - ok
19:34:29.0156 10044 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
19:34:29.0500 10044 WS2IFSL - ok
19:34:29.0562 10044 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
19:34:29.0859 10044 wscsvc - ok
19:34:29.0890 10044 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
19:34:30.0187 10044 WSTCODEC - ok
19:34:30.0218 10044 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
19:34:30.0562 10044 wuauserv - ok
19:34:30.0625 10044 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
19:34:30.0765 10044 WudfPf - ok
19:34:30.0812 10044 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
19:34:30.0906 10044 WudfRd - ok
19:34:30.0937 10044 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
19:34:31.0062 10044 WudfSvc - ok
19:34:31.0281 10044 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
19:34:31.0671 10044 WZCSVC - ok
19:34:31.0718 10044 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
19:34:32.0046 10044 xmlprov - ok
19:34:32.0062 10044 ================ Scan global ===============================
19:34:32.0109 10044 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
19:34:32.0187 10044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:34:32.0234 10044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
19:34:32.0375 10044 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
19:34:32.0421 10044 [Global] - ok
19:34:32.0437 10044 ================ Scan MBR ==================================
19:34:32.0468 10044 [ A03E065717CB65F3034AD33AD58B6BBA ] \Device\Harddisk0\DR0
19:34:32.0890 10044 \Device\Harddisk0\DR0 - ok
19:34:32.0906 10044 ================ Scan VBR ==================================
19:34:32.0937 10044 [ 88B48D37807C4BA611529636815C8643 ] \Device\Harddisk0\DR0\Partition1
19:34:32.0937 10044 \Device\Harddisk0\DR0\Partition1 - ok
19:34:32.0984 10044 ============================================================
19:34:32.0984 10044 Scan finished
19:34:32.0984 10044 ============================================================
19:34:33.0156 10048 Detected object count: 18
19:34:33.0156 10048 Actual detected object count: 18
19:35:21.0484 10048 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0484 10048 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0484 10048 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0484 10048 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0484 10048 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0484 10048 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0562 10048 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0562 10048 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0562 10048 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0562 10048 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0562 10048 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0562 10048 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0562 10048 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0562 10048 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0593 10048 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0593 10048 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0593 10048 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0593 10048 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0593 10048 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0593 10048 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0593 10048 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0593 10048 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0593 10048 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0593 10048 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0593 10048 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0593 10048 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0593 10048 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0593 10048 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0593 10048 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0593 10048 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0593 10048 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0593 10048 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0593 10048 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0593 10048 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:35:21.0609 10048 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
19:35:21.0609 10048 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
19:36:03.0078 9592 Deinitialize success
 
OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid
    IE - HKCU\..\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}: "URL" = http://toolbar.inbox.com/search/dispatcher.aspx?tp=bs&qkw={searchTerms}&tbid=80324&lng=en
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
    FF - prefs.js..browser.search.defaultengine: "Ask.com"
    FF - prefs.js..browser.search.defaultenginename: "Ask.com"
    FF - prefs.js..browser.search.defaultthis.engineName: "WhiteSmoke B Customized Web Search"
    FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsEx...rce=3&q={searchTerms}&CUI=UN36138580159123249"
    FF - prefs.js..browser.search.order.1: "Ask.com"
    FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.15.4.100013
    FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Web Search"
    [2013/02/25 10:58:41 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\askcom.xml
    [2013/02/24 12:32:03 | 000,000,983 | ---- | M] () -- C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\conduit.xml
    [2012/04/27 08:45:22 | 000,009,641 | ---- | M] () -- C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\my-web-search.xml
    [2013/02/25 09:48:43 | 000,002,030 | ---- | M] () -- C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\search-here.xml
    [2011/02/01 15:07:57 | 000,003,915 | ---- | M] () -- C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\sweetim.xml
    [2011/04/10 01:38:09 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober1292075640.xml
    [2011/04/10 02:42:09 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober1295915437.xml
    [2011/07/02 05:07:23 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober150142718.xml
    [2010/07/06 21:28:04 | 000,001,469 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober200790343.xml
    [2011/07/10 22:49:03 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober420322000.xml
    [2011/01/23 12:00:57 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober563574828.xml
    [2011/07/16 13:27:41 | 000,001,600 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\WebSearchober904917562.xml
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7E97865-918F-41E4-9CD0-25AB1C574CE8} - No CLSID value found.
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
    O4 - HKLM..\Run: [SearchProtectAll] C:\Program Files\SearchProtect\bin\cltmng.exe (Conduit)
    O4 - HKCU..\Run: [SearchProtect] C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\bin\cltmng.exe (Conduit)
    [2013/02/24 12:22:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Conduit
    [2013/02/24 12:15:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Updater19962
    [2013/02/24 12:15:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\spirit paglia\Application Data\DefaultTab
    [2013/02/24 12:15:00 | 000,000,000 | ---D | C] -- C:\Program Files\Supreme Savings
    [2013/02/21 17:42:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\APN
    [2013/02/20 20:12:56 | 000,000,000 | ---D | C] -- C:\Program Files\UnfriendApp
    [2013/02/24 12:35:06 | 000,000,000 | ---D | C] -- C:\Program Files\DomaIQ Uninstaller
    [2013/02/24 12:33:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\FlashPlayer
    [2013/02/24 12:33:48 | 000,000,000 | ---D | C] -- C:\Program Files\Tuguu SL
    [2013/02/24 12:33:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\spirit paglia\Application Data\player
    [2013/02/24 12:33:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater
    [2013/02/24 12:33:16 | 000,000,000 | ---D | C] -- C:\Program Files\SearchProtect
    [2013/02/24 12:33:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\spirit paglia\Application Data\SearchProtect
    [2013/02/24 12:22:52 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit

    :files
    ipconfig /flushdns /c

    :commands
    [emptytemp]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


Adware Cleaning

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your reply.
  • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


Junkware Removal Tool

Please download Junkware Removal Tool to your desktop.
  • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
  • Shut down your protection software now to avoid potential conflicts.
  • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
  • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Copy and Paste the JRT.txt log into your next message.


Once that's all done, run OTL Quick Scan again and post a new log. :D
 
Okay... here's the first log you requested. OTL moved files.

Thanks!

All processes killed
========== OTL ==========
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 removed from extensions.enabledItems
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "Ask.com" removed from browser.search.defaultenginename
Prefs.js: "WhiteSmoke B Customized Web Search" removed from browser.search.defaultthis.engineName
Prefs.js: "http://search.conduit.com/ResultsEx...rce=3&q={searchTerms}&CUI=UN36138580159123249 removed from browser.search.defaulturl
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: toolbar@ask.com:3.15.4.100013 removed from extensions.enabledItems
Prefs.js: "Web Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\askcom.xml moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\conduit.xml moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\my-web-search.xml moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\search-here.xml moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\sweetim.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober1292075640.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober1295915437.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober150142718.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober200790343.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober420322000.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober563574828.xml moved successfully.
C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober904917562.xml moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll deleted successfully.
C:\Program Files\SearchProtect\bin\cltmng.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\bin\cltmng.exe moved successfully.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Conduit folder moved successfully.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Updater19962 folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\DefaultTab folder moved successfully.
C:\Program Files\Supreme Savings folder moved successfully.
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G folder moved successfully.
C:\Documents and Settings\All Users\Application Data\APN\APN-Stub folder moved successfully.
C:\Documents and Settings\All Users\Application Data\APN folder moved successfully.
C:\Program Files\UnfriendApp\IE folder moved successfully.
C:\Program Files\UnfriendApp\Firefox\chrome\content folder moved successfully.
C:\Program Files\UnfriendApp\Firefox\chrome folder moved successfully.
C:\Program Files\UnfriendApp\Firefox folder moved successfully.
C:\Program Files\UnfriendApp\Chrome\unzip\plugin folder moved successfully.
C:\Program Files\UnfriendApp\Chrome\unzip folder moved successfully.
C:\Program Files\UnfriendApp\Chrome folder moved successfully.
C:\Program Files\UnfriendApp folder moved successfully.
C:\Program Files\DomaIQ Uninstaller folder moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\FlashPlayer folder moved successfully.
C:\Program Files\Tuguu SL\FlashPlayer\languages folder moved successfully.
C:\Program Files\Tuguu SL\FlashPlayer folder moved successfully.
C:\Program Files\Tuguu SL folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\player\images folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\player folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater folder moved successfully.
C:\Program Files\SearchProtect\ffprotect folder moved successfully.
C:\Program Files\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Program Files\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Program Files\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Program Files\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Program Files\SearchProtect\Dialogs\lib folder moved successfully.
C:\Program Files\SearchProtect\Dialogs folder moved successfully.
C:\Program Files\SearchProtect\bin folder moved successfully.
C:\Program Files\SearchProtect folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Res folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs\spsd\images folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs\spsd folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs\spbd\images folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs\spbd folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs\lib folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\bin folder moved successfully.
C:\Documents and Settings\spirit paglia\Application Data\SearchProtect folder moved successfully.
C:\Program Files\Conduit\Community Alerts folder moved successfully.
C:\Program Files\Conduit folder moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\spirit paglia\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\spirit paglia\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 65670 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes

User: spirit paglia
->Temp folder emptied: 589832 bytes
->Temporary Internet Files folder emptied: 1212818 bytes
->Java cache emptied: 42340698 bytes
->FireFox cache emptied: 86489355 bytes
->Google Chrome cache emptied: 10163929 bytes
->Flash cache emptied: 523 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 134.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02282013_111022

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
This is the Adware Cleaning log and I am doing the Junk Removal Tool right now. I think you are asking me to post these separately so here is the Adware and the other will follow once done.

Thanks again and again!

# AdwCleaner v2.113 - Logfile created 02/28/2013 at 11:27:16
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : spirit paglia - SPIRIT
# Boot Mode : Normal
# Running from : C:\Documents and Settings\spirit paglia\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\extensions\addon@defaulttab.com.xpi
File Deleted : C:\END
File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\iWin
Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\CT3196716
Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\Smartbar
Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\SweetIMToolbarData
Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\Viewpoint
Folder Deleted : C:\Program Files\AppGraffiti
Folder Deleted : C:\Program Files\Free Offers from Freeze.com

***** [Registry] *****

Key Deleted : HKCU\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\CToolbar
Key Deleted : HKCU\Software\Default Tab
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\SWEETIE
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287819
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\CToolbar
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\Viewpoint

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v20.0 (en-US)

File : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\prefs.js

C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\user.js ... Deleted !

Deleted : user_pref("CT3196716.1000082.isDisplayHidden", "true");
Deleted : user_pref("CT3196716.1000082.shrinkState", "shrinked");
Deleted : user_pref("CT3196716.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3196716.1000234.TWC_TMP_city", "BOISE");
Deleted : user_pref("CT3196716.1000234.TWC_TMP_country", "US");
Deleted : user_pref("CT3196716.1000234.TWC_locId", "USID0025");
Deleted : user_pref("CT3196716.1000234.TWC_location", "Boise, ID");
Deleted : user_pref("CT3196716.1000234.TWC_region", "US");
Deleted : user_pref("CT3196716.1000234.TWC_temp_dis", "f");
Deleted : user_pref("CT3196716.1000234.TWC_wind_dis", "mph");
Deleted : user_pref("CT3196716.1000234.weatherData", "{\"icon\":\"34.png\",\"temperature\":\"54°F\",\"temperat[...]
Deleted : user_pref("CT3196716.CBOpenMAMSettings.enc", "MA==");
Deleted : user_pref("CT3196716.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3196716.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3196716.FirstTime", "true");
Deleted : user_pref("CT3196716.FirstTimeFF3", "true");
Deleted : user_pref("CT3196716.UserID", "UN03767417218217195");
Deleted : user_pref("CT3196716.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3196716.cb_experience_000", "MQ==");
Deleted : user_pref("CT3196716.cb_firstuse0100", "MQ==");
Deleted : user_pref("CT3196716.cbcountry_001.enc", "VVM=");
Deleted : user_pref("CT3196716.cbfirsttime.enc", "RnJpIE9jdCAxMiAyMDEyIDIwOjQ0OjMxIEdNVC0wNjAwIChNb3VudGFpbiBE[...]
Deleted : user_pref("CT3196716.embeddedsData", "[{\"appId\":\"129755756826636815\",\"apiPermissions\":{\"cross[...]
Deleted : user_pref("CT3196716.enableAlerts", "never");
Deleted : user_pref("CT3196716.event_data.enc", "JTVCJTVE");
Deleted : user_pref("CT3196716.fired_events.enc", "AA==");
Deleted : user_pref("CT3196716.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3196716.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3196716.fixUrls", true);
Deleted : user_pref("CT3196716.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "b3[...]
Deleted : user_pref("CT3196716.installType", "Unknown");
Deleted : user_pref("CT3196716.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3196716.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3196716.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3196716.isNewTabEnabled", false);
Deleted : user_pref("CT3196716.isPerformedSmartBarTransition", "true");
Deleted : user_pref("CT3196716.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3196716.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3196716.key_date.enc", "NQ==");
Deleted : user_pref("CT3196716.keyword", true);
Deleted : user_pref("CT3196716.migrateAppsAndComponents", true);
Deleted : user_pref("CT3196716.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3196716.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3196716.search.searchAppId", "129755756826636815");
Deleted : user_pref("CT3196716.search.searchCount", "0");
Deleted : user_pref("CT3196716.searchInNewTabEnabled", "false");
Deleted : user_pref("CT3196716.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3196716.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3196716.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3196716.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3196716.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354477942290");
Deleted : user_pref("CT3196716.serviceLayer_services_appTracking_lastUpdate", "1353685325777");
Deleted : user_pref("CT3196716.serviceLayer_services_appsMetadata_lastUpdate", "1354723955452");
Deleted : user_pref("CT3196716.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353740659864");
Deleted : user_pref("CT3196716.serviceLayer_services_login_10.13.1.89_lastUpdate", "1361763468612");
Deleted : user_pref("CT3196716.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13546[...]
Deleted : user_pref("CT3196716.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13546[...]
Deleted : user_pref("CT3196716.serviceLayer_services_optimizer_lastUpdate", "1354723839520");
Deleted : user_pref("CT3196716.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353740660043");
Deleted : user_pref("CT3196716.serviceLayer_services_searchAPI_lastUpdate", "1354723956090");
Deleted : user_pref("CT3196716.serviceLayer_services_serviceMap_lastUpdate", "1361760841202");
Deleted : user_pref("CT3196716.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353740659704");
Deleted : user_pref("CT3196716.serviceLayer_services_toolbarSettings_lastUpdate", "1361775399489");
Deleted : user_pref("CT3196716.serviceLayer_services_translation_lastUpdate", "1361760841551");
Deleted : user_pref("CT3196716.settingsINI", true);
Deleted : user_pref("CT3196716.smartbar.CTID", "CT3196716");
Deleted : user_pref("CT3196716.smartbar.Uninstall", "0");
Deleted : user_pref("CT3196716.smartbar.isHidden", true);
Deleted : user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");
Deleted : user_pref("CT3196716.startPage", "userChanged");
Deleted : user_pref("CT3196716.toolbarBornServerTime", "13-10-2012");
Deleted : user_pref("CT3196716.toolbarCurrentServerTime", "25-2-2013");
Deleted : user_pref("CT3196716.url_history0001.enc", "aHR0cDovL3d3dy5wb2dvLmNvbS9hY2NvdW50L215LWFjY291bnQuZG8/[...]
Deleted : user_pref("CT3196716_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3239904_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3279141.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3279141.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Deleted : user_pref("CT3279141.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3279141.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3279141.FF19Solved", "true");
Deleted : user_pref("CT3279141.FirstTime", "true");
Deleted : user_pref("CT3279141.FirstTimeFF3", "true");
Deleted : user_pref("CT3279141.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3279141.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3279141.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
Deleted : user_pref("CT3279141.UserID", "UN36138580159123249");
Deleted : user_pref("CT3279141.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3279141.autoDisableScopes", -1);
Deleted : user_pref("CT3279141.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3279141.cbfirsttime.enc", "U3VuIEZlYiAyNCAyMDEzIDEyOjM2OjM5IEdNVC0wNzAwIChNb3VudGFpbiBT[...]
Deleted : user_pref("CT3279141.defaultSearch", "true");
Deleted : user_pref("CT3279141.enableAlerts", "always");
Deleted : user_pref("CT3279141.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3279141.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3279141.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3279141.fixPageNotFoundError", "true");
Deleted : user_pref("CT3279141.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3279141.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3279141.fixUrls", true);
Deleted : user_pref("CT3279141.homepageuserchanged", true);
Deleted : user_pref("CT3279141.hxxp___api21_starwebnet_com.pid2.enc", "NDliNWZiNzQ0MWU5ZmJiMQ==");
Deleted : user_pref("CT3279141.hxxp___api22_starwebnet_com.pid2.enc", "NDliNWZiNzQ0MWU5ZmJiMQ==");
Deleted : user_pref("CT3279141.installDate", "24/2/2013 12:31:02");
Deleted : user_pref("CT3279141.installId", "9818");
Deleted : user_pref("CT3279141.installType", "conduitnsisintegration");
Deleted : user_pref("CT3279141.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3279141.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3279141.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3279141.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3279141.keyword", "true");
Deleted : user_pref("CT3279141.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
Deleted : user_pref("CT3279141.lastVersion", "10.14.65.43");
Deleted : user_pref("CT3279141.mam_gk_CouponBuddy_appState.enc", "b24=");
Deleted : user_pref("CT3279141.mam_gk_PriceGong_appState.enc", "b24=");
Deleted : user_pref("CT3279141.mam_gk_appStateReportTime.enc", "MTM2MTczNDU5NDY3Mg==");
Deleted : user_pref("CT3279141.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3279141.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3279141.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Deleted : user_pref("CT3279141.mam_gk_currentVersion.enc", "MS40LjAuNA==");
Deleted : user_pref("CT3279141.mam_gk_eventsCache.enc", "eyI5YzA5ZTllNS1jODA3LTQ3NDMtOGIzYi0zNzZjMTA5MTY4YjAiO[...]
Deleted : user_pref("CT3279141.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3279141.mam_gk_gadgetOpen.enc", "MA==");
Deleted : user_pref("CT3279141.mam_gk_lastLoginTime.enc", "MTM2MTczNDU5MjYwMw==");
Deleted : user_pref("CT3279141.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3279141.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3279141.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3279141.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3279141.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3279141.mam_gk_userId.enc", "ZDQ5ZWU0NDctYmFmMy00MjM0LTliMzQtOGUxM2FiZTUwYzFi");
Deleted : user_pref("CT3279141.mam_gk_user_apps_selection.enc", "");
Deleted : user_pref("CT3279141.migrateAppsAndComponents", true);
Deleted : user_pref("CT3279141.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Deleted : user_pref("CT3279141.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3279141.openThankYouPage", "false");
Deleted : user_pref("CT3279141.openUninstallPage", "true");
Deleted : user_pref("CT3279141.revertSettingsEnabled", "true");
Deleted : user_pref("CT3279141.search.searchAppId", "130028020976478709");
Deleted : user_pref("CT3279141.search.searchCount", "0");
Deleted : user_pref("CT3279141.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3279141.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3279141.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3279141.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3279141.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3279141.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3279141.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361734567024");
Deleted : user_pref("CT3279141.serviceLayer_services_appsMetadata_lastUpdate", "1361734566602");
Deleted : user_pref("CT3279141.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361734566161");
Deleted : user_pref("CT3279141.serviceLayer_services_location_lastUpdate", "1361734561080");
Deleted : user_pref("CT3279141.serviceLayer_services_login_10.14.65.43_lastUpdate", "1361811048595");
Deleted : user_pref("CT3279141.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361734566391");
Deleted : user_pref("CT3279141.serviceLayer_services_searchAPI_lastUpdate", "1361734561105");
Deleted : user_pref("CT3279141.serviceLayer_services_serviceMap_lastUpdate", "1361734558625");
Deleted : user_pref("CT3279141.serviceLayer_services_setupAPI_lastUpdate", "1361734567051");
Deleted : user_pref("CT3279141.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361734565929");
Deleted : user_pref("CT3279141.serviceLayer_services_toolbarSettings_lastUpdate", "1361811048100");
Deleted : user_pref("CT3279141.serviceLayer_services_translation_lastUpdate", "1361734566887");
Deleted : user_pref("CT3279141.settingsINI", true);
Deleted : user_pref("CT3279141.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3279141.smartbar.CTID", "CT3279141");
Deleted : user_pref("CT3279141.smartbar.Uninstall", "0");
Deleted : user_pref("CT3279141.smartbar.homepage", true);
Deleted : user_pref("CT3279141.smartbar.isHidden", true);
Deleted : user_pref("CT3279141.smartbar.toolbarName", "WhiteSmoke B ");
Deleted : user_pref("CT3279141.startPage", "true");
Deleted : user_pref("CT3279141.toolbarBornServerTime", "24-2-2013");
Deleted : user_pref("CT3279141.toolbarCurrentServerTime", "25-2-2013");
Deleted : user_pref("CT3279141.toolbarDisabled", "true");
Deleted : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("CT3287819.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3287819.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Deleted : user_pref("CT3287819.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3287819.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3287819.FF19Solved", "true");
Deleted : user_pref("CT3287819.FirstTime", "true");
Deleted : user_pref("CT3287819.FirstTimeFF3", "true");
Deleted : user_pref("CT3287819.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3287819.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3287819.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
Deleted : user_pref("CT3287819.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]
Deleted : user_pref("CT3287819.UserID", "UN82496642111303658");
Deleted : user_pref("CT3287819.YTbyClickFavorites.enc", "W10=");
Deleted : user_pref("CT3287819.YTbyClickRecent.enc", "W10=");
Deleted : user_pref("CT3287819.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3287819.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3287819.cbfirsttime.enc", "U3VuIEZlYiAyNCAyMDEzIDEyOjM2OjM5IEdNVC0wNzAwIChNb3VudGFpbiBT[...]
Deleted : user_pref("CT3287819.defaultSearch", "true");
Deleted : user_pref("CT3287819.enableAlerts", "always");
Deleted : user_pref("CT3287819.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3287819.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3287819.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3287819.fixPageNotFoundError", "true");
Deleted : user_pref("CT3287819.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3287819.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3287819.fixUrls", true);
Deleted : user_pref("CT3287819.homepageuserchanged", true);
Deleted : user_pref("CT3287819.installDate", "24/2/2013 12:18:14");
Deleted : user_pref("CT3287819.installId", "aaa_cid119_83");
Deleted : user_pref("CT3287819.installType", "conduitnsisintegration");
Deleted : user_pref("CT3287819.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3287819.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3287819.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3287819.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3287819.keyword", true);
Deleted : user_pref("CT3287819.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Deleted : user_pref("CT3287819.lastVersion", "10.14.65.43");
Deleted : user_pref("CT3287819.mam_gk_CouponBuddy_appState.enc", "b24=");
Deleted : user_pref("CT3287819.mam_gk_PriceGong_appState.enc", "b24=");
Deleted : user_pref("CT3287819.mam_gk_appStateReportTime.enc", "MTM2MTczNDU5NDY2NQ==");
Deleted : user_pref("CT3287819.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3287819.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3287819.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
Deleted : user_pref("CT3287819.mam_gk_currentVersion.enc", "MS40LjAuNA==");
Deleted : user_pref("CT3287819.mam_gk_eventsCache.enc", "eyIxMGQzMWYwMy00YTBkLTQzZTktOTZiMy1jYWY4NGVmYWQ5YjEiO[...]
Deleted : user_pref("CT3287819.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3287819.mam_gk_gadgetOpen.enc", "MA==");
Deleted : user_pref("CT3287819.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3287819.mam_gk_lastLoginTime.enc", "MTM2MTczNDU5MjEzMA==");
Deleted : user_pref("CT3287819.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3287819.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3287819.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3287819.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3287819.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3287819.mam_gk_userId.enc", "NmY0ZjZkZDgtNDdlZS00MWZlLTllNzgtMDI5NmNiMzNkMTgy");
Deleted : user_pref("CT3287819.mam_gk_user_apps_selection.enc", "");
Deleted : user_pref("CT3287819.migrateAppsAndComponents", true);
Deleted : user_pref("CT3287819.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
Deleted : user_pref("CT3287819.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Deleted : user_pref("CT3287819.openThankYouPage", "false");
Deleted : user_pref("CT3287819.openUninstallPage", "true");
Deleted : user_pref("CT3287819.revertSettingsEnabled", "false");
Deleted : user_pref("CT3287819.search.searchAppId", "130058556828882104");
Deleted : user_pref("CT3287819.search.searchCount", "0");
Deleted : user_pref("CT3287819.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3287819.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3287819.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3287819.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3287819.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3287819.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3287819.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361734570706");
Deleted : user_pref("CT3287819.serviceLayer_services_appsMetadata_lastUpdate", "1361734567284");
Deleted : user_pref("CT3287819.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361734571998");
Deleted : user_pref("CT3287819.serviceLayer_services_location_lastUpdate", "1361734565733");
Deleted : user_pref("CT3287819.serviceLayer_services_login_10.14.65.43_lastUpdate", "1361811050036");
Deleted : user_pref("CT3287819.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361734572191");
Deleted : user_pref("CT3287819.serviceLayer_services_searchAPI_lastUpdate", "1361734561142");
Deleted : user_pref("CT3287819.serviceLayer_services_serviceMap_lastUpdate", "1361734558686");
Deleted : user_pref("CT3287819.serviceLayer_services_setupAPI_lastUpdate", "1361734571587");
Deleted : user_pref("CT3287819.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361734571756");
Deleted : user_pref("CT3287819.serviceLayer_services_toolbarSettings_lastUpdate", "1361811049955");
Deleted : user_pref("CT3287819.serviceLayer_services_translation_lastUpdate", "1361734572477");
Deleted : user_pref("CT3287819.settingsINI", true);
Deleted : user_pref("CT3287819.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3287819.smartbar.CTID", "CT3287819");
Deleted : user_pref("CT3287819.smartbar.Uninstall", "0");
Deleted : user_pref("CT3287819.smartbar.homepage", "true");
Deleted : user_pref("CT3287819.smartbar.isHidden", true);
Deleted : user_pref("CT3287819.smartbar.toolbarName", "MixiDJ V5 ");
Deleted : user_pref("CT3287819.startPage", "true");
Deleted : user_pref("CT3287819.toolbarBornServerTime", "24-2-2013");
Deleted : user_pref("CT3287819.toolbarCurrentServerTime", "25-2-2013");
Deleted : user_pref("CT3287819.toolbarDisabled", "true");
Deleted : user_pref("CT3287819_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287819&SearchSource=1[...]
Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain[...]
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287819");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&Sea[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationThankYouPage", true);
Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationTime", 1361733293);
Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.searchUserConifrmation", fal[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setHomepage", false);
Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setNewTab", false);
Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setSearch", false);
Deleted : user_pref("extensions.crossriderapp19962.19962.active", true);
Deleted : user_pref("extensions.crossriderapp19962.19962.addressbar", "");
Deleted : user_pref("extensions.crossriderapp19962.19962.addressbarenhanced", "");
Deleted : user_pref("extensions.crossriderapp19962.19962.backgroundjs", "\n\n//\n");
Deleted : user_pref("extensions.crossriderapp19962.19962.backgroundver", 32);
Deleted : user_pref("extensions.crossriderapp19962.19962.can_run_bg_code", true);
Deleted : user_pref("extensions.crossriderapp19962.19962.certdomaininstaller", "");
Deleted : user_pref("extensions.crossriderapp19962.19962.changeprevious", false);
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.value", "1361733293");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_aoi.value", "1361733293");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_country_code.expiration", "Sun Mar 03 201[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_country_code.value", "%22US%22");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_crr.value", "1361810912");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_currenttime.value", "%221361537295%22");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.value", "%221%22");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installer_params.value", "%7B%22source_id[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installtime.value", "%221361537295%22");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.value", "%22141539%22");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.value", "1361734967695");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_product_id.value", "%221382%22");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr[pogo.com].expiration", "Mon Feb 25 201[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr[pogo.com].value", "1361735515");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_zoneid.value", "%22148532%22");
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.dbtest.value", "1361734802100");
Deleted : user_pref("extensions.crossriderapp19962.19962.description", "Supreme Savings");
Deleted : user_pref("extensions.crossriderapp19962.19962.domain", "");
Deleted : user_pref("extensions.crossriderapp19962.19962.enablesearch", false);
Deleted : user_pref("extensions.crossriderapp19962.19962.homepage", "");
Deleted : user_pref("extensions.crossriderapp19962.19962.iframe", false);
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_appVer.value", "44");
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.value", "1");
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_meta.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.expiration", "Mon Feb [...]
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.value", "true");
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_queue.value", "%7B%7D");
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_remote_resources.expiration", "F[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_remote_resources.value", "%7B%22[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.manifesturl", "");
Deleted : user_pref("extensions.crossriderapp19962.19962.name", "Supreme Savings");
Deleted : user_pref("extensions.crossriderapp19962.19962.newtab", "");
Deleted : user_pref("extensions.crossriderapp19962.19962.opensearch", "");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.name", "base");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.ver", 4);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.ver", 15);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.name", "GPL Background (BG)");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.ver", 33);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.code", "(function(a){a.selectedText[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.name", "CrossriderAppUtils");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.ver", 2);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.name", "CrossriderUtils");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.ver", 2);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.code", "if((typeof isBackground===\[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.name", "FFAppAPIWrapper");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.ver", 5);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.name", "jQuery");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.ver", 3);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.name", "debug");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.ver", 3);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.name", "resources");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.ver", 2);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.name", "initializer");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.ver", 2);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.name", "jquery_1_7_1");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.ver", 3);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.name", "resources_background");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.ver", 1);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.name", "appApiMessage");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.ver", 1);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.name", "appApiValidation");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.ver", 1);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.name", "CrossriderInfo");
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.ver", 2);
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
Deleted : user_pref("extensions.crossriderapp19962.19962.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
Deleted : user_pref("extensions.crossriderapp19962.19962.pluginsversion", 40);
Deleted : user_pref("extensions.crossriderapp19962.19962.publisher", "215 Apps");
Deleted : user_pref("extensions.crossriderapp19962.19962.searchstatus", 0);
Deleted : user_pref("extensions.crossriderapp19962.19962.setnewtab", false);
Deleted : user_pref("extensions.crossriderapp19962.19962.thankyou", "hxxp://crossrider.com/thank_you/19962");
Deleted : user_pref("extensions.crossriderapp19962.19962.updateinterval", 360);
Deleted : user_pref("extensions.crossriderapp19962.19962.ver", 44);
Deleted : user_pref("extensions.crossriderapp19962.adsOldValue", -1);
Deleted : user_pref("extensions.crossriderapp19962.apps", "19962");
Deleted : user_pref("extensions.crossriderapp19962.bic", "13d0db4960fd450dbe0a1ce324a7cecb");
Deleted : user_pref("extensions.crossriderapp19962.cid", 19962);
Deleted : user_pref("extensions.crossriderapp19962.firstrun", false);
Deleted : user_pref("extensions.crossriderapp19962.hadappinstalled", true);
Deleted : user_pref("extensions.crossriderapp19962.installationdate", 1361734572);
Deleted : user_pref("extensions.crossriderapp19962.lastcheck", 22696849);
Deleted : user_pref("extensions.crossriderapp19962.lastcheckitem", 22696859);
Deleted : user_pref("extensions.crossriderapp19962.modetype", "production");
Deleted : user_pref("extensions.crossriderapp19962.reportInstall", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.yahoo.com/search?fr=ffds1&p=");
Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3279141");
Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287819&SearchSource=13[...]
Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.pogo.com/friends.do");
Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
Deleted : user_pref("smartbar.originalSearchEngine", "MixiDJ V5 Customized Web Search");
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.yahoo.com/search?fr=f[...]
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.pogo.com/friends.do?pageS[...]
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-[...]
Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{DB35F4F9-D853-4DB8-8C9E-CA0D43A78054}");
Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
Deleted : user_pref("sweetim.toolbar.version", "1.1.0.2");

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [45857 octets] - [28/02/2013 11:27:16]

########## EOF - C:\AdwCleaner[S1].txt - [45918 octets] ##########
 
Here is the JRT log. I will run the OTL and post it in a few minutes. Then I will be gone the rest of the day and will get back to whatever else you need to me to later tonight. Thank you so much.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Microsoft Windows XP x86
Ran by spirit paglia on Thu 02/28/2013 at 11:42:08.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



~~~ Registry Keys

Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{36377dd7-b3eb-42f5-986f-680baf59ba9d}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\spirit paglia\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Program Files\mywebsearchwb"
Successfully deleted: [Folder] "C:\Program Files\speeditup free"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\spirit paglia\Application Data\mozilla\firefox\profiles\po8ykea7.default\prefs.js

user_pref("extensions.crossrider.bic", "13d0db4960fd450dbe0a1ce324a7cecb");
user_pref("extensions.defaulttab.lastUsed", 1361735127);
user_pref("extensions.toolbar.mindspark._gcMembers_.initialized", true);
user_pref("extensions.toolbar.mindspark._gcMembers_.installation.installDate", "2012042709");
user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerId", "XNxdm081YYus");
user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerSubId", "49737xxxxxgeneric");
user_pref("extensions.toolbar.mindspark._gcMembers_.installation.success", true);
user_pref("extensions.toolbar.mindspark._gcMembers_.installation.toolbarId", "B3A2F038-08CB-443A-B260-70859ED2B4DE");
user_pref("extensions.toolbar.mindspark._gcMembers_.options.defaultSearch", true);
user_pref("extensions.toolbar.mindspark._gcMembers_.options.homePageEnabled", true);
user_pref("extensions.toolbar.mindspark._gcMembers_.options.keywordEnabled", true);
user_pref("extensions.toolbar.mindspark._gcMembers_.options.tabEnabled", true);
user_pref("extensions.toolbar.mindspark.lastInstalled", "weatherblink@mindspark.com");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Thu 02/28/2013 at 11:54:40.64
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
And, here is the last OTL you requested.

Have a blessed day.

Sorry... have to attach it because of how many characters are in it.
 

Attachments

  • OTL..Txt
    122.3 KB · Views: 1
OTL Fix

Please run OTL
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    :OTL
    FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@unfriendapp.com: C:\Program Files\UnfriendApp\Firefox\
    CHR - Extension: Supreme Savings = C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\crossrider
    CHR - Extension: Supreme Savings = C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\
    [2013/02/24 12:11:40 | 000,405,848 | ---- | M] () -- C:\Documents and Settings\spirit paglia\Desktop\FlashPlayer_V.10517862b.exe
    [2011/12/30 19:57:23 | 000,014,232 | -HS- | C] () -- C:\Documents and Settings\spirit paglia\Local Settings\Application Data\kja31hu26sc3cxaxsplg387601l8ryf753e50jlstv8
    [2011/12/30 19:57:23 | 000,014,232 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\kja31hu26sc3cxaxsplg387601l8ryf753e50jlstv8
    [2011/07/02 06:11:21 | 000,000,458 | ---- | C] () -- C:\Program Files\070220117112129.bat
    [2010/08/07 23:12:46 | 000,000,475 | ---- | C] () -- C:\Program Files\080820100124629.bat
    [2008/08/25 19:26:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BTFSFGQAYG
    [2008/08/16 11:36:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STFSFGQAYG

    :commands
    [emptytemp]
    [reboot]
    Click to expand...
  • Then click the Run Fix button at the top.
  • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
  • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
    Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)



ESET Online Scan

Please run a free online scan with the ESET Online Scanner
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
  • Click Start or wait for the scanner to load.
  • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
  • Click Scan (This scan can take several hours, so please be patient)
  • Once the scan is completed, there are a couple of things to keep in mind:
  • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
  • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
  • Open the logfile from wherever you saved it
  • Copy and paste the contents in your next reply.


Any more issues?

We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

Many of the things to note for us would be:

  • Slow computer
  • Error messages
  • Fake antivirus alerts or the icon in the system tray
  • svchost.exe running at 100%
  • System crashes or blue screen of death

Note: Absence of issues does not mean that you're protected in the future.
 
  • Like
Reactions: Spirit
Here's the next OTL log you requested.

Thank you.

All processes killed
========== OTL ==========
Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@unfriendapp.com deleted successfully.
File C:\Program Files\UnfriendApp\Firefox not found.
File C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\crossrider not found.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\js\lib folder moved successfully.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\js\api folder moved successfully.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\js folder moved successfully.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\icons\actions folder moved successfully.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\icons folder moved successfully.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0 folder moved successfully.
C:\Documents and Settings\spirit paglia\Desktop\FlashPlayer_V.10517862b.exe moved successfully.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\kja31hu26sc3cxaxsplg387601l8ryf753e50jlstv8 moved successfully.
C:\Documents and Settings\All Users\Application Data\kja31hu26sc3cxaxsplg387601l8ryf753e50jlstv8 moved successfully.
C:\Program Files\070220117112129.bat moved successfully.
C:\Program Files\080820100124629.bat moved successfully.
C:\Documents and Settings\All Users\Application Data\BTFSFGQAYG folder moved successfully.
C:\Documents and Settings\All Users\Application Data\STFSFGQAYG folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: spirit paglia
->Temp folder emptied: 1341336 bytes
->Temporary Internet Files folder emptied: 359844 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 21284734 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 763 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 664 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 443009 bytes

Total Files Cleaned = 22.00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 02282013_141424

Files\Folders moved on Reboot...

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
 
Summary:
Computer is running faster and it appears all is well.

I do have one more problem. The problem is, I play games in POGO. When I try to play any game that needs java it says I need to install java, but I already have java installed and I have the latest update. Firefox is my browser. I also tried playing using IE, but it says the same thing. Both browsers are updated. Any suggestions or ideas of why this is happening would be appreciated. Please let me know if it needs to go into a new thread.

I appreciate the work you did with me on this issue. Thank you so much!

Here is the ESET online scan.
C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.83_0\plugin\gc_getcid.dll Win32/ExFriendAlert.A application cleaned by deleting - quarantined
C:\Program Files\VideoDownloadConverter_4zEI\Installr\3.bin\4zEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Program Files\VideoDownloadConverter_4zEI\Installr\3.bin\4zEZSETP.dll Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
C:\Program Files\VideoDownloadConverter_4zEI\Installr\3.bin\NP4zEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
C:\Qoobox\Quarantine\C\Documents and Settings\spirit paglia\Local Settings\Application Data\Updater19962\Updater19962.exe.vir a variant of Win32/Toolbar.CrossRider.C application cleaned by deleting - quarantined
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP452\A0028314.exe a variant of Win32/Toolbar.CrossRider.C application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02282013_111022\C_Program Files\Supreme Savings\Supreme Savings.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02282013_111022\C_Program Files\Supreme Savings\Uninstall.exe multiple threats cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02282013_111022\C_Program Files\UnfriendApp\Chrome\unzip\plugin\gc_getcid.dll Win32/ExFriendAlert.A application cleaned by deleting - quarantined
C:\_OTL\MovedFiles\02282013_141424\C_Documents and Settings\spirit paglia\Desktop\FlashPlayer_V.10517862b.exe multiple threats cleaned by deleting - quarantined
 
Go to Start > Control Panel... double-press Java.

Hit the Security tab. Tell me what your settings are on that tab.
 
That's fine...

Clear your Java Cache
  • Click on Start-> Control Panel (Classic View)-> Java
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and Applets
        Trace and Log Files
    • Click OK on Delete Temporary Files Window
      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.

Let me know if the games work. :)
 
I forgot to tell you one thing that may be really important.

My browser is Firefox and Java is Java 7... both updated. The important thing is, I have been able to get into Pogo all the time until Java and FF updated. I had them set to automatically update so I am not sure which one updated first or which one caused the problem.

Sorry to double post, but by the time I thought of this my edit time ran out.

Thanks!
 
This explains that Mozilla will disable Java automatically in Firefox: https://addons.mozilla.org/en-US/firefox/blocked/p294

Mozilla has done this to protect its users, so that vulnerable versions of Java won't impact the security of your computer. Many times, current exploits of Java (meaning that attackers take advantage of bugs in the software) can take over your computer, steal your identity, and cause further damage to the files on your computer.

If anything, try Pogo.com in a different web browser, such as Google Chrome, Internet Explorer, etc. But, please be careful.

Hope this helps.

If you'd like to try to troubleshoot further, this might be of service: http://java.com/en/download/help/clearcache_upgrade.xml
 
I will try Chrome and see what happens. If that doesn't work then I guess Pogo just lost a customer.

Thank you for all the time you spent on this. I really appreciate it.

Donation sent by my friend. Your time was more worth than what she could afford to send, but we appreciate all you did.

You may close this thread.

Again...thank you!
 
Status
Not open for further replies.

Similar threads

uber_beetle
Infected with fake ad pop-ups - posting FRST and Addition
Replies
12
Views
783
uber_beetle
uber_beetle
A
Infected: Antivirus says it's Trojan:Script/Wacatac.H!ml
Replies
12
Views
2K
adidaman27
A
A
Microsoft breaks users' PCs again with latest Windows 11 update
Replies
19
Views
378
trparky
T

Latest posts

Back