TechSpot

Infected with PUP.Infoatom and win32

Solved
By Spirit
Feb 27, 2013
Topic Status:
Not open for further replies.
  1. From what I can figure out my computer appears to be infected with PUP.Infoatom and win32 viruses.

    My computer is running extremely slow. I ran MBAM last night and it showed the infoatom. This morning I ran Avast and it caught the win32.

    My OS is Windows XP
    I normally use Firefox for browsing
    I am a gamer and don't do any banking etc online

    Thank you in advance for your help.

    I read the information of what I need to add to my first post. Hopefully, I got it correct for you to help me.

    Here is the dds log:

    DDS (Ver_2012-11-20.01) - NTFS_x86
    Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 10.15.2
    Run by spirit paglia at 9:50:48 on 2013-02-27
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.550 [GMT -7:00]
    .
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    ============== Running Processes ================
    .
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\System32\wudfhost.exe
    C:\Program Files\Bonjour\mDNSResponder.exe
    C:\Program Files\SearchProtect\bin\CltMngSvc.exe
    C:\Program Files\Pogo Games\PGMTrusted.exe
    C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
    C:\Program Files\TeamViewer\Version4\TeamViewer.exe
    C:\Program Files\AVAST Software\Avast\avastUI.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Updater19962\Updater19962.exe
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\bin\cltmng.exe
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\PROGRA~1\Yahoo!\MESSEN~1\YahooMessenger.exe
    C:\Program Files\Java\jre7\bin\jqs.exe
    C:\WINDOWS\System32\svchost.exe -k netsvcs
    C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
    C:\WINDOWS\system32\svchost.exe -k NetworkService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k LocalService
    C:\WINDOWS\system32\svchost.exe -k imgsvc
    C:\WINDOWS\System32\svchost.exe -k HTTPFilter
    .
    ============== Pseudo HJT Report ===============
    .
    uStart Page = hxxp://www.pogo.com/friends.do?pageSection=cp_home_header_friends
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
    BHO: Supreme Savings: {11111111-1111-1111-1111-110111991162} - c:\program files\supreme savings\Supreme Savings.dll
    BHO: UnfriendApp: {44ed99e2-16a6-4b89-80d6-5b21cf42e78b} - c:\program files\unfriendapp\ie\common.dll
    BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
    BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
    TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
    uRun: [Messenger (Yahoo!)] "c:\progra~1\yahoo!\messen~1\YahooMessenger.exe" -quiet
    uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
    uRun: [Updater19962.exe] c:\documents and settings\spirit paglia\local settings\application data\updater19962\Updater19962.exe /extensionid=19962 /extensionname='Supreme Savings' /chromeid=ihkeoookbpemkdccdccdmacnidhooohk /stayidle /delay=300
    uRun: [SearchProtect] c:\documents and settings\spirit paglia\application data\searchprotect\bin\cltmng.exe
    mRun: [SearchProtectAll] c:\program files\searchprotect\bin\cltmng.exe
    mRun: [avast] "c:\program files\avast software\avast\avastUI.exe" /nogui
    mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
    uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
    mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
    IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
    IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
    DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1342726595812
    TCP: NameServer = 192.168.0.1 205.171.3.25
    TCP: Interfaces\{C677BA83-D099-483F-B4A5-5778883989FC} : DHCPNameServer = 192.168.0.1 205.171.3.25
    Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\advisor\system\BAVoilaX.dll
    Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
    Notify: igfxcui - igfxdev.dll
    SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
    mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - c:\windows\system32\rundll32.exe c:\windows\system32\advpack.dll,launchinfsectionex c:\program files\internet explorer\clrtour.inf,DefaultInstall.ResetTour,,12
    .
    ================= FIREFOX ===================
    .
    FF - ProfilePath - c:\documents and settings\spirit paglia\application data\mozilla\firefox\profiles\po8ykea7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN36138580159123249
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/friends.do
    FF - plugin: c:\progra~1\yahoo!\common\npyaxmpb.dll
    FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.8\npapicomadapter.dll
    FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
    FF - plugin: c:\program files\microsoft silverlight\4.1.10329.0\npctrlui.dll
    FF - plugin: c:\program files\videodownloadconverter_4zei\installr\3.bin\NP4zEISb.dll
    FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
    FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_6_602_171.dll
    FF - plugin: c:\windows\system32\npdeployJava1.dll
    FF - plugin: c:\windows\system32\Npindeo.dll
    FF - plugin: c:\windows\system32\npptools.dll
    FF - plugin: c:\windows\system32\npwmsdrm.dll
    FF - ExtSQL: 2013-02-24 12:17; addon@defaulttab.com; c:\documents and settings\spirit paglia\application data\mozilla\firefox\profiles\po8ykea7.default\extensions\addon@defaulttab.com.xpi
    FF - ExtSQL: 2013-02-26 21:02; wrc@avast.com; c:\program files\avast software\avast\webrep\FF
    FF - ExtSQL: !HIDDEN! 2009-11-15 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
    .
    ---- FIREFOX POLICIES ----
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    ============= SERVICES / DRIVERS ===============
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2013-2-26 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2013-2-26 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2013-2-26 21256]
    R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2013-2-26 44808]
    R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\searchprotect\bin\CltMngSvc.exe [2013-2-20 93984]
    R2 fssfltr;FssFltr;c:\windows\system32\drivers\fssfltr_tdi.sys [2009-11-8 54752]
    R2 PGMTrusted;PGMTrusted;c:\program files\pogo games\PGMTrusted.exe [2012-1-4 519888]
    R2 TeamViewer4;TeamViewer 4;c:\program files\teamviewer\version4\TeamViewer_Service.exe [2009-10-7 185640]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
    S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2009-8-5 704864]
    S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
    .
    =============== File Associations ===============
    .
    ShellExec: QSync.exe: Open="c:\program files\logitech\video\QSync.exe"
    .
    =============== Created Last 30 ================
    .
    2013-02-27 09:37:35 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-27 09:37:25 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-02-27 07:34:19 96664 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
    2013-02-27 07:34:19 24984 ----a-w- c:\program files\mozilla firefox\plugin-hang-ui.exe
    2013-02-27 07:34:19 170232 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
    2013-02-27 07:34:18 770384 ----a-w- c:\program files\mozilla firefox\msvcr100.dll
    2013-02-27 07:34:18 421200 ----a-w- c:\program files\mozilla firefox\msvcp100.dll
    2013-02-27 07:34:18 193576 ----a-w- c:\program files\mozilla firefox\maintenanceservice_installer.exe
    2013-02-27 07:34:18 134552 ----a-w- c:\program files\mozilla firefox\mozglue.dll
    2013-02-27 07:34:18 115608 ----a-w- c:\program files\mozilla firefox\maintenanceservice.exe
    2013-02-27 07:34:17 2989464 ----a-w- c:\program files\mozilla firefox\gkmedias.dll
    2013-02-27 07:34:16 74136 ----a-w- c:\program files\mozilla firefox\breakpadinjector.dll
    2013-02-27 03:57:00 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-02-27 03:56:16 41224 ----a-w- c:\windows\avastSS.scr
    2013-02-27 03:55:41 -------- d-----w- c:\program files\AVAST Software
    2013-02-27 03:55:41 -------- d-----w- c:\documents and settings\all users\application data\AVAST Software
    2013-02-24 19:35:06 -------- d-----w- c:\program files\DomaIQ Uninstaller
    2013-02-24 19:33:48 -------- d-----w- c:\program files\Tuguu SL
    2013-02-24 19:33:48 -------- d-----w- c:\documents and settings\spirit paglia\application data\player
    2013-02-24 19:33:45 -------- d-----w- c:\documents and settings\spirit paglia\application data\SwvUpdater
    2013-02-24 19:33:16 -------- d-----w- c:\program files\SearchProtect
    2013-02-24 19:33:07 -------- d-----w- c:\documents and settings\spirit paglia\application data\SearchProtect
    2013-02-24 19:22:52 -------- d-----w- c:\program files\Conduit
    2013-02-24 19:22:31 -------- d-----w- c:\documents and settings\spirit paglia\local settings\application data\Conduit
    2013-02-24 19:15:54 -------- d-----w- c:\documents and settings\spirit paglia\local settings\application data\Updater19962
    2013-02-24 19:15:07 -------- d-----w- c:\documents and settings\spirit paglia\application data\DefaultTab
    2013-02-24 19:15:00 -------- d-----w- c:\program files\Supreme Savings
    2013-02-22 00:42:17 -------- d-----w- c:\documents and settings\all users\application data\APN
    2013-02-21 03:12:56 -------- d-----w- c:\program files\UnfriendApp
    2013-02-08 09:13:04 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    ==================== Find3M ====================
    .
    2013-02-27 09:37:01 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-02-27 09:37:01 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-26 18:45:22 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-02-26 18:45:22 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-01-26 03:55:44 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-23 23:49:01 896424 ----a-w- C:\jre-7u11-windows-i586-iftw.exe
    2013-01-07 01:16:02 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:36:58 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20:00 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49:10 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2013-01-02 06:49:10 1292288 ----a-w- c:\windows\system32\quartz.dll
    2012-12-26 20:16:29 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16:28 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16:28 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40:59 385024 ----a-w- c:\windows\system32\html.iec
    2012-12-16 12:23:59 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 23:49:28 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-02 13:11:21 458 ----a-w- c:\program files\070220117112129.bat
    2010-08-08 06:12:46 475 ----a-w- c:\program files\080820100124629.bat
    .
    ============= FINISH: 9:51:12.29 ===============
    Here is the attached log: (one place says to post it like this, but this log says do not post unless asked....so sorry if I wasn't supposed to post it or if I should have zipped it.

    .
    UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
    IF REQUESTED, ZIP IT UP & ATTACH IT
    .
    DDS (Ver_2012-11-20.01)
    .
    Microsoft Windows XP Home Edition
    Boot Device: \Device\HarddiskVolume2
    Install Date: 9/25/2005 10:01:00 PM
    System Uptime: 2/27/2013 1:12:35 AM (8 hours ago)
    .
    Motherboard: Dell Computer Corp. | | 0TC667
    Processor: Intel(R) Celeron(R) CPU 2.40GHz | Microprocessor | 2394/533mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 71 GiB total, 47.281 GiB free.
    D: is CDROM ()
    .
    ==== Disabled Device Manager Items =============
    .
    ==== System Restore Points ===================
    .
    RP441: 2/25/2013 9:36:06 AM - System Checkpoint
    RP442: 2/25/2013 3:58:24 PM - Software Distribution Service 3.0
    RP443: 2/26/2013 4:48:29 PM - System Checkpoint
    RP444: 2/26/2013 8:55:41 PM - avast! Free Antivirus Setup
    RP445: 2/26/2013 9:22:33 PM - Removed Avira SearchFree Toolbar.
    RP446: 2/27/2013 12:41:15 AM - Removed Java 7 Update 15
    RP447: 2/27/2013 12:51:03 AM - Installed Java 7 Update 15
    RP448: 2/27/2013 1:02:25 AM - Removed Java 7 Update 15
    RP449: 2/27/2013 1:06:30 AM - Removed Java(TM) 6 Update 38
    RP450: 2/27/2013 2:32:40 AM - Installed Java 7 Update 15
    RP451: 2/27/2013 2:36:00 AM - Removed Java 7 Update 15
    RP452: 2/27/2013 2:36:54 AM - Installed Java 7 Update 15
    .
    ==== Installed Programs ======================
    .
    Adobe Flash Player 11 ActiveX
    Adobe Flash Player 11 Plugin
    Adobe Reader 7.0
    Adobe Shockwave Player
    Agatha Christie Bundle - 3 in 1
    Alice's Magical Mahjong
    Amazing Adventures SE Bundle
    AOLIcon
    ArcSoft Software Suite
    avast! Free Antivirus
    Awakening The Dreamless Castle
    Bejeweled 3
    Belarc Advisor 7.2
    Big City Adventure Vancouver
    Big Fish Games Client
    Bonjour
    CCleaner
    Chuzzle
    Control Center for KODAK Webcams
    Dark Tales: Edgar Allan Poe's the Premature Burial (remove only)
    DefaultTab
    Dell Driver Reset Tool
    Dell Media Experience
    Dell Picture Studio v3.0
    Dell Support 3.1
    Dell System Restore
    Diner Dash Family Style
    Dr Lynch Grave Secrets
    Escape the Emerald Star
    Escape Whisper Valley
    Fairy Godmother Tycoon
    ffdshow [rev 2527] [2008-12-19]
    FlashPlayer
    Fotki XP Publishing Wizard
    Gogii 4-Pack
    Harvest Mania To Go
    Haunted Manor Lord of Mirrors
    Haunted Past: Realm of Ghosts Collector's Edition (remove only)
    Hidden Expedition: Titanic
    Hidden Object Heroes Bundle
    HijackThis 2.0.2
    Hotel Solitaire
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
    Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
    Hotfix for Windows Internet Explorer 7 (KB947864)
    Hotfix for Windows XP (KB954550-v5)
    Intel(R) 537EP V9x DF PCI Modem
    Intel(R) Extreme Graphics 2 Driver
    Intel(R) PRO Network Adapters and Drivers
    Intel(R) PROSet for Wired Connections
    Internet Explorer Default Page
    Java 7 Update 15
    Java Auto Updater
    Jewel Quest III (remove only)
    Jewel Quest Mysteries 2 Trail of the Midnight Heart (remove only)
    Jigsaw 365
    Junk Mail filter update
    Logitech Desktop Messenger
    Logitech Print Service
    Logitech QuickCam
    Logitech® Camera Driver
    Lottso! Deluxe
    Luxor Adventures
    Macromedia Flash Player
    Magic Match
    Mahjong Garden Deluxe
    Mahjong Garden To Go
    Mahjong Journey of Enlightenment
    Mahjong Memoirs
    Mahjong World
    Malwarebytes Anti-Malware version 1.70.0.1100
    Microsoft .NET Framework 1.1
    Microsoft .NET Framework 1.1 Security Update (KB2698023)
    Microsoft .NET Framework 1.1 Security Update (KB2742597)
    Microsoft .NET Framework 1.1 Security Update (KB979906)
    Microsoft .NET Framework 2.0 Service Pack 2
    Microsoft .NET Framework 3.0 Service Pack 2
    Microsoft .NET Framework 3.5 SP1
    Microsoft .NET Framework 4 Client Profile
    Microsoft .NET Framework 4 Extended
    Microsoft Application Error Reporting
    Microsoft Choice Guard
    Microsoft Compression Client Pack 1.0 for Windows XP
    Microsoft IntelliPoint 6.01
    Microsoft IntelliType Pro 6.01
    Microsoft Internationalized Domain Names Mitigation APIs
    Microsoft National Language Support Downlevel APIs
    Microsoft Plus! Digital Media Edition Installer
    Microsoft Plus! Photo Story 2 LE
    Microsoft Silverlight
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Sync Framework Runtime Native v1.0 (x86)
    Microsoft Sync Framework Services Native v1.0 (x86)
    Microsoft User-Mode Driver Framework Feature Pack 1.0
    Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    Modem Event Monitor
    Modem Helper
    Modem On Hold
    Mozilla Firefox 20.0 (x86 en-US)
    MSVCRT
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    MSXML 6 Service Pack 2 (KB973686)
    Mystery Case Files - Dire Grove
    Mystery Case Files: Huntsville ™
    NetZeroInstallers
    Nora Roberts - Vision In White
    Operation Mania
    Photo Click
    PICTUREKA! MUSEUM MAYHEM
    Pogo Games (remove only)
    Polly Pride Pet Detective
    PowerDVD 5.5
    Princess Isabella A Witch’s Curse
    QuickBooks Simple Start Special Edition
    QuickTime
    Qwest Installer
    Rainbow Web
    RealPlayer Basic
    Saints and Sinners Bingo
    Sandlot Games Client Services
    Search Protect by conduit
    Security Update for CAPICOM (KB931906)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
    Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
    Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
    Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
    Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
    Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
    Security Update for Windows Internet Explorer 7 (KB928090)
    Security Update for Windows Internet Explorer 7 (KB929969)
    Security Update for Windows Internet Explorer 7 (KB931768)
    Security Update for Windows Internet Explorer 7 (KB933566)
    Security Update for Windows Internet Explorer 7 (KB937143)
    Security Update for Windows Internet Explorer 7 (KB938127)
    Security Update for Windows Internet Explorer 7 (KB939653)
    Security Update for Windows Internet Explorer 7 (KB942615)
    Security Update for Windows Internet Explorer 7 (KB944533)
    Security Update for Windows Internet Explorer 7 (KB950759)
    Security Update for Windows Internet Explorer 7 (KB953838)
    Security Update for Windows Internet Explorer 7 (KB956390)
    Security Update for Windows Internet Explorer 7 (KB958215)
    Security Update for Windows Internet Explorer 7 (KB960714)
    Security Update for Windows Internet Explorer 7 (KB961260)
    Security Update for Windows Internet Explorer 7 (KB963027)
    Security Update for Windows Internet Explorer 7 (KB969897)
    Security Update for Windows Internet Explorer 7 (KB972260)
    Security Update for Windows Internet Explorer 7 (KB974455)
    Security Update for Windows Internet Explorer 7 (KB976325)
    Security Update for Windows Internet Explorer 7 (KB978207)
    Security Update for Windows Internet Explorer 7 (KB982381)
    Security Update for Windows Internet Explorer 8 (KB2510531)
    Security Update for Windows Internet Explorer 8 (KB2544521)
    Security Update for Windows Internet Explorer 8 (KB2559049)
    Security Update for Windows Internet Explorer 8 (KB2586448)
    Security Update for Windows Internet Explorer 8 (KB2618444)
    Security Update for Windows Internet Explorer 8 (KB2699988)
    Security Update for Windows Internet Explorer 8 (KB2761465)
    Security Update for Windows Internet Explorer 8 (KB2792100)
    Security Update for Windows Internet Explorer 8 (KB2797052)
    Security Update for Windows Internet Explorer 8 (KB2799329)
    Security Update for Windows Internet Explorer 8 (KB971961)
    Security Update for Windows Internet Explorer 8 (KB981332)
    Security Update for Windows Internet Explorer 8 (KB982381)
    Segoe UI
    Shutter Island
    Skype™ 5.10
    Slingo
    Slingo Quest
    Software Version Updater
    Sonic DLA
    Sonic RecordNow Audio
    Sonic RecordNow Copy
    Sonic RecordNow Data
    Sonic Update Manager
    Spin & Win
    Supreme Savings
    TeamViewer 4
    The Clockwork Man 2 (remove only)
    The Poppit! Show
    Tri Peaks 2 Quest For The Ruby Ring
    UnfriendApp
    Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
    Update for Windows Internet Explorer 7 (KB976749)
    Update for Windows Internet Explorer 7 (KB980182)
    Update for Windows Internet Explorer 8 (KB976662)
    URGE
    Vacation Quest: Australia (remove only)
    Way To Go! Bowling
    WebCyberCoach 3.2 Dell
    WebFldrs XP
    Windows Defender Signatures
    Windows Genuine Advantage Notifications (KB905474)
    Windows Genuine Advantage v1.3.0254.0
    Windows Genuine Advantage Validation Tool (KB892130)
    Windows Imaging Component
    Windows Internet Explorer 7
    Windows Internet Explorer 8
    Windows Live Call
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Family Safety
    Windows Live Mail
    Windows Live Messenger
    Windows Live Photo Gallery
    Windows Live Sign-in Assistant
    Windows Live Sync
    Windows Live Upload Tool
    Windows Live Writer
    Windows Media Format 11 runtime
    Windows Media Player 10
    Windows Media Player 11
    Windows XP Service Pack 3
    WinRAR archiver
    WinZip
    Word Riot Deluxe
    Word Whomp( TM) Underground
    WordPerfect Office 12
    World Class Solitaire
    Yahoo! Messenger
    Zombie Bowl-O-Rama
    Zuma’s Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    2/26/2013 9:23:27 PM, error: Service Control Manager [7023] - The Application Management service terminated with the following error: The specified module could not be found.
    2/26/2013 12:46:06 PM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.
    2/26/2013 12:46:06 PM, error: Service Control Manager [7000] - The HTTP SSL service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/25/2013 10:51:21 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM Service service to connect.
    2/25/2013 10:51:21 AM, error: Service Control Manager [7000] - The IMAPI CD-Burning COM Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
    2/25/2013 10:50:51 AM, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: IntelIde
    2/25/2013 10:49:42 AM, error: sr [1] - The System Restore filter encountered the unexpected error '0xC0000001' while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring the volume.
    .
    ==== End Of File ===========================
  2. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    I think I am supposed to post this MBAM log too.

    Malwarebytes Anti-Malware 1.70.0.1100
    www.malwarebytes.org

    Database version: v2013.02.24.01

    Windows XP Service Pack 3 x86 NTFS
    Internet Explorer 8.0.6001.18702
    spirit paglia :: SPIRIT [administrator]

    2/27/2013 10:20:37 AM
    MBAM-log-2013-02-27 (10-35-08).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 199551
    Time elapsed: 14 minute(s), 16 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 8
    HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> No action taken.
    HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> No action taken.
    HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> No action taken.
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> No action taken.
    HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> No action taken.
    HKCR\Updater.AmiUpd (PUP.Software.Updater) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> No action taken.
    HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{103089DA-0F31-4A8B-843F-7D24A7FE8345} (PUP.InfoAtoms) -> No action taken.

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 1
    C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater (PUP.Software.Updater) -> No action taken.

    Files Detected: 4
    C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater\Updater.exe (PUP.Software.Updater) -> No action taken.
    C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater\Updater.xml (PUP.Software.Updater) -> No action taken.
    C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater\status.cfg (PUP.Software.Updater) -> No action taken.
    C:\WINDOWS\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> No action taken.

    (end)
  3. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Hello, and welcome to TechSpot.


    [​IMG] Please see here for the board rules and other FAQ.

    Please feel free to introduce yourself, after you follow the steps below to get started.

    Information
    • From this point on, please do not make any more changes to your computer; such as install/uninstall programs, use special fix tools, delete files, edit the registry, etc. - unless advised by a malware removal helper.
    • Please do not ask for help elsewhere (in this site or other sites). Doing so can result in system changes, which may not show up in the logs you post.
    • If you have already asked for help somewhere, please post the link to the topic you were helped.
    • We try our best to reply quickly, but for any reason we do not reply in two days, please reply to this topic with the word BUMP!
    • Lastly, keep in mind that we are volunteers, so you do not have to pay for malware removal. Persist in this topic until its close, and your computer is declared clean.


    ComboFix scan

    Please download ComboFix[​IMG] by sUBs
    From TechSpot

    Direct Link (alternative)

    Please save the file to your Desktop.

    Important information about ComboFix


    After the download:
    • Close any open browsers.
    • Very Important: Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results". Please visit here if you don't know how.
    • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
    • Please do not attempt to re-connect your machine back to the Internet until ComboFix has completely finished.
    • If there is no Internet connection after running ComboFix, then restart your computer to restore back your connection.
    Running ComboFix:
    • Double click on ComboFix.exe & follow the prompts.
    • When ComboFix finishes, it will produce a report for you.
    • Please post the report, which will launch or be found at "C:\Combo-Fix.txt" in your next reply.
    Troubleshooting ComboFix

    Safe Mode:

    If you still cannot get ComboFix to run, try booting into Safe Mode, and run it there.

    (To boot into Safe Mode, tap F8 after BIOS, and just before the Windows
    logo appears. A list of options will appear, select "Safe Mode.")

    Re-downloading:

    If this doesn't work either, try the same method (above method), but try to download it again, except name
    ComboFix.exe to iexplore.exe, explorer.exe, or winlogon.exe.

    Malware is known for blocking all "user" processes, except for its whitelist of system important processes such as iexplore.exe, explorer.exe, winlogon.exe.

    NOTE: If you encounter a message "illegal operation attempted on registry key that has been marked for deletion" and no programs will run - please just reboot and that will resolve that error.
  4. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    Here you go.... and thank you!

    I will be gone for the day so will do the next step tonight.

    ComboFix 13-02-26.01 - spirit paglia 02/27/2013 12:00:41.2.1 - x86
    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1022.567 [GMT -7:00]
    Running from: c:\documents and settings\spirit paglia\Desktop\ComboFix.exe
    AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .
    .
    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    C:\11D.tmp
    C:\11E.tmp
    c:\documents and settings\All Users\Application Data\AMMYY
    c:\documents and settings\All Users\Application Data\AMMYY\hr
    c:\documents and settings\All Users\Application Data\AMMYY\hr3
    c:\documents and settings\All Users\Application Data\AMMYY\settings.bin
    c:\documents and settings\All Users\Application Data\AMMYY\settings3.bin
    c:\documents and settings\All Users\Application Data\TEMP
    c:\documents and settings\All Users\Application Data\TEMP\1A6AFE3D.TMP
    c:\documents and settings\All Users\Application Data\TEMP\4EFDF5FB.TMP
    c:\documents and settings\All Users\Application Data\TEMP\5635DE41.TMP
    c:\documents and settings\All Users\Application Data\TEMP\D0F51BEA.TMP
    c:\documents and settings\spirit paglia\Application Data\DefaultTab\DefaultTab
    c:\documents and settings\spirit paglia\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
    c:\documents and settings\spirit paglia\Local Settings\Application Data\Updater19962\Updater19962.exe
    c:\documents and settings\spirit paglia\WINDOWS
    C:\install.exe
    c:\program files\Common
    c:\windows\system32\SET103.tmp
    c:\windows\system32\SET105.tmp
    c:\windows\system32\SET111.tmp
    c:\windows\system32\SETC9.tmp
    c:\windows\system32\URTTemp
    c:\windows\system32\URTTemp\fusion.dll
    c:\windows\system32\URTTemp\mscoree.dll
    c:\windows\system32\URTTemp\mscoree.dll.local
    c:\windows\system32\URTTemp\mscorsn.dll
    c:\windows\system32\URTTemp\mscorwks.dll
    c:\windows\system32\URTTemp\msvcr71.dll
    c:\windows\system32\URTTemp\msvcr71.dll.001
    c:\windows\system32\URTTemp\msvcr71.dll.002
    c:\windows\system32\URTTemp\msvcr71.dll.003
    c:\windows\system32\URTTemp\msvcr71.dll.004
    c:\windows\system32\URTTemp\msvcr71.dll.005
    c:\windows\system32\URTTemp\msvcr71.dll.006
    c:\windows\system32\URTTemp\msvcr71.dll.007
    c:\windows\system32\URTTemp\msvcr71.dll.008
    c:\windows\system32\URTTemp\msvcr71.dll.009
    c:\windows\system32\URTTemp\msvcr71.dll.010
    c:\windows\system32\URTTemp\msvcr71.dll.011
    c:\windows\system32\URTTemp\msvcr71.dll.012
    c:\windows\system32\URTTemp\msvcr71.dll.013
    c:\windows\system32\URTTemp\msvcr71.dll.int
    c:\windows\system32\URTTemp\regtlib.exe
    c:\windows\XSxS
    .
    .
    ((((((((((((((((((((((((( Files Created from 2013-01-27 to 2013-02-27 )))))))))))))))))))))))))))))))
    .
    .
    2013-02-27 09:37 . 2013-02-27 09:37 143872 ----a-w- c:\windows\system32\javacpl.cpl
    2013-02-27 09:37 . 2013-02-27 09:37 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
    2013-02-27 09:36 . 2013-02-27 09:36 -------- d-----w- c:\program files\Java
    2013-02-27 07:34 . 2013-02-20 22:57 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
    2013-02-27 07:34 . 2013-02-20 22:57 170232 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
    2013-02-27 07:34 . 2013-02-20 22:57 24984 ----a-w- c:\program files\Mozilla Firefox\plugin-hang-ui.exe
    2013-02-27 07:34 . 2013-02-20 22:57 193576 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice_installer.exe
    2013-02-27 07:34 . 2013-02-20 22:57 134552 ----a-w- c:\program files\Mozilla Firefox\mozglue.dll
    2013-02-27 07:34 . 2013-02-20 22:57 115608 ----a-w- c:\program files\Mozilla Firefox\maintenanceservice.exe
    2013-02-27 07:34 . 2013-02-20 22:57 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
    2013-02-27 07:34 . 2013-02-20 22:57 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
    2013-02-27 07:34 . 2013-02-20 22:57 2989464 ----a-w- c:\program files\Mozilla Firefox\gkmedias.dll
    2013-02-27 07:34 . 2013-02-20 22:57 74136 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
    2013-02-27 03:57 . 2012-10-30 23:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
    2013-02-27 03:57 . 2012-10-30 23:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
    2013-02-27 03:57 . 2012-10-30 23:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
    2013-02-27 03:57 . 2012-10-30 23:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
    2013-02-27 03:57 . 2012-10-30 23:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
    2013-02-27 03:57 . 2012-10-30 23:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
    2013-02-27 03:57 . 2012-10-30 23:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
    2013-02-27 03:56 . 2012-10-30 23:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
    2013-02-27 03:56 . 2012-10-30 23:51 41224 ----a-w- c:\windows\avastSS.scr
    2013-02-27 03:56 . 2012-10-30 23:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
    2013-02-27 03:55 . 2013-02-27 03:55 -------- d-----w- c:\program files\AVAST Software
    2013-02-27 03:55 . 2013-02-27 03:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AVAST Software
    2013-02-24 19:35 . 2013-02-24 19:35 -------- d-----w- c:\program files\DomaIQ Uninstaller
    2013-02-24 19:33 . 2013-02-24 19:33 -------- d-----w- c:\documents and settings\spirit paglia\Application Data\player
    2013-02-24 19:33 . 2013-02-24 19:33 -------- d-----w- c:\program files\Tuguu SL
    2013-02-24 19:33 . 2013-02-24 19:33 -------- d-----w- c:\documents and settings\spirit paglia\Application Data\SwvUpdater
    2013-02-24 19:33 . 2013-02-24 19:33 -------- d-----w- c:\program files\SearchProtect
    2013-02-24 19:33 . 2013-02-24 19:33 -------- d-----w- c:\documents and settings\spirit paglia\Application Data\SearchProtect
    2013-02-24 19:22 . 2013-02-24 19:22 -------- d-----w- c:\program files\Conduit
    2013-02-24 19:22 . 2013-02-25 16:42 -------- d-----w- c:\documents and settings\spirit paglia\Local Settings\Application Data\Conduit
    2013-02-24 19:15 . 2013-02-27 19:16 -------- d-----w- c:\documents and settings\spirit paglia\Local Settings\Application Data\Updater19962
    2013-02-24 19:15 . 2013-02-27 19:16 -------- d-----w- c:\documents and settings\spirit paglia\Application Data\DefaultTab
    2013-02-24 19:15 . 2013-02-24 19:16 -------- d-----w- c:\program files\Supreme Savings
    2013-02-22 00:42 . 2013-02-22 00:42 -------- d-----w- c:\documents and settings\All Users\Application Data\APN
    2013-02-21 03:12 . 2013-02-21 03:12 -------- d-----w- c:\program files\UnfriendApp
    2013-02-08 09:13 . 2013-02-08 09:13 16365936 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2013-02-27 09:37 . 2012-05-18 22:26 861088 ----a-w- c:\windows\system32\npdeployJava1.dll
    2013-02-27 09:37 . 2010-04-15 12:15 782240 ----a-w- c:\windows\system32\deployJava1.dll
    2013-02-26 18:45 . 2012-05-25 22:33 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
    2013-02-26 18:45 . 2011-06-28 20:56 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
    2013-01-26 03:55 . 2004-08-10 17:51 552448 ----a-w- c:\windows\system32\oleaut32.dll
    2013-01-23 23:49 . 2013-01-23 23:46 896424 ----a-w- C:\jre-7u11-windows-i586-iftw.exe
    2013-01-07 01:16 . 2004-08-10 17:51 2193024 ----a-w- c:\windows\system32\ntoskrnl.exe
    2013-01-07 00:36 . 2004-08-04 03:59 2069760 ----a-w- c:\windows\system32\ntkrnlpa.exe
    2013-01-04 01:20 . 2004-08-10 17:51 1867264 ----a-w- c:\windows\system32\win32k.sys
    2013-01-02 06:49 . 2004-08-10 17:51 1292288 ----a-w- c:\windows\system32\quartz.dll
    2013-01-02 06:49 . 2004-08-10 17:51 148992 ----a-w- c:\windows\system32\mpg2splt.ax
    2012-12-26 20:16 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
    2012-12-26 20:16 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
    2012-12-26 20:16 . 2004-08-10 17:51 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
    2012-12-24 06:40 . 2004-08-10 17:51 385024 ----a-w- c:\windows\system32\html.iec
    2012-12-16 12:23 . 2004-08-10 17:50 290560 ----a-w- c:\windows\system32\atmfd.dll
    2012-12-14 23:49 . 2009-11-28 07:20 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
    2011-07-02 13:11 . 2011-07-02 13:11 458 ----a-w- c:\program files\070220117112129.bat
    2010-08-08 06:12 . 2010-08-08 06:12 475 ----a-w- c:\program files\080820100124629.bat
    2013-02-20 22:57 . 2013-02-27 07:26 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
    @="{472083B0-C522-11CF-8763-00608CC02F24}"
    [HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
    2012-10-30 23:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
    .
    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YahooMessenger.exe" [2012-05-25 6595928]
    "SearchProtect"="c:\documents and settings\spirit paglia\Application Data\SearchProtect\bin\cltmng.exe" [2013-02-20 2674464]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "SearchProtectAll"="c:\program files\SearchProtect\bin\cltmng.exe" [2013-02-20 2674464]
    "avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)
    "DisableNotifications"= 1 (0x1)
    .
    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Messenger\\msmsgs.exe"=
    "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "c:\\Program Files\\TeamViewer\\Version4\\TeamViewer.exe"=
    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Pogo Games\\PogoDGC.exe"=
    "c:\\Program Files\\Pogo Games\\WebUpdater.exe"=
    .
    R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2/26/2013 8:57 PM 738504]
    R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2/26/2013 8:57 PM 361032]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [2/26/2013 8:57 PM 21256]
    R2 CltMngSvc;Search Protect by Conduit Updater;c:\program files\SearchProtect\bin\CltMngSvc.exe [2/20/2013 5:38 AM 93984]
    R2 PGMTrusted;PGMTrusted;c:\program files\Pogo Games\PGMTrusted.exe [1/4/2012 7:40 AM 519888]
    R2 TeamViewer4;TeamViewer 4;c:\program files\TeamViewer\Version4\TeamViewer_Service.exe [10/7/2009 5:50 AM 185640]
    S2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [7/13/2012 1:28 PM 160944]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{A509B1FF-37FF-4bFF-8CFF-4F3A747040FF}]
    2009-03-08 10:32 128512 ----a-w- c:\windows\system32\advpack.dll
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2013-02-27 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-25 18:45]
    .
    2013-02-27 c:\windows\Tasks\AmiUpdXp.job
    - c:\documents and settings\spirit paglia\Application Data\SwvUpdater\Updater.exe [2013-02-24 19:28]
    .
    2013-02-27 c:\windows\Tasks\avast! Emergency Update.job
    - c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-02-27 23:50]
    .
    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    uStart Page = hxxp://www.pogo.com/friends.do?pageSection=cp_home_header_friends
    TCP: DhcpNameServer = 192.168.0.1 205.171.3.25
    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
    DPF: {3107C2A8-9F0B-4404-A58B-21BD85268FBC} - hxxp://www.pogo.com/cdl/launcher/PogoWebLauncherInstaller.CAB
    FF - ProfilePath - c:\documents and settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\
    FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&SearchSource=3&q={searchTerms}&CUI=UN36138580159123249
    FF - prefs.js: browser.search.selectedEngine - Google
    FF - prefs.js: browser.startup.homepage - hxxp://www.pogo.com/friends.do
    FF - ExtSQL: 2013-02-24 12:17; addon@defaulttab.com; c:\documents and settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\extensions\addon@defaulttab.com.xpi
    FF - ExtSQL: 2013-02-26 21:02; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
    FF - ExtSQL: !HIDDEN! 2009-11-15 03:02; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
    FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
    .
    - - - - ORPHANS REMOVED - - - -
    .
    WebBrowser-{6638A9DE-0745-4292-8A2E-AE530E7B9B3F} - (no file)
    WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
    HKCU-Run-Updater19962.exe - c:\documents and settings\spirit paglia\Local Settings\Application Data\Updater19962\Updater19962.exe
    AddRemove-DefaultTab - c:\documents and settings\spirit paglia\Application Data\DefaultTab\DefaultTab\uninstalldt.exe
    AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
    .
    .
    .
    **************************************************************************
    .
    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2013-02-27 12:19
    Windows 5.1.2600 Service Pack 3 NTFS
    .
    scanning hidden processes ...
    .
    scanning hidden autostart entries ...
    .
    scanning hidden files ...
    .
    scan completed successfully
    hidden files: 0
    .
    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
    @Denied: (2) (LocalSystem)
    "88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,32,39,ac,30,4c,0d,48,a2,2f,2a,\
    "2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
    d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,94,32,39,ac,30,4c,0d,48,a2,2f,2a,\
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------
    .
    - - - - - - - > 'explorer.exe'(3536)
    c:\windows\system32\WININET.dll
    c:\windows\system32\ieframe.dll
    c:\windows\system32\webcheck.dll
    c:\windows\system32\WPDShServiceObj.dll
    c:\windows\system32\PortableDeviceTypes.dll
    c:\windows\system32\PortableDeviceApi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\program files\AVAST Software\Avast\AvastSvc.exe
    c:\windows\System32\wudfhost.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\program files\Java\jre7\bin\jqs.exe
    c:\program files\TeamViewer\Version4\TeamViewer.exe
    c:\windows\system32\wbem\unsecapp.exe
    .
    **************************************************************************
    .
    Completion time: 2013-02-27 12:31:24 - machine was rebooted
    ComboFix-quarantined-files.txt 2013-02-27 19:31
    .
    Pre-Run: 50,654,711,808 bytes free
    Post-Run: 51,209,388,032 bytes free
    .
    - - End Of File - - 32680296410F15D26801D71550929FE0
  5. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    You're welcome!

    TDSSKiller Scan

    Please download and run TDSSKiller to your desktop as outlined below:

    Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.

    For Windows XP, double-click to start.
    For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

    [​IMG]

    -------------------------

    Check the boxes beside Verify Driver Digital Signature and Detect TDLFS file system, then click OK.

    [​IMG]

    ------------------------

    Click the Start Scan button.

    [​IMG]

    -----------------------

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue


    [​IMG]

    ----------------------

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    [​IMG]


    --------------------

    A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste its contents on your next reply.

    Sometimes these logs can be very large, in that case please attach it.

    -------------------

    Here's a summary of what to do if you would like to print it out:

    If a suspicious object is detected, the default action will be Skip, click on Continue
    If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose
    Skip and click on Continue

    If malicious objects are found, they will show in the Scan results and offer three (3) options.

    Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.


    OTL Quick Scan

    Please download OTL by OldTimer to your Desktop.
    • Close all windows and double click OTL.exe.
    • Click Quick Scan button and let the program run uninterrupted.
    • It will produce a log for you called OTL.txt, please post it in your next reply.
    • You may need to use two posts to get it all.
  6. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    I will do this in two posts.

    Thanks for your help!

    Here is the TDSSKiller. I never said anything about CURE, so I am not sure that it was done correctly.

    19:31:12.0906 9672 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
    19:31:13.0671 9672 ============================================================
    19:31:13.0671 9672 Current date / time: 2013/02/27 19:31:13.0671
    19:31:13.0671 9672 SystemInfo:
    19:31:13.0671 9672
    19:31:13.0671 9672 OS Version: 5.1.2600 ServicePack: 3.0
    19:31:13.0671 9672 Product type: Workstation
    19:31:13.0671 9672 ComputerName: SPIRIT
    19:31:13.0671 9672 UserName: spirit paglia
    19:31:13.0671 9672 Windows directory: C:\WINDOWS
    19:31:13.0671 9672 System windows directory: C:\WINDOWS
    19:31:13.0671 9672 Processor architecture: Intel x86
    19:31:13.0671 9672 Number of processors: 1
    19:31:13.0671 9672 Page size: 0x1000
    19:31:13.0671 9672 Boot type: Normal boot
    19:31:13.0671 9672 ============================================================
    19:31:15.0593 9672 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
    19:31:15.0593 9672 ============================================================
    19:31:15.0593 9672 \Device\Harddisk0\DR0:
    19:31:15.0593 9672 MBR partitions:
    19:31:15.0593 9672 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xFB04, BlocksNum 0x8E060B6
    19:31:15.0593 9672 ============================================================
    19:31:15.0640 9672 C: <-> \Device\Harddisk0\DR0\Partition1
    19:31:15.0640 9672 ============================================================
    19:31:15.0640 9672 Initialize success
    19:31:15.0640 9672 ============================================================
    19:32:40.0281 10044 ============================================================
    19:32:40.0281 10044 Scan started
    19:32:40.0281 10044 Mode: Manual; SigCheck; TDLFS;
    19:32:40.0281 10044 ============================================================
    19:32:41.0062 10044 ================ Scan system memory ========================
    19:32:41.0062 10044 System memory - ok
    19:32:41.0078 10044 ================ Scan services =============================
    19:32:41.0312 10044 [ 149A8F7ADF9742554DC323E290551E3E ] Aavmker4 C:\WINDOWS\system32\drivers\Aavmker4.sys
    19:32:41.0593 10044 Aavmker4 - ok
    19:32:41.0656 10044 Abiosdsk - ok
    19:32:41.0687 10044 [ 6ABB91494FE6C59089B9336452AB2EA3 ] abp480n5 C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
    19:32:43.0312 10044 abp480n5 - ok
    19:32:43.0375 10044 [ 8FD99680A539792A30E97944FDAECF17 ] ACPI C:\WINDOWS\system32\DRIVERS\ACPI.sys
    19:32:43.0640 10044 ACPI - ok
    19:32:43.0718 10044 [ 9859C0F6936E723E4892D7141B1327D5 ] ACPIEC C:\WINDOWS\system32\drivers\ACPIEC.sys
    19:32:44.0046 10044 ACPIEC - ok
    19:32:44.0156 10044 [ 9942DC4CC265CDA00486504444EF521D ] AdobeFlashPlayerUpdateSvc C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
    19:32:44.0203 10044 AdobeFlashPlayerUpdateSvc - ok
    19:32:44.0234 10044 [ 9A11864873DA202C996558B2106B0BBC ] adpu160m C:\WINDOWS\system32\DRIVERS\adpu160m.sys
    19:32:44.0593 10044 adpu160m - ok
    19:32:44.0671 10044 [ 8BED39E3C35D6A489438B8141717A557 ] aec C:\WINDOWS\system32\drivers\aec.sys
    19:32:45.0156 10044 aec - ok
    19:32:45.0203 10044 [ 1E44BC1E83D8FD2305F8D452DB109CF9 ] AFD C:\WINDOWS\System32\drivers\afd.sys
    19:32:45.0375 10044 AFD - ok
    19:32:45.0421 10044 [ 08FD04AA961BDC77FB983F328334E3D7 ] agp440 C:\WINDOWS\system32\DRIVERS\agp440.sys
    19:32:45.0765 10044 agp440 - ok
    19:32:45.0796 10044 [ 03A7E0922ACFE1B07D5DB2EEB0773063 ] agpCPQ C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
    19:32:46.0125 10044 agpCPQ - ok
    19:32:46.0171 10044 [ C23EA9B5F46C7F7910DB3EAB648FF013 ] Aha154x C:\WINDOWS\system32\DRIVERS\aha154x.sys
    19:32:46.0406 10044 Aha154x - ok
    19:32:46.0421 10044 [ 19DD0FB48B0C18892F70E2E7D61A1529 ] aic78u2 C:\WINDOWS\system32\DRIVERS\aic78u2.sys
    19:32:46.0750 10044 aic78u2 - ok
    19:32:46.0781 10044 [ B7FE594A7468AA0132DEB03FB8E34326 ] aic78xx C:\WINDOWS\system32\DRIVERS\aic78xx.sys
    19:32:47.0250 10044 aic78xx - ok
    19:32:47.0296 10044 [ A9A3DAA780CA6C9671A19D52456705B4 ] Alerter C:\WINDOWS\system32\alrsvc.dll
    19:32:47.0625 10044 Alerter - ok
    19:32:47.0671 10044 [ 8C515081584A38AA007909CD02020B3D ] ALG C:\WINDOWS\System32\alg.exe
    19:32:48.0062 10044 ALG - ok
    19:32:48.0109 10044 [ 1140AB9938809700B46BB88E46D72A96 ] AliIde C:\WINDOWS\system32\DRIVERS\aliide.sys
    19:32:48.0437 10044 AliIde - ok
    19:32:48.0484 10044 [ CB08AED0DE2DD889A8A820CD8082D83C ] alim1541 C:\WINDOWS\system32\DRIVERS\alim1541.sys
    19:32:48.0796 10044 alim1541 - ok
    19:32:48.0859 10044 [ 95B4FB835E28AA1336CEEB07FD5B9398 ] amdagp C:\WINDOWS\system32\DRIVERS\amdagp.sys
    19:32:49.0281 10044 amdagp - ok
    19:32:49.0390 10044 [ 79F5ADD8D24BD6893F2903A3E2F3FAD6 ] amsint C:\WINDOWS\system32\DRIVERS\amsint.sys
    19:32:49.0578 10044 amsint - ok
    19:32:49.0593 10044 AppMgmt - ok
    19:32:49.0640 10044 [ 62D318E9A0C8FC9B780008E724283707 ] asc C:\WINDOWS\system32\DRIVERS\asc.sys
    19:32:50.0015 10044 asc - ok
    19:32:50.0062 10044 [ 69EB0CC7714B32896CCBFD5EDCBEA447 ] asc3350p C:\WINDOWS\system32\DRIVERS\asc3350p.sys
    19:32:50.0296 10044 asc3350p - ok
    19:32:50.0343 10044 [ 5D8DE112AA0254B907861E9E9C31D597 ] asc3550 C:\WINDOWS\system32\DRIVERS\asc3550.sys
    19:32:50.0671 10044 asc3550 - ok
    19:32:50.0734 10044 [ D880831279ED91F9A4190A2DB9539EA9 ] ASCTRM C:\WINDOWS\system32\drivers\ASCTRM.sys
    19:32:50.0781 10044 ASCTRM ( UnsignedFile.Multi.Generic ) - warning
    19:32:50.0781 10044 ASCTRM - detected UnsignedFile.Multi.Generic (1)
    19:32:50.0906 10044 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
    19:32:51.0015 10044 aspnet_state - ok
    19:32:51.0062 10044 [ DE6ED95AEF259979B2830450072A627B ] aswFsBlk C:\WINDOWS\system32\drivers\aswFsBlk.sys
    19:32:51.0093 10044 aswFsBlk - ok
    19:32:51.0156 10044 [ 84F0BE324EE111338589F448C3E8BAB2 ] aswMon2 C:\WINDOWS\system32\drivers\aswMon2.sys
    19:32:51.0171 10044 aswMon2 - ok
    19:32:51.0218 10044 [ 7C9F0A2AB17D52261A9252A2EB320884 ] AswRdr C:\WINDOWS\system32\drivers\AswRdr.sys
    19:32:51.0265 10044 AswRdr - ok
    19:32:51.0343 10044 [ B32E9AD44A1DBB3E8095E80F8DF32B03 ] aswSnx C:\WINDOWS\system32\drivers\aswSnx.sys
    19:32:51.0421 10044 aswSnx - ok
    19:32:51.0578 10044 [ 67B558895695545FB0568B7541F3BCA7 ] aswSP C:\WINDOWS\system32\drivers\aswSP.sys
    19:32:51.0625 10044 aswSP - ok
    19:32:51.0703 10044 [ E3E73B2B73A4DFADFDDF557192C4B08A ] aswTdi C:\WINDOWS\system32\drivers\aswTdi.sys
    19:32:51.0734 10044 aswTdi - ok
    19:32:51.0765 10044 [ B153AFFAC761E7F5FCFA822B9C4E97BC ] AsyncMac C:\WINDOWS\system32\DRIVERS\asyncmac.sys
    19:32:52.0140 10044 AsyncMac - ok
    19:32:52.0171 10044 [ 9F3A2F5AA6875C72BF062C712CFA2674 ] atapi C:\WINDOWS\system32\DRIVERS\atapi.sys
    19:32:52.0484 10044 atapi - ok
    19:32:52.0500 10044 Atdisk - ok
    19:32:52.0531 10044 [ 9916C1225104BA14794209CFA8012159 ] Atmarpc C:\WINDOWS\system32\DRIVERS\atmarpc.sys
    19:32:52.0921 10044 Atmarpc - ok
    19:32:52.0984 10044 [ DEF7A7882BEC100FE0B2CE2549188F9D ] AudioSrv C:\WINDOWS\System32\audiosrv.dll
    19:32:53.0281 10044 AudioSrv - ok
    19:32:53.0328 10044 [ D9F724AA26C010A217C97606B160ED68 ] audstub C:\WINDOWS\system32\DRIVERS\audstub.sys
    19:32:53.0859 10044 audstub - ok
    19:32:53.0984 10044 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    19:32:54.0046 10044 avast! Antivirus - ok
    19:32:54.0093 10044 [ 5D7BE7B19E827125E016325334E58FF1 ] BANTExt C:\WINDOWS\System32\Drivers\BANTExt.sys
    19:32:54.0109 10044 BANTExt ( UnsignedFile.Multi.Generic ) - warning
    19:32:54.0109 10044 BANTExt - detected UnsignedFile.Multi.Generic (1)
    19:32:54.0187 10044 [ DA1F27D85E0D1525F6621372E7B685E9 ] Beep C:\WINDOWS\system32\drivers\Beep.sys
    19:32:54.0546 10044 Beep - ok
    19:32:54.0625 10044 [ 574738F61FCA2935F5265DC4E5691314 ] BITS C:\WINDOWS\system32\qmgr.dll
    19:32:55.0046 10044 BITS - ok
    19:32:55.0109 10044 [ F832F1505AD8B83474BD9A5B1B985E01 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
    19:32:55.0187 10044 Bonjour Service - ok
    19:32:55.0234 10044 [ CFD4E51402DA9838B5A04AE680AF54A0 ] Browser C:\WINDOWS\System32\browser.dll
    19:32:55.0390 10044 Browser - ok
    19:32:55.0390 10044 bvrp_pci - ok
    19:32:55.0406 10044 catchme - ok
    19:32:55.0421 10044 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
    19:32:55.0765 10044 cbidf - ok
    19:32:55.0906 10044 [ 90A673FC8E12A79AFBED2576F6A7AAF9 ] cbidf2k C:\WINDOWS\system32\drivers\cbidf2k.sys
    19:32:56.0250 10044 cbidf2k - ok
    19:32:56.0265 10044 [ 0BE5AEF125BE881C4F854C554F2B025C ] CCDECODE C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
    19:32:56.0609 10044 CCDECODE - ok
    19:32:56.0640 10044 [ F3EC03299634490E97BBCE94CD2954C7 ] cd20xrnt C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
    19:32:56.0812 10044 cd20xrnt - ok
    19:32:56.0843 10044 [ C1B486A7658353D33A10CC15211A873B ] Cdaudio C:\WINDOWS\system32\drivers\Cdaudio.sys
    19:32:57.0265 10044 Cdaudio - ok
    19:32:57.0328 10044 [ C885B02847F5D2FD45A24E219ED93B32 ] Cdfs C:\WINDOWS\system32\drivers\Cdfs.sys
    19:32:57.0625 10044 Cdfs - ok
    19:32:57.0656 10044 [ 1F4260CC5B42272D71F79E570A27A4FE ] Cdrom C:\WINDOWS\system32\DRIVERS\cdrom.sys
    19:32:58.0093 10044 Cdrom - ok
    19:32:58.0187 10044 Changer - ok
    19:32:58.0250 10044 [ 1CFE720EB8D93A7158A4EBC3AB178BDE ] CiSvc C:\WINDOWS\system32\cisvc.exe
    19:32:58.0578 10044 CiSvc - ok
    19:32:58.0640 10044 [ 34CBE729F38138217F9C80212A2A0C82 ] ClipSrv C:\WINDOWS\system32\clipsrv.exe
    19:32:58.0953 10044 ClipSrv - ok
    19:32:59.0062 10044 [ D87ACAED61E417BBA546CED5E7E36D9C ] clr_optimization_v2.0.50727_32 C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
    19:32:59.0250 10044 clr_optimization_v2.0.50727_32 - ok
    19:32:59.0312 10044 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
    19:32:59.0484 10044 clr_optimization_v4.0.30319_32 - ok
    19:32:59.0531 10044 [ 1CDFB108952A68CB8DAAC67177850560 ] CltMngSvc C:\Program Files\SearchProtect\bin\CltMngSvc.exe
    19:32:59.0609 10044 CltMngSvc - ok
    19:32:59.0656 10044 [ E5DCB56C533014ECBC556A8357C929D5 ] CmdIde C:\WINDOWS\system32\DRIVERS\cmdide.sys
    19:33:00.0000 10044 CmdIde - ok
    19:33:00.0046 10044 COMSysApp - ok
    19:33:00.0109 10044 [ 3EE529119EED34CD212A215E8C40D4B6 ] Cpqarray C:\WINDOWS\system32\DRIVERS\cpqarray.sys
    19:33:00.0546 10044 Cpqarray - ok
    19:33:00.0609 10044 [ 3D4E199942E29207970E04315D02AD3B ] CryptSvc C:\WINDOWS\System32\cryptsvc.dll
    19:33:00.0906 10044 CryptSvc - ok
    19:33:00.0953 10044 [ E550E7418984B65A78299D248F0A7F36 ] dac2w2k C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
    19:33:01.0296 10044 dac2w2k - ok
    19:33:01.0328 10044 [ 683789CAA3864EB46125AE86FF677D34 ] dac960nt C:\WINDOWS\system32\DRIVERS\dac960nt.sys
    19:33:01.0750 10044 dac960nt - ok
    19:33:01.0796 10044 [ 100FF3D9E16AFB3163BD6F9AAAAB7C55 ] DCamUSBSQTECH C:\WINDOWS\system32\Drivers\SQcaptur.sys
    19:33:01.0875 10044 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - warning
    19:33:01.0875 10044 DCamUSBSQTECH - detected UnsignedFile.Multi.Generic (1)
    19:33:01.0953 10044 [ 6B27A5C03DFB94B4245739065431322C ] DcomLaunch C:\WINDOWS\system32\rpcss.dll
    19:33:02.0109 10044 DcomLaunch - ok
    19:33:02.0156 10044 [ 5E38D7684A49CACFB752B046357E0589 ] Dhcp C:\WINDOWS\System32\dhcpcsvc.dll
    19:33:02.0578 10044 Dhcp - ok
    19:33:02.0625 10044 [ 044452051F3E02E7963599FC8F4F3E25 ] Disk C:\WINDOWS\system32\DRIVERS\disk.sys
    19:33:02.0968 10044 Disk - ok
    19:33:02.0984 10044 dmadmin - ok
    19:33:03.0031 10044 [ D992FE1274BDE0F84AD826ACAE022A41 ] dmboot C:\WINDOWS\system32\drivers\dmboot.sys
    19:33:03.0437 10044 dmboot - ok
    19:33:03.0500 10044 [ 7C824CF7BBDE77D95C08005717A95F6F ] dmio C:\WINDOWS\system32\drivers\dmio.sys
    19:33:03.0781 10044 dmio - ok
    19:33:03.0812 10044 [ E9317282A63CA4D188C0DF5E09C6AC5F ] dmload C:\WINDOWS\system32\drivers\dmload.sys
    19:33:04.0218 10044 dmload - ok
    19:33:04.0265 10044 [ 57EDEC2E5F59F0335E92F35184BC8631 ] dmserver C:\WINDOWS\System32\dmserver.dll
    19:33:04.0656 10044 dmserver - ok
    19:33:04.0781 10044 [ 8A208DFCF89792A484E76C40E5F50B45 ] DMusic C:\WINDOWS\system32\drivers\DMusic.sys
    19:33:05.0140 10044 DMusic - ok
    19:33:05.0187 10044 [ 5F7E24FA9EAB896051FFB87F840730D2 ] Dnscache C:\WINDOWS\System32\dnsrslvr.dll
    19:33:05.0296 10044 Dnscache - ok
    19:33:05.0390 10044 [ 0F0F6E687E5E15579EF4DA8DD6945814 ] Dot3svc C:\WINDOWS\System32\dot3svc.dll
    19:33:05.0734 10044 Dot3svc - ok
    19:33:05.0781 10044 [ 40F3B93B4E5B0126F2F5C0A7A5E22660 ] dpti2o C:\WINDOWS\system32\DRIVERS\dpti2o.sys
    19:33:06.0187 10044 dpti2o - ok
    19:33:06.0250 10044 [ 8F5FCFF8E8848AFAC920905FBD9D33C8 ] drmkaud C:\WINDOWS\system32\drivers\drmkaud.sys
    19:33:06.0531 10044 drmkaud - ok
    19:33:06.0578 10044 [ 96BC8F872F0270C10EDC3931F1C03776 ] drvmcdb C:\WINDOWS\system32\drivers\drvmcdb.sys
    19:33:06.0640 10044 drvmcdb ( UnsignedFile.Multi.Generic ) - warning
    19:33:06.0640 10044 drvmcdb - detected UnsignedFile.Multi.Generic (1)
    19:33:06.0671 10044 [ 5AFBEC7A6AC61B211633DFDB1D9E0C89 ] drvnddm C:\WINDOWS\system32\drivers\drvnddm.sys
    19:33:06.0843 10044 drvnddm ( UnsignedFile.Multi.Generic ) - warning
    19:33:06.0843 10044 drvnddm - detected UnsignedFile.Multi.Generic (1)
    19:33:06.0859 10044 [ 7D91DC6342248369F94D6EBA0CF42E99 ] E100B C:\WINDOWS\system32\DRIVERS\e100b325.sys
    19:33:06.0968 10044 E100B - ok
    19:33:07.0062 10044 [ 2187855A7703ADEF0CEF9EE4285182CC ] EapHost C:\WINDOWS\System32\eapsvc.dll
    19:33:07.0390 10044 EapHost - ok
    19:33:07.0484 10044 [ BC93B4A066477954555966D77FEC9ECB ] ERSvc C:\WINDOWS\System32\ersvc.dll
    19:33:07.0718 10044 ERSvc - ok
    19:33:07.0765 10044 [ 65DF52F5B8B6E9BBD183505225C37315 ] Eventlog C:\WINDOWS\system32\services.exe
    19:33:07.0906 10044 Eventlog - ok
    19:33:07.0953 10044 [ D4991D98F2DB73C60D042F1AEF79EFAE ] EventSystem C:\WINDOWS\system32\es.dll
    19:33:08.0109 10044 EventSystem - ok
    19:33:08.0140 10044 [ 38D332A6D56AF32635675F132548343E ] Fastfat C:\WINDOWS\system32\drivers\Fastfat.sys
    19:33:08.0468 10044 Fastfat - ok
    19:33:08.0515 10044 [ 99BC0B50F511924348BE19C7C7313BBF ] FastUserSwitchingCompatibility C:\WINDOWS\System32\shsvcs.dll
    19:33:08.0640 10044 FastUserSwitchingCompatibility - ok
    19:33:08.0687 10044 [ E97D6A8684466DF94FF3BC24FB787A07 ] Fax C:\WINDOWS\system32\fxssvc.exe
    19:33:09.0109 10044 Fax - ok
    19:33:09.0156 10044 [ 92CDD60B6730B9F50F6A1A0C1F8CDC81 ] Fdc C:\WINDOWS\system32\DRIVERS\fdc.sys
    19:33:09.0468 10044 Fdc - ok
    19:33:09.0500 10044 [ D45926117EB9FA946A6AF572FBE1CAA3 ] Fips C:\WINDOWS\system32\drivers\Fips.sys
    19:33:09.0828 10044 Fips - ok
    19:33:09.0859 10044 [ 9D27E7B80BFCDF1CDD9B555862D5E7F0 ] Flpydisk C:\WINDOWS\system32\DRIVERS\flpydisk.sys
    19:33:10.0234 10044 Flpydisk - ok
    19:33:10.0296 10044 [ B2CF4B0786F8212CB92ED2B50C6DB6B0 ] FltMgr C:\WINDOWS\system32\drivers\fltmgr.sys
    19:33:10.0609 10044 FltMgr - ok
    19:33:10.0703 10044 [ 8BA7C024070F2B7FDD98ED8A4BA41789 ] FontCache3.0.0.0 c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
    19:33:10.0734 10044 FontCache3.0.0.0 - ok
    19:33:10.0796 10044 [ C6EE3A87FE609D3E1DB9DBD072A248DE ] fssfltr C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
    19:33:10.0828 10044 fssfltr - ok
    19:33:10.0984 10044 [ 206AD9A89BF05DFA1621F1FC7B82592D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
    19:33:11.0109 10044 fsssvc - ok
    19:33:11.0218 10044 [ 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A ] Fs_Rec C:\WINDOWS\system32\drivers\Fs_Rec.sys
    19:33:11.0546 10044 Fs_Rec - ok
    19:33:11.0609 10044 [ 6AC26732762483366C3969C9E4D2259D ] Ftdisk C:\WINDOWS\system32\DRIVERS\ftdisk.sys
    19:33:11.0937 10044 Ftdisk - ok
    19:33:11.0968 10044 [ 0A02C63C8B144BD8C86B103DEE7C86A2 ] Gpc C:\WINDOWS\system32\DRIVERS\msgpc.sys
    19:33:12.0296 10044 Gpc - ok
    19:33:12.0375 10044 [ 4FCCA060DFE0C51A09DD5C3843888BCD ] helpsvc C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
    19:33:12.0687 10044 helpsvc - ok
    19:33:12.0750 10044 [ DEB04DA35CC871B6D309B77E1443C796 ] HidServ C:\WINDOWS\System32\hidserv.dll
    19:33:13.0093 10044 HidServ - ok
    19:33:13.0156 10044 [ CCF82C5EC8A7326C3066DE870C06DAF1 ] HidUsb C:\WINDOWS\system32\DRIVERS\hidusb.sys
    19:33:13.0593 10044 HidUsb - ok
    19:33:13.0640 10044 [ 8878BD685E490239777BFE51320B88E9 ] hkmsvc C:\WINDOWS\System32\kmsvc.dll
    19:33:14.0125 10044 hkmsvc - ok
    19:33:14.0171 10044 [ B028377DEA0546A5FCFBA928A8AEFAE0 ] hpn C:\WINDOWS\system32\DRIVERS\hpn.sys
    19:33:14.0593 10044 hpn - ok
    19:33:14.0656 10044 [ F80A415EF82CD06FFAF0D971528EAD38 ] HTTP C:\WINDOWS\system32\Drivers\HTTP.sys
    19:33:14.0750 10044 HTTP - ok
    19:33:14.0812 10044 [ 6100A808600F44D999CEBDEF8841C7A3 ] HTTPFilter C:\WINDOWS\System32\w3ssl.dll
    19:33:15.0750 10044 HTTPFilter - ok
    19:33:15.0796 10044 [ 9368670BD426EBEA5E8B18A62416EC28 ] i2omgmt C:\WINDOWS\system32\drivers\i2omgmt.sys
    19:33:16.0343 10044 i2omgmt - ok
    19:33:16.0421 10044 [ F10863BF1CCC290BABD1A09188AE49E0 ] i2omp C:\WINDOWS\system32\DRIVERS\i2omp.sys
    19:33:16.0843 10044 i2omp - ok
    19:33:16.0906 10044 [ 4A0B06AA8943C1E332520F7440C0AA30 ] i8042prt C:\WINDOWS\system32\DRIVERS\i8042prt.sys
    19:33:17.0421 10044 i8042prt - ok
    19:33:17.0687 10044 [ 9A883C3C4D91292C0D09DE7C728E781C ] ialm C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
    19:33:18.0250 10044 ialm - ok
    19:33:18.0406 10044 [ C01AC32DC5C03076CFB852CB5DA5229C ] idsvc c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
    19:33:18.0515 10044 idsvc - ok
    19:33:18.0546 10044 [ 083A052659F5310DD8B6A6CB05EDCF8E ] Imapi C:\WINDOWS\system32\DRIVERS\imapi.sys
    19:33:19.0000 10044 Imapi - ok
    19:33:19.0046 10044 [ 30DEAF54A9755BB8546168CFE8A6B5E1 ] ImapiService C:\WINDOWS\system32\imapi.exe
    19:33:19.0421 10044 ImapiService - ok
    19:33:19.0453 10044 [ 4A40E045FAEE58631FD8D91AFC620719 ] ini910u C:\WINDOWS\system32\DRIVERS\ini910u.sys
    19:33:19.0781 10044 ini910u - ok
    19:33:19.0828 10044 [ 7509C548400F4C9E0211E3F6E66ABBE6 ] IntelC51 C:\WINDOWS\system32\DRIVERS\IntelC51.sys
    19:33:20.0171 10044 IntelC51 - ok
    19:33:20.0750 10044 [ 9584FFDD41D37F2C239681D0DAC2513E ] IntelC52 C:\WINDOWS\system32\DRIVERS\IntelC52.sys
    19:33:21.0062 10044 IntelC52 - ok
    19:33:21.0093 10044 [ CF0B937710CEC6EF39416EDECD803CBB ] IntelC53 C:\WINDOWS\system32\DRIVERS\IntelC53.sys
    19:33:21.0265 10044 IntelC53 - ok
    19:33:21.0312 10044 [ B5466A9250342A7AA0CD1FBA13420678 ] IntelIde C:\WINDOWS\system32\DRIVERS\intelide.sys
    19:33:21.0625 10044 IntelIde - ok
    19:33:21.0671 10044 [ 8C953733D8F36EB2133F5BB58808B66B ] intelppm C:\WINDOWS\system32\DRIVERS\intelppm.sys
    19:33:22.0093 10044 intelppm - ok
    19:33:22.0234 10044 [ 3BB22519A194418D5FEC05D800A19AD0 ] Ip6Fw C:\WINDOWS\system32\drivers\ip6fw.sys
    19:33:22.0750 10044 Ip6Fw - ok
    19:33:22.0781 10044 [ 731F22BA402EE4B62748ADAF6363C182 ] IpFilterDriver C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
    19:33:23.0328 10044 IpFilterDriver - ok
    19:33:23.0468 10044 [ B87AB476DCF76E72010632B5550955F5 ] IpInIp C:\WINDOWS\system32\DRIVERS\ipinip.sys
    19:33:23.0875 10044 IpInIp - ok
    19:33:23.0906 10044 [ CC748EA12C6EFFDE940EE98098BF96BB ] IpNat C:\WINDOWS\system32\DRIVERS\ipnat.sys
    19:33:24.0406 10044 IpNat - ok
    19:33:24.0437 10044 [ 23C74D75E36E7158768DD63D92789A91 ] IPSec C:\WINDOWS\system32\DRIVERS\ipsec.sys
    19:33:24.0921 10044 IPSec - ok
    19:33:24.0953 10044 [ C93C9FF7B04D772627A3646D89F7BF89 ] IRENUM C:\WINDOWS\system32\DRIVERS\irenum.sys
    19:33:25.0468 10044 IRENUM - ok
    19:33:25.0546 10044 [ 05A299EC56E52649B1CF2FC52D20F2D7 ] isapnp C:\WINDOWS\system32\DRIVERS\isapnp.sys
    19:33:26.0000 10044 isapnp - ok
    19:33:26.0312 10044 [ 1758AF653723679E3746FC7DDD93C69B ] JavaQuickStarterService C:\Program Files\Java\jre7\bin\jqs.exe
    19:33:26.0390 10044 JavaQuickStarterService - ok
    19:33:26.0578 10044 [ 463C1EC80CD17420A542B7F36A36F128 ] Kbdclass C:\WINDOWS\system32\DRIVERS\kbdclass.sys
    19:33:27.0046 10044 Kbdclass - ok
    19:33:27.0156 10044 [ 9EF487A186DEA361AA06913A75B3FA99 ] kbdhid C:\WINDOWS\system32\DRIVERS\kbdhid.sys
    19:33:27.0625 10044 kbdhid - ok
    19:33:27.0687 10044 [ 692BCF44383D056AED41B045A323D378 ] kmixer C:\WINDOWS\system32\drivers\kmixer.sys
    19:33:28.0203 10044 kmixer - ok
    19:33:28.0250 10044 [ B467646C54CC746128904E1654C750C1 ] KSecDD C:\WINDOWS\system32\drivers\KSecDD.sys
    19:33:28.0640 10044 KSecDD - ok
    19:33:28.0703 10044 [ 3A7C3CBE5D96B8AE96CE81F0B22FB527 ] lanmanserver C:\WINDOWS\System32\srvsvc.dll
    19:33:28.0859 10044 lanmanserver - ok
    19:33:28.0906 10044 [ A8888A5327621856C0CEC4E385F69309 ] lanmanworkstation C:\WINDOWS\System32\wkssvc.dll
    19:33:29.0031 10044 lanmanworkstation - ok
    19:33:29.0046 10044 lbrtfdc - ok
    19:33:29.0093 10044 [ A7DB739AE99A796D91580147E919CC59 ] LmHosts C:\WINDOWS\System32\lmhsvc.dll
    19:33:29.0531 10044 LmHosts - ok
    19:33:29.0562 10044 [ 986B1FF5814366D71E0AC5755C88F2D3 ] Messenger C:\WINDOWS\System32\msgsvc.dll
    19:33:29.0968 10044 Messenger - ok
    19:33:29.0984 10044 [ 4AE068242760A1FB6E1A44BF4E16AFA6 ] mnmdd C:\WINDOWS\system32\drivers\mnmdd.sys
    19:33:30.0406 10044 mnmdd - ok
    19:33:30.0437 10044 [ D18F1F0C101D06A1C1ADF26EED16FCDD ] mnmsrvc C:\WINDOWS\system32\mnmsrvc.exe
    19:33:31.0000 10044 mnmsrvc - ok
    19:33:31.0046 10044 [ DFCBAD3CEC1C5F964962AE10E0BCC8E1 ] Modem C:\WINDOWS\system32\drivers\Modem.sys
    19:33:31.0453 10044 Modem - ok
    19:33:31.0484 10044 [ 1992E0D143B09653AB0F9C5E04B0FD65 ] MODEMCSA C:\WINDOWS\system32\drivers\MODEMCSA.sys
    19:33:31.0812 10044 MODEMCSA - ok
    19:33:31.0828 10044 [ 59B8B11FF70728EEC60E72131C58B716 ] mohfilt C:\WINDOWS\system32\DRIVERS\mohfilt.sys
    19:33:31.0984 10044 mohfilt - ok
    19:33:32.0046 10044 [ 35C9E97194C8CFB8430125F8DBC34D04 ] Mouclass C:\WINDOWS\system32\DRIVERS\mouclass.sys
    19:33:32.0375 10044 Mouclass - ok
    19:33:32.0421 10044 [ A80B9A0BAD1B73637DBCBBA7DF72D3FD ] MountMgr C:\WINDOWS\system32\drivers\MountMgr.sys
    19:33:32.0875 10044 MountMgr - ok
    19:33:32.0921 10044 [ 3F4BB95E5A44F3BE34824E8E7CAF0737 ] mraid35x C:\WINDOWS\system32\DRIVERS\mraid35x.sys
    19:33:33.0343 10044 mraid35x - ok
    19:33:33.0406 10044 [ 11D42BB6206F33FBB3BA0288D3EF81BD ] MRxDAV C:\WINDOWS\system32\DRIVERS\mrxdav.sys
    19:33:33.0750 10044 MRxDAV - ok
    19:33:33.0812 10044 [ 7D304A5EB4344EBEEAB53A2FE3FFB9F0 ] MRxSmb C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
    19:33:34.0046 10044 MRxSmb - ok
    19:33:34.0093 10044 [ A137F1470499A205ABBB9AAFB3B6F2B1 ] MSDTC C:\WINDOWS\system32\msdtc.exe
    19:33:34.0390 10044 MSDTC - ok
    19:33:34.0437 10044 [ C941EA2454BA8350021D774DAF0F1027 ] Msfs C:\WINDOWS\system32\drivers\Msfs.sys
    19:33:34.0812 10044 Msfs - ok
    19:33:34.0937 10044 MSIServer - ok
    19:33:34.0968 10044 [ D1575E71568F4D9E14CA56B7B0453BF1 ] MSKSSRV C:\WINDOWS\system32\drivers\MSKSSRV.sys
    19:33:35.0421 10044 MSKSSRV - ok
    19:33:35.0484 10044 [ 325BB26842FC7CCC1FCCE2C457317F3E ] MSPCLOCK C:\WINDOWS\system32\drivers\MSPCLOCK.sys
    19:33:35.0812 10044 MSPCLOCK - ok
    19:33:35.0843 10044 [ BAD59648BA099DA4A17680B39730CB3D ] MSPQM C:\WINDOWS\system32\drivers\MSPQM.sys
    19:33:36.0265 10044 MSPQM - ok
    19:33:36.0312 10044 [ AF5F4F3F14A8EA2C26DE30F7A1E17136 ] mssmbios C:\WINDOWS\system32\DRIVERS\mssmbios.sys
  7. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    Cont. TDSSKiller

    19:33:36.0593 10044 mssmbios - ok
    19:33:36.0640 10044 [ E53736A9E30C45FA9E7B5EAC55056D1D ] MSTEE C:\WINDOWS\system32\drivers\MSTEE.sys
    19:33:37.0140 10044 MSTEE - ok
    19:33:37.0171 10044 [ DE6A75F5C270E756C5508D94B6CF68F5 ] Mup C:\WINDOWS\system32\drivers\Mup.sys
    19:33:37.0296 10044 Mup - ok
    19:33:37.0343 10044 [ 5B50F1B2A2ED47D560577B221DA734DB ] NABTSFEC C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
    19:33:37.0703 10044 NABTSFEC - ok
    19:33:37.0796 10044 [ 0102140028FAD045756796E1C685D695 ] napagent C:\WINDOWS\System32\qagentrt.dll
    19:33:38.0093 10044 napagent - ok
    19:33:38.0156 10044 [ 1DF7F42665C94B825322FAE71721130D ] NDIS C:\WINDOWS\system32\drivers\NDIS.sys
    19:33:38.0531 10044 NDIS - ok
    19:33:38.0562 10044 [ 7FF1F1FD8609C149AA432F95A8163D97 ] NdisIP C:\WINDOWS\system32\DRIVERS\NdisIP.sys
    19:33:38.0875 10044 NdisIP - ok
    19:33:38.0921 10044 [ 0109C4F3850DFBAB279542515386AE22 ] NdisTapi C:\WINDOWS\system32\DRIVERS\ndistapi.sys
    19:33:39.0218 10044 NdisTapi - ok
    19:33:39.0250 10044 [ F927A4434C5028758A842943EF1A3849 ] Ndisuio C:\WINDOWS\system32\DRIVERS\ndisuio.sys
    19:33:39.0687 10044 Ndisuio - ok
    19:33:39.0718 10044 [ EDC1531A49C80614B2CFDA43CA8659AB ] NdisWan C:\WINDOWS\system32\DRIVERS\ndiswan.sys
    19:33:40.0093 10044 NdisWan - ok
    19:33:40.0140 10044 [ 9282BD12DFB069D3889EB3FCC1000A9B ] NDProxy C:\WINDOWS\system32\drivers\NDProxy.sys
    19:33:40.0250 10044 NDProxy - ok
    19:33:40.0296 10044 [ 5D81CF9A2F1A3A756B66CF684911CDF0 ] NetBIOS C:\WINDOWS\system32\DRIVERS\netbios.sys
    19:33:40.0671 10044 NetBIOS - ok
    19:33:40.0718 10044 [ 74B2B2F5BEA5E9A3DC021D685551BD3D ] NetBT C:\WINDOWS\system32\DRIVERS\netbt.sys
    19:33:41.0125 10044 NetBT - ok
    19:33:41.0171 10044 [ B857BA82860D7FF85AE29B095645563B ] NetDDE C:\WINDOWS\system32\netdde.exe
    19:33:41.0765 10044 NetDDE - ok
    19:33:41.0890 10044 [ B857BA82860D7FF85AE29B095645563B ] NetDDEdsdm C:\WINDOWS\system32\netdde.exe
    19:33:42.0234 10044 NetDDEdsdm - ok
    19:33:42.0296 10044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] Netlogon C:\WINDOWS\system32\lsass.exe
    19:33:42.0718 10044 Netlogon - ok
    19:33:42.0765 10044 [ 13E67B55B3ABD7BF3FE7AAE5A0F9A9DE ] Netman C:\WINDOWS\System32\netman.dll
    19:33:43.0093 10044 Netman - ok
    19:33:43.0203 10044 [ 02D0798F376FCBD0210EDA58476D0B1B ] NetSvc C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
    19:33:43.0390 10044 NetSvc ( UnsignedFile.Multi.Generic ) - warning
    19:33:43.0390 10044 NetSvc - detected UnsignedFile.Multi.Generic (1)
    19:33:43.0468 10044 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing c:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
    19:33:43.0609 10044 NetTcpPortSharing - ok
    19:33:43.0671 10044 [ 943337D786A56729263071623BBB9DE5 ] Nla C:\WINDOWS\System32\mswsock.dll
    19:33:43.0796 10044 Nla - ok
    19:33:43.0843 10044 [ 3182D64AE053D6FB034F44B6DEF8034A ] Npfs C:\WINDOWS\system32\drivers\Npfs.sys
    19:33:44.0156 10044 Npfs - ok
    19:33:44.0203 10044 [ 78A08DD6A8D65E697C18E1DB01C5CDCA ] Ntfs C:\WINDOWS\system32\drivers\Ntfs.sys
    19:33:44.0609 10044 Ntfs - ok
    19:33:44.0687 10044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] NtLmSsp C:\WINDOWS\system32\lsass.exe
    19:33:45.0000 10044 NtLmSsp - ok
    19:33:45.0109 10044 [ 156F64A3345BD23C600655FB4D10BC08 ] NtmsSvc C:\WINDOWS\system32\ntmssvc.dll
    19:33:45.0765 10044 NtmsSvc - ok
    19:33:45.0781 10044 [ 73C1E1F395918BC2C6DD67AF7591A3AD ] Null C:\WINDOWS\system32\drivers\Null.sys
    19:33:46.0125 10044 Null - ok
    19:33:46.0312 10044 [ 2B298519EDBFCF451D43E0F1E8F1006D ] nv C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
    19:33:46.0671 10044 nv - ok
    19:33:46.0750 10044 [ B305F3FAD35083837EF46A0BBCE2FC57 ] NwlnkFlt C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
    19:33:47.0093 10044 NwlnkFlt - ok
    19:33:47.0140 10044 [ C99B3415198D1AAB7227F2C88FD664B9 ] NwlnkFwd C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
    19:33:47.0718 10044 NwlnkFwd - ok
    19:33:47.0734 10044 [ 5575FAF8F97CE5E713D108C2A58D7C7C ] Parport C:\WINDOWS\system32\DRIVERS\parport.sys
    19:33:48.0046 10044 Parport - ok
    19:33:48.0109 10044 [ BEB3BA25197665D82EC7065B724171C6 ] PartMgr C:\WINDOWS\system32\drivers\PartMgr.sys
    19:33:48.0531 10044 PartMgr - ok
    19:33:48.0578 10044 [ 70E98B3FD8E963A6A46A2E6247E0BEA1 ] ParVdm C:\WINDOWS\system32\drivers\ParVdm.sys
    19:33:49.0140 10044 ParVdm - ok
    19:33:49.0156 10044 [ A219903CCF74233761D92BEF471A07B1 ] PCI C:\WINDOWS\system32\DRIVERS\pci.sys
    19:33:49.0484 10044 PCI - ok
    19:33:49.0515 10044 PCIDump - ok
    19:33:49.0578 10044 [ CCF5F451BB1A5A2A522A76E670000FF0 ] PCIIde C:\WINDOWS\system32\DRIVERS\pciide.sys
    19:33:50.0078 10044 PCIIde - ok
    19:33:50.0125 10044 [ 9E89EF60E9EE05E3F2EEF2DA7397F1C1 ] Pcmcia C:\WINDOWS\system32\drivers\Pcmcia.sys
    19:33:50.0437 10044 Pcmcia - ok
    19:33:50.0468 10044 PDCOMP - ok
    19:33:50.0468 10044 PDFRAME - ok
    19:33:50.0484 10044 PDRELI - ok
    19:33:50.0484 10044 PDRFRAME - ok
    19:33:50.0500 10044 [ 6C14B9C19BA84F73D3A86DBA11133101 ] perc2 C:\WINDOWS\system32\DRIVERS\perc2.sys
    19:33:50.0859 10044 perc2 - ok
    19:33:50.0906 10044 [ F50F7C27F131AFE7BEBA13E14A3B9416 ] perc2hib C:\WINDOWS\system32\DRIVERS\perc2hib.sys
    19:33:51.0312 10044 perc2hib - ok
    19:33:51.0453 10044 [ 8BA0E6570112C4F27571A3C21B3A02A6 ] PGMTrusted C:\Program Files\Pogo Games\PGMTrusted.exe
    19:33:51.0562 10044 PGMTrusted - ok
    19:33:51.0625 10044 [ AE36B05D1BF3E988EF0E713E9BF237CE ] PID_08A0 C:\WINDOWS\system32\DRIVERS\LV302AV.SYS
    19:33:52.0140 10044 PID_08A0 - ok
    19:33:52.0187 10044 [ 65DF52F5B8B6E9BBD183505225C37315 ] PlugPlay C:\WINDOWS\system32\services.exe
    19:33:52.0375 10044 PlugPlay - ok
    19:33:52.0437 10044 [ 5C71F7CDD1B4BA5F00B87CA05E414AEA ] Point32 C:\WINDOWS\system32\DRIVERS\point32.sys
    19:33:52.0562 10044 Point32 - ok
    19:33:52.0593 10044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] PolicyAgent C:\WINDOWS\system32\lsass.exe
    19:33:52.0890 10044 PolicyAgent - ok
    19:33:52.0953 10044 [ EFEEC01B1D3CF84F16DDD24D9D9D8F99 ] PptpMiniport C:\WINDOWS\system32\DRIVERS\raspptp.sys
    19:33:53.0281 10044 PptpMiniport - ok
    19:33:53.0296 10044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] ProtectedStorage C:\WINDOWS\system32\lsass.exe
    19:33:53.0562 10044 ProtectedStorage - ok
    19:33:53.0578 10044 [ 09298EC810B07E5D582CB3A3F9255424 ] PSched C:\WINDOWS\system32\DRIVERS\psched.sys
    19:33:53.0890 10044 PSched - ok
    19:33:53.0906 10044 [ 80D317BD1C3DBC5D4FE7B1678C60CADD ] Ptilink C:\WINDOWS\system32\DRIVERS\ptilink.sys
    19:33:54.0375 10044 Ptilink - ok
    19:33:54.0437 10044 [ 7C81AE3C9B82BA2DA437ED4D31BC56CF ] PxHelp20 C:\WINDOWS\system32\Drivers\PxHelp20.sys
    19:33:54.0500 10044 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
    19:33:54.0500 10044 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
    19:33:54.0531 10044 [ 0A63FB54039EB5662433CABA3B26DBA7 ] ql1080 C:\WINDOWS\system32\DRIVERS\ql1080.sys
    19:33:54.0859 10044 ql1080 - ok
    19:33:54.0906 10044 [ 6503449E1D43A0FF0201AD5CB1B8C706 ] Ql10wnt C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
    19:33:55.0296 10044 Ql10wnt - ok
    19:33:55.0328 10044 [ 156ED0EF20C15114CA097A34A30D8A01 ] ql12160 C:\WINDOWS\system32\DRIVERS\ql12160.sys
    19:33:55.0671 10044 ql12160 - ok
    19:33:55.0703 10044 [ 70F016BEBDE6D29E864C1230A07CC5E6 ] ql1240 C:\WINDOWS\system32\DRIVERS\ql1240.sys
    19:33:55.0984 10044 ql1240 - ok
    19:33:56.0015 10044 [ 907F0AEEA6BC451011611E732BD31FCF ] ql1280 C:\WINDOWS\system32\DRIVERS\ql1280.sys
    19:33:56.0468 10044 ql1280 - ok
    19:33:56.0546 10044 [ FE0D99D6F31E4FAD8159F690D68DED9C ] RasAcd C:\WINDOWS\system32\DRIVERS\rasacd.sys
    19:33:56.0875 10044 RasAcd - ok
    19:33:56.0921 10044 [ AD188BE7BDF94E8DF4CA0A55C00A5073 ] RasAuto C:\WINDOWS\System32\rasauto.dll
    19:33:57.0265 10044 RasAuto - ok
    19:33:57.0281 10044 [ 11B4A627BC9614B885C4969BFA5FF8A6 ] Rasl2tp C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
    19:33:57.0609 10044 Rasl2tp - ok
    19:33:57.0640 10044 [ 76A9A3CBEADD68CC57CDA5E1D7448235 ] RasMan C:\WINDOWS\System32\rasmans.dll
    19:33:57.0984 10044 RasMan - ok
    19:33:58.0031 10044 [ 5BC962F2654137C9909C3D4603587DEE ] RasPppoe C:\WINDOWS\system32\DRIVERS\raspppoe.sys
    19:33:58.0343 10044 RasPppoe - ok
    19:33:58.0390 10044 [ FDBB1D60066FCFBB7452FD8F9829B242 ] Raspti C:\WINDOWS\system32\DRIVERS\raspti.sys
    19:33:58.0828 10044 Raspti - ok
    19:33:58.0890 10044 [ 7AD224AD1A1437FE28D89CF22B17780A ] Rdbss C:\WINDOWS\system32\DRIVERS\rdbss.sys
    19:33:59.0140 10044 Rdbss - ok
    19:33:59.0156 10044 [ 4912D5B403614CE99C28420F75353332 ] RDPCDD C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
    19:33:59.0453 10044 RDPCDD - ok
    19:33:59.0531 10044 [ 15CABD0F7C00C47C70124907916AF3F1 ] rdpdr C:\WINDOWS\system32\DRIVERS\rdpdr.sys
    19:33:59.0843 10044 rdpdr - ok
    19:33:59.0906 10044 [ 43AF5212BD8FB5BA6EED9754358BD8F7 ] RDPWD C:\WINDOWS\system32\drivers\RDPWD.sys
    19:34:00.0078 10044 RDPWD - ok
    19:34:00.0109 10044 [ 3C37BF86641BDA977C3BF8A840F3B7FA ] RDSessMgr C:\WINDOWS\system32\sessmgr.exe
    19:34:00.0453 10044 RDSessMgr - ok
    19:34:00.0515 10044 [ F828DD7E1419B6653894A8F97A0094C5 ] redbook C:\WINDOWS\system32\DRIVERS\redbook.sys
    19:34:00.0937 10044 redbook - ok
    19:34:01.0015 10044 [ 7E699FF5F59B5D9DE5390E3C34C67CF5 ] RemoteAccess C:\WINDOWS\System32\mprdim.dll
    19:34:01.0406 10044 RemoteAccess - ok
    19:34:01.0453 10044 [ AAED593F84AFA419BBAE8572AF87CF6A ] RpcLocator C:\WINDOWS\system32\locator.exe
    19:34:01.0765 10044 RpcLocator - ok
    19:34:01.0812 10044 [ 6B27A5C03DFB94B4245739065431322C ] RpcSs C:\WINDOWS\System32\rpcss.dll
    19:34:02.0015 10044 RpcSs - ok
    19:34:02.0046 10044 [ 471B3F9741D762ABE75E9DEEA4787E47 ] RSVP C:\WINDOWS\system32\rsvp.exe
    19:34:02.0468 10044 RSVP - ok
    19:34:02.0500 10044 [ BF2466B3E18E970D8A976FB95FC1CA85 ] SamSs C:\WINDOWS\system32\lsass.exe
    19:34:02.0812 10044 SamSs - ok
    19:34:02.0859 10044 [ 86D007E7A654B9A71D1D7D856B104353 ] SCardSvr C:\WINDOWS\System32\SCardSvr.exe
    19:34:03.0359 10044 SCardSvr - ok
    19:34:03.0437 10044 [ 0A9A7365A1CA4319AA7C1D6CD8E4EAFA ] Schedule C:\WINDOWS\system32\schedsvc.dll
    19:34:03.0734 10044 Schedule - ok
    19:34:03.0828 10044 [ 90A3935D05B494A5A39D37E71F09A677 ] Secdrv C:\WINDOWS\system32\DRIVERS\secdrv.sys
    19:34:04.0093 10044 Secdrv - ok
    19:34:04.0156 10044 [ CBE612E2BB6A10E3563336191EDA1250 ] seclogon C:\WINDOWS\System32\seclogon.dll
    19:34:04.0453 10044 seclogon - ok
    19:34:04.0515 10044 [ B9C7617C1E8AB6FDFF75D3C8DAFCB4C8 ] senfilt C:\WINDOWS\system32\drivers\senfilt.sys
    19:34:04.0718 10044 senfilt - ok
    19:34:04.0781 10044 [ 7FDD5D0684ECA8C1F68B4D99D124DCD0 ] SENS C:\WINDOWS\system32\sens.dll
    19:34:05.0093 10044 SENS - ok
    19:34:05.0265 10044 [ 0F29512CCD6BEAD730039FB4BD2C85CE ] serenum C:\WINDOWS\system32\DRIVERS\serenum.sys
    19:34:05.0578 10044 serenum - ok
    19:34:05.0625 10044 [ CCA207A8896D4C6A0C9CE29A4AE411A7 ] Serial C:\WINDOWS\system32\DRIVERS\serial.sys
    19:34:06.0000 10044 Serial - ok
    19:34:06.0093 10044 [ 8E6B8C671615D126FDC553D1E2DE5562 ] Sfloppy C:\WINDOWS\system32\drivers\Sfloppy.sys
    19:34:06.0453 10044 Sfloppy - ok
    19:34:06.0515 10044 [ 83F41D0D89645D7235C051AB1D9523AC ] SharedAccess C:\WINDOWS\System32\ipnathlp.dll
    19:34:06.0906 10044 SharedAccess - ok
    19:34:06.0937 10044 [ 99BC0B50F511924348BE19C7C7313BBF ] ShellHWDetection C:\WINDOWS\System32\shsvcs.dll
    19:34:07.0031 10044 ShellHWDetection - ok
    19:34:07.0046 10044 Simbad - ok
    19:34:07.0125 10044 [ 6B33D0EBD30DB32E27D1D78FE946A754 ] sisagp C:\WINDOWS\system32\DRIVERS\sisagp.sys
    19:34:07.0562 10044 sisagp - ok
    19:34:07.0625 10044 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
    19:34:07.0687 10044 SkypeUpdate - ok
    19:34:07.0718 10044 [ 866D538EBE33709A5C9F5C62B73B7D14 ] SLIP C:\WINDOWS\system32\DRIVERS\SLIP.sys
    19:34:08.0031 10044 SLIP - ok
    19:34:08.0093 10044 [ C6D9959E493682F872A639B6EC1B4A08 ] smwdm C:\WINDOWS\system32\drivers\smwdm.sys
    19:34:08.0187 10044 smwdm - ok
    19:34:08.0281 10044 [ 83C0F71F86D3BDAF915685F3D568B20E ] Sparrow C:\WINDOWS\system32\DRIVERS\sparrow.sys
    19:34:08.0515 10044 Sparrow - ok
    19:34:08.0546 10044 [ AB8B92451ECB048A4D1DE7C3FFCB4A9F ] splitter C:\WINDOWS\system32\drivers\splitter.sys
    19:34:08.0859 10044 splitter - ok
    19:34:08.0890 10044 [ 60784F891563FB1B767F70117FC2428F ] Spooler C:\WINDOWS\system32\spoolsv.exe
    19:34:09.0062 10044 Spooler - ok
    19:34:09.0109 10044 [ 76BB022C2FB6902FD5BDD4F78FC13A5D ] sr C:\WINDOWS\system32\DRIVERS\sr.sys
    19:34:09.0484 10044 sr - ok
    19:34:09.0656 10044 [ 3805DF0AC4296A34BA4BF93B346CC378 ] srservice C:\WINDOWS\system32\srsvc.dll
    19:34:09.0968 10044 srservice - ok
    19:34:10.0031 10044 [ 47DDFC2F003F7F9F0592C6874962A2E7 ] Srv C:\WINDOWS\system32\DRIVERS\srv.sys
    19:34:10.0187 10044 Srv - ok
    19:34:10.0250 10044 [ 98625722AD52B40305E74AAA83C93086 ] sscdbhk5 C:\WINDOWS\system32\drivers\sscdbhk5.sys
    19:34:10.0296 10044 sscdbhk5 ( UnsignedFile.Multi.Generic ) - warning
    19:34:10.0296 10044 sscdbhk5 - detected UnsignedFile.Multi.Generic (1)
    19:34:10.0343 10044 [ 0A5679B3714EDAB99E357057EE88FCA6 ] SSDPSRV C:\WINDOWS\System32\ssdpsrv.dll
    19:34:10.0703 10044 SSDPSRV - ok
    19:34:10.0750 10044 [ D79412E3942C8A257253487536D5A994 ] ssrtln C:\WINDOWS\system32\drivers\ssrtln.sys
    19:34:10.0765 10044 ssrtln ( UnsignedFile.Multi.Generic ) - warning
    19:34:10.0765 10044 ssrtln - detected UnsignedFile.Multi.Generic (1)
    19:34:10.0843 10044 [ 8BAD69CBAC032D4BBACFCE0306174C30 ] stisvc C:\WINDOWS\system32\wiaservc.dll
    19:34:11.0187 10044 stisvc - ok
    19:34:11.0234 10044 [ 77813007BA6265C4B6098187E6ED79D2 ] streamip C:\WINDOWS\system32\DRIVERS\StreamIP.sys
    19:34:11.0578 10044 streamip - ok
    19:34:11.0625 10044 [ 3941D127AEF12E93ADDF6FE6EE027E0F ] swenum C:\WINDOWS\system32\DRIVERS\swenum.sys
    19:34:12.0031 10044 swenum - ok
    19:34:12.0062 10044 [ 8CE882BCC6CF8A62F2B2323D95CB3D01 ] swmidi C:\WINDOWS\system32\drivers\swmidi.sys
    19:34:12.0406 10044 swmidi - ok
    19:34:12.0421 10044 SwPrv - ok
    19:34:12.0468 10044 [ 1FF3217614018630D0A6758630FC698C ] symc810 C:\WINDOWS\system32\DRIVERS\symc810.sys
    19:34:12.0796 10044 symc810 - ok
    19:34:12.0828 10044 [ 070E001D95CF725186EF8B20335F933C ] symc8xx C:\WINDOWS\system32\DRIVERS\symc8xx.sys
    19:34:13.0140 10044 symc8xx - ok
    19:34:13.0187 10044 [ 80AC1C4ABBE2DF3B738BF15517A51F2C ] sym_hi C:\WINDOWS\system32\DRIVERS\sym_hi.sys
    19:34:13.0515 10044 sym_hi - ok
    19:34:13.0546 10044 [ BF4FAB949A382A8E105F46EBB4937058 ] sym_u3 C:\WINDOWS\system32\DRIVERS\sym_u3.sys
    19:34:13.0984 10044 sym_u3 - ok
    19:34:14.0078 10044 [ 8B83F3ED0F1688B4958F77CD6D2BF290 ] sysaudio C:\WINDOWS\system32\drivers\sysaudio.sys
    19:34:14.0390 10044 sysaudio - ok
    19:34:14.0437 10044 [ C7ABBC59B43274B1109DF6B24D617051 ] SysmonLog C:\WINDOWS\system32\smlogsvc.exe
    19:34:14.0781 10044 SysmonLog - ok
    19:34:14.0843 10044 [ 3CB78C17BB664637787C9A1C98F79C38 ] TapiSrv C:\WINDOWS\System32\tapisrv.dll
    19:34:15.0171 10044 TapiSrv - ok
    19:34:15.0234 10044 [ 9AEFA14BD6B182D61E3119FA5F436D3D ] Tcpip C:\WINDOWS\system32\DRIVERS\tcpip.sys
    19:34:15.0359 10044 Tcpip - ok
    19:34:15.0390 10044 [ 6471A66807F5E104E4885F5B67349397 ] TDPIPE C:\WINDOWS\system32\drivers\TDPIPE.sys
    19:34:15.0718 10044 TDPIPE - ok
    19:34:15.0750 10044 [ C56B6D0402371CF3700EB322EF3AAF61 ] TDTCP C:\WINDOWS\system32\drivers\TDTCP.sys
    19:34:16.0125 10044 TDTCP - ok
    19:34:16.0234 10044 [ 392E619012F752D071910917E9307CC9 ] TeamViewer4 C:\Program Files\TeamViewer\Version4\TeamViewer_Service.exe
    19:34:16.0328 10044 TeamViewer4 - ok
    19:34:16.0375 10044 [ 88155247177638048422893737429D9E ] TermDD C:\WINDOWS\system32\DRIVERS\termdd.sys
    19:34:16.0687 10044 TermDD - ok
    19:34:16.0750 10044 [ FF3477C03BE7201C294C35F684B3479F ] TermService C:\WINDOWS\System32\termsrv.dll
    19:34:17.0078 10044 TermService - ok
    19:34:17.0187 10044 [ D0177776E11B0B3F272EEBD262A69661 ] tfsnboio C:\WINDOWS\system32\dla\tfsnboio.sys
    19:34:17.0203 10044 tfsnboio ( UnsignedFile.Multi.Generic ) - warning
    19:34:17.0203 10044 tfsnboio - detected UnsignedFile.Multi.Generic (1)
    19:34:17.0218 10044 [ 599804BC938B8305A5422319774DA871 ] tfsncofs C:\WINDOWS\system32\dla\tfsncofs.sys
    19:34:17.0312 10044 tfsncofs ( UnsignedFile.Multi.Generic ) - warning
    19:34:17.0312 10044 tfsncofs - detected UnsignedFile.Multi.Generic (1)
    19:34:17.0343 10044 [ A1902C00ADC11C4D83F8E3ED947A6A32 ] tfsndrct C:\WINDOWS\system32\dla\tfsndrct.sys
    19:34:17.0406 10044 tfsndrct ( UnsignedFile.Multi.Generic ) - warning
    19:34:17.0406 10044 tfsndrct - detected UnsignedFile.Multi.Generic (1)
    19:34:17.0421 10044 [ D8DDB3F2B1BEF15CFF6728D89C042C61 ] tfsndres C:\WINDOWS\system32\dla\tfsndres.sys
    19:34:17.0500 10044 tfsndres ( UnsignedFile.Multi.Generic ) - warning
    19:34:17.0500 10044 tfsndres - detected UnsignedFile.Multi.Generic (1)
    19:34:17.0515 10044 [ C4F2DEA75300971CDAEE311007DE138D ] tfsnifs C:\WINDOWS\system32\dla\tfsnifs.sys
    19:34:17.0593 10044 tfsnifs ( UnsignedFile.Multi.Generic ) - warning
    19:34:17.0593 10044 tfsnifs - detected UnsignedFile.Multi.Generic (1)
    19:34:17.0609 10044 [ 272925BE0EA919F08286D2EE6F102B0F ] tfsnopio C:\WINDOWS\system32\dla\tfsnopio.sys
    19:34:17.0625 10044 tfsnopio ( UnsignedFile.Multi.Generic ) - warning
    19:34:17.0625 10044 tfsnopio - detected UnsignedFile.Multi.Generic (1)
    19:34:17.0640 10044 [ 7B7D955E5CEBC2FB88B03EF875D52A2F ] tfsnpool C:\WINDOWS\system32\dla\tfsnpool.sys
    19:34:17.0718 10044 tfsnpool ( UnsignedFile.Multi.Generic ) - warning
    19:34:17.0718 10044 tfsnpool - detected UnsignedFile.Multi.Generic (1)
    19:34:17.0781 10044 [ E3D01263109D800C1967C12C10A0B018 ] tfsnudf C:\WINDOWS\system32\dla\tfsnudf.sys
    19:34:17.0828 10044 tfsnudf ( UnsignedFile.Multi.Generic ) - warning
    19:34:17.0828 10044 tfsnudf - detected UnsignedFile.Multi.Generic (1)
    19:34:17.0843 10044 [ B9E9C377906E3A65BC74598FFF7F7458 ] tfsnudfa C:\WINDOWS\system32\dla\tfsnudfa.sys
    19:34:17.0906 10044 tfsnudfa ( UnsignedFile.Multi.Generic ) - warning
    19:34:17.0906 10044 tfsnudfa - detected UnsignedFile.Multi.Generic (1)
    19:34:17.0921 10044 [ 99BC0B50F511924348BE19C7C7313BBF ] Themes C:\WINDOWS\System32\shsvcs.dll
    19:34:18.0031 10044 Themes - ok
    19:34:18.0062 10044 [ F2790F6AF01321B172AA62F8E1E187D9 ] TosIde C:\WINDOWS\system32\DRIVERS\toside.sys
    19:34:18.0531 10044 TosIde - ok
    19:34:18.0578 10044 [ 55BCA12F7F523D35CA3CB833C725F54E ] TrkWks C:\WINDOWS\system32\trkwks.dll
    19:34:18.0937 10044 TrkWks - ok
    19:34:19.0000 10044 [ 5787B80C2E3C5E2F56C2A233D91FA2C9 ] Udfs C:\WINDOWS\system32\drivers\Udfs.sys
    19:34:19.0343 10044 Udfs - ok
    19:34:19.0375 10044 [ 1B698A51CD528D8DA4FFAED66DFC51B9 ] ultra C:\WINDOWS\system32\DRIVERS\ultra.sys
    19:34:19.0609 10044 ultra - ok
    19:34:19.0671 10044 [ 402DDC88356B1BAC0EE3DD1580C76A31 ] Update C:\WINDOWS\system32\DRIVERS\update.sys
    19:34:20.0015 10044 Update - ok
    19:34:20.0062 10044 [ 1EBAFEB9A3FBDC41B8D9C7F0F687AD91 ] upnphost C:\WINDOWS\System32\upnphost.dll
    19:34:20.0421 10044 upnphost - ok
    19:34:20.0437 10044 [ 05365FB38FCA1E98F7A566AAAF5D1815 ] UPS C:\WINDOWS\System32\ups.exe
    19:34:20.0921 10044 UPS - ok
    19:34:20.0953 10044 [ E919708DB44ED8543A7C017953148330 ] usbaudio C:\WINDOWS\system32\drivers\usbaudio.sys
    19:34:21.0296 10044 usbaudio - ok
    19:34:21.0343 10044 [ 173F317CE0DB8E21322E71B7E60A27E8 ] usbccgp C:\WINDOWS\system32\DRIVERS\usbccgp.sys
    19:34:21.0703 10044 usbccgp - ok
    19:34:21.0750 10044 [ 65DCF09D0E37D4C6B11B5B0B76D470A7 ] usbehci C:\WINDOWS\system32\DRIVERS\usbehci.sys
    19:34:22.0078 10044 usbehci - ok
    19:34:22.0109 10044 [ 1AB3CDDE553B6E064D2E754EFE20285C ] usbhub C:\WINDOWS\system32\DRIVERS\usbhub.sys
    19:34:22.0484 10044 usbhub - ok
    19:34:22.0546 10044 [ A32426D9B14A089EAA1D922E0C5801A9 ] USBSTOR C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
    19:34:22.0968 10044 USBSTOR - ok
    19:34:23.0000 10044 [ 26496F9DEE2D787FC3E61AD54821FFE6 ] usbuhci C:\WINDOWS\system32\DRIVERS\usbuhci.sys
    19:34:23.0328 10044 usbuhci - ok
    19:34:23.0406 10044 [ 63BBFCA7F390F4C49ED4B96BFB1633E0 ] usbvideo C:\WINDOWS\system32\Drivers\usbvideo.sys
    19:34:23.0734 10044 usbvideo - ok
    19:34:23.0750 10044 [ 0D3A8FAFCEACD8B7625CD549757A7DF1 ] VgaSave C:\WINDOWS\System32\drivers\vga.sys
    19:34:24.0062 10044 VgaSave - ok
    19:34:24.0093 10044 [ 754292CE5848B3738281B4F3607EAEF4 ] viaagp C:\WINDOWS\system32\DRIVERS\viaagp.sys
    19:34:24.0484 10044 viaagp - ok
    19:34:24.0515 10044 [ 3B3EFCDA263B8AC14FDF9CBDD0791B2E ] ViaIde C:\WINDOWS\system32\DRIVERS\viaide.sys
    19:34:24.0890 10044 ViaIde - ok
    19:34:24.0968 10044 [ 4C8FCB5CC53AAB716D810740FE59D025 ] VolSnap C:\WINDOWS\system32\drivers\VolSnap.sys
    19:34:25.0281 10044 VolSnap - ok
    19:34:25.0375 10044 [ 7A9DB3A67C333BF0BD42E42B8596854B ] VSS C:\WINDOWS\System32\vssvc.exe
    19:34:25.0687 10044 VSS - ok
    19:34:25.0734 10044 [ 54AF4B1D5459500EF0937F6D33B1914F ] w32time C:\WINDOWS\system32\w32time.dll
    19:34:26.0109 10044 w32time - ok
    19:34:26.0171 10044 [ E20B95BAEDB550F32DD489265C1DA1F6 ] Wanarp C:\WINDOWS\system32\DRIVERS\wanarp.sys
    19:34:26.0500 10044 Wanarp - ok
    19:34:26.0515 10044 wanatw - ok
    19:34:26.0515 10044 WDICA - ok
    19:34:26.0593 10044 [ 6768ACF64B18196494413695F0C3A00F ] wdmaud C:\WINDOWS\system32\drivers\wdmaud.sys
    19:34:26.0921 10044 wdmaud - ok
    19:34:27.0078 10044 [ 77A354E28153AD2D5E120A5A8687BC06 ] WebClient C:\WINDOWS\System32\webclnt.dll
    19:34:27.0484 10044 WebClient - ok
    19:34:27.0609 10044 [ 2D0E4ED081963804CCC196A0929275B5 ] winmgmt C:\WINDOWS\system32\wbem\WMIsvc.dll
    19:34:27.0859 10044 winmgmt - ok
    19:34:27.0921 10044 [ C51B4A5C05A5475708E3C81C7765B71D ] WmdmPmSN C:\WINDOWS\system32\MsPMSNSv.dll
    19:34:28.0093 10044 WmdmPmSN - ok
    19:34:28.0140 10044 [ E0673F1106E62A68D2257E376079F821 ] WmiApSrv C:\WINDOWS\system32\wbem\wmiapsrv.exe
    19:34:28.0484 10044 WmiApSrv - ok
    19:34:28.0593 10044 [ F74E3D9A7FA9556C3BBB14D4E5E63D3B ] WMPNetworkSvc C:\Program Files\Windows Media Player\WMPNetwk.exe
    19:34:28.0671 10044 WMPNetworkSvc - ok
    19:34:28.0734 10044 [ CF4DEF1BF66F06964DC0D91844239104 ] WpdUsb C:\WINDOWS\system32\DRIVERS\wpdusb.sys
    19:34:28.0812 10044 WpdUsb - ok
    19:34:28.0890 10044 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
    19:34:29.0031 10044 WPFFontCache_v0400 - ok
    19:34:29.0156 10044 [ 6ABE6E225ADB5A751622A9CC3BC19CE8 ] WS2IFSL C:\WINDOWS\System32\drivers\ws2ifsl.sys
    19:34:29.0500 10044 WS2IFSL - ok
    19:34:29.0562 10044 [ 7C278E6408D1DCE642230C0585A854D5 ] wscsvc C:\WINDOWS\system32\wscsvc.dll
    19:34:29.0859 10044 wscsvc - ok
    19:34:29.0890 10044 [ C98B39829C2BBD34E454150633C62C78 ] WSTCODEC C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
    19:34:30.0187 10044 WSTCODEC - ok
    19:34:30.0218 10044 [ 35321FB577CDC98CE3EB3A3EB9E4610A ] wuauserv C:\WINDOWS\system32\wuauserv.dll
    19:34:30.0562 10044 wuauserv - ok
    19:34:30.0625 10044 [ F15FEAFFFBB3644CCC80C5DA584E6311 ] WudfPf C:\WINDOWS\system32\DRIVERS\WudfPf.sys
    19:34:30.0765 10044 WudfPf - ok
    19:34:30.0812 10044 [ 28B524262BCE6DE1F7EF9F510BA3985B ] WudfRd C:\WINDOWS\system32\DRIVERS\wudfrd.sys
    19:34:30.0906 10044 WudfRd - ok
    19:34:30.0937 10044 [ 05231C04253C5BC30B26CBAAE680ED89 ] WudfSvc C:\WINDOWS\System32\WUDFSvc.dll
    19:34:31.0062 10044 WudfSvc - ok
    19:34:31.0281 10044 [ 81DC3F549F44B1C1FFF022DEC9ECF30B ] WZCSVC C:\WINDOWS\System32\wzcsvc.dll
    19:34:31.0671 10044 WZCSVC - ok
    19:34:31.0718 10044 [ 295D21F14C335B53CB8154E5B1F892B9 ] xmlprov C:\WINDOWS\System32\xmlprov.dll
    19:34:32.0046 10044 xmlprov - ok
    19:34:32.0062 10044 ================ Scan global ===============================
    19:34:32.0109 10044 [ 42F1F4C0AFB08410E5F02D4B13EBB623 ] C:\WINDOWS\system32\basesrv.dll
    19:34:32.0187 10044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    19:34:32.0234 10044 [ 8C7DCA4B158BF16894120786A7A5F366 ] C:\WINDOWS\system32\winsrv.dll
    19:34:32.0375 10044 [ 65DF52F5B8B6E9BBD183505225C37315 ] C:\WINDOWS\system32\services.exe
    19:34:32.0421 10044 [Global] - ok
    19:34:32.0437 10044 ================ Scan MBR ==================================
    19:34:32.0468 10044 [ A03E065717CB65F3034AD33AD58B6BBA ] \Device\Harddisk0\DR0
    19:34:32.0890 10044 \Device\Harddisk0\DR0 - ok
    19:34:32.0906 10044 ================ Scan VBR ==================================
    19:34:32.0937 10044 [ 88B48D37807C4BA611529636815C8643 ] \Device\Harddisk0\DR0\Partition1
    19:34:32.0937 10044 \Device\Harddisk0\DR0\Partition1 - ok
    19:34:32.0984 10044 ============================================================
    19:34:32.0984 10044 Scan finished
    19:34:32.0984 10044 ============================================================
    19:34:33.0156 10048 Detected object count: 18
    19:34:33.0156 10048 Actual detected object count: 18
    19:35:21.0484 10048 ASCTRM ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0484 10048 ASCTRM ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0484 10048 BANTExt ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0484 10048 BANTExt ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0484 10048 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0484 10048 DCamUSBSQTECH ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0562 10048 drvmcdb ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0562 10048 drvmcdb ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0562 10048 drvnddm ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0562 10048 drvnddm ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0562 10048 NetSvc ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0562 10048 NetSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0562 10048 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0562 10048 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0593 10048 sscdbhk5 ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0593 10048 sscdbhk5 ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0593 10048 ssrtln ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0593 10048 ssrtln ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0593 10048 tfsnboio ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0593 10048 tfsnboio ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0593 10048 tfsncofs ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0593 10048 tfsncofs ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0593 10048 tfsndrct ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0593 10048 tfsndrct ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0593 10048 tfsndres ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0593 10048 tfsndres ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0593 10048 tfsnifs ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0593 10048 tfsnifs ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0593 10048 tfsnopio ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0593 10048 tfsnopio ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0593 10048 tfsnpool ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0593 10048 tfsnpool ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0593 10048 tfsnudf ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0593 10048 tfsnudf ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:35:21.0609 10048 tfsnudfa ( UnsignedFile.Multi.Generic ) - skipped by user
    19:35:21.0609 10048 tfsnudfa ( UnsignedFile.Multi.Generic ) - User select action: Skip
    19:36:03.0078 9592 Deinitialize success
  8. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    And, here is the OTL log.

    Thanks again!

    Attached Files:

    • OTL.Txt
      File size:
      136.9 KB
      Views:
      1
  9. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)


    Adware Cleaning

    Please download AdwCleaner by Xplode onto your Desktop.
    • Double click on AdwCleaner.exe to run the tool.
    • Click on Delete.
    • A logfile will automatically open after the scan has finished.
    • Please post the content of that logfile in your reply.
    • You can find the logfile at C:\AdwCleaner[Rn].txt as well - n is the order number.


    Junkware Removal Tool

    Please download Junkware Removal Tool to your desktop.
    • Warning! Once the scan is complete JRT will shut down your browser with NO warning.
    • Shut down your protection software now to avoid potential conflicts.
    • Temporarily disable your antivirus and any antispyware real time protection before performing a scan. Click this link to see a list of security programs that should be disabled and how to disable them.
    • Run the tool by double-clicking it. If you are using Windows Vista or Windows 7, right-click JRT and select Run as Administrator
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Copy and Paste the JRT.txt log into your next message.


    Once that's all done, run OTL Quick Scan again and post a new log. :D
  10. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    Okay... here's the first log you requested. OTL moved files.

    Thanks!

    All processes killed
    ========== OTL ==========
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
    Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C04B7D22-5AEC-4561-8F49-27F6269208F6}\ not found.
    Prefs.js: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 removed from extensions.enabledItems
    Prefs.js: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32 removed from extensions.enabledItems
    Prefs.js: "Ask.com" removed from browser.search.defaultengine
    Prefs.js: "Ask.com" removed from browser.search.defaultenginename
    Prefs.js: "WhiteSmoke B Customized Web Search" removed from browser.search.defaultthis.engineName
    Prefs.js: "http://search.conduit.com/ResultsEx...rce=3&q={searchTerms}&CUI=UN36138580159123249 removed from browser.search.defaulturl
    Prefs.js: "Ask.com" removed from browser.search.order.1
    Prefs.js: toolbar@ask.com:3.15.4.100013 removed from extensions.enabledItems
    Prefs.js: "Web Search" removed from sweetim.toolbar.previous.browser.search.selectedEngine
    C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\askcom.xml moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\conduit.xml moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\my-web-search.xml moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\search-here.xml moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\searchplugins\sweetim.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober1292075640.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober1295915437.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober150142718.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober200790343.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober420322000.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober563574828.xml moved successfully.
    C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober904917562.xml moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7E97865-918F-41E4-9CD0-25AB1C574CE8} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}\ not found.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
    Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
    Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
    Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtectAll deleted successfully.
    C:\Program Files\SearchProtect\bin\cltmng.exe moved successfully.
    Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\SearchProtect deleted successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\bin\cltmng.exe moved successfully.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Conduit\Community Alerts\Log folder moved successfully.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Conduit\Community Alerts folder moved successfully.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Conduit folder moved successfully.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Updater19962 folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\DefaultTab folder moved successfully.
    C:\Program Files\Supreme Savings folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\APN\APN-Stub\W3IV6-G folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\APN\APN-Stub folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\APN folder moved successfully.
    C:\Program Files\UnfriendApp\IE folder moved successfully.
    C:\Program Files\UnfriendApp\Firefox\chrome\content folder moved successfully.
    C:\Program Files\UnfriendApp\Firefox\chrome folder moved successfully.
    C:\Program Files\UnfriendApp\Firefox folder moved successfully.
    C:\Program Files\UnfriendApp\Chrome\unzip\plugin folder moved successfully.
    C:\Program Files\UnfriendApp\Chrome\unzip folder moved successfully.
    C:\Program Files\UnfriendApp\Chrome folder moved successfully.
    C:\Program Files\UnfriendApp folder moved successfully.
    C:\Program Files\DomaIQ Uninstaller folder moved successfully.
    C:\Documents and Settings\All Users\Start Menu\Programs\FlashPlayer folder moved successfully.
    C:\Program Files\Tuguu SL\FlashPlayer\languages folder moved successfully.
    C:\Program Files\Tuguu SL\FlashPlayer folder moved successfully.
    C:\Program Files\Tuguu SL folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\player\images folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\player folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SwvUpdater folder moved successfully.
    C:\Program Files\SearchProtect\ffprotect folder moved successfully.
    C:\Program Files\SearchProtect\Dialogs\spsd\images folder moved successfully.
    C:\Program Files\SearchProtect\Dialogs\spsd folder moved successfully.
    C:\Program Files\SearchProtect\Dialogs\spbd\images folder moved successfully.
    C:\Program Files\SearchProtect\Dialogs\spbd folder moved successfully.
    C:\Program Files\SearchProtect\Dialogs\lib folder moved successfully.
    C:\Program Files\SearchProtect\Dialogs folder moved successfully.
    C:\Program Files\SearchProtect\bin folder moved successfully.
    C:\Program Files\SearchProtect folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Res folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\SProtectorRepository folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs\spsd\images folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs\spsd folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs\spbd\images folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs\spbd folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs\lib folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect\Dialogs folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\ffprotect folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs\spsd\images folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs\spsd folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs\spbd\images folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs\spbd folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs\lib folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\Dialogs folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect\bin folder moved successfully.
    C:\Documents and Settings\spirit paglia\Application Data\SearchProtect folder moved successfully.
    C:\Program Files\Conduit\Community Alerts folder moved successfully.
    C:\Program Files\Conduit folder moved successfully.
    ========== FILES ==========
    < ipconfig /flushdns /c >
    Windows IP Configuration
    Successfully flushed the DNS Resolver Cache.
    C:\Documents and Settings\spirit paglia\Desktop\cmd.bat deleted successfully.
    C:\Documents and Settings\spirit paglia\Desktop\cmd.txt deleted successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 65670 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 49286 bytes

    User: spirit paglia
    ->Temp folder emptied: 589832 bytes
    ->Temporary Internet Files folder emptied: 1212818 bytes
    ->Java cache emptied: 42340698 bytes
    ->FireFox cache emptied: 86489355 bytes
    ->Google Chrome cache emptied: 10163929 bytes
    ->Flash cache emptied: 523 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 2577 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 34318 bytes
    RecycleBin emptied: 0 bytes

    Total Files Cleaned = 134.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02282013_111022

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  11. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    This is the Adware Cleaning log and I am doing the Junk Removal Tool right now. I think you are asking me to post these separately so here is the Adware and the other will follow once done.

    Thanks again and again!

    # AdwCleaner v2.113 - Logfile created 02/28/2013 at 11:27:16
    # Updated 23/02/2013 by Xplode
    # Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
    # User : spirit paglia - SPIRIT
    # Boot Mode : Normal
    # Running from : C:\Documents and Settings\spirit paglia\Desktop\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : CltMngSvc

    ***** [Files / Folders] *****

    File Deleted : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\extensions\addon@defaulttab.com.xpi
    File Deleted : C:\END
    File Deleted : C:\WINDOWS\Tasks\AmiUpdXp.job
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
    Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
    Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\iWin
    Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\CT3196716
    Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}
    Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\Smartbar
    Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\SweetIMToolbarData
    Folder Deleted : C:\Documents and Settings\spirit paglia\Application Data\Viewpoint
    Folder Deleted : C:\Program Files\AppGraffiti
    Folder Deleted : C:\Program Files\Free Offers from Freeze.com

    ***** [Registry] *****

    Key Deleted : HKCU\Software\ConduitSearchScopes
    Key Deleted : HKCU\Software\Crossrider
    Key Deleted : HKCU\Software\CToolbar
    Key Deleted : HKCU\Software\Default Tab
    Key Deleted : HKCU\Software\InstalledBrowserExtensions
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1A0AADCD-3A72-4B5F-900F-E3BB5A838E2A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BC4FFE41-DE9F-46FA-B455-AAD49B9F9938}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKCU\Software\SearchProtect
    Key Deleted : HKCU\Software\SmartBar
    Key Deleted : HKCU\Software\SWEETIE
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
    Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC99A798-FD3D-4AB4-969E-6071612524F9}
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.BHO
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox
    Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0019962.Sandbox.1
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3ED53C5-7AD5-4DF5-9734-AFB6E7E5D9DB}
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3287819
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
    Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\CToolbar
    Key Deleted : HKLM\Software\Default Tab
    Key Deleted : HKLM\Software\Freeze.com
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\DefaultTab
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{03F998B2-0E00-11D3-A498-00104B6EB52E}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D7E97865-918F-41E4-9CD0-25AB1C574CE8}
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
    Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
    Key Deleted : HKLM\Software\SearchProtect
    Key Deleted : HKLM\Software\Viewpoint

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v8.0.6001.18702

    [OK] Registry is clean.

    -\\ Mozilla Firefox v20.0 (en-US)

    File : C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\prefs.js

    C:\Documents and Settings\spirit paglia\Application Data\Mozilla\Firefox\Profiles\po8ykea7.default\user.js ... Deleted !

    Deleted : user_pref("CT3196716.1000082.isDisplayHidden", "true");
    Deleted : user_pref("CT3196716.1000082.shrinkState", "shrinked");
    Deleted : user_pref("CT3196716.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Deleted : user_pref("CT3196716.1000234.TWC_TMP_city", "BOISE");
    Deleted : user_pref("CT3196716.1000234.TWC_TMP_country", "US");
    Deleted : user_pref("CT3196716.1000234.TWC_locId", "USID0025");
    Deleted : user_pref("CT3196716.1000234.TWC_location", "Boise, ID");
    Deleted : user_pref("CT3196716.1000234.TWC_region", "US");
    Deleted : user_pref("CT3196716.1000234.TWC_temp_dis", "f");
    Deleted : user_pref("CT3196716.1000234.TWC_wind_dis", "mph");
    Deleted : user_pref("CT3196716.1000234.weatherData", "{\"icon\":\"34.png\",\"temperature\":\"54°F\",\"temperat[...]
    Deleted : user_pref("CT3196716.CBOpenMAMSettings.enc", "MA==");
    Deleted : user_pref("CT3196716.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3196716.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3196716.FirstTime", "true");
    Deleted : user_pref("CT3196716.FirstTimeFF3", "true");
    Deleted : user_pref("CT3196716.UserID", "UN03767417218217195");
    Deleted : user_pref("CT3196716.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3196716.cb_experience_000", "MQ==");
    Deleted : user_pref("CT3196716.cb_firstuse0100", "MQ==");
    Deleted : user_pref("CT3196716.cbcountry_001.enc", "VVM=");
    Deleted : user_pref("CT3196716.cbfirsttime.enc", "RnJpIE9jdCAxMiAyMDEyIDIwOjQ0OjMxIEdNVC0wNjAwIChNb3VudGFpbiBE[...]
    Deleted : user_pref("CT3196716.embeddedsData", "[{\"appId\":\"129755756826636815\",\"apiPermissions\":{\"cross[...]
    Deleted : user_pref("CT3196716.enableAlerts", "never");
    Deleted : user_pref("CT3196716.event_data.enc", "JTVCJTVE");
    Deleted : user_pref("CT3196716.fired_events.enc", "AA==");
    Deleted : user_pref("CT3196716.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3196716.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3196716.fixUrls", true);
    Deleted : user_pref("CT3196716.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES", "b3[...]
    Deleted : user_pref("CT3196716.installType", "Unknown");
    Deleted : user_pref("CT3196716.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT3196716.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3196716.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT3196716.isNewTabEnabled", false);
    Deleted : user_pref("CT3196716.isPerformedSmartBarTransition", "true");
    Deleted : user_pref("CT3196716.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3196716.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3196716.key_date.enc", "NQ==");
    Deleted : user_pref("CT3196716.keyword", true);
    Deleted : user_pref("CT3196716.migrateAppsAndComponents", true);
    Deleted : user_pref("CT3196716.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
    Deleted : user_pref("CT3196716.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3196716.search.searchAppId", "129755756826636815");
    Deleted : user_pref("CT3196716.search.searchCount", "0");
    Deleted : user_pref("CT3196716.searchInNewTabEnabled", "false");
    Deleted : user_pref("CT3196716.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3196716.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3196716.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3196716.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3196716.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3196716.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1354477942290");
    Deleted : user_pref("CT3196716.serviceLayer_services_appTracking_lastUpdate", "1353685325777");
    Deleted : user_pref("CT3196716.serviceLayer_services_appsMetadata_lastUpdate", "1354723955452");
    Deleted : user_pref("CT3196716.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1353740659864");
    Deleted : user_pref("CT3196716.serviceLayer_services_login_10.13.1.89_lastUpdate", "1361763468612");
    Deleted : user_pref("CT3196716.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13546[...]
    Deleted : user_pref("CT3196716.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13546[...]
    Deleted : user_pref("CT3196716.serviceLayer_services_optimizer_lastUpdate", "1354723839520");
    Deleted : user_pref("CT3196716.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1353740660043");
    Deleted : user_pref("CT3196716.serviceLayer_services_searchAPI_lastUpdate", "1354723956090");
    Deleted : user_pref("CT3196716.serviceLayer_services_serviceMap_lastUpdate", "1361760841202");
    Deleted : user_pref("CT3196716.serviceLayer_services_toolbarContextMenu_lastUpdate", "1353740659704");
    Deleted : user_pref("CT3196716.serviceLayer_services_toolbarSettings_lastUpdate", "1361775399489");
    Deleted : user_pref("CT3196716.serviceLayer_services_translation_lastUpdate", "1361760841551");
    Deleted : user_pref("CT3196716.settingsINI", true);
    Deleted : user_pref("CT3196716.smartbar.CTID", "CT3196716");
    Deleted : user_pref("CT3196716.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3196716.smartbar.isHidden", true);
    Deleted : user_pref("CT3196716.smartbar.toolbarName", "WiseConvert ");
    Deleted : user_pref("CT3196716.startPage", "userChanged");
    Deleted : user_pref("CT3196716.toolbarBornServerTime", "13-10-2012");
    Deleted : user_pref("CT3196716.toolbarCurrentServerTime", "25-2-2013");
    Deleted : user_pref("CT3196716.url_history0001.enc", "aHR0cDovL3d3dy5wb2dvLmNvbS9hY2NvdW50L215LWFjY291bnQuZG8/[...]
    Deleted : user_pref("CT3196716_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("CT3239904_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("CT3279141.1000082.isPlayDisplay", "true");
    Deleted : user_pref("CT3279141.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
    Deleted : user_pref("CT3279141.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3279141.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3279141.FF19Solved", "true");
    Deleted : user_pref("CT3279141.FirstTime", "true");
    Deleted : user_pref("CT3279141.FirstTimeFF3", "true");
    Deleted : user_pref("CT3279141.PG_ENABLE", "dHJ1ZQ==");
    Deleted : user_pref("CT3279141.PG_ENABLE.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3279141.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT327[...]
    Deleted : user_pref("CT3279141.UserID", "UN36138580159123249");
    Deleted : user_pref("CT3279141.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3279141.autoDisableScopes", -1);
    Deleted : user_pref("CT3279141.browser.search.defaultthis.engineName", "true");
    Deleted : user_pref("CT3279141.cbfirsttime.enc", "U3VuIEZlYiAyNCAyMDEzIDEyOjM2OjM5IEdNVC0wNzAwIChNb3VudGFpbiBT[...]
    Deleted : user_pref("CT3279141.defaultSearch", "true");
    Deleted : user_pref("CT3279141.enableAlerts", "always");
    Deleted : user_pref("CT3279141.enableFix404ByUser", "TRUE");
    Deleted : user_pref("CT3279141.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT3279141.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3279141.fixPageNotFoundError", "true");
    Deleted : user_pref("CT3279141.fixPageNotFoundErrorByUser", "true");
    Deleted : user_pref("CT3279141.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3279141.fixUrls", true);
    Deleted : user_pref("CT3279141.homepageuserchanged", true);
    Deleted : user_pref("CT3279141.hxxp___api21_starwebnet_com.pid2.enc", "NDliNWZiNzQ0MWU5ZmJiMQ==");
    Deleted : user_pref("CT3279141.hxxp___api22_starwebnet_com.pid2.enc", "NDliNWZiNzQ0MWU5ZmJiMQ==");
    Deleted : user_pref("CT3279141.installDate", "24/2/2013 12:31:02");
    Deleted : user_pref("CT3279141.installId", "9818");
    Deleted : user_pref("CT3279141.installType", "conduitnsisintegration");
    Deleted : user_pref("CT3279141.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT3279141.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3279141.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT3279141.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3279141.keyword", "true");
    Deleted : user_pref("CT3279141.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit[...]
    Deleted : user_pref("CT3279141.lastVersion", "10.14.65.43");
    Deleted : user_pref("CT3279141.mam_gk_CouponBuddy_appState.enc", "b24=");
    Deleted : user_pref("CT3279141.mam_gk_PriceGong_appState.enc", "b24=");
    Deleted : user_pref("CT3279141.mam_gk_appStateReportTime.enc", "MTM2MTczNDU5NDY3Mg==");
    Deleted : user_pref("CT3279141.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
    Deleted : user_pref("CT3279141.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
    Deleted : user_pref("CT3279141.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
    Deleted : user_pref("CT3279141.mam_gk_currentVersion.enc", "MS40LjAuNA==");
    Deleted : user_pref("CT3279141.mam_gk_eventsCache.enc", "eyI5YzA5ZTllNS1jODA3LTQ3NDMtOGIzYi0zNzZjMTA5MTY4YjAiO[...]
    Deleted : user_pref("CT3279141.mam_gk_first_time.enc", "MQ==");
    Deleted : user_pref("CT3279141.mam_gk_gadgetOpen.enc", "MA==");
    Deleted : user_pref("CT3279141.mam_gk_lastLoginTime.enc", "MTM2MTczNDU5MjYwMw==");
    Deleted : user_pref("CT3279141.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
    Deleted : user_pref("CT3279141.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3279141.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
    Deleted : user_pref("CT3279141.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3279141.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
    Deleted : user_pref("CT3279141.mam_gk_userId.enc", "ZDQ5ZWU0NDctYmFmMy00MjM0LTliMzQtOGUxM2FiZTUwYzFi");
    Deleted : user_pref("CT3279141.mam_gk_user_apps_selection.enc", "");
    Deleted : user_pref("CT3279141.migrateAppsAndComponents", true);
    Deleted : user_pref("CT3279141.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
    Deleted : user_pref("CT3279141.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3279141.openThankYouPage", "false");
    Deleted : user_pref("CT3279141.openUninstallPage", "true");
    Deleted : user_pref("CT3279141.revertSettingsEnabled", "true");
    Deleted : user_pref("CT3279141.search.searchAppId", "130028020976478709");
    Deleted : user_pref("CT3279141.search.searchCount", "0");
    Deleted : user_pref("CT3279141.searchFromAddressBarEnabledByUser", "true");
    Deleted : user_pref("CT3279141.searchInNewTabEnabledByUser", "true");
    Deleted : user_pref("CT3279141.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3279141.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3279141.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3279141.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3279141.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3279141.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361734567024");
    Deleted : user_pref("CT3279141.serviceLayer_services_appsMetadata_lastUpdate", "1361734566602");
    Deleted : user_pref("CT3279141.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361734566161");
    Deleted : user_pref("CT3279141.serviceLayer_services_location_lastUpdate", "1361734561080");
    Deleted : user_pref("CT3279141.serviceLayer_services_login_10.14.65.43_lastUpdate", "1361811048595");
    Deleted : user_pref("CT3279141.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361734566391");
    Deleted : user_pref("CT3279141.serviceLayer_services_searchAPI_lastUpdate", "1361734561105");
    Deleted : user_pref("CT3279141.serviceLayer_services_serviceMap_lastUpdate", "1361734558625");
    Deleted : user_pref("CT3279141.serviceLayer_services_setupAPI_lastUpdate", "1361734567051");
    Deleted : user_pref("CT3279141.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361734565929");
    Deleted : user_pref("CT3279141.serviceLayer_services_toolbarSettings_lastUpdate", "1361811048100");
    Deleted : user_pref("CT3279141.serviceLayer_services_translation_lastUpdate", "1361734566887");
    Deleted : user_pref("CT3279141.settingsINI", true);
    Deleted : user_pref("CT3279141.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3279141.smartbar.CTID", "CT3279141");
    Deleted : user_pref("CT3279141.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3279141.smartbar.homepage", true);
    Deleted : user_pref("CT3279141.smartbar.isHidden", true);
    Deleted : user_pref("CT3279141.smartbar.toolbarName", "WhiteSmoke B ");
    Deleted : user_pref("CT3279141.startPage", "true");
    Deleted : user_pref("CT3279141.toolbarBornServerTime", "24-2-2013");
    Deleted : user_pref("CT3279141.toolbarCurrentServerTime", "25-2-2013");
    Deleted : user_pref("CT3279141.toolbarDisabled", "true");
    Deleted : user_pref("CT3279141_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("CT3287819.1000082.isPlayDisplay", "true");
    Deleted : user_pref("CT3287819.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
    Deleted : user_pref("CT3287819.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3287819.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
    Deleted : user_pref("CT3287819.FF19Solved", "true");
    Deleted : user_pref("CT3287819.FirstTime", "true");
    Deleted : user_pref("CT3287819.FirstTimeFF3", "true");
    Deleted : user_pref("CT3287819.PG_ENABLE", "dHJ1ZQ==");
    Deleted : user_pref("CT3287819.PG_ENABLE.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3287819.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT328[...]
    Deleted : user_pref("CT3287819.TopHitsConfig.enc", "ew0KICAgICJzcHJpdGVVcmwiOiAiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC[...]
    Deleted : user_pref("CT3287819.UserID", "UN82496642111303658");
    Deleted : user_pref("CT3287819.YTbyClickFavorites.enc", "W10=");
    Deleted : user_pref("CT3287819.YTbyClickRecent.enc", "W10=");
    Deleted : user_pref("CT3287819.addressBarTakeOverEnabledInHidden", "true");
    Deleted : user_pref("CT3287819.browser.search.defaultthis.engineName", "true");
    Deleted : user_pref("CT3287819.cbfirsttime.enc", "U3VuIEZlYiAyNCAyMDEzIDEyOjM2OjM5IEdNVC0wNzAwIChNb3VudGFpbiBT[...]
    Deleted : user_pref("CT3287819.defaultSearch", "true");
    Deleted : user_pref("CT3287819.enableAlerts", "always");
    Deleted : user_pref("CT3287819.enableFix404ByUser", "TRUE");
    Deleted : user_pref("CT3287819.enableSearchFromAddressBar", "true");
    Deleted : user_pref("CT3287819.firstTimeDialogOpened", "true");
    Deleted : user_pref("CT3287819.fixPageNotFoundError", "true");
    Deleted : user_pref("CT3287819.fixPageNotFoundErrorByUser", "true");
    Deleted : user_pref("CT3287819.fixPageNotFoundErrorInHidden", "true");
    Deleted : user_pref("CT3287819.fixUrls", true);
    Deleted : user_pref("CT3287819.homepageuserchanged", true);
    Deleted : user_pref("CT3287819.installDate", "24/2/2013 12:18:14");
    Deleted : user_pref("CT3287819.installId", "aaa_cid119_83");
    Deleted : user_pref("CT3287819.installType", "conduitnsisintegration");
    Deleted : user_pref("CT3287819.isCheckedStartAsHidden", true);
    Deleted : user_pref("CT3287819.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3287819.isFirstTimeToolbarLoading", "false");
    Deleted : user_pref("CT3287819.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
    Deleted : user_pref("CT3287819.keyword", true);
    Deleted : user_pref("CT3287819.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
    Deleted : user_pref("CT3287819.lastVersion", "10.14.65.43");
    Deleted : user_pref("CT3287819.mam_gk_CouponBuddy_appState.enc", "b24=");
    Deleted : user_pref("CT3287819.mam_gk_PriceGong_appState.enc", "b24=");
    Deleted : user_pref("CT3287819.mam_gk_appStateReportTime.enc", "MTM2MTczNDU5NDY2NQ==");
    Deleted : user_pref("CT3287819.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
    Deleted : user_pref("CT3287819.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
    Deleted : user_pref("CT3287819.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlByaWNlR29uZyIsImN[...]
    Deleted : user_pref("CT3287819.mam_gk_currentVersion.enc", "MS40LjAuNA==");
    Deleted : user_pref("CT3287819.mam_gk_eventsCache.enc", "eyIxMGQzMWYwMy00YTBkLTQzZTktOTZiMy1jYWY4NGVmYWQ5YjEiO[...]
    Deleted : user_pref("CT3287819.mam_gk_first_time.enc", "MQ==");
    Deleted : user_pref("CT3287819.mam_gk_gadgetOpen.enc", "MA==");
    Deleted : user_pref("CT3287819.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
    Deleted : user_pref("CT3287819.mam_gk_lastLoginTime.enc", "MTM2MTczNDU5MjEzMA==");
    Deleted : user_pref("CT3287819.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
    Deleted : user_pref("CT3287819.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3287819.mam_gk_settings1.4.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
    Deleted : user_pref("CT3287819.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
    Deleted : user_pref("CT3287819.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
    Deleted : user_pref("CT3287819.mam_gk_userId.enc", "NmY0ZjZkZDgtNDdlZS00MWZlLTllNzgtMDI5NmNiMzNkMTgy");
    Deleted : user_pref("CT3287819.mam_gk_user_apps_selection.enc", "");
    Deleted : user_pref("CT3287819.migrateAppsAndComponents", true);
    Deleted : user_pref("CT3287819.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]
    Deleted : user_pref("CT3287819.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
    Deleted : user_pref("CT3287819.openThankYouPage", "false");
    Deleted : user_pref("CT3287819.openUninstallPage", "true");
    Deleted : user_pref("CT3287819.revertSettingsEnabled", "false");
    Deleted : user_pref("CT3287819.search.searchAppId", "130058556828882104");
    Deleted : user_pref("CT3287819.search.searchCount", "0");
    Deleted : user_pref("CT3287819.searchFromAddressBarEnabledByUser", "true");
    Deleted : user_pref("CT3287819.searchInNewTabEnabledByUser", "true");
    Deleted : user_pref("CT3287819.searchInNewTabEnabledInHidden", "true");
    Deleted : user_pref("CT3287819.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
    Deleted : user_pref("CT3287819.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
    Deleted : user_pref("CT3287819.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
    Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
    Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
    Deleted : user_pref("CT3287819.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
    Deleted : user_pref("CT3287819.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1361734570706");
    Deleted : user_pref("CT3287819.serviceLayer_services_appsMetadata_lastUpdate", "1361734567284");
    Deleted : user_pref("CT3287819.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1361734571998");
    Deleted : user_pref("CT3287819.serviceLayer_services_location_lastUpdate", "1361734565733");
    Deleted : user_pref("CT3287819.serviceLayer_services_login_10.14.65.43_lastUpdate", "1361811050036");
    Deleted : user_pref("CT3287819.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1361734572191");
    Deleted : user_pref("CT3287819.serviceLayer_services_searchAPI_lastUpdate", "1361734561142");
    Deleted : user_pref("CT3287819.serviceLayer_services_serviceMap_lastUpdate", "1361734558686");
    Deleted : user_pref("CT3287819.serviceLayer_services_setupAPI_lastUpdate", "1361734571587");
    Deleted : user_pref("CT3287819.serviceLayer_services_toolbarContextMenu_lastUpdate", "1361734571756");
    Deleted : user_pref("CT3287819.serviceLayer_services_toolbarSettings_lastUpdate", "1361811049955");
    Deleted : user_pref("CT3287819.serviceLayer_services_translation_lastUpdate", "1361734572477");
    Deleted : user_pref("CT3287819.settingsINI", true);
    Deleted : user_pref("CT3287819.shouldFirstTimeDialog", "false");
    Deleted : user_pref("CT3287819.smartbar.CTID", "CT3287819");
    Deleted : user_pref("CT3287819.smartbar.Uninstall", "0");
    Deleted : user_pref("CT3287819.smartbar.homepage", "true");
    Deleted : user_pref("CT3287819.smartbar.isHidden", true);
    Deleted : user_pref("CT3287819.smartbar.toolbarName", "MixiDJ V5 ");
    Deleted : user_pref("CT3287819.startPage", "true");
    Deleted : user_pref("CT3287819.toolbarBornServerTime", "24-2-2013");
    Deleted : user_pref("CT3287819.toolbarCurrentServerTime", "25-2-2013");
    Deleted : user_pref("CT3287819.toolbarDisabled", "true");
    Deleted : user_pref("CT3287819_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
    Deleted : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287819&SearchSource=1[...]
    Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
    Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
    Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain[...]
    Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3287819");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279141&Sea[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationThankYouPage", true);
    Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationTime", 1361733293);
    Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.searchUserConifrmation", fal[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setHomepage", false);
    Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setNewTab", false);
    Deleted : user_pref("extensions.crossriderapp19962.19962.InstallationUserSettings.setSearch", false);
    Deleted : user_pref("extensions.crossriderapp19962.19962.active", true);
    Deleted : user_pref("extensions.crossriderapp19962.19962.addressbar", "");
    Deleted : user_pref("extensions.crossriderapp19962.19962.addressbarenhanced", "");
    Deleted : user_pref("extensions.crossriderapp19962.19962.backgroundjs", "\n\n//\n");
    Deleted : user_pref("extensions.crossriderapp19962.19962.backgroundver", 32);
    Deleted : user_pref("extensions.crossriderapp19962.19962.can_run_bg_code", true);
    Deleted : user_pref("extensions.crossriderapp19962.19962.certdomaininstaller", "");
    Deleted : user_pref("extensions.crossriderapp19962.19962.changeprevious", false);
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.InstallationTime.value", "1361733293");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.InstallerParams.expiration", "Fri Feb 01 2030 [...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:0[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_aoi.value", "1361733293");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_country_code.expiration", "Sun Mar 03 201[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_country_code.value", "%22US%22");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:0[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_crr.value", "1361810912");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_currenttime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_currenttime.value", "%221361537295%22");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 0[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_hotfix20111102645.value", "%221%22");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installer_params.expiration", "Fri Feb 01[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installer_params.value", "%7B%22source_id[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installtime.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_installtime.value", "%221361537295%22");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_parent_zoneid.value", "%22141539%22");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_pc_20120828.value", "1361734967695");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 [...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_product_id.value", "%221382%22");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr[pogo.com].expiration", "Mon Feb 25 201[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_sr[pogo.com].value", "1361735515");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:0[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie._GPL_zoneid.value", "%22148532%22");
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 [...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.cookie.dbtest.value", "1361734802100");
    Deleted : user_pref("extensions.crossriderapp19962.19962.description", "Supreme Savings");
    Deleted : user_pref("extensions.crossriderapp19962.19962.domain", "");
    Deleted : user_pref("extensions.crossriderapp19962.19962.enablesearch", false);
    Deleted : user_pref("extensions.crossriderapp19962.19962.homepage", "");
    Deleted : user_pref("extensions.crossriderapp19962.19962.iframe", false);
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.expiration", "Fri Feb[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.InstallerIdentifiers.value", "%7B%22instal[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_appVer.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_appVer.value", "44");
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.expiration", "Fri Fe[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_lastVersion.value", "1");
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_meta.expiration", "Fri Feb 01 20[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_meta.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.expiration", "Mon Feb [...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_nextCheck.value", "true");
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_queue.expiration", "Fri Feb 01 2[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_queue.value", "%7B%7D");
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_remote_resources.expiration", "F[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.Resources_remote_resources.value", "%7B%22[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.SoftwareDetected.expiration", "Fri Feb 01 [...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.internaldb.SoftwareDetected.value", "%7B%22AnySoftwar[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.manifesturl", "");
    Deleted : user_pref("extensions.crossriderapp19962.19962.name", "Supreme Savings");
    Deleted : user_pref("extensions.crossriderapp19962.19962.newtab", "");
    Deleted : user_pref("extensions.crossriderapp19962.19962.opensearch", "");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.code", "appAPI._cr_config={appID:fun[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.name", "base");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1.ver", 4);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.code", "Array.prototype.indexO[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000014.ver", 15);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.code", "var a=appAPI.db.getLis[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.name", "GPL Background (BG)");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_1000015.ver", 33);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.code", "(function(a){a.selectedText[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.name", "CrossriderAppUtils");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_13.ver", 2);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.code", "if(typeof(appAPI)===\"undef[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.name", "CrossriderUtils");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_14.ver", 2);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.code", "if((typeof isBackground===\[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.name", "FFAppAPIWrapper");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_16.ver", 5);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.code", "if(typeof window!==\"undefi[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.name", "jQuery");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_17.ver", 3);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.code", "var CrossriderDebugManager=[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.name", "debug");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_21.ver", 3);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.code", "(function(a){appAPI.queueMa[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.name", "resources");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_22.ver", 2);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.code", "var CrossriderInitializerPl[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.name", "initializer");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_28.ver", 2);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.code", "var jQuery = $jquery_171 = $[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.name", "jquery_1_7_1");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_4.ver", 3);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.code", "(function(){appAPI.ready=fu[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.name", "resources_background");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_47.ver", 1);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.code", "(function(){var h=\"__CR_EM[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.name", "appApiMessage");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_64.ver", 1);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.code", "if(appAPI.__should_activate[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.name", "appApiValidation");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_72.ver", 1);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.code", "if(typeof jQuery!==\"undefi[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.name", "CrossriderInfo");
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins.plugin_78.ver", 2);
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_0", "4,14,78,16,64,47,72,100001[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_1", "17,14,78,13,16,64,4,1,21,2[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.plugins_lists.plugins_5", "4,14,78,13,16,64,47,72");
    Deleted : user_pref("extensions.crossriderapp19962.19962.pluginsurl", "hxxp://app-static.crossrider.com/plugin[...]
    Deleted : user_pref("extensions.crossriderapp19962.19962.pluginsversion", 40);
    Deleted : user_pref("extensions.crossriderapp19962.19962.publisher", "215 Apps");
    Deleted : user_pref("extensions.crossriderapp19962.19962.searchstatus", 0);
    Deleted : user_pref("extensions.crossriderapp19962.19962.setnewtab", false);
    Deleted : user_pref("extensions.crossriderapp19962.19962.thankyou", "hxxp://crossrider.com/thank_you/19962");
    Deleted : user_pref("extensions.crossriderapp19962.19962.updateinterval", 360);
    Deleted : user_pref("extensions.crossriderapp19962.19962.ver", 44);
    Deleted : user_pref("extensions.crossriderapp19962.adsOldValue", -1);
    Deleted : user_pref("extensions.crossriderapp19962.apps", "19962");
    Deleted : user_pref("extensions.crossriderapp19962.bic", "13d0db4960fd450dbe0a1ce324a7cecb");
    Deleted : user_pref("extensions.crossriderapp19962.cid", 19962);
    Deleted : user_pref("extensions.crossriderapp19962.firstrun", false);
    Deleted : user_pref("extensions.crossriderapp19962.hadappinstalled", true);
    Deleted : user_pref("extensions.crossriderapp19962.installationdate", 1361734572);
    Deleted : user_pref("extensions.crossriderapp19962.lastcheck", 22696849);
    Deleted : user_pref("extensions.crossriderapp19962.lastcheckitem", 22696859);
    Deleted : user_pref("extensions.crossriderapp19962.modetype", "production");
    Deleted : user_pref("extensions.crossriderapp19962.reportInstall", true);
    Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
    Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.yahoo.com/search?fr=ffds1&p=");
    Deleted : user_pref("extensions.toolbar.mindspark._gcMembers_.homepage", "hxxp://home.mywebsearch.com/index.jh[...]
    Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3279141");
    Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287819&SearchSource=13[...]
    Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
    Deleted : user_pref("smartbar.originalHomepage", "hxxp://www.pogo.com/friends.do");
    Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jht[...]
    Deleted : user_pref("smartbar.originalSearchEngine", "MixiDJ V5 Customized Web Search");
    Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
    Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
    Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
    Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
    Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
    Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaulturl", "hxxp://search.yahoo.com/search?fr=f[...]
    Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
    Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://www.pogo.com/friends.do?pageS[...]
    Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-[...]
    Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
    Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
    Deleted : user_pref("sweetim.toolbar.simapp_id", "{DB35F4F9-D853-4DB8-8C9E-CA0D43A78054}");
    Deleted : user_pref("sweetim.toolbar.urls.homepage", "hxxp://home.sweetim.com");
    Deleted : user_pref("sweetim.toolbar.version", "1.1.0.2");

    -\\ Google Chrome v [Unable to get version]

    File : C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

    [OK] File is clean.

    *************************

    AdwCleaner[S1].txt - [45857 octets] - [28/02/2013 11:27:16]

    ########## EOF - C:\AdwCleaner[S1].txt - [45918 octets] ##########
     
  12. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    Here is the JRT log. I will run the OTL and post it in a few minutes. Then I will be gone the rest of the day and will get back to whatever else you need to me to later tonight. Thank you so much.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Thisisu
    Version: 4.6.6 (02.27.2013:1)
    OS: Microsoft Windows XP x86
    Ran by spirit paglia on Thu 02/28/2013 at 11:42:08.40
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    ~~~ Services



    ~~~ Registry Values

    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
    Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL



    ~~~ Registry Keys

    Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
    Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{36377dd7-b3eb-42f5-986f-680baf59ba9d}
    Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}



    ~~~ Files



    ~~~ Folders

    Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\drivercure"
    Successfully deleted: [Folder] "C:\Documents and Settings\spirit paglia\Application Data\drivercure"
    Successfully deleted: [Folder] "C:\Program Files\mywebsearchwb"
    Successfully deleted: [Folder] "C:\Program Files\speeditup free"



    ~~~ FireFox

    Successfully deleted the following from C:\Documents and Settings\spirit paglia\Application Data\mozilla\firefox\profiles\po8ykea7.default\prefs.js

    user_pref("extensions.crossrider.bic", "13d0db4960fd450dbe0a1ce324a7cecb");
    user_pref("extensions.defaulttab.lastUsed", 1361735127);
    user_pref("extensions.toolbar.mindspark._gcMembers_.initialized", true);
    user_pref("extensions.toolbar.mindspark._gcMembers_.installation.installDate", "2012042709");
    user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerId", "XNxdm081YYus");
    user_pref("extensions.toolbar.mindspark._gcMembers_.installation.partnerSubId", "49737xxxxxgeneric");
    user_pref("extensions.toolbar.mindspark._gcMembers_.installation.success", true);
    user_pref("extensions.toolbar.mindspark._gcMembers_.installation.toolbarId", "B3A2F038-08CB-443A-B260-70859ED2B4DE");
    user_pref("extensions.toolbar.mindspark._gcMembers_.options.defaultSearch", true);
    user_pref("extensions.toolbar.mindspark._gcMembers_.options.homePageEnabled", true);
    user_pref("extensions.toolbar.mindspark._gcMembers_.options.keywordEnabled", true);
    user_pref("extensions.toolbar.mindspark._gcMembers_.options.tabEnabled", true);
    user_pref("extensions.toolbar.mindspark.lastInstalled", "weatherblink@mindspark.com");





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Thu 02/28/2013 at 11:54:40.64
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  13. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    And, here is the last OTL you requested.

    Have a blessed day.

    Sorry... have to attach it because of how many characters are in it.

    Attached Files:

  14. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    OTL Fix

    Please run OTL
    • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

    • Then click the Run Fix button at the top.
    • Note: The fix for OTL automatically hides your Desktop and Start menu so the fix can be completed. Do not be alerted, as this is normal.
    • Please do not exit the program. It might take a while to fix, but allow it to run. If it asks to reboot the computer, allow it to reboot. If the program freezes, and the computer fails to reboot - let me know.
      Lastly, post the contents of the log. (Located at C:\_OTL\Moved Files)



    ESET Online Scan

    Please run a free online scan with the ESET Online Scanner
    • Tick the box next to YES, I accept the Terms of Use
    • Click Start
    • When asked, allow the ActiveX control to install, or it will ask to download an installer. Please do so an install it.
    • Click Start or wait for the scanner to load.
    • Make sure that the options Remove found threats and the option Scan unwanted applications are checked.
    • Click Scan (This scan can take several hours, so please be patient)
    • Once the scan is completed, there are a couple of things to keep in mind:
    • 1. If NO threats were found, allow the scanner to Uninstall on close and then close the Window.
    • 2. If threats WERE detected, click on List of Threats Found, Export to Text File...save it as ESET-Scan-Log.txt. Click the back button/link, put a checkmark to Uninstall Application on Close and then close the window.
    • Open the logfile from wherever you saved it
    • Copy and paste the contents in your next reply.


    Any more issues?

    We need to know any other issues that are plaguing your computer. Kindly give a summary so we know how to continue from here.

    Many of the things to note for us would be:

    • Slow computer
    • Error messages
    • Fake antivirus alerts or the icon in the system tray
    • svchost.exe running at 100%
    • System crashes or blue screen of death

    Note: Absence of issues does not mean that you're protected in the future.
    Spirit likes this.
  15. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    Here's the next OTL log you requested.

    Thank you.

    All processes killed
    ========== OTL ==========
    Registry value HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\support@unfriendapp.com deleted successfully.
    File C:\Program Files\UnfriendApp\Firefox not found.
    File C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\crossrider not found.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\js\lib folder moved successfully.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\js\api folder moved successfully.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\js folder moved successfully.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\icons\actions folder moved successfully.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0\icons folder moved successfully.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihkeoookbpemkdccdccdmacnidhooohk\1.22.44_0 folder moved successfully.
    C:\Documents and Settings\spirit paglia\Desktop\FlashPlayer_V.10517862b.exe moved successfully.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\kja31hu26sc3cxaxsplg387601l8ryf753e50jlstv8 moved successfully.
    C:\Documents and Settings\All Users\Application Data\kja31hu26sc3cxaxsplg387601l8ryf753e50jlstv8 moved successfully.
    C:\Program Files\070220117112129.bat moved successfully.
    C:\Program Files\080820100124629.bat moved successfully.
    C:\Documents and Settings\All Users\Application Data\BTFSFGQAYG folder moved successfully.
    C:\Documents and Settings\All Users\Application Data\STFSFGQAYG folder moved successfully.
    ========== COMMANDS ==========

    [EMPTYTEMP]

    User: All Users

    User: Default User
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 0 bytes

    User: LocalService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: NetworkService
    ->Temp folder emptied: 0 bytes
    ->Temporary Internet Files folder emptied: 33170 bytes

    User: spirit paglia
    ->Temp folder emptied: 1341336 bytes
    ->Temporary Internet Files folder emptied: 359844 bytes
    ->Java cache emptied: 0 bytes
    ->FireFox cache emptied: 21284734 bytes
    ->Google Chrome cache emptied: 0 bytes
    ->Flash cache emptied: 763 bytes

    %systemdrive% .tmp files removed: 0 bytes
    %systemroot% .tmp files removed: 0 bytes
    %systemroot%\System32 .tmp files removed: 0 bytes
    %systemroot%\System32\dllcache .tmp files removed: 0 bytes
    %systemroot%\System32\drivers .tmp files removed: 0 bytes
    Windows Temp folder emptied: 664 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
    %systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
    RecycleBin emptied: 443009 bytes

    Total Files Cleaned = 22.00 mb


    OTL by OldTimer - Version 3.2.69.0 log created on 02282013_141424

    Files\Folders moved on Reboot...

    PendingFileRenameOperations files...

    Registry entries deleted on Reboot...
  16. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    Summary:
    Computer is running faster and it appears all is well.

    I do have one more problem. The problem is, I play games in POGO. When I try to play any game that needs java it says I need to install java, but I already have java installed and I have the latest update. Firefox is my browser. I also tried playing using IE, but it says the same thing. Both browsers are updated. Any suggestions or ideas of why this is happening would be appreciated. Please let me know if it needs to go into a new thread.

    I appreciate the work you did with me on this issue. Thank you so much!

    Here is the ESET online scan.
    C:\Documents and Settings\spirit paglia\Local Settings\Application Data\Google\Chrome\User Data\Extensions\igjjkeeamkpihpncmmbgdkhdnjpcfmfb\2.5.83_0\plugin\gc_getcid.dll Win32/ExFriendAlert.A application cleaned by deleting - quarantined
    C:\Program Files\VideoDownloadConverter_4zEI\Installr\3.bin\4zEIPlug.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Program Files\VideoDownloadConverter_4zEI\Installr\3.bin\4zEZSETP.dll Win32/Toolbar.MyWebSearch.Q application cleaned by deleting - quarantined
    C:\Program Files\VideoDownloadConverter_4zEI\Installr\3.bin\NP4zEISb.dll Win32/Toolbar.MyWebSearch application cleaned by deleting - quarantined
    C:\Qoobox\Quarantine\C\Documents and Settings\spirit paglia\Local Settings\Application Data\Updater19962\Updater19962.exe.vir a variant of Win32/Toolbar.CrossRider.C application cleaned by deleting - quarantined
    C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP452\A0028314.exe a variant of Win32/Toolbar.CrossRider.C application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\02282013_111022\C_Program Files\Supreme Savings\Supreme Savings.dll a variant of Win32/Toolbar.CrossRider.A application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\02282013_111022\C_Program Files\Supreme Savings\Uninstall.exe multiple threats cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\02282013_111022\C_Program Files\UnfriendApp\Chrome\unzip\plugin\gc_getcid.dll Win32/ExFriendAlert.A application cleaned by deleting - quarantined
    C:\_OTL\MovedFiles\02282013_141424\C_Documents and Settings\spirit paglia\Desktop\FlashPlayer_V.10517862b.exe multiple threats cleaned by deleting - quarantined
  17. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Go to Start > Control Panel... double-press Java.

    Hit the Security tab. Tell me what your settings are on that tab.
  18. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    It's on High (recommended).
  19. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    Was "Enable Java in the Browser?" checked as well?
  20. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    Yes it is. I am sorry I overlooked letting you know that.
  21. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    That's fine...

    Clear your Java Cache
    • Click on Start-> Control Panel (Classic View)-> Java
      • On the General tab, under Temporary Internet Files, click the Settings button.
      • Next, click on the Delete Files button
      • There are two options in the window to clear the cache - Leave BOTH Checked
        • Applications and Applets
          Trace and Log Files
      • Click OK on Delete Temporary Files Window
        Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
      • Click OK to leave the Temporary Files Window
      • Click OK to leave the Java Control Panel.

    Let me know if the games work. :)
  22. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    No that didn't work. Thanks!
  23. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    I forgot to tell you one thing that may be really important.

    My browser is Firefox and Java is Java 7... both updated. The important thing is, I have been able to get into Pogo all the time until Java and FF updated. I had them set to automatically update so I am not sure which one updated first or which one caused the problem.

    Sorry to double post, but by the time I thought of this my edit time ran out.

    Thanks!
  24. Jay Pfoutz

    Jay Pfoutz Malware Helper Posts: 4,286   +49

    This explains that Mozilla will disable Java automatically in Firefox: https://addons.mozilla.org/en-US/firefox/blocked/p294

    Mozilla has done this to protect its users, so that vulnerable versions of Java won't impact the security of your computer. Many times, current exploits of Java (meaning that attackers take advantage of bugs in the software) can take over your computer, steal your identity, and cause further damage to the files on your computer.

    If anything, try Pogo.com in a different web browser, such as Google Chrome, Internet Explorer, etc. But, please be careful.

    Hope this helps.

    If you'd like to try to troubleshoot further, this might be of service: http://java.com/en/download/help/clearcache_upgrade.xml
  25. Spirit

    Spirit Newcomer, in training Topic Starter Posts: 20

    I will try Chrome and see what happens. If that doesn't work then I guess Pogo just lost a customer.

    Thank you for all the time you spent on this. I really appreciate it.

    Donation sent by my friend. Your time was more worth than what she could afford to send, but we appreciate all you did.

    You may close this thread.

    Again...thank you!
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.