Welcome to MalwareRemoval.com,
What if we told you that you could get malware removal help from experts, and that it was 100% free? MalwareRemoval.com provides free support for people with infected computers. Our help, and the tools we use are always 100% free. No hidden catch. We simply enjoy helping others. You enjoy a clean, safe computer.

Malware Removal Instructions

Definate Virus Issues!! Please Help!

MalwareRemoval.com provides free support for people with infected computers. Using plain language that anyone can understand, our community of volunteer experts will walk you through each step.

Definate Virus Issues!! Please Help!

Unread postby spadones » October 1st, 2013, 7:53 pm

I've been on this website before and had help and it worked out really well for me. Now im in a familiar bind, my computer is fairly new and has gotten slower and slower, I view myself as a advanced computer user but definitely not advanced enough to solve my own problems.

I dont even understand the first step.. when i click the highlighted "download DDS." it opens as a notepad document as a bunch of jibberish.

please help! Thanks.
spadones
Active Member
 
Posts: 7
Joined: October 1st, 2013, 7:43 pm
Advertisement
Register to Remove

Re: Definate Virus Issues!! Please Help!

Unread postby Gary R » October 2nd, 2013, 3:39 pm

Do you have access to another computer on which you can download programs, and then transfer them to your infected machine using a USB drive ?

If so, please do the following .....

Download OTL by OldTimer to a USB drive, and transfer the file to the Desktop of your infected machine.

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Under Extra Registry section, select Use SafeList
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished it will produce two logs.
    • OTL.txt (open on your desktop).
    • Extras.txt (minimised in your taskbar)
  • Please post me both logs.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Definate Virus Issues!! Please Help!

Unread postby spadones » October 2nd, 2013, 8:43 pm

First of all thank you for your time, I appreciate it.

Here are the two logs.

OTL logfile created on: 02/10/2013 5:08:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick Spadoni\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.86 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 51.52% Memory free
11.71 Gb Paging File | 8.87 Gb Available in Paging File | 75.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 346.68 Gb Free Space | 76.76% Space Free | Partition Type: NTFS

Computer Name: NICKSPADONI | User Name: Nick Spadoni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/10/02 16:18:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nick Spadoni\Downloads\OTL.exe
PRC - [2013/09/17 02:42:36 | 004,034,848 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe
PRC - [2013/09/17 02:42:36 | 002,867,488 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe
PRC - [2013/09/17 02:42:36 | 001,752,352 | ---- | M] (Conduit) -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe
PRC - [2013/09/11 20:08:10 | 001,862,024 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_168.exe
PRC - [2013/08/28 17:14:49 | 001,130,576 | ---- | M] (BitTorrent Inc.) -- C:\Users\Nick Spadoni\AppData\Roaming\uTorrent\uTorrent.exe
PRC - [2013/08/16 20:25:57 | 000,276,376 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011/08/26 15:14:40 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011/04/23 18:29:20 | 000,256,832 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011/04/23 18:28:38 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011/04/22 09:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe
PRC - [2011/03/14 04:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011/03/14 04:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011/03/14 04:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011/03/14 04:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011/01/31 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011/01/31 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe


========== Modules (No Company Name) ==========

MOD - [2013/09/11 20:08:10 | 016,177,544 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
MOD - [2013/08/16 20:25:57 | 003,551,640 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2011/11/02 00:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/02 00:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/23 18:29:56 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll


========== Services (SafeList) ==========

SRV:64bit: - [2013/05/26 22:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2011/08/02 12:59:46 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV:64bit: - [2011/04/22 09:44:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV:64bit: - [2010/09/22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2013/09/19 17:08:14 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/17 02:42:36 | 001,752,352 | ---- | M] (Conduit) [Auto | Running] -- C:\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - [2013/08/16 20:25:57 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/26 19:21:50 | 000,207,528 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2013/06/26 19:21:46 | 000,523,944 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2013/01/08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/01/18 17:14:44 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011/06/21 13:55:04 | 000,173,424 | ---- | M] (Egis Technology Inc. ) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service)
SRV - [2011/06/06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/29 19:54:14 | 000,036,456 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011/04/23 18:29:20 | 000,256,832 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011/03/14 04:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011/01/31 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011/01/31 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010/10/12 10:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010/09/13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 14:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013/06/26 19:21:50 | 000,023,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2013/06/26 19:21:48 | 000,028,840 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2013/06/26 19:21:46 | 000,273,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2013/06/26 19:21:44 | 000,767,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2012/12/13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012/08/21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012/02/29 23:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012/01/18 17:13:40 | 000,062,776 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2012/01/18 17:13:40 | 000,022,648 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2012/01/18 17:13:40 | 000,020,520 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2011/09/20 03:02:55 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011/09/20 03:02:55 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011/07/13 22:35:47 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/07/13 22:35:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011/04/20 02:24:56 | 000,169,584 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011/03/25 03:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/03/17 02:42:38 | 002,712,064 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/01/13 20:01:44 | 000,074,840 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010/11/20 20:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 20:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 20:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010/10/14 10:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010/10/08 03:32:28 | 001,395,248 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/09/13 18:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009/07/13 18:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/13 18:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/13 18:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 13:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 13:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 13:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 13:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009/07/13 18:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ie ... 10&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ie ... 10&sr=0&q={searchTerms}


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-20\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)

IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://acer.msn.com
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com/?ctid=CT33123 ... 17B2FC2263
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\..\URLSearchHook: {49c795c2-604a-4d18-aeb1-b3eba27e5ea2} - No CLSID value found
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\..\SearchScopes,DefaultScope = {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\..\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}: "URL" = http://search.conduit.com/Results.aspx? ... 2FC2263&q={searchTerms}
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\..\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}: "URL" = http://blekko.com/ws/?source=c3348dd4&t ... 2834BA0&q={searchTerms}
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}: "URL" = http://dts.search-results.com/sr?src=ie ... 10&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\..\SearchScopes\{F5E6C135-54D4-4B43-BD72-50ABA2E625FA}: "URL" = http://websearch.ask.com/custom/java/re ... &src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..CT3220467.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "canucks.com"
FF - prefs.js..extensions.enabledAddons: %7B49c795c2-604a-4d18-aeb1-b3eba27e5ea2%7D:10.20.0.513
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&CUI=UN88267719624811798&UM=UM_ID&q="
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012/10/14 14:37:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Extensions
[2013/09/27 16:06:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions
[2013/09/15 12:44:32 | 000,000,000 | ---D | M] (uTorrentControl_v1) -- C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}
[2011/11/17 19:25:44 | 000,002,333 | ---- | M] () -- C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\askcom.xml
[2012/08/31 17:44:39 | 000,002,306 | ---- | M] () -- C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\askcomsearch.xml
[2013/08/28 17:16:58 | 000,000,965 | ---- | M] () -- C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\conduit-search.xml
[2012/10/14 14:37:13 | 000,000,929 | ---- | M] () -- C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\conduit.xml
[2012/08/03 22:35:45 | 000,002,519 | ---- | M] () -- C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\Search_Results.xml
[2013/08/16 20:25:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013/08/16 20:25:54 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013/08/16 20:25:54 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013/08/16 20:25:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/08/16 20:25:58 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012/06/08 15:57:18 | 000,002,134 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\search.xml
[2012/08/03 22:35:45 | 000,002,519 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml

O1 HOSTS File: ([2009/06/10 14:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{49c795c2-604a-4d18-aeb1-b3eba27e5ea2} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{49c795c2-604a-4d18-aeb1-b3eba27e5ea2} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [Adobe ARM] C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2566976380-3637404318-253377450-1001..\Run: [Skype] C:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\S-1-5-21-2566976380-3637404318-253377450-1001..\Run: [uTorrent] C:\Users\Nick Spadoni\AppData\Roaming\uTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [IsMyWinLockerReboot] C:\Windows\SysWow64\msiexec.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [IsMyWinLockerReboot] C:\Windows\SysWow64\msiexec.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [IsMyWinLockerReboot] C:\Windows\SysWow64\msiexec.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [IsMyWinLockerReboot] C:\Windows\SysWow64\msiexec.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O9 - Extra Button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files (x86)\PokerStars.NET\PokerStarsUpdate.exe (PokerStars)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000001 [] - C:\Windows\SysNative\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000002 [] - C:\Windows\SysNative\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000003 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000004 [] - C:\Windows\SysNative\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Windows\SysNative\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - C:\Windows\SysNative\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ACDB5D04-4B87-42EC-BE5B-94310838736B}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FA84567A-6395-4CD7-AEBB-728C87D18B14}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysNative\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysNative\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysNative\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysNative\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysNative\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\SysWOW64\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\SysWOW64\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\SysWOW64\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\SysWOW64\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\SysWOW64\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysNative\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC64Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll (Conduit)
O20 - AppInit_DLLs: (C:\PROGRA~2\SearchProtect\SearchProtect\bin\SPVC32Loader.dll) - C:\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll (Conduit)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - C:\Windows\SysNative\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - C:\Windows\SysNative\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - C:\Windows\SysNative\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - C:\Windows\SysNative\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - C:\Windows\SysNative\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - C:\Windows\SysNative\pku2u.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (livessp) - C:\Windows\SysNative\livessp.dll (Microsoft Corp.)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - C:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (livessp) - C:\Windows\SysWow64\livessp.dll (Microsoft Corp.)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013/09/22 19:00:53 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\SearchProtect
[2013/09/11 03:04:23 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/09/11 03:04:22 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/09/11 03:04:22 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013/09/11 03:04:21 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013/09/11 03:04:21 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013/09/11 03:04:21 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013/09/11 03:04:21 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/09/11 03:04:21 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013/09/11 03:04:21 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013/09/11 03:04:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013/09/11 03:04:21 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013/09/11 03:04:19 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/09/11 03:04:19 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/09/11 03:04:19 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/09/11 03:04:18 | 003,959,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/09/10 17:36:51 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/09/10 17:36:51 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/09/10 17:36:50 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/09/10 17:36:50 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013/09/10 17:36:50 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013/09/10 17:36:50 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013/09/10 17:36:50 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013/09/10 17:36:50 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013/09/10 17:36:50 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013/09/10 17:36:50 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013/09/10 17:36:50 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/09/10 17:36:50 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/09/10 17:36:50 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013/09/10 17:36:50 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013/09/10 17:36:50 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013/09/10 17:36:50 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 17:36:49 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013/09/10 17:36:49 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013/09/10 17:36:49 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013/09/10 17:36:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/09/10 17:36:49 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013/09/10 17:36:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/09/10 17:36:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 17:36:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013/09/10 17:36:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013/09/10 17:36:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 17:36:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 17:36:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013/09/10 17:36:49 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013/09/10 17:36:47 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/10/02 17:08:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013/10/02 16:48:29 | 000,727,334 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013/10/02 16:48:29 | 000,629,326 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013/10/02 16:48:29 | 000,111,220 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013/10/01 17:49:09 | 000,083,676 | ---- | M] () -- C:\Users\Nick Spadoni\Desktop\33f771778063422987db3934b998ecd6.pdf
[2013/10/01 17:22:47 | 000,124,676 | ---- | M] () -- C:\Users\Nick Spadoni\Desktop\cat-adoption-application.pdf
[2013/10/01 17:19:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013/09/27 16:11:28 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/27 16:11:28 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/22 18:52:03 | 420,368,383 | -HS- | M] () -- C:\hiberfil.sys
[2013/09/19 17:08:12 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013/09/19 17:08:12 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/09/11 03:22:36 | 000,282,960 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/09/11 03:04:03 | 000,735,726 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/10/01 17:49:09 | 000,083,676 | ---- | C] () -- C:\Users\Nick Spadoni\Desktop\33f771778063422987db3934b998ecd6.pdf
[2013/10/01 17:22:46 | 000,124,676 | ---- | C] () -- C:\Users\Nick Spadoni\Desktop\cat-adoption-application.pdf
[2012/07/18 12:21:34 | 000,735,726 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/10 16:49:28 | 000,000,193 | ---- | C] () -- C:\Windows\WORDPAD.INI
[2012/06/08 15:59:08 | 000,000,034 | -H-- | C] () -- C:\Windows\SysWow64\Converter_sysquict.dat
[2012/06/08 15:58:44 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2012/06/08 15:58:44 | 000,755,027 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012/06/08 15:58:44 | 000,159,839 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012/06/08 15:58:42 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012/03/14 16:37:49 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011/10/13 15:23:36 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011/10/13 15:23:35 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011/10/13 15:23:33 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin

========== ZeroAccess Check ==========

[2009/07/13 21:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013/07/25 19:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013/07/25 18:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/13 18:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 20:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/13 18:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/06/12 16:54:00 | 000,000,000 | ---D | M] -- C:\Users\Nick Spadoni\AppData\Roaming\Ad-Aware Antivirus
[2012/08/03 22:35:52 | 000,000,000 | ---D | M] -- C:\Users\Nick Spadoni\AppData\Roaming\FreeAudioPack
[2012/07/05 23:07:41 | 000,000,000 | ---D | M] -- C:\Users\Nick Spadoni\AppData\Roaming\Leawo
[2012/02/08 18:13:49 | 000,000,000 | ---D | M] -- C:\Users\Nick Spadoni\AppData\Roaming\PowerCinema
[2013/06/24 16:52:41 | 000,000,000 | ---D | M] -- C:\Users\Nick Spadoni\AppData\Roaming\SoftGrid Client
[2012/08/03 22:30:18 | 000,000,000 | ---D | M] -- C:\Users\Nick Spadoni\AppData\Roaming\Softplicity
[2012/07/05 23:08:13 | 000,000,000 | ---D | M] -- C:\Users\Nick Spadoni\AppData\Roaming\tiger-k
[2012/07/18 12:22:23 | 000,000,000 | ---D | M] -- C:\Users\Nick Spadoni\AppData\Roaming\TP
[2013/10/02 17:09:46 | 000,000,000 | ---D | M] -- C:\Users\Nick Spadoni\AppData\Roaming\uTorrent

========== Purity Check ==========



< End of report >
spadones
Active Member
 
Posts: 7
Joined: October 1st, 2013, 7:43 pm

Re: Definate Virus Issues!! Please Help!

Unread postby spadones » October 2nd, 2013, 8:44 pm

OTL Extras logfile created on: 02/10/2013 5:08:34 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nick Spadoni\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00001009 | Country: Canada | Language: ENC | Date Format: dd/MM/yyyy

5.86 Gb Total Physical Memory | 3.02 Gb Available Physical Memory | 51.52% Memory free
11.71 Gb Paging File | 8.87 Gb Available in Paging File | 75.73% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 451.66 Gb Total Space | 346.68 Gb Free Space | 76.76% Space Free | Partition Type: NTFS

Computer Name: NICKSPADONI | User Name: Nick Spadoni | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OtsMedia.Surf] -- "C:\OtsLabs\OTSPLAY.EXE" "%1" /play /surf
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1F6836FE-B1AE-42C9-91D8-D7454017E23C}" = rport=445 | protocol=6 | dir=out | app=system |
"{2E545B4F-3163-4831-80E6-A278C8B32883}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{30124E73-E94B-4911-83FC-022D4E216A5E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{4CA4AA8B-C067-4E3F-979B-BF8683043290}" = rport=10243 | protocol=6 | dir=out | app=system |
"{4F16BCB5-9629-4CFB-A419-547E217A959D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{52B0DF22-4001-4BB4-95C9-44EB00860B9D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{5383A801-19A3-4050-8CA0-22AB22A189AC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{56EB9937-AA23-4349-9E00-5757576F4144}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7179A6AC-225D-4B29-A9B4-652FA46BBBC4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{769CCE17-20E1-42B1-956A-031D0BFAA6C1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{858B1A6A-8E64-4374-84CE-552CD08CFC07}" = lport=139 | protocol=6 | dir=in | app=system |
"{8B2E260D-0FD1-433F-A894-8F6F4B87B16A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{97E711BA-047F-40CC-8A9D-FB5003C03903}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A95BACD9-67C7-459B-AFA4-7FAAA2763081}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{B020A860-AB8B-4B11-91AD-A08C18C8DA0D}" = lport=445 | protocol=6 | dir=in | app=system |
"{B13AA4C6-50D3-420B-9874-6E867BD24A1E}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{BB728A9A-38AA-48D4-BDFB-D5D131F9B93F}" = lport=138 | protocol=17 | dir=in | app=system |
"{CAAD1EED-3EDD-4E2B-9259-E1A71CB6B768}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CF12DB65-9D3D-4504-B991-778FD1C4DA96}" = rport=137 | protocol=17 | dir=out | app=system |
"{D0ACD168-6631-4945-8A6C-4ED021D28237}" = rport=138 | protocol=17 | dir=out | app=system |
"{DADDA5BC-945B-4FAD-98D3-333C5E1A1499}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E560CD5E-E839-4A62-9C0A-00B2271864D8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F2660D12-B7A7-492E-B5D3-ACD5A0A64430}" = lport=137 | protocol=17 | dir=in | app=system |
"{F39429FC-19D7-4948-B32F-6BA1426B89FB}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F4765442-E091-4286-95E8-E985E0FE04C6}" = rport=139 | protocol=6 | dir=out | app=system |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12A0A195-503A-4C88-89C0-20E904BCE48D}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{15113887-FBBD-4DF7-ADD7-2252970B51E0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{16C4A014-C74C-41E9-9D38-985EA48EC344}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{190746EF-05E3-4610-A71B-5E6C5AA9E08E}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{191BD287-3121-4B90-9633-69EA76E6C2C6}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{19CAC249-2117-4541-9D81-21D1F3CEF409}" = protocol=6 | dir=out | app=system |
"{3020FCA5-CB90-4311-BD4A-5C27DFE19550}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovie.exe |
"{3B6DD3B7-2F6B-48EA-B027-F234A46E6EB3}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3BD76D90-F261-4784-822C-FD6D8D200DBC}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{3D63C2C6-6D97-4E09-A2D5-8E221A79C32F}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fi.exe |
"{40DD8C56-7A42-4B9E-BD26-E02902A967A9}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{4356AC76-7E6F-41A7-87D1-EA2A40FA059C}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{58D8BF8E-1404-4AAB-8651-4AF6EF72E8BB}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{5D270A22-2DF7-4047-A157-A2019980C1AA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5EB61603-A23F-41A1-96A1-21C776A6A8DB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{6EF1E3F5-39C7-4C93-B81E-9627021481A2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{70969C10-61F7-42B4-BDC8-917270BE7C33}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{7D172948-749C-4386-8F8E-6F2202C09843}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{7E01B791-300F-48B3-8F42-F9E4C87ABD38}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\clml\clmlsvc.exe |
"{8440651C-DF0A-4C6E-8E37-96F8593DD308}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{8824EABB-3448-483F-94D0-F662763A30F5}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8CCBDC81-DA0F-4069-81D5-7CADC99188F0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9726FA60-E47C-4A9E-84DC-A5993D4F98D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A25818B9-86AF-4A9C-9D34-8F212CA23F82}" = protocol=6 | dir=in | app=c:\users\nick spadoni\appdata\roaming\utorrent\utorrent.exe |
"{A44D8034-0F2D-4F8D-A35F-CE46BAD1F5ED}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A58E695A-2D9F-4F8D-B1C5-D560A6C8C446}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A5B0723F-BCA0-4BD7-AD8B-0FAA6B704A06}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{A60E4D24-4F50-487F-B850-3DA960D10D6A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A827D0D6-B857-45FD-886A-A70D8AF49EF3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B13772E4-0C04-41FF-AB8B-E9E82540665C}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\clear.fiagent.exe |
"{B16BD899-7EBF-490B-9436-A0F60B53C533}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{B7D2EFF0-49A7-4417-B659-6A230F6FA4FF}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B828DFA6-F83C-4670-868D-244E41D169AC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{BC5D3CED-6232-4F89-8B4F-5EC34126589B}" = dir=in | app=c:\program files (x86)\acer\clear.fi\mvp\kernel\dmr\dmrengine.exe |
"{C463FBE6-69FC-4D61-B8C4-64BC228DACED}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{C4939381-85F5-4962-8718-FC0C18E9CCD4}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C6A7C3CD-A1F6-40D7-8450-9AEC5FE91249}" = dir=in | app=c:\program files (x86)\acer\clear.fi\movie\touchmovieservice.exe |
"{D89429AC-D978-4B17-BDEB-D876DDDFB414}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DA8D7617-7360-4142-A13C-9F6C6741B766}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DC289049-2D9B-43B1-AFCB-729CE9D6AEB1}" = protocol=17 | dir=in | app=c:\users\nick spadoni\appdata\roaming\utorrent\utorrent.exe |
"{E8AF2C27-C68A-4EE5-A2DF-E0A6356F912F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{F0B0A746-9FE6-4C1C-AFAC-024706A14AD5}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F4F1C965-EC74-465B-AFB4-E2787542A83F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B78ECB0-1A6B-4E6D-89D7-0E7CE77F0427}" = MyWinLocker
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{76FF0F03-B707-4332-B5D1-A56C8303514E}" = iTunes
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-006D-0409-1000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Backup Manager V3
"{14C4C3B6-F1F4-401F-8C86-03E8E19AAC8C}" = clear.fi
"{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{39F15B50-A977-4CA6-B1C3-6A8724CDA025}" = MyWinLocker 4
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer ePower Management
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{43AAE145-83CF-4C96-9A5E-756CEFCE879F}" = clear.fi Client
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-acer" = WildTangent Games App (Acer Games)
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140011-0066-0409-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - English
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB398DDB-0E7B-400B-A940-7E61FB91A531}" = Alcor Micro USB Card Reader
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B906C11A-D193-4143-9FA7-E2EE8A5A8F21}" = clear.fi
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240CC}" = WinZip 16.0
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"ExpressBurn" = Express Burn
"Free Convert to DIVX AVI WMV MP4 MPEG Converter_is1" = Free Convert to DIVX AVI WMV MP4 MPEG Converter 5.8
"Identity Card" = Identity Card
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = Acer Crystal Eye Webcam
"InstallShield_{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}" = Acer Backup Manager
"InstallShield_{17DF9714-60C9-43C9-A9C2-32BCAED44CBE}" = MyWinLocker Suite
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = clear.fi
"InstallShield_{D3D5C4E8-040F-4C6F-8105-41D43CF94F44}" = NTI Media Maker 9
"KLiteCodecPack_is1" = K-Lite Codec Pack 4.0.0 (Full)
"LManager" = Launch Manager
"MixPad" = MixPad
"Mozilla Firefox 23.0.1 (x86 en-US)" = Mozilla Firefox 23.0.1 (x86 en-US)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"PokerStars" = PokerStars
"PokerStars.net" = PokerStars.net
"Prism" = Prism Video File Converter
"SearchProtect" = Search Protect
"Switch" = Switch Sound File Converter
"VLC media player" = VLC media player 1.0.5
"WavePad" = WavePad Sound Editor
"WildTangent acer Master Uninstall" = Acer Games
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-bit)
"WTA-01ed131c-4505-472d-b8c1-f76fc79e44fb" = Polar Golfer
"WTA-025c0025-db99-42e3-bd17-ad60ddae02f9" = Mystery of Mortlake Mansion
"WTA-0d4abdc4-0ca4-4606-b90b-9e56a5736747" = Build-a-lot 4 - Power Source
"WTA-3514dcf7-c85e-40ee-b912-74b9527853e3" = Agatha Christie - Death on the Nile
"WTA-474671dd-9ee4-4541-a63f-d0618511f40b" = Cradle of Rome 2
"WTA-512efe47-2bbf-4ddf-8aaf-3cde77766978" = Final Drive: Nitro
"WTA-91f40732-562f-4402-b903-e9381ebddf9b" = Chuzzle Deluxe
"WTA-97944133-03ea-4a96-830e-bd0734efb62e" = Penguins!
"WTA-98b87892-683c-4b02-8c54-cd17a7ff2b2c" = Torchlight
"WTA-a049c27f-dbc1-4791-a44d-e7745cb551ce" = Virtual Villagers 5 - New Believers
"WTA-aea8b8b6-c844-4f67-91d5-3a190bc0f209" = Governor of Poker 2 Premium Edition
"WTA-b889508c-e7c6-43f7-b308-17dc6064576e" = Plants vs. Zombies - Game of the Year
"WTA-b8cecda9-6f5a-42c1-9b64-f375e38105ab" = Polar Bowler
"WTA-b9707395-8342-4661-9cc4-5346db47a18a" = Zuma's Revenge
"WTA-c84d156e-e662-46ef-8a12-4ffdb5ee5ac9" = Bejeweled 2 Deluxe
"WTA-cdc58ee0-1182-43fa-8daa-35ef154b6704" = Jewel Match 3
"WTA-e72e6929-da59-4d6e-81db-e1d7418596d2" = FATE: The Cursed King
"WTA-ecedfd0e-6318-44c2-b869-944dbcab2e35" = Chronicles of Albian
"WTA-ef090399-fafd-47a5-8d1d-171cf05fae35" = Dora's World Adventure

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"uTorrent" = µTorrent

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24/06/2013 7:58:52 PM | Computer Name = NickSpadoni | Source = WinMgmt | ID = 10
Description =

Error - 26/06/2013 3:48:58 PM | Computer Name = NickSpadoni | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 26/06/2013 6:29:48 PM | Computer Name = NickSpadoni | Source = Application Error | ID = 1000
Description = Faulting application name: DMREngine.exe, version: 1.1.0.3904, time
stamp: 0x4d709ab4 Faulting module name: KERNELBASE.dll, version: 6.1.7601.18015,
time stamp: 0x50b83c8a Exception code: 0xc0000005 Fault offset: 0x00006a6d Faulting
process id: 0x9e8 Faulting application start time: 0x01ce7136a611feb8 Faulting application
path: C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe Faulting
module path: C:\Windows\syswow64\KERNELBASE.dll Report Id: e8aca0e1-deaf-11e2-a77a-047d7b25daaa

Error - 27/06/2013 11:58:58 PM | Computer Name = NickSpadoni | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 01/07/2013 8:40:07 AM | Computer Name = NickSpadoni | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 02/07/2013 12:50:52 AM | Computer Name = NickSpadoni | Source = WinMgmt | ID = 10
Description =

Error - 02/07/2013 12:59:22 AM | Computer Name = NickSpadoni | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 03/07/2013 8:53:05 PM | Computer Name = NickSpadoni | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 06/07/2013 2:33:40 PM | Computer Name = NickSpadoni | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0066-0409-0000-0000000FF1CE}):
DownloadLatest Failed:

Error - 12/07/2013 11:38:21 AM | Computer Name = NickSpadoni | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 21/02/2013 3:17:06 AM | Computer Name = NickSpadoni | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 2 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 21/02/2013 3:18:06 AM | Computer Name = NickSpadoni | Source = Service Control Manager | ID = 7032
Description = The Service Control Manager tried to take a corrective action (Restart
the service) after the unexpected termination of the Apple Mobile Device service,
but this action failed with the following error: %%1056

Error - 27/02/2013 6:52:13 AM | Computer Name = NickSpadoni | Source = Service Control Manager | ID = 7034
Description = The McAfee SiteAdvisor Service service terminated unexpectedly. It
has done this 1 time(s).

Error - 27/02/2013 6:52:13 AM | Computer Name = NickSpadoni | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 27/02/2013 6:52:13 AM | Computer Name = NickSpadoni | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 27/02/2013 6:52:13 AM | Computer Name = NickSpadoni | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 27/02/2013 6:52:13 AM | Computer Name = NickSpadoni | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 27/02/2013 6:52:13 AM | Computer Name = NickSpadoni | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 27/02/2013 6:52:13 AM | Computer Name = NickSpadoni | Source = Service Control Manager | ID = 7031
Description = The McAfee Anti-Spam Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 22/03/2013 10:19:50 PM | Computer Name = NickSpadoni | Source = EventLog | ID = 6008
Description = The previous system shutdown at 2:22:10 PM on ?21/?03/?2013 was unexpected.


< End of report >
spadones
Active Member
 
Posts: 7
Joined: October 1st, 2013, 7:43 pm

Re: Definate Virus Issues!! Please Help!

Unread postby Gary R » October 3rd, 2013, 4:37 am

OK, there are definite signs of infection on your computer, but before we start removing them I need to get a more complete picture of what we're up against. To do that I need you to run a couple of additional scans for me.

First ...

  • Please download ... ADWCleaner to your Desktop.

    NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
  • Close your browser and double click on this icon to launch ADWCleaner ... Image
  • Click on the Scan button, accept any prompts that appear, and allow it to run. It may take several minutes to complete.
  • When it is done click on the Report button and a report log will open on your Desktop.
  • Please post the log in your next reply.

Next ...

Please download SystemLook from the link below and save it to your Desktop.

For 64 bit Systems

  • Double-click SystemLook.exe to run it.
  • Copy and paste the contents of the following codebox into the main textfield:
    Code: Select all
    :filefind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :folderfind
    *Fun4IM*
    *Bandoo*
    *Searchnu*
    *Searchqu*
    *iLivid*
    *whitesmoke*
    *datamngr*
    *trolltech*
    *babylon*
    *conduit*
    
    :Regfind
    Fun4IM
    Bandoo
    Searchnu
    Searchqu
    iLivid
    whitesmoke
    datamngr
    kelkoopartners
    trolltech
    babylon
    conduit
    
  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan.
  • Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

Please note, if you have trouble downloading either program, then transfer it to the infected machine via a USB drive like you did with OTL.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • SystemLook.txt


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Definate Virus Issues!! Please Help!

Unread postby spadones » October 3rd, 2013, 7:36 pm

ADWCleaner Report

# AdwCleaner v3.006 - Report created 03/10/2013 at 16:34:18
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nick Spadoni - NICKSPADONI
# Running from : C:\Users\Nick Spadoni\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc

***** [ Files / Folders ] *****

File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Found : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\Askcom.xml
File Found : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\askcomsearch.xml
File Found : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\Conduit.xml
File Found : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\conduit-search.xml
File Found : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\Search_Results.xml
File Found : C:\Users\NICKSP~1\AppData\Local\Temp\Searchqu.ini
File Found : C:\Users\NICKSP~1\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Found : C:\Users\NICKSP~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
Folder Found : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\Extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\blekko toolbars
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\Users\Nick Spadoni\AppData\Local\Conduit
Folder Found C:\Users\Nick Spadoni\AppData\Local\Searchprotect
Folder Found C:\Users\Nick Spadoni\AppData\LocalLow\AskToolbar
Folder Found C:\Users\Nick Spadoni\AppData\LocalLow\Conduit
Folder Found C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467
Folder Found C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\Smartbar
Folder Found C:\Users\NICKSP~1\AppData\Local\Temp\AskSearch
Folder Found C:\Users\NICKSP~1\AppData\Local\Temp\CT3220467
Folder Found C:\Windows\SysWOW64\Searchprotect

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\smartbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3220467
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\Software\SearchProtect
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Found : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page] - hxxp://search.conduit.com/?ctid=CT33123 ... 17B2FC2263

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\prefs.js ]

Line Found : user_pref("16F58F32-A9FC-4D0B-9607-00A1119F69A6.license", "M2iNThT%2BaaB52q%2BoEpowgBSI8o6deoaCi7NfHKJfGjY6CrmCCbRlBemnUeXCf31OjbsMl3mSSBIi9A2h%2FcXDeBX%2FtJiZ0q4TuL7aFNKD37iDJ%2BgQZUdbOkKfRZi4QyH1mxS[...]
Line Found : user_pref("CT3220467.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM4MDc1ODAxNCwidXVpZCI6ODE2NjIwNTQzMjc2ODUyLCJzZXFfaWQiOjExMCwic3NiIjoxMzUwMDk0NTA1fQ==");
Line Found : user_pref("CT3220467.CBOpenMAMSettings.enc", "MA==");
Line Found : user_pref("CT3220467.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220467.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220467.FirstTime", "true");
Line Found : user_pref("CT3220467.FirstTimeFF3", "true");
Line Found : user_pref("CT3220467.LoginRevertSettingsEnabled", true);
Line Found : user_pref("CT3220467.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3220467.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Found : user_pref("CT3220467.RevertSettingsEnabled", true);
Line Found : user_pref("CT3220467.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Found : user_pref("CT3220467.SF_STATUS.enc", "RU5BQkxFRA==");
Line Found : user_pref("CT3220467.SF_USER_ID.enc", "Y2lkXzE3NDIwMTMxOTkxMzc5MzEyOTI=");
Line Found : user_pref("CT3220467.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&q=");
Line Found : user_pref("CT3220467.UserID", "UN88267719624811798");
Line Found : user_pref("CT3220467.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3220467.autoDisableScopes", -1);
Line Found : user_pref("CT3220467.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3220467.cb_experience_000.enc", "NDEw");
Line Found : user_pref("CT3220467.cb_firstuse0100.enc", "MQ==");
Line Found : user_pref("CT3220467.cb_user_id_000.enc", "Q0I5MzI4Mjc2NTIwMThfMTM1ODA0MzQ0OTc4MV9GaXJlZm94");
Line Found : user_pref("CT3220467.cbcountry_001.enc", "Q0E=");
Line Found : user_pref("CT3220467.cbfirsttime.enc", "RnJpIE9jdCAxMiAyMDEyIDE5OjE1OjA0IEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp");
Line Found : user_pref("CT3220467.countryCode", "CA");
Line Found : user_pref("CT3220467.embeddedsData", "[{\"appId\":\"129813684149564738\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3220467.enableAlerts", "always");
Line Found : user_pref("CT3220467.enableFix404ByUser", "FALSE");
Line Found : user_pref("CT3220467.enableSearchFromAddressBar", "true");
Line Found : user_pref("CT3220467.firstTimeDialogOpened", "true");
Line Found : user_pref("CT3220467.fixPageNotFoundError", "true");
Line Found : user_pref("CT3220467.fixPageNotFoundErrorByUser", "true");
Line Found : user_pref("CT3220467.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3220467.fixUrls", true);
Line Found : user_pref("CT3220467.fullUserID", "UN88267719624811798.UP.20130711172554");
Line Found : user_pref("CT3220467.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc2Nyb2xsYmFycz1ubyx0aXRsZW[...]
Line Found : user_pref("CT3220467.installId", "fftAB0B.tmp.exe");
Line Found : user_pref("CT3220467.installType", "XPE");
Line Found : user_pref("CT3220467.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3220467.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220467.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3220467.isNewTabEnabled", true);
Line Found : user_pref("CT3220467.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3220467.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3220467.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220467.keyword", true);
Line Found : user_pref("CT3220467.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220467&octid=CT3220467&SearchSource=15&CUI=UN88267719624811798&SSPV=&Lay=1&UM=UM_ID\"}[...]
Line Found : user_pref("CT3220467.lastVersion", "10.20.0.513");
Line Found : user_pref("CT3220467.mam_gk_appStateReportTime.enc", "MTM4MDg0Mjc5NDc4Nw==");
Line Found : user_pref("CT3220467.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3220467.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3220467.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Found : user_pref("CT3220467.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Found : user_pref("CT3220467.mam_gk_calledSetupService.enc", "MQ==");
Line Found : user_pref("CT3220467.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJiOWMxMTM2YS05MDQyLTQxMGUtOWQ0Zi0yYjEzOWNjNTFhZDAiLCJ[...]
Line Found : user_pref("CT3220467.mam_gk_currentBadgeValue.enc", "MA==");
Line Found : user_pref("CT3220467.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Found : user_pref("CT3220467.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Found : user_pref("CT3220467.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3220467.mam_gk_lastLoginTime.enc", "MTM4MDg0Mjc5MDg5NQ==");
Line Found : user_pref("CT3220467.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3220467.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220467.mam_gk_newApps.enc", "W10=");
Line Found : user_pref("CT3220467.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220467.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0EiLCJpc1dlbGNvbWVFeHBl[...]
Line Found : user_pref("CT3220467.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0EiLCJpc1dlbGNvbWVFeHBl[...]
Line Found : user_pref("CT3220467.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Found : user_pref("CT3220467.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Found : user_pref("CT3220467.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Found : user_pref("CT3220467.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0EiLCJpc1dlbGNvbWVFeHBlc[...]
Line Found : user_pref("CT3220467.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0EiLCJpc1dlbGNvbWVFeHBlc[...]
Line Found : user_pref("CT3220467.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3220467.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3220467.mam_gk_userId.enc", "ODBhYzk4YmQtMzY0YS00ZWM5LWEzZTQtMjlmZTJjZGYxMjBl");
Line Found : user_pref("CT3220467.mam_gk_user_approval_interacted.enc", "MQ==");
Line Found : user_pref("CT3220467.mam_gk_user_apps_selection.enc", "");
Line Found : user_pref("CT3220467.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Found : user_pref("CT3220467.migrateAppsAndComponents", true);
Line Found : user_pref("CT3220467.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.malwareremoval.com%2Fforum%2Fviewtopic.php%3Ff%3D11%26t%3D62227%23.Uk3-lBAge3Z\",\"EB_MA[...]
Line Found : user_pref("CT3220467.openThankYouPage", "true");
Line Found : user_pref("CT3220467.openUninstallPage", "FALSE");
Line Found : user_pref("CT3220467.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&CUI=UN88267719624811798&UM=&q=");
Line Found : user_pref("CT3220467.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3220467.search.searchAppId", "129813684149564738");
Line Found : user_pref("CT3220467.search.searchCount", "0");
Line Found : user_pref("CT3220467.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3220467.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3220467.searchSuggestEnabledByUser", "true");
Line Found : user_pref("CT3220467.searchUserMode", "UM_ID");
Line Found : user_pref("CT3220467.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220467.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3220467.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220467\"}");
Line Found : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv1.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v1 \"}");
Line Found : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3220467.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3220467.serviceLayer_services_Configuration_lastUpdate", "1380758013853");
Line Found : user_pref("CT3220467.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1380236993279");
Line Found : user_pref("CT3220467.serviceLayer_services_appTracking_lastUpdate", "1359099440426");
Line Found : user_pref("CT3220467.serviceLayer_services_appsMetadata_lastUpdate", "1380842789066");
Line Found : user_pref("CT3220467.serviceLayer_services_clientErrorLog_lastUpdate", "1363837781918");
Line Found : user_pref("CT3220467.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1380758013711");
Line Found : user_pref("CT3220467.serviceLayer_services_location_lastUpdate", "1373521805666");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354939419510");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358394471551");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364267213632");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359698373085");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360979142184");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.14.65.43_lastUpdate", "1373521805407");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369269797993");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373249398627");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374209649078");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.16.70.505_lastUpdate", "1378949394479");
Line Found : user_pref("CT3220467.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380842785997");
Line Found : user_pref("CT3220467.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1380758013745");
Line Found : user_pref("CT3220467.serviceLayer_services_searchAPI_lastUpdate", "1380758013859");
Line Found : user_pref("CT3220467.serviceLayer_services_serviceMap_lastUpdate", "1380758013388");
Line Found : user_pref("CT3220467.serviceLayer_services_setupAPI_lastUpdate", "1373521806104");
Line Found : user_pref("CT3220467.serviceLayer_services_toolbarContextMenu_lastUpdate", "1380758013670");
Line Found : user_pref("CT3220467.serviceLayer_services_toolbarSettings_lastUpdate", "1380842788996");
Line Found : user_pref("CT3220467.serviceLayer_services_translation_lastUpdate", "1380758013513");
Line Found : user_pref("CT3220467.settingsINI", true);
Line Found : user_pref("CT3220467.shouldFirstTimeDialog", "false");
Line Found : user_pref("CT3220467.showToolbarPermission", "false");
Line Found : user_pref("CT3220467.smartbar.CTID", "CT3220467");
Line Found : user_pref("CT3220467.smartbar.Uninstall", "0");
Line Found : user_pref("CT3220467.smartbar.homepage", true);
Line Found : user_pref("CT3220467.smartbar.toolbarName", "uTorrentControl_v1 ");
Line Found : user_pref("CT3220467.startPage", "userChanged");
Line Found : user_pref("CT3220467.toolbarBornServerTime", "13-10-2012");
Line Found : user_pref("CT3220467.toolbarCurrentServerTime", "4-10-2013");
Line Found : user_pref("CT3220467.toolbarLoginClientTime", "Wed Mar 20 2013 20:49:40 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CT3220467.upgradeFromClearSBVersion", true);
Line Found : user_pref("CT3220467.url_history0001.enc", "aHR0cDovL3d3dy55b3V0dWJlLmNvbS9yZXN1bHRzP3NlYXJjaF9xdWVyeT1zdGVyZW8rcGxheWVycytyZW1peCZwYWdlPTI6OjpjbGlja2hhbmRsZXI6OjoxMzgwNzY2MTI0NDIzLCwsaHR0cDovL3d3dy55[...]
Line Found : user_pref("CT3220467_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1380842784788,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=410&sr=0&q=");
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220467");
Line Found : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=EB_SSPV&Lay=1&UM=2&UP=SP8B7E673B-42AE-4184-9636-9517B2FC2263");
Line Found : user_pref("browser.search.order.1", "Search Results");
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&CUI=UN88267719624811798&UM=UM_ID&q=");
Line Found : user_pref("smartBar.searchInNewTabOwner", "CT3220467");
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3220467");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&CU[...]
Line Found : user_pref("smartbar.machineId", "AQEK9XS/OGDYSDFTTDPLROR2DH8OII3RRQRJ6OCYJ3+9/0NJ4MNMX3B/0XJTDDKWI2QB0/19UXVEEZV94YAXHG");
Line Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&q=");

*************************

AdwCleaner[R0].txt - [22339 octets] - [03/10/2013 16:34:18]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [22400 octets] ##########
spadones
Active Member
 
Posts: 7
Joined: October 1st, 2013, 7:43 pm

Re: Definate Virus Issues!! Please Help!

Unread postby spadones » October 3rd, 2013, 7:42 pm

System Look Log

SystemLook 04.09.10 by jpshortstuff
Log created at 16:38 on 03/10/2013 by Nick Spadoni
Administrator - Elevation successful

========== filefind ==========

Searching for "*Fun4IM*"
No files found.

Searching for "*Bandoo*"
No files found.

Searching for "*Searchnu*"
No files found.

Searching for "*Searchqu*"
C:\Users\Nick Spadoni\AppData\Local\Temp\Searchqu.ini --a---- 363 bytes [05:35 04/08/2012] [05:35 04/08/2012] 0699404C41B05F4E26A325BDACAC7612
C:\Users\Nick Spadoni\AppData\Local\Temp\searchqutoolbar-manifest.xml --a---- 9422 bytes [08:42 27/02/2012] [08:42 27/02/2012] B4CF632013D5A08B137DB737D2825F12
C:\Users\Nick Spadoni\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 4251168 bytes [05:35 04/08/2012] [05:35 04/08/2012] 396ABF3540839A6B6AD212806144C155

Searching for "*iLivid*"
No files found.

Searching for "*whitesmoke*"
No files found.

Searching for "*datamngr*"
C:\Users\Nick Spadoni\AppData\Local\Temp\SetupDataMngr_Searchqu.exe --a---- 4251168 bytes [05:35 04/08/2012] [05:35 04/08/2012] 396ABF3540839A6B6AD212806144C155

Searching for "*trolltech*"
No files found.

Searching for "*babylon*"
C:\Music\Music\Edward Shape & the Magnetic Zeros - Up Form Below\Up From Below\11 Kisses Over Babylon.mp3 --a---- 12628817 bytes [01:20 11/02/2012] [01:33 17/04/2011] CFFF2D2AA88DA2667C2AE80CAE2064F7
C:\Music\Music\Edward Sharpe & The Magnetic Zeros - Edward Sharpe & The Magnetic Zeros - 2009 (rhsiv)\11 Kisses Over Babylon.mp3 --a---- 10047800 bytes [01:20 11/02/2012] [01:32 17/04/2011] 1FD06D97DBB046422A321F4AF4A94BF6
C:\Music\Music\ed_solo_&_skool_of_thought_-_random_acts_of_kindness_2007\02_babylon breaks.mp3 --a---- 5325223 bytes [01:20 11/02/2012] [16:07 11/09/2010] 5FEE4EFFC6196F40EEC985318C769AFF
C:\Music\Music\NIN\Nine_Inch_Nails-Special_Tribute-2002\06_-_dead_city_babylon-radial.mp3 --a---- 3564088 bytes [01:27 11/02/2012] [21:46 06/03/2011] F35A876072E89A19BD587ECF674F390B

Searching for "*conduit*"
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll --a---- 1206600 bytes [16:11 07/09/2013] [16:11 07/09/2013] D30AECBCF91165E95F31B19BF4987454
C:\Users\Nick Spadoni\AppData\Local\Temp\CT3220467\conduitStatistics.csf --a---- 189 bytes [02:14 13/10/2012] [02:14 13/10/2012] B317DB75483E92FA97FB4ECF61E95030
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087.png --a---- 484 bytes [02:15 13/10/2012] [02:15 13/10/2012] 68B6C1DE4F0DD79D4793FEC7BD91B04A
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif --a---- 950 bytes [02:15 13/10/2012] [02:15 13/10/2012] EE3DCA0EABAE8D7DDEAC14E36B1142CD
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif --a---- 322 bytes [02:15 13/10/2012] [02:15 13/10/2012] 948781E4B6478290050ECA4423B89B1E
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\storage.conduit.com --a---- 160 bytes [06:26 18/11/2012] [06:09 19/11/2012] F84E9C140EEE7900F84A2D13EA14444D
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\ConduitAbstractionLayer.js --a---- 36087 bytes [07:23 15/09/2013] [07:23 15/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\ConduitAbstractionLayerBack.js --a---- 36087 bytes [07:23 15/09/2013] [07:23 15/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\ConduitAbstractionLayerFront.js --a---- 36087 bytes [07:23 15/09/2013] [07:23 15/09/2013] CBB1AF4F7DBA048100176BAB950B09BE
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\aboutBox\images\conduit-logo-OLD.png --a---- 1305 bytes [07:23 15/09/2013] [07:23 15/09/2013] 5F8EF9A0B050532B90B2645E9627E3F9
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\aboutBox\images\conduit-logo.png --a---- 3926 bytes [07:23 15/09/2013] [07:23 15/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\options\images\conduit-logo.png --a---- 3926 bytes [07:23 15/09/2013] [07:23 15/09/2013] 04EC2FEFD3A417F86E983508778A00DD
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\lib\log4conduit.jsm --a---- 760 bytes [07:23 15/09/2013] [07:23 15/09/2013] 93898FE6A232C5FCD838D8168F65D802
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\Plugins\npConduitFirefoxPlugin.dll --a---- 207136 bytes [07:23 15/09/2013] [07:23 15/09/2013] 0E52F63E8BA97B610400840C3057FAA4
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\conduit-search.xml --a---- 965 bytes [00:16 29/08/2013] [00:16 29/08/2013] DC47946D2BE5A4533432C31659D42B5F
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\conduit.xml --a---- 929 bytes [02:15 13/10/2012] [21:37 14/10/2012] 821785D600F33219AF99B93485DCCDBF

========== folderfind ==========

Searching for "*Fun4IM*"
No folders found.

Searching for "*Bandoo*"
No folders found.

Searching for "*Searchnu*"
No folders found.

Searching for "*Searchqu*"
No folders found.

Searching for "*iLivid*"
No folders found.

Searching for "*whitesmoke*"
No folders found.

Searching for "*datamngr*"
C:\Users\Nick Spadoni\AppData\LocalLow\DataMngr d------ [02:13 13/10/2012]

Searching for "*trolltech*"
No folders found.

Searching for "*babylon*"
No folders found.

Searching for "*conduit*"
C:\Program Files (x86)\Conduit d------ [02:14 13/10/2012]
C:\Users\Nick Spadoni\AppData\Local\Conduit d------ [02:14 13/10/2012]
C:\Users\Nick Spadoni\AppData\LocalLow\Conduit d------ [02:14 13/10/2012]

========== Regfind ==========

Searching for "Fun4IM"
No data found.

Searching for "Bandoo"
No data found.

Searching for "Searchnu"
No data found.

Searching for "Searchqu"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=100&systemid=410&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=100&systemid=410&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=100&systemid=410&qu={searchTerms}&ft=json"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
@="Searchqu Toolbar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
@="ISearchQueryHelper"
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
"SuggestionsURL_JSON"="http://www.searchqu.com/suggest.php?src=ieb&appid=100&systemid=410&qu={searchTerms}&ft=json"

Searching for "iLivid"
No data found.

Searching for "whitesmoke"
No data found.

Searching for "datamngr"
[HKEY_CURRENT_USER\Software\Datamngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7E0C223-4FE2-4358-89D4-A5FFDB3F692D}]
"AppPath"="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\InprocServer32]
@="C:\PROGRA~2\SEARCH~1\Datamngr\ToolBar\searchqudtx.dll"
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Datamngr]

Searching for "kelkoopartners"
No data found.

Searching for "trolltech"
[HKEY_CURRENT_USER\Software\Trolltech]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_CURRENT_USER\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Trolltech]
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QSqlDriverFactoryInterface:]
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.5\com.trolltech.Qt.QTextCodecFactoryInterface:]

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "conduit"
[HKEY_CURRENT_USER\Software\Conduit]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8B7E673B-42AE-4184-9636-9517B2FC2263"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"URL"="http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8B7E673B-42AE-4184-9636-9517B2FC2263&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"DisplayName"="Conduit Search"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"E78D5FE2DB7BF85448824E0D8B4B6EC5"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966\E78D5FE2DB7BF85448824E0D8B4B6EC5]
"File"="iSyncConduit.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\Community Alerts]
"Path"="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\HomePage]
"{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}"="http://search.conduit.com?SearchSource=10&ctid=CT3220467"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]
"Publisher"="Conduit"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
@="Conduit Community Alerts"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\InprocServer32]
@="C:\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc]
"DisplayName"="Search Protect by Conduit Service"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc]
"DisplayName"="Search Protect by Conduit Service"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc]
"DisplayName"="Search Protect by Conduit Service"
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Conduit]
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=2&UP=SP8B7E673B-42AE-4184-9636-9517B2FC2263"
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"URL"="http://search.conduit.com/Results.aspx?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=58&CUI=&UM=2&UP=SP8B7E673B-42AE-4184-9636-9517B2FC2263&q={searchTerms}"
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"SuggestionsURL_JSON"="http://suggest.search.conduit.com/CSuggestJson.ashx?prefix={searchTerms}"
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
"DisplayName"="Conduit Search"

-= EOF =-
spadones
Active Member
 
Posts: 7
Joined: October 1st, 2013, 7:43 pm

Re: Definate Virus Issues!! Please Help!

Unread postby Gary R » October 4th, 2013, 6:34 pm

Before we start to actually clean your machine: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

As an added safety precaution, before we start removing anything, I'd like you to make a backup of your Registry, which we can restore to if necessary.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

Please observe these rules while we work:
  • Do not edit your logs in any way whatsoever.
  • Perform all actions in the order given.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Stick with it till you're given the all clear.
  • Remember, absence of symptoms does not mean the infection is all gone.
  • Don't attempt to install any new software (other than those I ask you to) until we've got your computer clean.
  • Don't attempt to clean your computer with any tools other than the ones I ask you to use during the cleanup process. If your defensive programmes warn you about any of those tools, be assured that they are not infected, and are safe to use.
If you can do these things, everything should go smoothly.
  • As you're using Windows 7, it will be necessary to right click all tools we use and select ----> Run as Administrator

It may be helpful to you to print out or take a copy of any instructions given, as sometimes it is necessary to go offline and you will lose access to them.


  • Close your browser and double click on this icon on your desktop ... Image
  • You will then see the screen below ...

    Image
  • Click on the Scan button (as indicated).
  • Accept any prompts that appear and allow it to run. It may take several minutes to complete.
  • When it is done click on the Clean button, accept any prompts that appear and allow the system to reboot.
  • Upon reboot you will be presented with a "fix" report.
  • Please post the report in your next reply.

Next ....

  • Double click OTL.exe to launch the programme.
  • Copy/Paste the contents of the code box below into the Custom Scans/Fixes box.
Code: Select all
:Files
C:\Users\Nick Spadoni\AppData\Local\Temp\Searchqu.ini
C:\Users\Nick Spadoni\AppData\Local\Temp\searchqutoolbar-manifest.xml
C:\Users\Nick Spadoni\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Nick Spadoni\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
C:\Users\Nick Spadoni\AppData\Local\Temp\CT3220467\conduitStatistics.csf
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087.png
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif 
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif 
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\storage.conduit.com
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\ConduitAbstractionLayer.js
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\ConduitAbstractionLayerBack.js
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\ConduitAbstractionLayerFront.js
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\aboutBox\images\conduit-logo-OLD.png
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\aboutBox\images\conduit-logo.png 
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\options\images\conduit-logo.png --
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\lib\log4conduit.jsm
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\Plugins\npConduitFirefoxPlugin.dll
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\conduit-search.xml
C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\conduit.xml
C:\Users\Nick Spadoni\AppData\LocalLow\DataMngr
C:\Program Files (x86)\Conduit
C:\Users\Nick Spadoni\AppData\Local\Conduit 
C:\Users\Nick Spadoni\AppData\LocalLow\Conduit
ipconfig /flushdns /c

:Reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}]
[-HKEY_CURRENT_USER\Software\Datamngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7E0C223-4FE2-4358-89D4-A5FFDB3F692D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}]
[-HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Datamngr]
[-HKEY_CURRENT_USER\Software\Trolltech]
[-HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Trolltech]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
[-HKEY_CURRENT_USER\Software\Conduit]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc]
[-HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Conduit]
[HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\Main]
"Start Page"=-
[-HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
[-HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]
[-HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}]

:Commands
[emptytemp]
[resethosts]


  • Click the Run Fix button.
  • OTL will now process the instructions.
  • When finished a box will open asking you to open the fix log, click OK.
  • The fix log will open.
  • Copy/Paste the log in your next reply please.

Note: If necessary, OTL may re-boot your computer, or request that you do so, if it does, re-boot your computer. A log will be produced upon re-boot.

Summary of the logs I need from you in your next post:
  • ADWCleaner log
  • OTL fix log


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Definate Virus Issues!! Please Help!

Unread postby spadones » October 4th, 2013, 7:28 pm

# AdwCleaner v3.006 - Report created 04/10/2013 at 16:24:57
# Updated 01/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Nick Spadoni - NICKSPADONI
# Running from : C:\Users\Nick Spadoni\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : CltMngSvc

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\blekko toolbars
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\Searchprotect
Folder Deleted : C:\Windows\SysWOW64\Searchprotect
Folder Deleted : C:\Users\Nick Spadoni\AppData\Local\Conduit
Folder Deleted : C:\Users\Nick Spadoni\AppData\Local\Searchprotect
Folder Deleted : C:\Users\NICKSP~1\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\NICKSP~1\AppData\Local\Temp\CT3220467
Folder Deleted : C:\Users\Nick Spadoni\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Nick Spadoni\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\Smartbar
Folder Deleted : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467
Folder Deleted : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\Extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}
File Deleted : C:\Users\NICKSP~1\AppData\Local\Temp\Searchqu.ini
File Deleted : C:\Users\NICKSP~1\AppData\Local\Temp\searchqutoolbar-manifest.xml
File Deleted : C:\Users\NICKSP~1\AppData\Local\Temp\SetupDataMngr_Searchqu.exe
File Deleted : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\askcomsearch.xml
File Deleted : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\Conduit.xml
File Deleted : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\conduit-search.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\search.xml
File Deleted : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220467
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{35B8892D-C3FB-4D88-990D-31DB2EBD72BD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{93E3D79C-0786-48FF-9329-93BC9F6DC2B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F607E46-0D3C-4442-B1DE-DE7FA4768F5C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FE0273D1-99DF-4AC0-87D5-1371C6271785}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\prefs.js ]

Line Deleted : user_pref("16F58F32-A9FC-4D0B-9607-00A1119F69A6.license", "M2iNThT%2BaaB52q%2BoEpowgBSI8o6deoaCi7NfHKJfGjY6CrmCCbRlBemnUeXCf31OjbsMl3mSSBIi9A2h%2FcXDeBX%2FtJiZ0q4TuL7aFNKD37iDJ%2BgQZUdbOkKfRZi4QyH1mxS[...]
Line Deleted : user_pref("CT3220467.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM4MDg0NTY2MywidXVpZCI6ODE2NjIwNTQzMjc2ODUyLCJzZXFfaWQiOjExMSwic3NiIjoxMzUwMDk0NTA1fQ==");
Line Deleted : user_pref("CT3220467.CBOpenMAMSettings.enc", "MA==");
Line Deleted : user_pref("CT3220467.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220467.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220467.FirstTime", "true");
Line Deleted : user_pref("CT3220467.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3220467.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220467.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220467.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Deleted : user_pref("CT3220467.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220467.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3220467.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3220467.SF_USER_ID.enc", "Y2lkXzE3NDIwMTMxOTkxMzc5MzEyOTI=");
Line Deleted : user_pref("CT3220467.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&q=");
Line Deleted : user_pref("CT3220467.UserID", "UN88267719624811798");
Line Deleted : user_pref("CT3220467.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3220467.autoDisableScopes", -1);
Line Deleted : user_pref("CT3220467.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3220467.cb_experience_000.enc", "NDEw");
Line Deleted : user_pref("CT3220467.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3220467.cb_user_id_000.enc", "Q0I5MzI4Mjc2NTIwMThfMTM1ODA0MzQ0OTc4MV9GaXJlZm94");
Line Deleted : user_pref("CT3220467.cbcountry_001.enc", "Q0E=");
Line Deleted : user_pref("CT3220467.cbfirsttime.enc", "RnJpIE9jdCAxMiAyMDEyIDE5OjE1OjA0IEdNVC0wNzAwIChQYWNpZmljIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT3220467.countryCode", "CA");
Line Deleted : user_pref("CT3220467.embeddedsData", "[{\"appId\":\"129813684149564738\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3220467.enableAlerts", "always");
Line Deleted : user_pref("CT3220467.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3220467.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3220467.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3220467.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3220467.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3220467.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3220467.fixUrls", true);
Line Deleted : user_pref("CT3220467.fullUserID", "UN88267719624811798.UP.20130711172554");
Line Deleted : user_pref("CT3220467.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc", "b3BlbnBvc2l0aW9uPW9mZnNldDo1MDs1MCxzYXZlbG9jYXRpb249MCxyZXNpemFibGU9bm8sc2Nyb2xsYmFycz1ubyx0aXRsZW[...]
Line Deleted : user_pref("CT3220467.installId", "fftAB0B.tmp.exe");
Line Deleted : user_pref("CT3220467.installType", "XPE");
Line Deleted : user_pref("CT3220467.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3220467.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220467.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3220467.isNewTabEnabled", true);
Line Deleted : user_pref("CT3220467.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3220467.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3220467.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220467.keyword", true);
Line Deleted : user_pref("CT3220467.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220467&octid=CT3220467&SearchSource=15&CUI=UN88267719624811798&SSPV=&Lay=1&UM=UM_ID\"}[...]
Line Deleted : user_pref("CT3220467.lastVersion", "10.20.0.513");
Line Deleted : user_pref("CT3220467.mam_gk_appStateReportTime.enc", "MTM4MDkyNjkyMTcxMQ==");
Line Deleted : user_pref("CT3220467.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3220467.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3220467.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Deleted : user_pref("CT3220467.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3220467.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3220467.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIyZDU2MWE3OC0xYjllLTQxNzAtYTMxMS01YWQ4OTIwM2JmYzgiLCJ[...]
Line Deleted : user_pref("CT3220467.mam_gk_currentBadgeValue.enc", "MA==");
Line Deleted : user_pref("CT3220467.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3220467.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3220467.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3220467.mam_gk_lastLoginTime.enc", "MTM4MDkyNjkxNTE5NQ==");
Line Deleted : user_pref("CT3220467.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3220467.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220467.mam_gk_newApps.enc", "W10=");
Line Deleted : user_pref("CT3220467.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220467.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0EiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3220467.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0EiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3220467.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3220467.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Deleted : user_pref("CT3220467.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Deleted : user_pref("CT3220467.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0EiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3220467.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQ0EiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3220467.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220467.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3220467.mam_gk_userId.enc", "ODBhYzk4YmQtMzY0YS00ZWM5LWEzZTQtMjlmZTJjZGYxMjBl");
Line Deleted : user_pref("CT3220467.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3220467.mam_gk_user_apps_selection.enc", "");
Line Deleted : user_pref("CT3220467.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3220467.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3220467.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://uTorrentControlv1.OurToolbar.com/\",\"[...]
Line Deleted : user_pref("CT3220467.openThankYouPage", "true");
Line Deleted : user_pref("CT3220467.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3220467.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&CUI=UN88267719624811798&UM=&q=");
Line Deleted : user_pref("CT3220467.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3220467.search.searchAppId", "129813684149564738");
Line Deleted : user_pref("CT3220467.search.searchCount", "0");
Line Deleted : user_pref("CT3220467.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3220467.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3220467.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3220467.searchUserMode", "UM_ID");
Line Deleted : user_pref("CT3220467.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220467.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220467.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220467\"}");
Line Deleted : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv1.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v1 \"}");
Line Deleted : user_pref("CT3220467.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220467.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3220467.serviceLayer_services_Configuration_lastUpdate", "1380845663299");
Line Deleted : user_pref("CT3220467.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1380236993279");
Line Deleted : user_pref("CT3220467.serviceLayer_services_appTracking_lastUpdate", "1359099440426");
Line Deleted : user_pref("CT3220467.serviceLayer_services_appsMetadata_lastUpdate", "1380928358057");
Line Deleted : user_pref("CT3220467.serviceLayer_services_clientErrorLog_lastUpdate", "1363837781918");
Line Deleted : user_pref("CT3220467.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1380758013711");
Line Deleted : user_pref("CT3220467.serviceLayer_services_location_lastUpdate", "1373521805666");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354939419510");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358394471551");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.14.370.524_lastUpdate", "1364267213632");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359698373085");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.14.42.7_lastUpdate", "1360979142184");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.14.65.43_lastUpdate", "1373521805407");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.15.0.562_lastUpdate", "1369269797993");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373249398627");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374209649078");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.16.70.505_lastUpdate", "1378949394479");
Line Deleted : user_pref("CT3220467.serviceLayer_services_login_10.20.0.513_lastUpdate", "1380926912585");
Line Deleted : user_pref("CT3220467.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1380758013745");
Line Deleted : user_pref("CT3220467.serviceLayer_services_searchAPI_lastUpdate", "1380845663217");
Line Deleted : user_pref("CT3220467.serviceLayer_services_serviceMap_lastUpdate", "1380845662879");
Line Deleted : user_pref("CT3220467.serviceLayer_services_setupAPI_lastUpdate", "1373521806104");
Line Deleted : user_pref("CT3220467.serviceLayer_services_toolbarContextMenu_lastUpdate", "1380758013670");
Line Deleted : user_pref("CT3220467.serviceLayer_services_toolbarSettings_lastUpdate", "1380928358061");
Line Deleted : user_pref("CT3220467.serviceLayer_services_translation_lastUpdate", "1380845662693");
Line Deleted : user_pref("CT3220467.settingsINI", true);
Line Deleted : user_pref("CT3220467.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3220467.showToolbarPermission", "false");
Line Deleted : user_pref("CT3220467.smartbar.CTID", "CT3220467");
Line Deleted : user_pref("CT3220467.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3220467.smartbar.homepage", true);
Line Deleted : user_pref("CT3220467.smartbar.toolbarName", "uTorrentControl_v1 ");
Line Deleted : user_pref("CT3220467.startPage", "userChanged");
Line Deleted : user_pref("CT3220467.toolbarBornServerTime", "13-10-2012");
Line Deleted : user_pref("CT3220467.toolbarCurrentServerTime", "5-10-2013");
Line Deleted : user_pref("CT3220467.toolbarLoginClientTime", "Wed Mar 20 2013 20:49:40 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CT3220467.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3220467.url_history0001.enc", "aHR0cDovL3d3dy55b3V0dWJlLmNvbS9yZXN1bHRzP3NlYXJjaF9xdWVyeT1zdGVyZW8rcGxheWVycytyZW1peCZwYWdlPTI6OjpjbGlja2hhbmRsZXI6OjoxMzgwNzY2MTI0NDc3LCwsaHR0cDovL3d3dy55[...]
Line Deleted : user_pref("CT3220467_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1380928353291,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&appid=100&systemid=410&sr=0&q=");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3220467");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=EB_SSPV&Lay=1&UM=2&UP=SP8B7E673B-42AE-4184-9636-9517B2FC2263");
Line Deleted : user_pref("browser.search.order.1", "Search Results");
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&CUI=UN88267719624811798&UM=UM_ID&q=");
Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3220467");
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3220467");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&CU[...]
Line Deleted : user_pref("smartbar.machineId", "AQEK9XS/OGDYSDFTTDPLROR2DH8OII3RRQRJ6OCYJ3+9/0NJ4MNMX3B/0XJTDDKWI2QB0/19UXVEEZV94YAXHG");
Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3220467&SearchSource=2&q=");

*************************

AdwCleaner[R0].txt - [22521 octets] - [03/10/2013 16:34:18]
AdwCleaner[R1].txt - [22580 octets] - [04/10/2013 16:24:22]
AdwCleaner[S0].txt - [22351 octets] - [04/10/2013 16:24:57]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [22412 octets] ##########
spadones
Active Member
 
Posts: 7
Joined: October 1st, 2013, 7:43 pm

Re: Definate Virus Issues!! Please Help!

Unread postby spadones » October 4th, 2013, 7:38 pm

All processes killed
========== FILES ==========
File\Folder C:\Users\Nick Spadoni\AppData\Local\Temp\Searchqu.ini not found.
File\Folder C:\Users\Nick Spadoni\AppData\Local\Temp\searchqutoolbar-manifest.xml not found.
File\Folder C:\Users\Nick Spadoni\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File\Folder C:\Users\Nick Spadoni\AppData\Local\Temp\SetupDataMngr_Searchqu.exe not found.
File\Folder C:\Users\Nick Spadoni\AppData\Local\Temp\CT3220467\conduitStatistics.csf not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\http___storage_conduit_com_53_307_CT3072253_Images_634520779497696087.png not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\http___storage_conduit_com_Images_ClientResources_mini_browser.gif not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\http___storage_conduit_com_images_searchengines_search_icon.gif not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\CT3220467\toolbarImages\storage.conduit.com not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\ConduitAbstractionLayer.js not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\ConduitAbstractionLayerBack.js not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\ConduitAbstractionLayerFront.js not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\aboutBox\images\conduit-logo-OLD.png not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\aboutBox\images\conduit-logo.png not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\chrome\CT3220467\content\tb\al\options\images\conduit-logo.png -- not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\lib\log4conduit.jsm not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\extensions\{49c795c2-604a-4d18-aeb1-b3eba27e5ea2}\Plugins\npConduitFirefoxPlugin.dll not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\conduit-search.xml not found.
File\Folder C:\Users\Nick Spadoni\AppData\Roaming\Mozilla\Firefox\Profiles\cdyd21ey.default\searchplugins\conduit.xml not found.
C:\Users\Nick Spadoni\AppData\LocalLow\DataMngr folder moved successfully.
File\Folder C:\Program Files (x86)\Conduit not found.
File\Folder C:\Users\Nick Spadoni\AppData\Local\Conduit not found.
File\Folder C:\Users\Nick Spadoni\AppData\LocalLow\Conduit not found.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Users\Nick Spadoni\Desktop\cmd.bat deleted successfully.
C:\Users\Nick Spadoni\Desktop\cmd.txt deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\Searchqu Toolbar uninstall_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SearchquMediaBar_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2410}\ not found.
Registry key HKEY_CURRENT_USER\Software\Datamngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\DataMngr\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7E0C223-4FE2-4358-89D4-A5FFDB3F692D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C7E0C223-4FE2-4358-89D4-A5FFDB3F692D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\datamngrUI_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{99079a25-328f-4bd4-be04-00955acaa0a7}\ not found.
Registry key HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Datamngr\ not found.
Registry key HKEY_CURRENT_USER\Software\Trolltech\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Trolltech\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}\ not found.
Registry key HKEY_CURRENT_USER\Software\Conduit\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Conduit\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\CltMngSvc\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\CltMngSvc\ not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CltMngSvc\ not found.
Registry key HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Conduit\ not found.
Registry value HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\Main\\Start Page not found.
Registry key HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_USERS\S-1-5-21-2566976380-3637404318-253377450-1001\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}\ not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Nick Spadoni
->Temp folder emptied: 247850576 bytes
->Temporary Internet Files folder emptied: 105507852 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 82128962 bytes
->Flash cache emptied: 62601 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 361012781 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 42321173 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 800.00 mb

C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.69.0 log created on 10042013_162952

Files\Folders moved on Reboot...
C:\Users\Nick Spadoni\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Nick Spadoni\AppData\Local\Temp\MMDUtl.log moved successfully.
File move failed. C:\Windows\temp\dsiwmis.log scheduled to be moved on reboot.
File move failed. C:\Windows\temp\LMutilps.log scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP00000001443A2DCF5BCD4245 not found!

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
spadones
Active Member
 
Posts: 7
Joined: October 1st, 2013, 7:43 pm

Re: Definate Virus Issues!! Please Help!

Unread postby Gary R » October 5th, 2013, 1:26 am

Looking good so far, now we need to find out if we've missed anything ....

First ...

Run a new scan with OTL ...

  • Double click OTL.exe to launch the programme.
  • Check the following.
    • Scan all users.
    • Standard Output.
    • Lop check.
    • Purity check.
  • Click the Run Scan button and wait for the scan to finish (usually about 10-15 mins).
  • When finished this time it will produce only one log.
    • OTL.txt (open on your desktop).
  • Please post me the log.

Next ...

Please run a scan with ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.
  • Please go HERE then click on Run ESET Online Scanner
Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • Select the option YES, I accept the Terms of Use then click on: Image
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on: Image
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed click on Start to start the scan.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed you will be presented with a list of found threats ....
    • Click on the List of found threats link
    • Click on Export to text file
    • Save as ESET.txt to your Desktop
  • Exit out of ESET Online Scanner.
  • Post me the contents of ESET.txt please.

Summary of the logs I need from you in your next post:
  • OTL.txt
  • E-Set log
  • Let me know how your computer is behaving please.


Please post each log separately to prevent it being cut off by the forum post size limiter. Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire

Re: Definate Virus Issues!! Please Help!

Unread postby Gary R » October 8th, 2013, 8:26 am

Due to lack of response, this topic is now closed.

If you still require help, please open a new thread in the Infected? Virus, malware, adware, ransomware, oh my! forum, include a fresh FRST log, and wait for a new helper.
User avatar
Gary R
Administrator
Administrator
 
Posts: 25888
Joined: June 28th, 2005, 11:36 am
Location: Yorkshire
Advertisement
Register to Remove


  • Similar Topics
    Replies
    Views
    Last post

Return to Infected? Virus, malware, adware, ransomware, oh my!



Who is online

Users browsing this forum: No registered users and 129 guests

Contact us:

Advertisements do not imply our endorsement of that product or service. Register to remove all ads. The forum is run by volunteers who donate their time and expertise. We make every attempt to ensure that the help and advice posted is accurate and will not cause harm to your computer. However, we do not guarantee that they are accurate and they are to be used at your own risk. All trademarks are the property of their respective owners.

Member site: UNITE Against Malware