|
|
|
Virus problem - please help !
|
|
AfterDawn Addict
|
1. March 2013 @ 16:10 |
Link to this message
|
Yeah, I know..... :(
But some of those little tricks let me know where the edge of the learning curve is and where I must do a little patronizing... :)
|
|
Advertisement
|
|
|
|
|
DADEO1
Member
|
1. March 2013 @ 16:13 |
Link to this message
|
|
I've been following these posts as they could help me sometime down the road. I would like to commend 2oldGeek for his patience and assistance in helping this fellow.
Well done sir.
|
AfterDawn Addict
|
1. March 2013 @ 16:24 |
Link to this message
|
|
Thanks for the flowers, DADEO.
After over 50 years working on computers and 3 heart attacks I try my best to stay as calm as possible.
2oG
|
|
dweb175
Suspended due to non-functional email address
|
1. March 2013 @ 23:47 |
Link to this message
|
Results of screen317's Security Check version 0.99.60
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````Antivirus/Firewall Check:``````````````
avast! Free Antivirus
ZoneAlarm Free Firewall
ZoneAlarm Firewall
ZoneAlarm LTD Toolbar
ZoneAlarm Security
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.70.0.1100
CCleaner
Adobe Flash Player 11.6.602.171
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
AVAST Software Avast AvastSvc.exe
CheckPoint ZoneAlarm vsmon.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 1%
````````````````````End of Log``````````````````````
# AdwCleaner v2.113 - Logfile created 03/01/2013 at 23:14:06
# Updated 23/02/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Andy - YOUR-613C368C53
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Andy\My Documents\Downloads\adwcleaner.exe
# Option [Search]
***** [Services] *****
***** [Files / Folders] *****
File Found : C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\Askcom.xml
File Found : C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\funmoods.xml
File Found : C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\Search_Results.xml
File Found : C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\zonealarm.xml
Folder Found : C:\DOCUME~1\Andy\LOCALS~1\Temp\boost_interprocess
Folder Found : C:\Documents and Settings\All Users.WINDOWS\Application Data\APN
Folder Found : C:\Documents and Settings\Andy\Application Data\Babylon
Folder Found : C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\ConduitCommon
Folder Found : C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\extensions\crossriderapp5060@crossrider.com
Folder Found : C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\FCTB
Folder Found : C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\jetpack
Folder Found : C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\Searchqutoolbar
Folder Found : C:\Documents and Settings\Andy\Application Data\OpenCandy
Folder Found : C:\Documents and Settings\Andy\Application Data\yourfiledownloader
Folder Found : C:\Documents and Settings\Andy\Local Settings\Application Data\Babylon
Folder Found : C:\Documents and Settings\Andy\Local Settings\Application Data\Conduit
Folder Found : C:\Documents and Settings\Andy\Local Settings\Application Data\Ilivid Player
Folder Found : C:\Documents and Settings\Andy\Start Menu\Programs\TornTV.com
Folder Found : C:\Program Files\Conduit
***** [Registry] *****
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\ConduitSearchScopes
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB536AF2-E422-402D-B7FD-887297F1A198}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{1631550F-191D-4826-B069-D9439253D926}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{520BD054-EEEE-487C-84E8-D5B2DFFE5C18}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CC59E0F9-7E43-44FA-9FAA-8377850BF205}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB536AF2-E422-402D-B7FD-887297F1A198}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Found : HKCU\Software\PriceGong
Key Found : HKCU\Software\Smart Suggestor
Key Found : HKCU\Software\SmartBar
Key Found : HKCU\Software\YourFileDownloader
Key Found : HKLM\Software\AVG Secure Search
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FC41815-FA4C-4F8B-B143-2C045C8EA2FC}
Key Found : HKLM\SOFTWARE\Classes\AppID\{21493C1F-D071-496A-9C27-450578888291}
Key Found : HKLM\SOFTWARE\Classes\AppID\{403A885F-CB00-40C1-BDC1-EB09053194F7}
Key Found : HKLM\SOFTWARE\Classes\AppID\{55C1727F-5535-4C2A-9601-8C2458608B48}
Key Found : HKLM\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46DF-B041-1E593282C7D0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{A7DDCBDE-5C86-415C-8A37-763AE183E7E4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DiscoveryHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\GIFAnimator.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMTrProgress.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\IMWeb.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WMHelper.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Classes\ilivid
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{5E8CD073-21DF-4117-9BBD-D03C45D36CAE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CA1CE38C-F04C-471F-B9F3-083C58165C10}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO
Key Found : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\demmlacpnijjgliknaehpamnnbncnodb
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\Software\ilivid
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{872F3C0B-4462-424C-BB9F-74C6899B9F92}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B6F8DA9F-2696-419E-A8A3-19BE41EF51BD}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\YourFileDownloader
Key Found : HKU\S-1-5-21-299502267-261903793-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-299502267-261903793-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}
Key Found : HKU\S-1-5-21-299502267-261903793-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKU\S-1-5-21-299502267-261903793-839522115-1004\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
***** [Internet Browsers] *****
-\\ Internet Explorer v8.0.6001.18702
[OK] Registry is clean.
-\\ Mozilla Firefox v [Unable to get version]
File : C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\prefs.js
Found : user_pref("CT2786678..clientLogIsEnabled", false);
Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2786678.AppTrackingLastCheckTime", "Sat Jun 09 2012 21:57:14 GMT-0400 (Eastern Standard[...]
Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Found : user_pref("CT2786678.CTID", "CT2786678");
Found : user_pref("CT2786678.CurrentServerDate", "19-7-2012");
Found : user_pref("CT2786678.DSInstall", false);
Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Wed Jul 18 2012 19:52:26 GMT-0400 (Eastern Standa[...]
Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Found : user_pref("CT2786678.EMailNotifierPollDate", "Tue Jun 26 2012 22:11:34 GMT-0400 (Eastern Standard Ti[...]
Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Tue Jun 26 2012 21:26:25 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Tue Jun 26 2012 21:26:24 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Tue Jun 26 2012 21:26:24 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Tue Jun 26 2012 21:26:24 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Tue Jun 26 2012 21:26:25 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Tue Jun 26 2012 21:26:24 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Tue Jun 26 2012 21:26:24 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Tue Jun 26 2012 21:26:25 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Tue Jun 26 2012 21:26:25 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Tue Jun 26 2012 21:26:24 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Tue Jun 26 2012 21:26:24 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Found : user_pref("CT2786678.FirstServerDate", "15-1-2012");
Found : user_pref("CT2786678.FirstTime", true);
Found : user_pref("CT2786678.FirstTimeFF3", true);
Found : user_pref("CT2786678.FixPageNotFoundErrors", true);
Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2786678.HPInstall", false);
Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Found : user_pref("CT2786678.HomePageProtectorEnabled", false);
Found : user_pref("CT2786678.HomepageBeforeUnload", "hxxp://www.google.com/");
Found : user_pref("CT2786678.Initialize", true);
Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2786678.InstallationId", "ConduitXPEIntegration");
Found : user_pref("CT2786678.InstallationType", "ConduitXPEIntegration");
Found : user_pref("CT2786678.InstalledDate", "Sat Jan 14 2012 18:04:52 GMT-0500 (Eastern Standard Time)");
Found : user_pref("CT2786678.IsAlertDBUpdated", true);
Found : user_pref("CT2786678.IsGrouping", false);
Found : user_pref("CT2786678.IsInitSetupIni", true);
Found : user_pref("CT2786678.IsMulticommunity", false);
Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Jul 17 2012 22:52:29 GMT-0400 (Eastern Standar[...]
Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2786678.LastLogin_3.10.0.1", "Wed Apr 18 2012 02:13:15 GMT-0400 (Eastern Standard Time)[...]
Found : user_pref("CT2786678.LastLogin_3.12.0.7", "Tue Apr 24 2012 20:20:47 GMT-0400 (Eastern Standard Time)[...]
Found : user_pref("CT2786678.LastLogin_3.12.2.3", "Thu May 31 2012 01:09:54 GMT-0400 (Eastern Standard Time)[...]
Found : user_pref("CT2786678.LastLogin_3.13.0.6", "Mon Jul 16 2012 15:02:47 GMT-0400 (Eastern Standard Time)[...]
Found : user_pref("CT2786678.LastLogin_3.14.1.0", "Wed Jul 18 2012 19:52:26 GMT-0400 (Eastern Standard Time)[...]
Found : user_pref("CT2786678.LastLogin_3.8.1.0", "Sat Jan 14 2012 22:35:48 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT2786678.LastLogin_3.9.0.3", "Fri Mar 09 2012 07:41:18 GMT-0500 (Eastern Standard Time)"[...]
Found : user_pref("CT2786678.LatestVersion", "3.13.0.6");
Found : user_pref("CT2786678.Locale", "en");
Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Found : user_pref("CT2786678.MCDetectTooltipShow", false);
Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2786678.OriginalFirstVersion", "3.8.1.0");
Found : user_pref("CT2786678.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2786678.SearchBoxWidth", 150);
Found : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
Found : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Tue Jul 17 2012 22:52:21 GMT-0400 (Eastern Stand[...]
Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2786678.SearchProtectorEnabled", false);
Found : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Tue Jul 17 2012 22:52:25 GMT-0400 (Eastern Standard [...]
Found : user_pref("CT2786678.SettingsLastCheckTime", "Wed Jul 18 2012 19:52:21 GMT-0400 (Eastern Standard Ti[...]
Found : user_pref("CT2786678.SettingsLastUpdate", "1340118047");
Found : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Mon Jun 11 2012 14:27:08 GMT-0400 (Eastern Sta[...]
Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2786678.UserID", "UN29763875286892894");
Found : user_pref("CT2786678.ValidationData_Search", 2);
Found : user_pref("CT2786678.ValidationData_Toolbar", 2);
Found : user_pref("CT2786678.WeatherNetwork", "");
Found : user_pref("CT2786678.WeatherPollDate", "Tue Jun 26 2012 22:11:34 GMT-0400 (Eastern Standard Time)");
Found : user_pref("CT2786678.WeatherUnit", "C");
Found : user_pref("CT2786678.alertChannelId", "1178763");
Found : user_pref("CT2786678.approveUntrustedApps", false);
Found : user_pref("CT2786678.autoDisableScopes", -1);
Found : user_pref("CT2786678.backendstorage.cb_experience_000", "37");
Found : user_pref("CT2786678.backendstorage.cb_firstuse0100", "31");
Found : user_pref("CT2786678.backendstorage.cb_user_id_000", "43423532363437343634373931385F46697265666F78")[...]
Found : user_pref("CT2786678.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT2786678.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT2786678.backendstorage.cbfirsttime", "536174204A616E20313420323031322031383A30353A33392[...]
Found : user_pref("CT2786678.backendstorage.pairingkey", "39444342304645443037323833424345303031353044333236[...]
Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F7777772E6D7573636C65646973637573736[...]
Found : user_pref("CT2786678.backendstorage.url_history0001", "687474703A2F2F7777772E6D7573636C6564697363757[...]
Found : user_pref("CT2786678.backendstorage.url_history_time", "31333236353832353236393135");
Found : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32373230372C226C6162656C223A5B5D[...]
Found : user_pref("CT2786678.components.129526967958500204", false);
Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Wed Jun 06 2012 13:57:34 GMT-0400 (Eastern [...]
Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2786678.initDone", true);
Found : user_pref("CT2786678.isAppTrackingManagerOn", true);
Found : user_pref("CT2786678.myStuffEnabled", true);
Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129789450454597254[...]
Found : user_pref("CT2786678.revertSettingsEnabled", false);
Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Found : user_pref("CT2786678.testingCtid", "");
Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Tue Jul 17 2012 22:52:26 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sat Jun 02 2012 23:30:49 GMT-0400 (Eastern S[...]
Found : user_pref("CT2786678.usagesFlag", 2);
Found : user_pref("CT2790392..clientLogIsEnabled", false);
Found : user_pref("CT2790392..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2790392..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2790392.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Found : user_pref("CT2790392.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2790392.AppTrackingLastCheckTime", "Fri Jun 08 2012 23:50:43 GMT-0400 (Eastern Standard[...]
Found : user_pref("CT2790392.BrowserCompStateIsOpen_129633547190125290", true);
Found : user_pref("CT2790392.CTID", "CT2790392");
Found : user_pref("CT2790392.CurrentServerDate", "19-7-2012");
Found : user_pref("CT2790392.DSInstall", false);
Found : user_pref("CT2790392.DialogsAlignMode", "LTR");
Found : user_pref("CT2790392.DialogsGetterLastCheckTime", "Wed Jul 18 2012 01:50:49 GMT-0400 (Eastern Standa[...]
Found : user_pref("CT2790392.DownloadReferralCookieData", "");
Found : user_pref("CT2790392.EMailNotifierPollDate", "Thu Jun 14 2012 15:56:30 GMT-0400 (Eastern Standard Ti[...]
Found : user_pref("CT2790392.FeedLastCount129313977501788460", 474);
Found : user_pref("CT2790392.FeedPollDate129313974171006416", "Thu Jun 14 2012 14:24:33 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedPollDate129313975698350231", "Thu Jun 14 2012 14:24:33 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedPollDate129313976370850190", "Thu Jun 14 2012 14:24:33 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedPollDate129313976648818968", "Thu Jun 14 2012 14:24:33 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedPollDate129313977444757117", "Thu Jun 14 2012 14:24:34 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedPollDate129313980389131455", "Thu Jun 14 2012 14:24:34 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedPollDate129313980655381977", "Thu Jun 14 2012 14:24:34 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedPollDate129313980886163259", "Thu Jun 14 2012 14:24:34 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedPollDate129313981234756535", "Thu Jun 14 2012 14:24:34 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedPollDate129313983226631720", "Thu Jun 14 2012 14:24:34 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedPollDate129313983607725691", "Thu Jun 14 2012 14:24:35 GMT-0400 (Eastern St[...]
Found : user_pref("CT2790392.FeedTTL129313974171006416", 10);
Found : user_pref("CT2790392.FeedTTL129313977444757117", 15);
Found : user_pref("CT2790392.FeedTTL129313980655381977", 5);
Found : user_pref("CT2790392.FeedTTL129313981234756535", 5);
Found : user_pref("CT2790392.FirstServerDate", "6-6-2012");
Found : user_pref("CT2790392.FirstTime", true);
Found : user_pref("CT2790392.FirstTimeFF3", true);
Found : user_pref("CT2790392.FixPageNotFoundErrors", true);
Found : user_pref("CT2790392.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2790392.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2790392.HPInstall", false);
Found : user_pref("CT2790392.HasUserGlobalKeys", true);
Found : user_pref("CT2790392.HomePageProtectorEnabled", false);
Found : user_pref("CT2790392.HomepageBeforeUnload", "hxxp://search.babylon.com/?affID=109928&babsrc=HP_ss&mn[...]
Found : user_pref("CT2790392.Initialize", true);
Found : user_pref("CT2790392.InitializeCommonPrefs", true);
Found : user_pref("CT2790392.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2790392.InstallationId", "fft305A.tmp.exe");
Found : user_pref("CT2790392.InstallationType", "XPE");
Found : user_pref("CT2790392.InstalledDate", "Tue Jun 05 2012 23:45:01 GMT-0400 (Eastern Standard Time)");
Found : user_pref("CT2790392.IsAlertDBUpdated", true);
Found : user_pref("CT2790392.IsGrouping", false);
Found : user_pref("CT2790392.IsInitSetupIni", true);
Found : user_pref("CT2790392.IsMulticommunity", false);
Found : user_pref("CT2790392.IsOpenThankYouPage", true);
Found : user_pref("CT2790392.IsOpenUninstallPage", false);
Found : user_pref("CT2790392.LanguagePackLastCheckTime", "Tue Jul 17 2012 23:28:58 GMT-0400 (Eastern Standar[...]
Found : user_pref("CT2790392.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2790392.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2790392.LastLogin_3.12.0.8", "Tue Jun 05 2012 23:45:09 GMT-0400 (Eastern Standard Time)[...]
Found : user_pref("CT2790392.LastLogin_3.13.0.6", "Mon Jul 16 2012 15:03:16 GMT-0400 (Eastern Standard Time)[...]
Found : user_pref("CT2790392.LastLogin_3.14.1.0", "Wed Jul 18 2012 19:52:39 GMT-0400 (Eastern Standard Time)[...]
Found : user_pref("CT2790392.LatestVersion", "3.13.0.6");
Found : user_pref("CT2790392.Locale", "en");
Found : user_pref("CT2790392.MCDetectTooltipHeight", "83");
Found : user_pref("CT2790392.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2790392.MCDetectTooltipWidth", "295");
Found : user_pref("CT2790392.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2790392.OriginalFirstVersion", "3.12.0.8");
Found : user_pref("CT2790392.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2790392.SearchCaption", "BitTorrentBar Customized Web Search");
Found : user_pref("CT2790392.SearchEngineBeforeUnload", "Search the web (Babylon)");
Found : user_pref("CT2790392.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2790392.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT279[...]
Found : user_pref("CT2790392.SearchInNewTabEnabled", true);
Found : user_pref("CT2790392.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2790392.SearchInNewTabLastCheckTime", "Tue Jul 17 2012 23:28:43 GMT-0400 (Eastern Stand[...]
Found : user_pref("CT2790392.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2790392.SearchProtectorEnabled", false);
Found : user_pref("CT2790392.SearchProtectorToolbarDisabled", false);
Found : user_pref("CT2790392.SendProtectorDataViaLogin", true);
Found : user_pref("CT2790392.ServiceMapLastCheckTime", "Tue Jul 17 2012 23:29:00 GMT-0400 (Eastern Standard [...]
Found : user_pref("CT2790392.SettingsLastCheckTime", "Wed Jul 18 2012 19:52:33 GMT-0400 (Eastern Standard Ti[...]
Found : user_pref("CT2790392.SettingsLastUpdate", "1340177243");
Found : user_pref("CT2790392.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2790392&SearchSource=13");
Found : user_pref("CT2790392.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2790392.ThirdPartyComponentsLastCheck", "Tue Jun 05 2012 23:44:58 GMT-0400 (Eastern Sta[...]
Found : user_pref("CT2790392.ThirdPartyComponentsLastUpdate", "1331805997");
Found : user_pref("CT2790392.ToolbarShrinkedFromSetup", false);
Found : user_pref("CT2790392.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2790392");
Found : user_pref("CT2790392.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2790392.UserID", "UN66168736286820146");
Found : user_pref("CT2790392.ValidationData_Search", 2);
Found : user_pref("CT2790392.ValidationData_Toolbar", 2);
Found : user_pref("CT2790392.WeatherNetwork", "");
Found : user_pref("CT2790392.WeatherPollDate", "Thu Jun 14 2012 15:39:25 GMT-0400 (Eastern Standard Time)");
Found : user_pref("CT2790392.WeatherUnit", "F");
Found : user_pref("CT2790392.alertChannelId", "1182482");
Found : user_pref("CT2790392.autoDisableScopes", 14);
Found : user_pref("CT2790392.backendstorage.cbcountry_000", "5553");
Found : user_pref("CT2790392.backendstorage.cbcountry_001", "5553");
Found : user_pref("CT2790392.backendstorage.cbfirsttime", "547565204A756E20303520323031322032333A34353A31322[...]
Found : user_pref("CT2790392.backendstorage.facebook_mode", "32");
Found : user_pref("CT2790392.backendstorage.facebook_user_locale", "656E");
Found : user_pref("CT2790392.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Found : user_pref("CT2790392.backendstorage.url_history0001", "687474703A2F2F7777772E6D7573636C6564697363757[...]
Found : user_pref("CT2790392.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2790392.globalFirstTimeInfoLastCheckTime", "Tue Jun 05 2012 23:45:00 GMT-0400 (Eastern [...]
Found : user_pref("CT2790392.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2790392.initDone", true);
Found : user_pref("CT2790392.isAppTrackingManagerOn", true);
Found : user_pref("CT2790392.myStuffEnabled", true);
Found : user_pref("CT2790392.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2790392.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2790392.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2790392.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2790392.navigateToUrlOnSearch", false);
Found : user_pref("CT2790392.revertSettingsEnabled", false);
Found : user_pref("CT2790392.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2790392.searchProtectorEnableByLogin", true);
Found : user_pref("CT2790392.testingCtid", "");
Found : user_pref("CT2790392.toolbarAppMetaDataLastCheckTime", "Tue Jul 17 2012 23:29:00 GMT-0400 (Eastern S[...]
Found : user_pref("CT2790392.toolbarContextMenuLastCheckTime", "Tue Jun 05 2012 23:45:10 GMT-0400 (Eastern S[...]
Found : user_pref("CT2790392.usagesFlag", 2);
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2790392/CT2790392[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2790392", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2790392",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"229[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Andy\\Application [...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");
Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://listen.grooveshark.com/ ", "-88x124");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://cdn.triplegames.com/shared/apps/gamearcade/ar[...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://facebook.conduitapps.com/v3.13/gadget.html", [...]
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://listen.grooveshark.com/ ", "800x592");
Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://youtube.conduitapps.com/v115/gadget.php?appMo[...]
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,CT2790392");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT2790392");
Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2786678,CT2790392");
Found : user_pref("CommunityToolbar.facebook.alerts.enabled", true);
Found : user_pref("CommunityToolbar.facebook.alerts.eventsEnabled", true);
Found : user_pref("CommunityToolbar.facebook.alerts.friendReqEnabled", true);
Found : user_pref("CommunityToolbar.facebook.alerts.groupsEnabled", true);
Found : user_pref("CommunityToolbar.facebook.alerts.inboxEnabled", true);
Found : user_pref("CommunityToolbar.facebook.alerts.newsFeedsEnabled", false);
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sat Apr 14 2012 23:59:47 GMT-0400 (Eas[...]
Found : user_pref("CommunityToolbar.globalUserId", "20ff9bbd-fe64-4cb5-91b2-b74aef6dd329");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2790392");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Tue Jun 26 2012 21:26:2[...]
Found : user_pref("CommunityToolbar.notifications.alertEnabled", false);
Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jun 05 2012 22:57:56 GMT-040[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Jun 26 2012 21:26:26 GMT-0400 (E[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "4bbac332-e87f-46e4-baa7-99f578e30945");
Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");
Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties[...]
Found : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Found : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Found : user_pref("browser.search.order.1", "Search Results");
Found : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Found : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109928");
Found : user_pref("extensions.BabylonToolbar_i.hardId", "1cac6a810000000000000016767a09ba");
Found : user_pref("extensions.BabylonToolbar_i.id", "1cac6a810000000000000016767a09ba");
Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15458");
Found : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Found : user_pref("extensions.BabylonToolbar_i.newTab", true);
Found : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=109928&babsrc=N[...]
Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:43:21");
Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Found : user_pref("extensions.funmoods_i.aflt", "nv1");
Found : user_pref("extensions.funmoods_i.dfltLng", "");
Found : user_pref("extensions.funmoods_i.dfltSrch", true);
Found : user_pref("extensions.funmoods_i.dnsErr", true);
Found : user_pref("extensions.funmoods_i.excTlbr", false);
Found : user_pref("extensions.funmoods_i.hmpg", true);
Found : user_pref("extensions.funmoods_i.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=nv1");
Found : user_pref("extensions.funmoods_i.id", "1cac6a810000000000000016767a09ba");
Found : user_pref("extensions.funmoods_i.instlDay", "15382");
Found : user_pref("extensions.funmoods_i.instlRef", "");
Found : user_pref("extensions.funmoods_i.newTab", true);
Found : user_pref("extensions.funmoods_i.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=nv1");
Found : user_pref("extensions.funmoods_i.prdct", "funmoods");
Found : user_pref("extensions.funmoods_i.prtnrId", "funmoods");
Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Found : user_pref("extensions.funmoods_i.srchPrvdr", "Search");
Found : user_pref("extensions.funmoods_i.tlbrId", "base");
Found : user_pref("extensions.funmoods_i.tlbrSrchUrl", "hxxp://start.funmoods.com/results.php?f=3&a=nv1&q=")[...]
Found : user_pref("extensions.funmoods_i.vrsn", "1.5.11.16");
Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.11.1619:02:39");
Found : user_pref("extensions.funmoods_i.vrsni", "1.5.11.16");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.AutoSearchEventData", "auto%20search");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ClearCacheDate", 18);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DNSCatch", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DisplayEULA", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.DnsCatchEventData", "dns%20catch");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.EBOMode", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.FirstLaunchShown", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.InstallDomain", "freecause.com");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.InstallType", "standard");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.LoadLayoutDate.100815", 18);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.NewTabSearchEventData", "tab%20search");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.ShowRecommendedOptions", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.StateReportDate", "1342638711197");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.TopRightSearchEventData", "top%20right%20search[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeInstallSaved", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.homepage", "www.yahoo.com");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.beforeinstall.search", "Search%20Results");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.customNewTab", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.helpUsImprove", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.hideOthers", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.partnerauth", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.processAddrBar", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.restoreSearch", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.runcmd.", "bb_acct_status_1342662775");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.searchHistory", true);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.session", "25512BD3FC86027C23434A7098F80E0B9617[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.showFirstLaunchOptions", false);
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tb_lang", "en");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.tool_id", "100815");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_id", "115697134");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_key", "6509f3f570212a38f999d681bfbb8ca58ec[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_layouts", "100815");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.user_lnames", "fcreward.100815.b");
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
Found : user_pref("freecause758d6aeb75e49f24fd4951b640add07f.yahooSearch", true);
Found : user_pref("extensions.SmartSuggestor.aid", "10036");
-\\ Google Chrome v25.0.1364.97
File : C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences
Found [l.1609] : homepage = "hxxp://blekko.com/ws/?source=c3348dd4&toolbarid=blekkotb_031&u=E723415B2DAB5AE81BBEFC5052C48BC9&tbp=homepage",
-\\ Opera v [Unable to get version]
File : C:\Documents and Settings\Andy\Application Data\Opera\Opera\operaprefs.ini
[OK] File is clean.
*************************
AdwCleaner[R1].txt - [43433 octets] - [01/03/2013 23:14:06]
########## EOF - C:\AdwCleaner[R1].txt - [43494 octets] ##########
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:22:52 PM, on 3/1/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
--
End of file - 2662 bytes
Here are the logs of #1 - security check #2-adware cleaner # 3 hijackthis ... junkwear removal was looked at as being a malware when downloading the link so I never ran it . I went into ducuments and settings and clicked on all users- windows , application data and found the yellow folder that says strong vault online backup and can't delete it .I receive a message stating " cannot delete ctxmenu.dll explorer exe log . It is being used by another person or program . Close any programs that might be using the file and try again .
Your mind will quit before your body does .
|
|
dweb175
Suspended due to non-functional email address
|
1. March 2013 @ 23:51 |
Link to this message
|
Originally posted by 2oldGeek:
Thanks for the flowers, DADEO.
After over 50 years working on computers and 3 heart attacks I try my best to stay as calm as possible.
2oG
I didn't think they had computers 50 years ago . We never used them when I was in school and I graduated high school in 1990 .
Your mind will quit before your body does .
|
|
DADEO1
Member
|
2. March 2013 @ 01:40 |
Link to this message
|
I did notice Torn TV. Here's a little bit about it. What do you think?
"TornTV is a free software that let's it's users watch TV using their computers. On it's own this program is not a virus or malware, however it's developers are using deceptive monetization methods - they bundle their free software with various browser plug-ins which changes user's Internet browsers settings and causes redirect problems. Majority of free software developers bundle their programs with one toolbar or pug-in, but TornTV developers have bundled their software with several. When computer users install TornTV on their computers they will also install Babylon toolbar and Yontoo adware on their machines.
These additionally installed browser add-ons will cause browser redirects and unwanted ads appear while browsing the Internet. Furthermore these browser add-ons will cause Internet browser slowdowns. To avoid such problems computer users should closely inspect every free software installation window, uncheck any ticks which asks you to install additional browser add-ons or to change your Internet browser settings (homepage, default search engine). While TornTV is not a computer virus or malware it's an unwanted application which installs additional adware on users computer."
FROM : http://www.pcrisk.com/removal-guides/6908-remove-torntv-adware
|
AfterDawn Addict
|
2. March 2013 @ 09:51 |
Link to this message
|
@DADEO1, you tagged it!
@dweb175, that?s looking better but still some work to be done.
Quote:
junkwear removal was looked at as being a malware when downloading the link so I never ran it .
Sometimes malware removal software is looked at as malware by an antivirus scanner. That?s because it has to use the same kind of routines to remove the malware as the malware used to infect you. It?s safe! So, please let the junkwear removal tool run and post the Log.
Also, the Log from HJT looks way too short as if there are missing lines. Please re-run the HijackThis and post another Log.
Quote:
I went into ducuments and settings and clicked on all users- windows , application data and found the yellow folder that says strong vault online backup and can't delete it .
Since Andy (you?) is the administrator, instead of going to all users, go to Andy and see if you can find it there. You may not be able to delete because something else is using the files in it so, what you need to do is go to Safe Mode and delete it from there. Do you know how to use Safe Mode? If not, let me know..
Quote:
I didn't think they had computers 50 years ago . We never used them when I was in school and I graduated high school in 1990 .
Do you live under a rock? We had computers in the 1940?s, they just weren?t desktops or laptops, they took up whole buildings. Check this out: http://www.computerhistory.org/revoluti...uters/7/161/565
This is one of the computers I worked with in 1965.
Post a jrt Log and a new HJT log and let me know how it's running. any problems?
2oG
________________________________________
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
ddp
Moderator
|
2. March 2013 @ 12:44 |
Link to this message
|
|
dweb, had computers at my school as i finished there in june 1980. weren't pc's as were 1 of the tandy model series, model 1 i think.
|
AfterDawn Addict
|
2. March 2013 @ 13:08 |
Link to this message
|
I was computer marketing manager for Tandy/Radio Shack in 1980 - the computer was TRS-80 Model I with a Intel Z-80 processor running at 1.44 MHz and 16 kB of ram unless it had the expansion interface on it and you could get 48 kB of ram.. No HD it used 5.25" floppy disks or a portable tape recorder to save programs. Speed, speed, speed... LMAO
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
ddp
Moderator
|
2. March 2013 @ 13:38 |
Link to this message
|
|
my stepfather had the model 4 which i had to resolder all the solder points on the floppy disk controller so it would boot.
|
|
DADEO1
Member
|
2. March 2013 @ 13:50 |
Link to this message
|
|
Hey, we bought a Tandy computer at Radio Shack. Wow, it seems like a long time ago. My one big project was putting a parts cross reference and prices in alphabetical order.
|
AfterDawn Addict
|
2. March 2013 @ 13:55 |
Link to this message
|
|
yeah, Model 4 they took the 16k ROM Basic interpreter out of the Model III so us Geeks could have a 64k machine that we could program in machine code languages and have a little more room.
|
AfterDawn Addict
|
2. March 2013 @ 14:08 |
Link to this message
|
|
in the 80's, I taught computer literacy at an Education Service Center to teachers so they could teach the kids and it was a hoot. back then No one knew anything about computers it was all new ground..
|
|
dweb175
Suspended due to non-functional email address
|
2. March 2013 @ 16:03 |
Link to this message
|
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.6 (02.27.2013:1)
OS: Microsoft Windows XP x86
Ran by Andy on Sat 03/02/2013 at 15:24:09.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\babylon
Successfully deleted: [Registry Key] hkey_current_user\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\conduit
Successfully deleted: [Registry Key] hkey_current_user\software\datamngr
Successfully deleted: [Registry Key] hkey_local_machine\software\default tab
Successfully deleted: [Registry Key] hkey_local_machine\software\freeze.com
Successfully deleted: [Registry Key] hkey_current_user\software\igearsettings
Successfully deleted: [Registry Key] hkey_current_user\software\ilivid
Successfully deleted: [Registry Key] hkey_local_machine\software\ilivid
Successfully deleted: [Registry Key] hkey_current_user\software\im
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\pricegong
Successfully deleted: [Registry Key] hkey_current_user\software\smartbar
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_current_user\software\yourfiledownloader
Successfully deleted: [Registry Key] hkey_local_machine\software\yourfiledownloader
Successfully deleted: [Registry Key] hkey_current_user\software\appdatalow\software\conduit
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\browserconnection.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\discoveryhelper.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\dnsbho.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\gifanimator.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\imtrprogress.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\imweb.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\wmhelper.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\yontooieclient.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\prod.cap
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\qwiklinxbho
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\qwiklinxbho.1
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{171debeb-c3d4-40b7-ac73-056a5eba4a7e}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{3bd44f0e-0596-4008-aee0-45d47e3a8f0e}
Successfully deleted: [Registry Key] hkey_classes_root\clsid\{3c471948-f874-49f5-b338-4f214a2ee0b1}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{6a1806cd-94d4-4689-ba73-e35ea1ea9990}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{95b7759c-8c7f-4bf1-b163-73684a933233}
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Documents and Settings\All Users.WINDOWS\application data\strongvault online backup"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Application Data\drivercure"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Application Data\fighters"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Application Data\opencandy"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Application Data\pc cleaners"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Application Data\yourfiledownloader"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Local Settings\Application Data\babylon"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Local Settings\Application Data\blekkotb_031"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Local Settings\Application Data\conduit"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Local Settings\Application Data\ilivid player"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Local Settings\Application Data\stronghold_llc"
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Local Settings\Application Data\strongvault online backup"
Successfully deleted: [Folder] "C:\Program Files\conduit"
Successfully deleted: [Folder] "C:\WINDOWS\system32\ai_recyclebin"
~~~ Chrome
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\jplinpmadfkdgipabgcdchbdikologlh
Successfully deleted: [Registry Key] hkey_local_machine\software\google\chrome\extensions\niapdbllcanepiiimjjndipklodoedlc
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 03/02/2013 at 15:38:59.43
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 3:40:46 PM, on 3/2/2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O4 - HKLM\..\Run: [ZoneAlarm] "C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe"
O4 - HKLM\..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: COMODO livePCsupport Service (CLPSLS) - COMODO - C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
O23 - Service: GoToMyPC - Unknown owner - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm LTD Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Oracle Corporation - C:\Program Files\Java\jre7\bin\jqs.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: PEVSystemStart - Unknown owner - C:\ComboFix\pev.3XE
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
--
End of file - 2714 bytes
Here are the logs and I went back to documents and settings and checked both folders including the one you told me to and I can't find strong vult and it's still on my pc . Maybe it's hiding somewhere else .
Your mind will quit before your body does .
|
AfterDawn Addict
|
2. March 2013 @ 16:41 |
Link to this message
|
Strong vault was deleted by jrt:
Quote:
Successfully deleted: [Folder] "C:\Documents and Settings\Andy\Local Settings\Application Data\strongvault online backup"
Quote:
I can't find strong vult and it's still on my pc . Maybe it's hiding somewhere else .
What leads you to believe it's still there?
2oG
|
|
dweb175
Suspended due to non-functional email address
|
3. March 2013 @ 00:23 |
Link to this message
|
|
Every time I click to open a desk top icon the strong vault pop- up still appears to open that leads me to believe it's not gone . I know there's a way to remove this because my local computer shop already has with a man who had strong vault on his computer and I really don't want to spend 65 bucks to do this .
Your mind will quit before your body does .
|
AfterDawn Addict
|
3. March 2013 @ 00:49 |
Link to this message
|
Well, don?t give up so soon and you can save yourself $65?
You do know it?s slower going back and forth on a forum than it is for someone to sit down at the computer and clean it with out all of the delays and misunderstandings.
It?s your computer and you can do what you want with it ? it?s my time and I offered it to you without charge ? you do understand that the pay rate here sucks ? so if you would like to continue we can dig a little deeper?? if not, go spend your $65..
If you wish to continue, follow the instructions:
1. Download Combo fix from one of these locations.
* IMPORTANT !!! Place combofix.exe on your Desktop
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe
2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
Go to -> Here for your reference.
Click start > run and Copy and Paste this in exactly, using the picture below for reference, then click OK.
"%userprofile%\desktop\combofix.exe" /killall
3. Combo will begin to run DO NOTHING while this is happening.
? Do not attempt to use the internet or anything else while it's running.
? Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
? It will kill a few processes and disconnect you from the internet.
? If by chance it stops prematurely you can re-establish your internet connection by restarting your computer. It does set a restore point before running.
? This needs to be done so the program can work most efficiently for you.
**Understand that things like your system clock changing and your desktop disappearing might happen. Do not worry, because all will be restored later.
If when it's completed you can not get on the internet just reboot the computer
Post the log from comboFix for me located in
c:\comboFix.txt
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 3. March 2013 @ 00:51
|
|
dweb175
Suspended due to non-functional email address
|
3. March 2013 @ 15:31 |
Link to this message
|
|
In seem to be having a problem with combofix when attempting to run it . It's telling me to disable Avira anti- virus when I no longer have it installed on my computer . There must be traces of this anti- virus after I uninstalled it months ago and need to find something to remove what's left . I still ran combofix for almost a half hour and found nothing so far .
Your mind will quit before your body does .
|
AfterDawn Addict
|
3. March 2013 @ 16:16 |
Link to this message
|
dweb175,
Originally posted by dweb175:
In seem to be having a problem with combofix when attempting to run it . It's telling me to disable Avira anti- virus when I no longer have it installed on my computer . There must be traces of this anti- virus after I uninstalled it months ago and need to find something to remove what's left . I still ran combofix for almost a half hour and found nothing so far .
There has been a ton of malware removed from your machine at this time..
You know, if you could have had it cleaned for $65 that might have been a real good deal.. Just kidding!
Is Combofix still running? It will not tell you if it finds something, that's not the way it works. It does take quite a while to prepare a report but shouldn't be that long...
Give it about an hour and if it's not done--- Reboot!
Then:
DDS is a diagnostic tool, which scans your computer and produces logs which can be analysed and interpreted by your helper.
To run a scan with DDS .....
Please Download DDS and save it to your Desktop. Alternate Download
? Double click dds.scr to run the tool.
? If using Vista or Windows 7 you will be prompted by UAC, please allow the prompt.
? DDS will now scan your computer.
? When the scan is complete, DDS will open two (2) logs:
o DDS.txt
o Attach.txt
? If not saved these logs will be automatically deleted when closed, so save both to your Desktop.
? Please note it is important that you post BOTH logs in your topic.
Please note: DDS will ask you to attach the second log (Attach.txt), please ignore this notice and post the log instead.
added later:
I am guessing that what you have may be a root kit that?s hiding the file I?m looking for.
So, if you will also run this OTL scan I will be able to look even deeper into the system and see if something shows up.
Like I said, I don?t have a crystal ball so, the more of these X-Rays I have, the sooner I?ll be able to find something.
-Download and run OTL-
Download OTL by Old Timer and save it to your Desktop.
? Double click on OTL.exe to run it.
? Under Output, ensure that Minimal Output is selected.
? Under Extra Registry section, select Use SafeList.
? Click the Scan All Users checkbox.
? Click on Run Scan at the top left hand corner.
? When done, two Notepad files will open.
o OTL.txt <-- Will be opened and is what I need posted back here.
o Extra.txt <-- Will be minimized - save this one on your desktop in case I ask for it later
? Please post the contents of OTL.txt and DDS Logs in your next reply.
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves...This message has been edited since posting. Last time this message was edited on 3. March 2013 @ 18:13
|
|
dweb175
Suspended due to non-functional email address
|
4. March 2013 @ 01:27 |
Link to this message
|
OTL logfile created on: 3/3/2013 10:33:54 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Andy\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
502.07 Mb Total Physical Memory | 225.97 Mb Available Physical Memory | 45.01% Memory free
1.20 Gb Paging File | 0.87 Gb Available in Paging File | 72.68% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 29.98 Gb Free Space | 40.24% Space Free | Partition Type: NTFS
Computer Name: YOUR-613C368C53 | User Name: Andy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2013/03/03 22:10:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Andy\My Documents\Downloads\OTL.exe
PRC - [2013/01/02 14:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2013/01/02 13:38:50 | 000,073,984 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2012/11/22 09:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe
PRC - [2012/11/22 09:32:54 | 000,738,984 | ---- | M] (Check Point Software Technologies) -- C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
PRC - [2012/10/30 18:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/10/06 16:34:49 | 000,161,768 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe
PRC - [2008/03/07 02:46:18 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2013/03/03 14:09:22 | 002,063,872 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\13030301\algo.dll
MOD - [2011/11/02 17:01:38 | 000,411,024 | ---- | M] () -- C:\Program Files\Best Uninstall Tool\Contextmenu.dll
[color=#E56717]========== Services (SafeList) ==========[/color]
SRV - File not found [Auto | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe Start=service -- (GoToMyPC)
SRV - File not found [On_Demand | Stopped] -- %SystemRoot%\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/02/27 00:20:56 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/01/02 14:10:28 | 002,448,032 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012/12/14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/11/22 09:33:18 | 000,497,320 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2012/10/30 18:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/10/06 16:34:49 | 000,161,768 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/11/23 05:27:04 | 001,052,472 | ---- | M] (COMODO) [Auto | Running] -- C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe -- (CLPSLS)
SRV - [2011/06/26 01:45:56 | 000,256,000 | R--- | M] () [Auto | Stopped] -- C:\ComboFix\pev.3XE -- (PEVSystemStart)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Andy\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2013/03/03 22:11:14 | 000,035,144 | ---- | M] () [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV - [2013/01/03 15:49:42 | 000,033,512 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\taphss.sys -- (taphss)
DRV - [2013/01/02 13:38:52 | 000,528,000 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (Vsdatant)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/11/22 09:33:30 | 000,027,056 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2012/10/30 18:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 18:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 18:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 18:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 18:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 18:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2012/10/30 18:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2011/09/02 01:31:28 | 000,039,192 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2011/09/02 01:31:28 | 000,030,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2011/09/02 01:31:20 | 000,041,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2011/09/02 01:30:58 | 000,012,184 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/07/27 01:24:28 | 001,171,464 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2003/11/17 15:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 15:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 15:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6A 27 CE 7C EB 03 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{24622B8C-47ED-49AB-A0F1-C1F754E99F9C}: "URL" = http://search.zonealarm.com/search?Sour...ffiliateId=1002 tlbrid=ZoneAlarmSecurity&Lan=en&utid=1cac6a810000000000000016767a09ba&q={searchTerms}&r=609
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: leo@www.who-views-facebook-profile.com:1.0.1
FF - prefs.js..extensions.enabledAddons: plugin@videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.14.1.0
FF - prefs.js..extensions.enabledAddons: {88c7f2aa-f93f-432c-8f0e-b7d85967a527}:3.14.1.0
FF - prefs.js..extensions.enabledAddons: {758d6aeb-75e4-9f24-fd49-51b640add07f}:1.300.428
FF - prefs.js..browser.startup.homepage: "http://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114693585820488-1002&toolbarId=base&affiliateId=1002 tlbrid=ZoneAlarmSecurity&Lan=en&utid=1cac6a810000000000000016767a09ba"
FF - prefs.js..keyword.URL: "http://search.zonealarm.com/search?Source=Browser&oemCode=ZLN114693585820488-1002&toolbarId=base&affiliateId=1002 tlbrid=ZoneAlarmSecurity&Lan=en&utid=1cac6a810000000000000016767a09ba&q={searchTerms}"
FF - prefs.js..browser.search.selectedEngine: "Search By ZoneAlarm"
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin1017300.dll (Amazon.com, Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\TrustChecker [2013/02/03 19:10:52 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}: C:\Program Files\Wajam\Firefox\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
[2012/06/26 20:38:40 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Extensions
[2012/01/17 19:41:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Extensions\songbird@songbirdnest.com
[2013/02/22 22:52:00 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\extensions
[2012/09/12 21:14:20 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\extensions\crossriderapp5060@crossrider.com
[2012/01/03 16:27:44 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\askcom.xml
[2012/02/11 19:02:29 | 000,001,797 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\funmoods.xml
[2012/06/22 23:52:50 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\Search_Results.xml
[2012/09/13 11:56:09 | 000,001,523 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Mozilla\Firefox\Profiles\djjsybuj.default\searchplugins\zonealarm.xml
[2013/02/14 23:55:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla FireFox\extensions
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ANDY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DJJSYBUJ.DEFAULT\EXTENSIONS\{758D6AEB-75E4-9F24-FD49-51B640ADD07F}.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ANDY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DJJSYBUJ.DEFAULT\EXTENSIONS\{88C7F2AA-F93F-432C-8F0E-B7D85967A527}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ANDY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DJJSYBUJ.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ANDY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DJJSYBUJ.DEFAULT\EXTENSIONS\LEO@WWW.WHO-VIEWS-FACEBOOK-PROFILE.COM.XPI
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ANDY\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\DJJSYBUJ.DEFAULT\EXTENSIONS\PLUGIN@VIDEOFILEDOWNLOAD.COM
[color=#E56717]========== Chrome ==========[/color]
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://blekko.com/ws/?source=c3348dd4&t...C9&tbp=homepage
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_265.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\Andy\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U3 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll
O1 HOSTS File: ([2013/03/02 23:37:30 | 000,000,019 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4 - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKLM..\RunOnce: [DelContextmenu] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Activities present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - mswsock.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - mswsock.dll File not found
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 65.32.5.111 65.32.5.112
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71A89B86-A7A4-449D-A745-C8F27B96E03A}: DhcpNameServer = 65.32.5.111 65.32.5.112
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:2 (My Current Home Page) - About:Home
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2010/06/28 22:42:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2013/03/03 22:01:02 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013/03/03 14:48:41 | 000,000,000 | --SD | C] -- C:\ComboFix
[2013/03/03 14:41:35 | 000,000,000 | ---D | C] -- C:\Program Files\Best Uninstall Tool
[2013/03/03 14:16:29 | 000,000,000 | ---D | C] -- C:\Program Files\VS Revo Group
[2013/03/02 23:46:28 | 000,000,000 | ---D | C] -- C:\JRT
[2013/03/02 15:24:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2013/03/02 00:18:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
[2013/03/01 23:56:58 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Andy\Recent
[2013/03/01 00:05:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\ZC DivX to DVD Creator
[2013/03/01 00:04:57 | 000,000,000 | ---D | C] -- C:\Program Files\ZC DivX to DVD Creator
[2013/02/28 18:28:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Ashampoo
[2013/02/28 03:02:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\uTorrent
[2013/02/27 15:12:18 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2013/02/26 15:34:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013/02/26 03:04:45 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013/02/26 00:32:12 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013/02/26 00:32:12 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013/02/26 00:32:12 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013/02/26 00:32:12 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013/02/26 00:21:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013/02/25 22:22:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\CheckPoint
[2013/02/25 21:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\VS Revo Group
[2013/02/25 19:15:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/02/25 19:14:52 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013/02/25 19:14:52 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2013/02/25 16:43:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Apple Computer
[2013/02/25 16:41:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\CCleaner
[2013/02/25 16:41:23 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013/02/25 16:37:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\K-Lite Codec Pack
[2013/02/25 16:37:50 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINDOWS\System32\ac3acm.acm
[2013/02/25 01:35:50 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2013/02/25 01:30:30 | 000,000,000 | --SD | C] -- C:\AI_RecycleBin
[2013/02/25 01:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\internethelper
[2013/02/25 01:24:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Flash Player Pro
[2013/02/25 01:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Flash Player Pro
[2013/02/25 01:24:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\My Documents\Flash Player Pro
[2013/02/25 00:27:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\DDMSettings
[2013/02/25 00:25:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\DivX
[2013/02/25 00:23:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DivX Plus
[2013/02/25 00:22:22 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2013/02/25 00:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\DivX
[2013/02/24 23:55:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\InstaCodecs
[2013/02/24 22:40:07 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\WINDOWS\System32\trayicon_handler.ocx
[2013/02/24 00:52:36 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2013/02/23 23:43:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\My Documents\ForceField Shared Files
[2013/02/23 23:23:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2013/02/23 13:24:38 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2013/02/22 23:30:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Aimersoft
[2013/02/22 23:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\Avg2013
[2013/02/22 19:31:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\DVDStyler
[2013/02/22 18:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\Aimersoft
[2013/02/22 18:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Aimersoft
[2013/02/22 15:16:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\.thumb
[2013/02/15 05:52:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Start Menu\Programs\AviSynth 2.5
[2013/02/15 00:28:59 | 000,000,000 | ---D | C] -- C:\Program Files\ffdshow
[2013/02/15 00:27:47 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\WINDOWS\System32\pncrt.dll
[2013/02/15 00:21:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\APN
[2013/02/14 23:15:15 | 000,000,000 | ---D | C] -- C:\users
[2013/02/14 23:07:07 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla FireFox
[2013/02/12 19:13:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Google Drive
[2013/02/12 19:11:54 | 000,021,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2013/02/12 19:11:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\avast! Free Antivirus
[2013/02/12 19:11:53 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2013/02/12 19:11:45 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2013/02/12 19:11:44 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2013/02/12 19:11:43 | 000,738,504 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2013/02/12 19:11:42 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2013/02/12 19:11:42 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2013/02/12 19:11:36 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2013/02/12 19:09:41 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2013/02/12 19:09:35 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2013/02/12 19:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013/02/12 18:52:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\WMTools Downloaded Files
[2013/02/06 22:36:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\DriverGenius
[2013/02/06 19:31:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\VOS
[2013/02/06 19:02:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\SlimWare Utilities Inc
[2013/02/03 19:09:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Check Point
[2013/02/03 17:54:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup
[2013/02/03 02:06:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Windows PowerShell 1.0
[2013/02/03 00:54:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\Mipony
[2013/02/03 00:52:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\DSite
[2013/02/02 19:35:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users.WINDOWS\Application Data\TuneUp Software
[2013/02/02 19:33:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Application Data\DVDVideoSoft
[2013/02/02 18:59:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\iDVDSee
[2013/02/02 18:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Andy\Local Settings\Application Data\ImTOO
[2012/05/02 19:23:41 | 011,881,936 | ---- | C] (Citrix Online, a division of Citrix Systems, Inc.) -- C:\Documents and Settings\Andy\gosetup.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2013/03/03 22:11:14 | 000,035,144 | ---- | M] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/03/03 14:41:23 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/03 14:39:10 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-839522115-1004UA.job
[2013/03/03 14:33:14 | 000,000,360 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2013/03/03 14:32:39 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/03 14:32:25 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/02 23:20:17 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/02 21:39:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-299502267-261903793-839522115-1004Core.job
[2013/03/02 15:40:22 | 000,002,445 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\HiJackThis.lnk
[2013/03/02 15:21:47 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/01 23:58:29 | 000,015,788 | ---- | M] () -- C:\Documents and Settings\Andy\My Documents\cc_20130301_235825.reg
[2013/03/01 00:05:15 | 000,000,868 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\ZC DivX to DVD Creator.lnk
[2013/03/01 00:05:15 | 000,000,850 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\ZC DivX to DVD Creator.lnk
[2013/02/28 18:38:29 | 000,417,525 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2013/02/27 00:20:54 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/27 00:20:53 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/26 01:07:50 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2013/02/25 22:01:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/25 19:15:01 | 000,000,802 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/25 19:15:01 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/25 16:41:34 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2013/02/25 01:24:31 | 000,000,778 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Flash Player Pro.lnk
[2013/02/25 00:55:01 | 000,009,728 | ---- | M] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/02/25 00:26:00 | 000,001,486 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\DivX Movies.lnk
[2013/02/25 00:25:05 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Plus Player.lnk
[2013/02/25 00:24:02 | 000,000,817 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Plus Converter.lnk
[2013/02/23 03:01:05 | 000,002,295 | ---- | M] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/02/23 03:01:03 | 000,002,277 | ---- | M] () -- C:\Documents and Settings\Andy\Desktop\Google Chrome.lnk
[2013/02/13 04:33:32 | 000,112,584 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/02/13 03:43:28 | 000,473,174 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/02/13 03:43:28 | 000,076,076 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/02/12 19:11:56 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2013/02/12 19:11:43 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2013/02/03 19:09:50 | 000,000,539 | ---- | M] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\ZoneAlarm Security.lnk
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2013/03/03 22:11:14 | 000,035,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamchameleon.sys
[2013/03/01 23:58:27 | 000,015,788 | ---- | C] () -- C:\Documents and Settings\Andy\My Documents\cc_20130301_235825.reg
[2013/03/01 00:05:15 | 000,000,868 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\ZC DivX to DVD Creator.lnk
[2013/03/01 00:05:15 | 000,000,850 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\ZC DivX to DVD Creator.lnk
[2013/02/26 01:07:50 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2013/02/26 00:32:12 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013/02/26 00:32:12 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013/02/26 00:32:12 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013/02/26 00:32:12 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013/02/26 00:32:12 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013/02/25 22:01:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/02/25 19:15:01 | 000,000,802 | ---- | C] () -- C:\Documents and Settings\Andy\Application Data\Microsoft\Internet Explorer\Quick Launch\Malwarebytes Anti-Malware.lnk
[2013/02/25 19:15:00 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\Malwarebytes Anti-Malware.lnk
[2013/02/25 16:41:34 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\CCleaner.lnk
[2013/02/25 16:37:53 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2013/02/25 16:37:53 | 000,243,200 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2013/02/25 16:37:53 | 000,216,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lagarith.dll
[2013/02/25 16:37:50 | 000,178,688 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2013/02/25 01:24:31 | 000,000,778 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\Flash Player Pro.lnk
[2013/02/25 00:26:00 | 000,001,486 | ---- | C] () -- C:\Documents and Settings\Andy\Desktop\DivX Movies.lnk
[2013/02/25 00:25:05 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Plus Player.lnk
[2013/02/25 00:24:02 | 000,000,817 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\DivX Plus Converter.lnk
[2013/02/15 00:29:03 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2013/02/12 19:11:56 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users.WINDOWS\Desktop\avast! Free Antivirus.lnk
[2013/02/12 19:11:39 | 000,000,360 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/07/28 02:05:55 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/07/18 22:41:22 | 000,558,133 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2012/01/17 19:34:22 | 000,011,264 | ---- | C] () -- C:\WINDOWS\System32\rockusbCoInstaller.dll
[2012/01/12 20:07:53 | 000,009,728 | ---- | C] () -- C:\Documents and Settings\Andy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/01/11 13:58:23 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2012/01/11 13:51:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2012/01/11 08:35:49 | 000,112,584 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[color=#E56717]========== ZeroAccess Check ==========[/color]
[2013/02/25 01:35:50 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008/03/07 02:46:10 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008/03/07 02:46:12 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
< End of report >
Here is the OTL log and DDS link is not working for me so I didn't run it . Iv'e ran 5 other spyware programs and none detected strong vault . I'm not ready to give up if your not because I'm persistent and exhaust all possibilities until there's nothing left before handing over my hard earned money to a computer shop guru to fix my problem. The last guy I went to told me there's probably as many as 30,000 new viruses made every day and the best anti- virus can't detect them all .
Your mind will quit before your body does .
|
AfterDawn Addict
|
4. March 2013 @ 06:44 |
Link to this message
|
Quote:
Here is the OTL log and DDS link is not working for me so I didn't run it . Iv'e ran 5 other spyware programs and none detected strong vault . I'm not ready to give up if your not because I'm persistent and exhaust all possibilities until there's nothing left before handing over my hard earned money to a computer shop guru to fix my problem. The last guy I went to told me there's probably as many as 30,000 new viruses made every day and the best anti- virus can't detect them all .
That's absolutely correct and if you'll look over this Log you can understand why it will take me some time to try to find a little hidden virus... LOL
give me some time.. and I'll be back..
2oG
There are three kinds of men: The ones that learn by reading; The few who learn by observation;
The rest of them have to pee on the electric fence and find out for themselves... |
|
ddp
Moderator
|
4. March 2013 @ 14:55 |
Link to this message
|
might want to see about upgrading your ram to 1gig at least if possible.
|
Senior Member
|
4. March 2013 @ 15:42 |
Link to this message
|
|
good eye d.i will second that emotion.
|
|
ddp
Moderator
|
4. March 2013 @ 15:57 |
Link to this message
|
|
don't you mean motion unless you are emotional?
|
|
Advertisement
|
|
|
Senior Member
|
4. March 2013 @ 16:45 |
Link to this message
|
|
sniff,i guess.lol
|
|
