Jump to content

Infected with Scorpion Saver and Conduit


Recommended Posts

I went through this process with another computer so I'm going to go ahead and send the first report in the process.

 

# AdwCleaner v3.014 - Report created 07/12/2013 at 09:49:16
# Updated 01/12/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Misty - MISTY-HP
# Running from : C:\Users\Misty\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****

Service Found : CltMngSvc
Service Found : Level Quality Watcher
Service Found : vToolbarUpdater17.1.2

***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\safeguard-secure-search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\sweettunes_search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\sweettunes_search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Web Search.xml
File Found : C:\Program Files (x86)\Mozilla Firefox\user.js
File Found : C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage
File Found : C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_app.mam.conduit.com_0.localstorage-journal
File Found : C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage
File Found : C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_fastcontent.conduit.com_0.localstorage-journal
File Found : C:\Users\Misty\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage
File Found : C:\Users\Misty\AppData\Local\Google\Chrome\user data\default\local storage\hxxp_pricegong.conduitapps.com_0.localstorage-journal
File Found : C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage
File Found : C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_storage.conduit.com_0.localstorage-journal
File Found : C:\Users\Misty\AppData\Local\omesuperv.exe
File Found : C:\Users\Misty\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\Misty\AppData\Roaming\Mozilla\Firefox\Profiles\j01xubsq.default\searchplugins\Askcom.xml
File Found : C:\Users\Misty\AppData\Roaming\Mozilla\Firefox\Profiles\j01xubsq.default\searchplugins\bingp.xml
File Found : C:\Users\Misty\AppData\Roaming\Mozilla\Firefox\Profiles\j01xubsq.default\searchplugins\delta.xml
File Found : C:\Users\Misty\AppData\Roaming\Mozilla\Firefox\Profiles\j01xubsq.default\searchplugins\safeguard-secure-search.xml
File Found : C:\Users\Misty\AppData\Roaming\Mozilla\Firefox\Profiles\j01xubsq.default\searchplugins\safesearch.xml
File Found : C:\Users\Misty\AppData\Roaming\Mozilla\Firefox\Profiles\j01xubsq.default\user.js
File Found : C:\Windows\System32\roboot64.exe
File Found : C:\Windows\System32\Tasks\BackgroundContainer Startup Task
File Found : C:\Windows\System32\Tasks\Funmoods
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{650EED71-89E2-453B-8DCF-2AA1B4AE6EF3}
Folder Found : C:\Program Files (x86)\Mozilla Firefox\Extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
Folder Found : C:\Users\Misty\AppData\Roaming\Mozilla\Firefox\Profiles\j01xubsq.default\Extensions\speedtestanalysis@SpeedAnalysis.com
Folder Found C:\Program Files (x86)\AVG SafeGuard toolbar
Folder Found C:\Program Files (x86)\Common Files\AVG Secure Search
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\DealPly
Folder Found C:\Program Files (x86)\DnsBasic
Folder Found C:\Program Files (x86)\Free Ride Games
Folder Found C:\Program Files (x86)\OApps
Folder Found C:\Program Files (x86)\Protected
Folder Found C:\Program Files (x86)\ScorpionSaver
Folder Found C:\Program Files (x86)\Searchprotect
Folder Found C:\Program Files (x86)\Zoomex
Folder Found C:\Program Files\Level Quality Watcher
Folder Found C:\ProgramData\Ask
Folder Found C:\ProgramData\AVG SafeGuard toolbar
Folder Found C:\ProgramData\Babylon
Folder Found C:\ProgramData\boost_interprocess
Folder Found C:\ProgramData\Browser Manager
Folder Found C:\ProgramData\Conduit
Folder Found C:\ProgramData\Free Ride Games
Folder Found C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Folder Found C:\ProgramData\Tarma Installer
Folder Found C:\ProgramData\wincert
Folder Found C:\ProgramData\Zoomex
Folder Found C:\Users\Misty\AppData\Local\AVG SafeGuard toolbar
Folder Found C:\Users\Misty\AppData\Local\Conduit
Folder Found C:\Users\Misty\AppData\Local\DefineExt
Folder Found C:\Users\Misty\AppData\Local\ext_offermosquito
Folder Found C:\Users\Misty\AppData\Local\iLivid
Folder Found C:\Users\Misty\AppData\Local\NativeMessaging
Folder Found C:\Users\Misty\AppData\Local\Supreme Savings
Folder Found C:\Users\Misty\AppData\Local\SwvUpdater
Folder Found C:\Users\Misty\AppData\Local\Temp\Conduit
Folder Found C:\Users\Misty\AppData\Local\Temp\NativeMessaging
Folder Found C:\Users\Misty\AppData\Local\WhiteListing
Folder Found C:\Users\Misty\AppData\LocalLow\AVG SafeGuard toolbar
Folder Found C:\Users\Misty\AppData\LocalLow\BabylonToolbar
Folder Found C:\Users\Misty\AppData\LocalLow\Conduit
Folder Found C:\Users\Misty\AppData\LocalLow\Delta
Folder Found C:\Users\Misty\AppData\LocalLow\incredibar.com
Folder Found C:\Users\Misty\AppData\LocalLow\PriceGong
Folder Found C:\Users\Misty\AppData\LocalLow\Protected
Folder Found C:\Users\Misty\AppData\LocalLow\searchresultstb
Folder Found C:\Users\Misty\AppData\LocalLow\SimplyTech
Folder Found C:\Users\Misty\AppData\LocalLow\Zoomex
Folder Found C:\Users\Misty\AppData\Roaming\Common\LuaRT
Folder Found C:\Users\Misty\AppData\Roaming\DataMgr
Folder Found C:\Users\Misty\AppData\Roaming\file scout
Folder Found C:\Users\Misty\AppData\Roaming\Funmoods
Folder Found C:\Users\Misty\AppData\Roaming\Intermediate
Folder Found C:\Users\Misty\AppData\Roaming\PerformerSoft
Folder Found C:\Users\Misty\AppData\Roaming\Searchprotect
Folder Found C:\Users\Misty\AppData\Roaming\SSync
Folder Found C:\Users\Misty\Documents\PC Speed Maximizer

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\84d7d0b339ed43
Key Found : HKCU\Software\AppDataLow\Software\BackgroundContainer
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\Protected
Key Found : HKCU\Software\AppDataLow\Software\simplytech
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\AVG SafeGuard toolbar
Key Found : HKCU\Software\BabylonToolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Cr_Installer
Key Found : HKCU\Software\DataMngr
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\delta LTD
Key Found : HKCU\Software\filescout
Key Found : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKCU\Software\Google\Chrome\Extensions\gbmdkmlcnbapgegninelmjbfibaghdmk
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\InstallCore
Key Found : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\wajam.com
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3BC93E76-92F8-5FDA-B676-5AFEE3735BF1}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\OfferMosquito
Key Found : HKCU\Software\performersoft llc
Key Found : HKCU\Software\PrivitizeVPNInstallDates
Key Found : HKCU\Software\ProtectedSearch
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\StartSearch
Key Found : [x64] HKCU\Software\AVG SafeGuard toolbar
Key Found : [x64] HKCU\Software\BabylonToolbar
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\Cr_Installer
Key Found : [x64] HKCU\Software\DataMngr
Key Found : [x64] HKCU\Software\DataMngr_Toolbar
Key Found : [x64] HKCU\Software\delta LTD
Key Found : [x64] HKCU\Software\filescout
Key Found : [x64] HKCU\Software\ilivid
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\InstallCore
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4C4C7AAB-5854-4241-A414-E2F1EF119C4A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKCU\Software\OfferMosquito
Key Found : [x64] HKCU\Software\performersoft llc
Key Found : [x64] HKCU\Software\PrivitizeVPNInstallDates
Key Found : [x64] HKCU\Software\ProtectedSearch
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\StartSearch
Key Found : HKLM\SOFTWARE\84d7d0b339ed43
Key Found : HKLM\Software\AVG SafeGuard toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\Software\Babylon
Key Found : HKLM\SOFTWARE\Classes\*\shell\filescout
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{18B9B16E-716F-43DF-A6AD-512C7D2EB983}
Key Found : HKLM\SOFTWARE\Classes\AppID\{19975B78-1907-4DD6-A437-4C48120F46A4}
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9316-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{562B9317-C08A-444A-9482-62080DD851AE}
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{72D89EBF-0C5D-4190-91FD-398E45F1D007}
Key Found : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\AddonsFramework.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ButtonSite.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\PropertySync.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\ScriptHost.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj
Key Found : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{93C6C05B-ED21-428B-9006-5E627B4AAA97}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Classes\GameTreatWidget.GameTreatWidget
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Key Found : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT1320680
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279141
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3281149
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3287375
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3299570
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3309762
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{103DFC4E-147A-5606-9B4E-1C216DF227A1}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DataMngr
Key Found : HKLM\Software\DealPly
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof
Key Found : HKLM\Software\IB Updater
Key Found : HKLM\Software\iLividSRTB
Key Found : HKLM\Software\InstallCore
Key Found : HKLM\Software\InstallIQ
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31111111-1111-1111-1111-110111991162}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3A642AF8-A734-40C4-9209-7A6E91207B8E}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3C8F7354-C4AE-4CF4-95C3-E85C77695431}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CFD485F0-96BD-47CD-BB6D-CD7DDA95F102}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\PricePeepInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\PricePeepInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_1_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\privitizevpn_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_grand-theft-auto-iv_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_grand-theft-auto-iv_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-sims-pc-game-2-themes_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_the-sims-pc-game-2-themes_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VAFMusic Conduit_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{82B16A3D-F03E-4565-A532-666B219C9A53}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44D07CAA-4FC4-5A84-9951-A485AD808D0E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{93C6C05B-ED21-428B-9006-5E627B4AAA97}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG SafeGuard toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Search Results Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchProtect
Key Found : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Key Found : HKLM\Software\Protected
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\Software\Supreme Savings
Key Found : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{045F91B3-695F-423A-98C7-8DE3C47AA020}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1348BD1B-C32A-41A7-9BD4-5377AA1AB925}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{395AFE6E-8308-48DB-89BE-ED5F4AA3D3EC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43969E3F-3E7C-4911-A8F1-79C6CA6AC731}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{43B390F0-6BA2-45CA-ABF2-5DB0CEE9B49D}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{94CADA2E-1D3F-419F-8A3D-06C58EDF53C8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E52EB8B-8DD9-4605-AD36-D352BCD482F2}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{A1440EC3-F0FA-407A-B811-DE6668C06D29}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{B9A84AD0-5777-46FD-8B8F-1EBD06750FBC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C1995F88-1C7F-40D7-B0FA-6F107F6308B8}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{C815E3DA-0823-49B0-9270-D1771D58B317}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{E4A994B0-5550-4680-A4C6-B9470B888069}
Key Found : [x64] HKLM\SOFTWARE\DataMngr
Key Found : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Found : [x64] HKLM\SOFTWARE\IB Updater
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2FA28606-DE77-4029-AF96-B231E3B8F827}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{B7FCA997-D0FB-4FE0-8AFD-255E89CF9671}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D43B3890-80C7-4010-A95D-1E77B5924DC3}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Tarma Installer
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [backgroundContainer]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_kicbefokomboipccpmfmeomobpijbnie]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ConduitFloatingPlugin_knhpkjjdbjjchglnophlnghcdefpanlc]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [DataMgr]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [intermediate]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [OMESupervisor]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [searchProtect]
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [ssync]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{C5C4FD2C-C7AC-492C-A689-2E0843BA4E55}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [searchProtectAll]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Value Found : [x64] HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16428



-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\Misty\AppData\Roaming\Mozilla\Firefox\Profiles\j01xubsq.default\prefs.js ]

Line Found : user_pref("CT3281149_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386222895117,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3299570_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1384576094192,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3309762_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1386222895130,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");

Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");

Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3281149");

Line Found : user_pref("avg.install.userSPSettings", "midicairus2 Customized Web Search");
Line Found : user_pref("avg.userPreferences.URLBarFocus.whiteList", "bing\\.com|google\\.\\w+|yahoo\\.\\w+|gmail\\.\\w+|hotmail\\.\\w+|live\\.\\w+|isearch\\.avg\\.com|mysearch\\.avg\\.com");

Line Found : user_pref("browser.search.defaultthis.engineName", "midicairus2 Customized Web Search");


Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Found : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Found : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.id", "c2997512000000000000386077a80186");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15665");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "irhnew");

Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.8.3.8");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.8.3.8");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.3.811:08:56");
Line Found : user_pref("extensions.delta.admin", false);
Line Found : user_pref("extensions.delta.aflt", "babsst");
Line Found : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Found : user_pref("extensions.delta.autoRvrt", "false");
Line Found : user_pref("extensions.delta.dfltLng", "en");
Line Found : user_pref("extensions.delta.excTlbr", false);
Line Found : user_pref("extensions.delta.id", "c2997512000000000000386077a80186");
Line Found : user_pref("extensions.delta.instlDay", "15766");
Line Found : user_pref("extensions.delta.instlRef", "sst");
Line Found : user_pref("extensions.delta.newTab", false);
Line Found : user_pref("extensions.delta.prdct", "delta");
Line Found : user_pref("extensions.delta.prtnrId", "delta");
Line Found : user_pref("extensions.delta.rvrt", "false");
Line Found : user_pref("extensions.delta.smplGrp", "none");
Line Found : user_pref("extensions.delta.tlbrId", "base");
Line Found : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Found : user_pref("extensions.delta.vrsn", "1.8.10.0");
Line Found : user_pref("extensions.delta.vrsnTs", "1.8.10.012:44:43");
Line Found : user_pref("extensions.delta.vrsni", "1.8.10.0");
Line Found : user_pref("extensions.funmoods.aflt", "ironpub12");
Line Found : user_pref("extensions.funmoods.autoRvrt", false);
Line Found : user_pref("extensions.funmoods.dfltLng", "");
Line Found : user_pref("extensions.funmoods.dfltSrch", true);
Line Found : user_pref("extensions.funmoods.dnsErr", true);
Line Found : user_pref("extensions.funmoods.envrmnt", "production");
Line Found : user_pref("extensions.funmoods.excTlbr", false);
Line Found : user_pref("extensions.funmoods.hmpg", true);

Line Found : user_pref("extensions.funmoods.id", "386077A801867512");
Line Found : user_pref("extensions.funmoods.instlDay", "15696");
Line Found : user_pref("extensions.funmoods.instlRef", "ironpub12");
Line Found : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Found : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");

Line Found : user_pref("extensions.funmoods.prdct", "funmoods");
Line Found : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Found : user_pref("extensions.funmoods.srchPrvdr", "Funmoods");
Line Found : user_pref("extensions.funmoods.tlbrId", "base");

Line Found : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Found : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Found : user_pref("extensions.funmoods_i.newTab", true);
Line Found : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Found : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2212:12:32");
Line Found : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Found : user_pref("extensions.incredibar_i.dfltLng", "");
Line Found : user_pref("extensions.incredibar_i.did", "10665");
Line Found : user_pref("extensions.incredibar_i.excTlbr", false);
Line Found : user_pref("extensions.incredibar_i.id", "c2997512000000000000386077a80186");
Line Found : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Found : user_pref("extensions.incredibar_i.instlDay", "15665");
Line Found : user_pref("extensions.incredibar_i.instlRef", "");
Line Found : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Found : user_pref("extensions.incredibar_i.newTab", false);
Line Found : user_pref("extensions.incredibar_i.ppd", "");
Line Found : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Found : user_pref("extensions.incredibar_i.productid", "26");
Line Found : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Line Found : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Found : user_pref("extensions.incredibar_i.tlbrId", "base");

Line Found : user_pref("extensions.incredibar_i.upn2", "6OyUTgrQOL");
Line Found : user_pref("extensions.incredibar_i.upn2n", "92262490896994915");
Line Found : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Found : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1411:35:57");
Line Found : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Found : user_pref("extentions.y2layers.defaultEnableAppsList", "twittube,buzzdock,YontooNewOffers");
Line Found : user_pref("extentions.y2layers.installId", "361ffcbe-816c-4eb8-9fcf-8d305012c426");
Line Found : user_pref("om.config", "{\"active\":true,\"name\":\"october2013\",\"id\":35,\"dispId\":\"CH-35\",\"aboutLink\":\"\",\"trackingGeneral\":true,\"xhrDomains\":[\"become\",\"shopzilla\",\"twenga\",\"bizra[...]
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 0);
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3281149");


Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3281149");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3281149");
Line Found : user_pref("smartbar.machineId", "DELCSROCCNCJSAT71VNP2XZBF5/A41JEBTMAST01ZARVVZ9O9MYSYFFV/3VEIS1OZLXTVDEZUSIOM81P2JLMZA");


[ File : C:\Users\School User Account\AppData\Roaming\Mozilla\Firefox\Profiles\o3x2f2by.default\prefs.js ]


-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\Misty\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [41450 octets] - [07/12/2013 09:49:16]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [41511 octets] ##########
 

Link to post
Share on other sites

Hello Mymonsters5 and welcome to Malwarebytes forum.

Please follow my guidance, and refrain from doing any other "fixes" on your own.

If you have any question, please make the time, stop, and ask me first.

This pest, scorpion saver, can be a challenge to fully remove. But have lots of patience and faith.

As much as possible, keep the Windows in regular mode.

Task 1

Close all of your open program windows, saving any of your open work documents, if any.

This next procedure will do a system restart when it finishes.

Download TFC by OldTimer to your desktop

http://oldtimer.geekstogo.com/TFC.exe

Please double-click TFC.exe to run it. (Note: If you are running on Vista or Windows 7, right-click on the file and choose Run As Administrator.)

It will close all programs when run, so make sure you have saved all your work before you begin.

Click the "Start" button to begin the process. Depending on how often you clean temp files. Let it run uninterrupted to completion.

IF prompted to Reboot, reply "Yes"

Task 2

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.

Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.

Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

look down the screen to Action for potentially unwanted programs PUP < = = VERY Important

& look down the screen to Action for potentially unwanted modifications PUM &

& Action for peer-to-peer software P2P

For each one of the 3 by clicking the down arrow ( on each one, one at a time ) ***

select "Show in results list and check for removal" from the drop down (arrow) selections. < = = =

Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.

Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.

Make sure that everything is checked, and click Remove Selected.

When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.

The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.

Tell me, How is the system ?

Task 3

Download OTL by OldTimer to your desktop:

http://oldtimer.geekstogo.com/OTL.exe

Close all open windows on the Task Bar. Then run OTL

(for Vista, or Windows 7 or 8 Right click the icon and Run as Administrator) to start the program.

In the lower right corner, checkmark "LOP Check" and checkmark Purity Check".

Now click Run Scan at Top left and let the program run uninterrupted. It will take about 4 minutes or so. In any event, have lots of infinite patience.

It will produce two logs for you, one will pop up called OTL.txt, the other will be saved on your desktop and called Extras.txt.

Exit Notepad. Remember where you've saved these 2 files as we will need both of them shortly!

Exit OTL by clicking the X at top right.

Download Security Check by screen317 and save it to your Desktop: http://screen317.spywareinfoforum.org/SecurityCheck.exe

Run Security Check

Follow the onscreen instructions inside of the command window.

A Notepad document should open automatically called checkup.txt; close Notepad. We will need this log, too, so remember where you've saved it!

Then attach the following into your post

OTL.txt

Extras.txt

checkup.txt

Re-enable your antivirus program.

Link to post
Share on other sites

These steps are for  member   Mymonsters5    only. If you are a casual viewer, do NOT try this on your system!
If you are not  and have a similar problem, do NOT post here;  start your own topic

 

 

Hello Mymonsters5,

 

The files and active components of scorpion saver are gone.  But you are not yet finished.

There are a number of unwanted search settings left around by previous "search hijackers" like "protectedsearch" and "search.conduit" lying around.

 

Here are the next things to be done.

 

Task 1

You will want to print out or copy these instructions to Notepad for offline reference!

Temporarily disable your antivirus program and close any programs that you started.
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs
http://www.bleepingcomputer.com/forums/index.php?showtopic=114351

Download the attached file OTLMYMON.txt  and SAVE to your DESKTOP

Start NOTEPAD
Check and make sure "word wrap" is off.
From Notepad main menu bar, Select F (format) and make sure Word Wrap is NOT checked.
IF it -is- checkmarked, click that one time so that it is un-checked.

 Open the OTLMYMON.txt   that you saved

Copy ALL the lines to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

 Please double-click OTL.exe to run it. (Note: If you are running on Windows 7/8 or Vista, right-click on the file and choose Run As Administrator).

 Right click in the Custom fix block box (under the aqua-blue bar) and choose Paste.

Close any browser(s) windows that may be open.
Using your mouse, click on the red-lettered button RUN FIX

Once you see a message box "Fix complete! Click OK to open the fix log."
Click the OK button
The log will open in Notepad (your default text editor).
Save the log. Attach that log in your next reply.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process.
If you are asked to reboot the machine choose Yes.
In this case, after the reboot,  navigate to the C:\_OTL\MovedFiles folder, and look for the .LOG file, and ATTACH that document into your reply.

 

Next, Task 2

You will want to print out or copy these instructions to Notepad for offline reference!

Do not run or start any other programs while these utilities and tools are in use!
Do NOT run any other tools on your own or do any fixes other than what is listed here.
If you have questions, please ask before you do something on your own.
But it is important that you get going on these following steps.
=
Close any of your open programs while you run these tools.

On most all of the following programs and tools, you will need to do a right-click on the program link or shortcut or desktop icon (as appropriate) and then select "Run as Administrator". Please remember that as you go along and use these tools, each in turn.

If you have a prior copy of Combofix, delete it now

Download Combofix from any of the links below, and SAVE it to your Desktop.

Link 1

Link 2

**Note: It is important that it is saved directly to your Desktop and not run straight away from download **

Turn OFF your antivirus, otherwise it will interfere.  How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs


Have infinite patience during the run & scan by Combofix. It has many phases:  some 50+ stages
It will display it's "stage" within the Command prompt window. Do NOT panic if it seems slow to change ! It has lots of work.
You may notice the desktop icons disappear. Do NOT panic, as that is expected behavior.
Combofix my take as little as 10 minutes and perhaps as much as 30-40 minutes. Time taken will depend on speed of your system and how much there is to scan & how much it needs to clean.

If this is on a notebook system, make sure first the notebook is connected to wall-power  (AC power)or a UPS system


Important:  Have no other programs running.  Your Task Bar should be clear of any program entries including your Browser.
Right- click on Combo-Fix.exe on your Desktop cf-icon.jpg and select "Run as Administrator".

  • A window may open with a warning or prompts.  Accept the EULA and follow the prompts during the start phase of Combofix.

    When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once.
Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock.

The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled.
If this occurs, please reboot to restore the desktop.  
 

A file will be created at => C:\Combofix.txt.  

Notes:
[1] IF after Combofix reboot you get the message

Illegal operation attempted on registry key that has been marked for deletion

....please reboot the computer, this should resolve the problem. You may have reboot the pc a second time if needed.

[2] Do not mouseclick combofix's window nor run any program while Combofix is running.
That may cause it to stall.

[3]When all done, IF Combofix did not do a Restart...then ... I need for you to Restart the system fresh :excl:

Attach in your reply the C:\Combofix.txt log
and tell me, How is the system now icon_question.gif

Re-enable your antivirus program.

 

OTLMYMON.txt

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Hello,

 

How is it going?

Have you seen my replies to your PM messages?

 

Save and close any work documents, close any apps that you started.

Temporarily turn off (disable) your antivirus program
How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

Start your MBAM MalwareBytes' Anti-Malware.
Click the Settings Tab and then the General Settings sub-tab. Make sure all option lines have a checkmark.
Then click the Scanner settings sub-tab in second row of tabs. Make sure all option lines have a checkmark.

look down the screen to Action for potentially unwanted programs PUP < = = VERY Important

& look down the screen to Action for potentially unwanted modifications PUM &
& Action for peer-to-peer software P2P

For each one of the 3 by clicking the down arrow ( on each one, one at a time ) ***
select "Show in results list and check for removal" from the drop down (arrow) selections. < = = =


Next, Click the Update tab. Press the "Check for Updates" button.

If prompted for a Restart, do that.

When done, click the Scanner tab.
Do a Full Scan. i_arrow-l.gif

When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

When all done, Copy & paste the MBAM scan log into a new reply.
Tell me, How is the system ?

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.