Windows Security Center can't be started because of virus/malware

Crumble

New member
Member
Local time
7:54 PM
Messages
55
Hi!
I can turn on windows security service centre with the instrcutions to run it from the start menu, but after I put it to automatic and press start it turns off after a few seconds. I am quite sure that it is some kind of virus/malware, but I have no idea how to remove it.
I have downloaded and run the program called "Malwarebytes Anti-Malware" and it found 5 malwares/viruses that I removed with this program. I runned the program again just to make sure, and it didn't find anything dangerous.
But even so Windows Security Center can still not be started!
Do you have any suggestions to solve my problem?
Thank you! :)
 

My Computer My Computer

At a glance

Windows 7 Ultimate, 32bit
OS
Windows 7 Ultimate, 32bit

My Computer My Computer

At a glance

Win7 Ultimate X64Intel i5 3570K8GB DDR3 1600Onboard
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Pauly Special
OS
Win7 Ultimate X64
CPU
Intel i5 3570K
Motherboard
Gigabyte Z77X-DS3H
Memory
8GB DDR3 1600
Graphics Card(s)
Onboard
Sound Card
Onboard
Screen Resolution
1280x1024
Hard Drives
Samsung 840 Evo SSD (OS)
1TB Spinner (Data)
PSU
800W Arctic
Case
Cooler Master
Cooling
3x120mm Fans
Keyboard
MS Wireless
Mouse
MS Wireless
Internet Speed
20M
Crumble,

Let's find out what is going on with your system...

Please download RogueKiller:
Tlcharger RogueKiller (Site Officiel)

When you get to the website, go to where it says:
(Download link) Lien de téléchargement:
rendu2.png

Select the 32-bit version.
Click the dark-blue button to download.

Save to the Desktop
Close all windows and browsers
Windows Vista/Seven: Right-click and select 'Run as Administrator'
Press: SCAN
A report opens on the Desktop: RKreport.txt
Please provide the RKreport.txt (Mode: Scan) in your reply.




Also, download Farbar Service Scanner

Save to the Desktop
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
  • Press: Scan
  • FSS creates a log, FSS.txt, on the Desktop.
Please provide the FSS.txt in your reply.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Thank you for helping me out here! :)

Here is the report I got after running the RogueKiller scan:

RogueKiller V8.4.3 [Jan 21 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : RogueKiller - Geeks to Go Forums
Website : RogueKiller
Blog : tigzy-RK

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : siri1802 [Admin rights]
Mode : Scan -- Date : 01/24/2013 04:13:17

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 2 ¤¤¤
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: FUJITSU MHZ2080BJ FFS G2 ATA Device +++++
--- User ---
[MBR] 65936f1430c7b11b5f9723c5b10973f0
[BSP] aa2d03578b2fca6564e1955bb09e214e : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 616448 | Size: 76017 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1]_S_01242013_02d0413.txt >>
RKreport[1]_S_01242013_02d0413.txt


And here is the log from the Farbar Service Scanner:

Farbar Service Scanner Version: 16-01-2013
Ran by siri1802 (administrator) on 24-01-2013 at 04:18:07
Running from "C:\Users\siri1802\Downloads"
Windows 7 Ultimate Service Pack 1 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error. Google IP is offline
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is set to Disabled. The default start type is Auto.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Disabled. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcore.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****
 

My Computer My Computer

At a glance

Windows 7 Ultimate, 32bit
OS
Windows 7 Ultimate, 32bit
Thanks for the info, Crumble.

Please post an image of the Security Center Service information of your system.

To see the service, press the Windows key and the R key simultaneously.
In the Run box that appears, type: services.msc
In the Services window, go down to: Security Center
Double click on it to bring up its Properties.

To take a snapshot of it, here is what you do:
Hold the 'Alt' key and press the 'Print Screen' key (often just labeled 'Prt Sc') on the keyboard.

Open an image editing application such as the MS Paint program under Start > Accessories
Paste the captured image into MS Paint.
In MS Paint, go to File > Save as, and save the image as a (.GIF) file on your Desktop (easy to find)

Next:
Connect to the Internet, and go to Photobucket:
Photo and image hosting, free photo galleries, photo editing | Photobucket
Once there, create a free account.
Click 'Browse' and search for the file located on your Desktop.
Click Upload.
After uploading, place the cursor on the image. Four different link options show underneath the uploaded image.
Click on: IMG code (This line is used for using your image in a forum post.
It makes the image appear full size in your reply.)
The IMG code is pasted to the clipboard
In your next post, right click on an open area, and select: Paste

After taking a look at this, we will also check on a Registry key that may have gone astray.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Love how you explain everything so thouroughly as I am not a computer genius :)
Here comes the image:

SecurityCenter_zpsdbe30eb3.gif


I don't know if you can get anything out of it as it is not in English, but as you can see the Security Center is deactivated and it is not possible to press start...
 

My Computer My Computer

At a glance

Windows 7 Ultimate, 32bit
OS
Windows 7 Ultimate, 32bit
Norwegian??

Do you get any kind of error messages when you try to turn it on?

Also, what is your current AntiVirus?



Let's check the Registry...

Please download SystemLook:
http://jpshortstuff.247fixes.com/SystemLook.exe

Save to your Desktop.
Right-click SystemLook.exe, and select: Run as Administrator

Copy all the content inside the following codebox into the main textfield of the program:
Code:
:filefind
wscsvc
 
:regfind
wscsvc
Click the Look button to start the scan.

When finished, a notepad window opens with the results of the scan: SystemLook.txt

Please post SystemLook.txt in your next reply.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Try downloading Malwarebytes. It is free (except if you want real time protection) and almost every time gets rid of the tough ones.
It's what tech support from several well known AV companies recommend when you cannot install due to MW or virus infection.

Hope this helps.

Cheers!
 

My Computer My Computer

At a glance

Windows 7 Ultimate x64 SP1AMD FX 8320 4.8GHz, 1.475V4 x GSkill Ripjaws Z 4GB 1600 CL82 x ASUS HD7870 2GB DirectCu II
Computer type
PC/Desktop
Computer Manufacturer/Model Number
Custom built
OS
Windows 7 Ultimate x64 SP1
CPU
AMD FX 8320 4.8GHz, 1.475V
Motherboard
ASUS Crosshair V Formula-Z
Memory
4 x GSkill Ripjaws Z 4GB 1600 CL8
Graphics Card(s)
2 x ASUS HD7870 2GB DirectCu II
Sound Card
M-Audio Firewire 410
Monitor(s) Displays
2 x Samsung Syncmaster SA300
Screen Resolution
1600x900
Hard Drives
1 x Seagate Barracuda 2TB, 7200 rpm, 64 mb cache - Kingston HyperX 3K 120GB (OS) - Corsair FORCE Series 180GB (Games & Apps)
PSU
Corsair TX850M
Case
NZXT Switch 810
Cooling
Custom Water. XSPC Raystorm, Laing DDC 3.2T PWM, 360+120 rad
Keyboard
Corsair Vengeance 650
Mouse
Elephant Leviathan 3200 DPI
Internet Speed
Too slow
cottonball, how did you know the text was in Norwegian? haha :)

I don't get any kind of error messages, the only thing that happens is that a pop-up window comes up and tells me to activate the Security Center because it has been deactivated. This happens maybe 5 sec after I have turned it on...

When it comes to AntiVirus I have the free version of Malwarebytes Anti-Malware, but the trial has expired, and I think my computer is unprotected as I have no other AntiViruses than the Microsoft Security Center (that has somehow collapsed.. haha).

Here are the results of the scan:

SystemLook 30.07.11 by jpshortstuff
Log created at 08:53 on 24/01/2013 by siri1802
Administrator - Elevation successful

No Context:

========== filefind ==========

Searching for "wscsvc"
No files found.

Searching for " "
No files found.

========== regfind ==========

Searching for "wscsvc"
[HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
"@%SystemRoot%\System32\wscsvc.dll,-201"="WSCSVC-tjenesten (Windows Security Center) overvåker og rapporterer innstillinger for sikkerhetstilstand på datamaskinen. Tilstandsinnstillingene omfatter brannmur (aktivert/deaktivert), antivirusprogram (aktivert/deaktivert/utdatert), antispionprogram (aktivert/deaktivert/utdatert), Windows Update (automatisk/manuell nedlasting og installer oppdateringer), brukerkontokontroll (aktivert/deaktivert) og Internett-innstillinger (anbefales / anbefales ikke). Tjenesten har COM APIer der uavhengige programvareleverandører kan registrere og føre opp statusen til produktene i tjenesten Sikkerhetssenter. Brukergrensesnittet til Handlingssenter bruker tjenesten til å gi varsler for systemstatusfeltet samt en grafisk fremstilling av statusen for sikkerhetstilstanden på kontrollpanelet for Handlingssenter. Beskyttelse av nettverkstilgang (NAP - Network Access Protection) bruker tjenesten til å rapportere s
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost]
"LocalServiceNetworkRestricted"="DHCP eventlog AudioSrv BthHFSrv LmHosts wscsvc homegroupprovider WPCSvc"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc]
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
"DisplayName"="@%SystemRoot%\System32\wscsvc.dll,-200"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc]
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\Application\SecurityCenter]
"EventMessageFile"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Inbound"="V2.0|Action=Block|Dir=In|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all inbound traffic to WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System]
"WSC Deny All Outbound"="V2.0|Action=Block|Dir=Out|App=%SystemRoot%\system32\svchost.exe|Svc=WscSvc|Name=Deny all outbound traffic from WSC|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
"Description"="@%SystemRoot%\System32\wscsvc.dll,-201"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
"ServiceDll"="%SystemRoot%\System32\wscsvc.dll"
[HKEY_USERS\.DEFAULT\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
"@%SystemRoot%\System32\wscsvc.dll,-200"="Security Center"
[HKEY_USERS\S-1-5-21-4278792135-2590523476-2833556063-1002\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
"@%SystemRoot%\System32\wscsvc.dll,-201"="WSCSVC-tjenesten (Windows Security Center) overvåker og rapporterer innstillinger for sikkerhetstilstand på datamaskinen. Tilstandsinnstillingene omfatter brannmur (aktivert/deaktivert), antivirusprogram (aktivert/deaktivert/utdatert), antispionprogram (aktivert/deaktivert/utdatert), Windows Update (automatisk/manuell nedlasting og installer oppdateringer), brukerkontokontroll (aktivert/deaktivert) og Internett-innstillinger (anbefales / anbefales ikke). Tjenesten har COM APIer der uavhengige programvareleverandører kan registrere og føre opp statusen til produktene i tjenesten Sikkerhetssenter. Brukergrensesnittet til Handlingssenter bruker tjenesten til å gi varsler for systemstatusfeltet samt en grafisk fremstilling av statusen for sikkerhetstilstanden på kontrollpanelet for Handlingssenter. Beskyttelse av nettverkstilgang (NAP - Network Access Protect
[HKEY_USERS\S-1-5-21-4278792135-2590523476-2833556063-1002_Classes\Local Settings\MuiCache\14C\A5B61011]
"@%SystemRoot%\System32\wscsvc.dll,-201"="WSCSVC-tjenesten (Windows Security Center) overvåker og rapporterer innstillinger for sikkerhetstilstand på datamaskinen. Tilstandsinnstillingene omfatter brannmur (aktivert/deaktivert), antivirusprogram (aktivert/deaktivert/utdatert), antispionprogram (aktivert/deaktivert/utdatert), Windows Update (automatisk/manuell nedlasting og installer oppdateringer), brukerkontokontroll (aktivert/deaktivert) og Internett-innstillinger (anbefales / anbefales ikke). Tjenesten har COM APIer der uavhengige programvareleverandører kan registrere og føre opp statusen til produktene i tjenesten Sikkerhetssenter. Brukergrensesnittet til Handlingssenter bruker tjenesten til å gi varsler for systemstatusfeltet samt en grafisk fremstilling av statusen for sikkerhetstilstanden på kontrollpanelet for Handlingssenter. Beskyttelse av nettverkstilgang (NAP - Network Access Protection) bruk
[HKEY_USERS\S-1-5-18\Software\Classes\Local Settings\MuiCache\14C\A5B61011]
"@%SystemRoot%\System32\wscsvc.dll,-200"="Security Center"

-= EOF =-


oops, some of it is in Norwegian too hehe
 

My Computer My Computer

At a glance

Windows 7 Ultimate, 32bit
OS
Windows 7 Ultimate, 32bit
Oh! And I forgot to mention that the RogueKiller program found something - should I delete it? I didn't want to do anything before I had asked you in case I was doing something wrong. I have attached an image that shows what it found. Just waiting for your instructions :)

RogueKiller_zpsbf148da6.gif
 

My Computer My Computer

At a glance

Windows 7 Ultimate, 32bit
OS
Windows 7 Ultimate, 32bit
Those entries in RogueKiller are of no consequence. Just let them be.

Please run SystemLook once again. This time, use the following:

Code:
:filefind
wscsvc.dll

Seems unusual that there are no wscsvc files showing in the query. It could be my mistake by not showing the .dll extension. :o


Also, do you have the file wscui.cpl in the system?

Go to Start, and in the Search box, type: wscui.cpl
If present in the list of programs, above Search, right click and select: Open with Control Panel

What happens?

If the Service Center does not start, set the Startup type to: Automatic (Delayed start), and then see if you can press the Start button. It is currently set as: Deaktivert

What happens.

If still the same issue, please download Microsoft Security Essentials:
Microsoft Security Essentials - Microsoft Windows

Install the program, update it, and run a Scan.

Does the scan show any malware?...hopefully not.

Is Security Center still the same?
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Okey, I found a file called wscui.cpl as you said, and I opened it "with control panel". What happened was that the Control Panel opened, like this:

ControlPanel_zpsad079c37.png


It still says that the Security Center is deactivated. So I did what you told me to: set the startup type to delayed start. Then it was possible to press the start button, but after maybe 2 seconds it was deactivated again. :confused:

And I ran the SystemLook test again, here is the result:

SystemLook 30.07.11 by jpshortstuff
Log created at 04:02 on 25/01/2013 by siri1802
Administrator - Elevation successful

========== filefind ==========

Searching for "wscsvc.dll"
C:\Windows\System32\wscsvc.dll --a---- 73728 bytes [23:31 13/07/2009] [01:16 14/07/2009] 6F5D49EFE0E7164E03AE773A3FE25340
C:\Windows\winsxs\x86_microsoft-windows-securitycenter-core_31bf3856ad364e35_6.1.7601.17514_none_1c47c79e105aef4c\wscsvc.dll --a---- 73728 bytes [23:31 13/07/2009] [01:16 14/07/2009] 6F5D49EFE0E7164E03AE773A3FE25340

-= EOF =-


I have now reinstalled Microsoft Security Essentials - and it still won't open. Or - it opens in half a second before it closes again. I managed to press printscreen before it closed though, and this is what it looked like:

MicrosoftSecurityEssentials_zps7c32d267.png



As the program close down so fast, I don't have the time to press "update", and at least not run a scan I'm afraid.

I am sure there must be some malware that automatically closes and unables my security-program.

And also the screen driver stops responding all the time and is then recovered again. I don't know if it has any connection with my other problems.
 

My Computer My Computer

At a glance

Windows 7 Ultimate, 32bit
OS
Windows 7 Ultimate, 32bit
...there must be some malware that automatically closes and unables my security-program...


That is what it looks like.

When you ran Malwarebytes and some threats were found, is the log with those results still available?
The log is automatically saved and can be viewed by clicking the MBAM Logs tab.

If it is available, please post the info.


Now, let's go after the malware...

Please download ComboFix:
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

IMPORTANT!!! Save to your Desktop <<<

If using a notebook, make sure it is connected to wall-power (AC power), or a UPS system.


Disable any AntiVirus and AntiSpyware applications, since they may interfere with ComboFix.

Info on disabling protection programs:
Topic:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/490111-how-disable-your-security-applications.html
Topic:
http://www.bleepingcomputer.com/forums/topic114351.html

To run ComboFix, right-click on ComboFix.exe and select: Run as Administrator
Click on Yes, to continue scanning for malware.
The scan make take a while, since it has some 50+ stages.

When finished, CF produces a report.
Please provide a copy of the C:\ComboFix.txt in your reply.
 
Notes:
1. Please do not mouse-click the ComboFix window while it is running. This action may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making IE the default browser.
3. CF disconnects your machine from the Internet. However, the connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.


ComboFix User's Guide:
ComboFix: A guide and tutorial on using ComboFix
 


Next, please run the AdwCleaner program:
http://general-changelog-team.fr/fr/downloads

It searches and removes unwanted toolbars, programs, adwares, and browser hijackers, and is compatible with Windows XP, Vista, 7, versions 32 and 64 bits.

After downloading, save AdwCleaner to the Desktop
Double-click on the program to run it
Click the Search button
When done a text file opens.

Please post the content of the AdwCleaner[Sn].txt in your reply.

Note: You can also find the reports at C:\AdwCleaner[Sn].txt (S = search, n = order number), or, C:\AdwCleaner[Rn].txt (R = remove, n = order number)


I currently live in the USA, do you live in Europe's Scandinavian Penninsula? There seems to be a time zone difference in our communications.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
@Crumble,
Have you followed the suggest in post 2?

You can probably use a USB flash drive - so you don't even have to burn a CD/DVD. There are nasties out there that can hide from MSE, Malwarebytes, rootkit detectors..... These particular nasties load before the operating system loads, so they can hide themselves from most anything running on top of the operating system. This is why there are several scanners that check things out while your operating system is not loaded.

WDO is not perfect, but it is free, relatively fast, easy to use and from the maker of your OS :-)

:::returns to lurking:::
 

My Computer My Computer

At a glance

W7 Pro SP1 64biti78GBIntel HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
@UsernameIssues,

Thanks for the WDO reminder.

Had looked at it here:
http://www.sevenforums.com/tutorials/166445-windows-defender-offline.html

Then, got busy trying to see if the problem could be resolved otherwise. However, the situation does look as if there is malware still involved.

It is a good idea, though. It could be run now, and if it comes up clean, and the issue is not resolved, then go back to ComboFix.
 

My Computer My Computer

At a glance

Windows 7 Home Premium
Computer type
PC/Desktop
Computer Manufacturer/Model Number
An ol' eMachines
OS
Windows 7 Home Premium
Internet Speed
Fine for me...I'm retired!
Sounds great UsernameIssues :) , but I have some questions:
1. Will the USB flash drive get infected by the malware if I connect it to my computer?
2. I already have a program called "Windows Defender" - is this the same program you are talking about? The only problem is that like Security Center, this program won't open either..

Should I just try the ComboFix since I don't have my USB flash drive with me now? Or should I start with the WDO? :)


cottonball, yes - I'm from the Europe's Scandinavian Penninsula, but I live in Asia for the time being, hence the time zone difference ;)
 
Last edited:

My Computer My Computer

At a glance

Windows 7 Ultimate, 32bit
OS
Windows 7 Ultimate, 32bit
The order that you try things in doesn't much matter at this point.

WDO is different than WD.
What is Windows Defender Offline?
WDO contains an operating system (network drivers, graphics drivers...) all of which stay on the CD/DVD/USB media that you put it on. Then you boot the computer to that media.

It would be best to create the WDO bootable USB flash drive using a clean computer... but the same would be true for burning a CD or DVD. Be sure that you copy any files that are on the USB flash drive to somewhere safe because the WDO build process will format the USB flash drive. A tiny USB flash drive will do - you only need 250MB.
 

My Computer My Computer

At a glance

W7 Pro SP1 64biti78GBIntel HD Graphics
Computer type
Laptop
Computer Manufacturer/Model Number
Employer provided Dell Latitude
OS
W7 Pro SP1 64bit
CPU
i7
Memory
8GB
Graphics Card(s)
Intel HD Graphics
Hard Drives
crappy SSD
Antivirus
Employer mandated Symantec Endpoint Protection
Browser
Pale Moon 64bit, IE11 64bit & Chrome 64bit
Good. I have now run the ComboFix and got the following result:

ComboFix 13-01-24.02 - siri1802 25.01.2013 10:27:10.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.47.1044.18.2003.1298 [GMT 1:00]
Kjører fra: c:\users\siri1802\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Andre slettinger )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3002.abs
c:\programdata\3002.xml
.
Infisert kopi av c:\windows\system32\userinit.exe ble funnet og desinfisert
Gjenopprettet kopi fra - c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
.
((((((((((((((((((((((((((( Filer Opprettet Fra 2012-12-25 til 2013-01-25 )))))))))))))))))))))))))))))))))
.
.
2013-01-25 09:34 . 2013-01-25 09:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 03:23 . 2013-01-22 03:23 -------- d-----w- c:\program files\iPod
2013-01-22 03:22 . 2013-01-22 03:23 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-01-22 03:22 . 2013-01-22 03:23 -------- d-----w- c:\program files\iTunes
2013-01-19 11:48 . 2013-01-19 11:48 -------- d-----w- c:\users\siri1802\AppData\Roaming\Malwarebytes
2013-01-19 11:47 . 2013-01-19 11:47 -------- d-----w- c:\programdata\Malwarebytes
2013-01-19 11:47 . 2013-01-19 11:48 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-01-19 11:47 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-19 11:39 . 2013-01-19 11:39 -------- d-----w- c:\users\siri1802\AppData\Local\Programs
2013-01-18 09:09 . 2013-01-18 09:09 -------- d-----w- c:\program files\Common Files\Java
2013-01-18 09:08 . 2013-01-18 09:08 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 10:17 . 2013-01-16 10:17 -------- d-----w- c:\program files\WinPcap
2013-01-16 04:00 . 2013-01-16 04:00 -------- d-----w- c:\program files\MSECache
2013-01-14 03:06 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-01-14 03:06 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-01-13 15:06 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-13 15:06 . 2012-11-23 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2013-01-13 15:02 . 2012-12-07 12:20 2576384 ----a-w- c:\windows\system32\gameux.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Rapport ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-25 09:35 . 2012-09-24 09:51 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2013-01-25 09:35 . 2012-09-25 07:30 58288 ----a-w- c:\windows\system32\rpcnet.dll
2013-01-18 09:08 . 2012-09-25 07:27 859552 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-01-18 09:08 . 2011-05-20 14:10 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-13 14:39 . 2012-09-24 22:16 697864 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-01-13 14:39 . 2011-05-20 14:10 74248 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-09 04:42 . 2012-12-12 03:10 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 03:10 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-19 16:36 . 2013-01-19 16:35 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((( Oppstartspunkter I Registeret )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Merk* tomme oppføringer & gyldige standardoppføringer vises ikke
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}"= "c:\program files\BitTorrentControl_v12\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
2011-05-09 09:49 176936 ----a-w- c:\program files\BitTorrentControl_v12\prxtbBitT.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}"= "c:\program files\BitTorrentControl_v12\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}"= "c:\program files\BitTorrentControl_v12\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Spotify"="c:\users\siri1802\AppData\Roaming\Spotify\Spotify.exe" [2012-10-29 7880664]
"Spotify Web Helper"="c:\users\siri1802\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-10-29 1199576]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [2009-07-14 354304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-15 35736]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-15 932288]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-12-12 152544]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\SEARCH~1\Datamngr\datamngr.dll c:\progra~1\SEARCH~1\Datamngr\IEBHO.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\rpcnet]
@="Service"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
.
.
--- Andre tjenester/drivere lastet i minnet ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-24 07:40 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Innholdet i mappen 'Scheduled Tasks' (planlagte oppgaver)
.
2013-01-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-24 14:39]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-07 15:20]
.
2013-01-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-07 15:20]
.
2013-01-25 c:\windows\Tasks\IKOPXBS.job
- c:\windows\system32\deskperfm.dll [2012-09-24 22:13]
.
.
------- Tilleggsskanning -------
.
uStart Page = hxxp://google.no/
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={035FCF41-1554-11E2-A7E2-0023AE27B879}
uInternet Settings,ProxyOverride = *.local
IE: E&ksporter til Microsoft Excel - c:\progra~1\MICROS~4\Office14\EXCEL.EXE/3000
IE: Se&nd til OneNote - c:\progra~1\MICROS~4\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.11.1
FF - ProfilePath - c:\users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - BitTorrentControl_v12 Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.searchnu.com/406
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3225826&SearchSource=2&CUI=SB_CUI&q=
FF - ExtSQL: !HIDDEN! 2012-09-25 10:35; {1FD91A9C-410C-4090-BBCC-55D3450EF433}; c:\program files\Searchqu Toolbar\Datamngr\FirefoxExtension
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);FF - user.js: extentions.y2layers.installId - 695d8d28-0b01-4564-9510-72b1c5231f33
FF - user.js: extentions.y2layers.defaultEnableAppsList - twittube,ezLooker,pagerage,buzzdock,toprelatedtopics,YontooNewOffers
FF - user.js: extensions.autoDisableScopes - 14
.
- - - - TOMME PEKERE FJERNET - - - -
.
Toolbar-10 - (no file)
HKLM-Run-Aimersoft Helper Compact.exe - c:\program files\Common Files\Aimersoft\Aimersoft Helper Compact\ASHelper.exe
.
.
.
--------------------- LÅSTE REGISTERNØKLER ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Andre Kjørende Prosesser ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\rpcnet.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\ehome\ehRecvr.exe
.
**************************************************************************
.
Tidspunkt ferdig: 2013-01-25 10:40:46 - maskinen ble startet på nytt
ComboFix-quarantined-files.txt 2013-01-25 09:40
.
Pre-Run: 15*018*688*512 byte ledig
Post-Run: 15*445*389*312 byte ledig
.
- - End Of File - - 0F1B2B13D1F75DAA6F6351F45DEFE969



The program deleted some unwanted files I think.
 

My Computer My Computer

At a glance

Windows 7 Ultimate, 32bit
OS
Windows 7 Ultimate, 32bit
I then ran the AdwCleaner as you suggested:[/B]

# AdwCleaner v2.108 - Logfile created 01/25/2013 at 10:57:08
# Updated 24/01/2013 by Xplode
# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)
# User : siri1802 - SIRIS-PC
# Boot Mode : Normal
# Running from : C:\Users\siri1802\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\END
File Found : C:\Program Files\Mozilla FireFox\searchplugins\Search_Results.xml
File Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\searchplugins\Conduit.xml
File Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\searchplugins\Search_Results.xml
File Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\searchplugins\SweetIm.xml
Folder Found : C:\Program Files\1ClickDownload
Folder Found : C:\Program Files\BitTorrentControl_v12
Folder Found : C:\Program Files\Conduit
Folder Found : C:\Program Files\Searchqu Toolbar
Folder Found : C:\Program Files\SweetIM
Folder Found : C:\Program Files\WhiteSmoke_US_New
Folder Found : C:\Program Files\Yontoo
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\SweetIM
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\siri1802\AppData\Local\Conduit
Folder Found : C:\Users\siri1802\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Folder Found : C:\Users\siri1802\AppData\Local\Ilivid
Folder Found : C:\Users\siri1802\AppData\LocalLow\BitTorrentControl_v12
Folder Found : C:\Users\siri1802\AppData\LocalLow\Conduit
Folder Found : C:\Users\siri1802\AppData\LocalLow\searchquband
Folder Found : C:\Users\siri1802\AppData\LocalLow\Searchqutoolbar
Folder Found : C:\Users\siri1802\AppData\LocalLow\WhiteSmoke_US_New
Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\CT3225826
Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\{1fd91a9c-410c-4090-bbcc-55d3450ef433}
Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\{99079a25-328f-4bd4-be04-00955acaa0a7}
Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\{b6ac5e3c-5ceb-4e72-b451-f0e1ba983c14}
Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\[email protected]
Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\extensions\[email protected]
Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\Searchqutoolbar
Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\Smartbar
Folder Found : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\SweetPacksToolbarData
Folder Found : C:\Users\siri1802\AppData\Roaming\OpenCandy
Folder Found : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Folder Found : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}

***** [Registry] *****

Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll
Data Found : HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll
Key Found : HKCU\Software\1ClickDownload
Key Found : HKCU\Software\AppDataLow\Software\BitTorrentControl_v12
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\AppDataLow\Software\WhiteSmoke_US_New
Key Found : HKCU\Software\AppDataLow\Toolbar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\DataMngr_Toolbar
Key Found : HKCU\Software\ilivid
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKCU\Software\Softonic
Key Found : HKLM\Software\BitTorrentControl_v12
Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Found : HKLM\SOFTWARE\Classes\AppID\{AC662AF2-4601-4A68-84DF-A3FE83F1A5F9}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D97A8234-F2A2-4AD4-91D5-FECDB2C553AF}
Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Found : HKLM\SOFTWARE\Classes\AppID\BrowserConnection.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\DNSBHO.dll
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Found : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{CC1AC828-BB47-4361-AFB5-96EEE259DD87}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Key Found : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Key Found : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Found : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1B730ACF-26A3-447B-9994-14AEE0EB72CC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{44B619BC-3D2B-4990-AA4F-9AA366921792}
Key Found : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils
Key Found : HKLM\SOFTWARE\Classes\MediaPlayer.GraphicsUtils.1
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator
Key Found : HKLM\SOFTWARE\Classes\MgMediaPlayer.GifAnimator.1
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard
Key Found : HKLM\SOFTWARE\Classes\SearchQUIEHelper.DNSGuard.1
Key Found : HKLM\SOFTWARE\Classes\sim-packages
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3225826
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3244149
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{6A4BCABA-C437-4C76-A54E-AF31B8A76CB9}
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Found : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Found : HKLM\Software\Iminent
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{33AB742A-8D0F-44D0-ACB5-897D3DFC346B}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{95E32D64-21FF-481F-BB17-A76F49B0F7BD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9CA08590-D917-4BEA-828D-9734E696C1AD}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A4B7BDF1-C8A0-47CB-811A-D87756A3E97F}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\SweetIM.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7748CAF2-26F7-4B07-91CB-2A51B5FF2764}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{E20AC1DB-792A-41CC-BC36-70C2EFE618C2}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
 

My Computer My Computer

At a glance

Windows 7 Ultimate, 32bit
OS
Windows 7 Ultimate, 32bit
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\BitTorrentControl_v12 Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ilivid
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Searchqu Toolbar
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WhiteSmoke_US_New Toolbar
Key Found : HKLM\Software\WhiteSmoke_US_New
Key Found : HKU\S-1-5-21-4278792135-2590523476-2833556063-1002\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Found : HKU\S-1-5-21-4278792135-2590523476-2833556063-1002\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{462BE121-2B54-4218-BF00-B9BF8135B23F}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{B6AC5E3C-5CEB-4E72-B451-F0E1BA983C14}]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SweetIM]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [Sweetpacks Communicator]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Value Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[HKLM\SOFTWARE\Microsoft\Internet Explorer\Main - Start Page] = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={035FCF41-1554-11E2-A7E2-0023AE27B879}

-\\ Mozilla Firefox v18.0.1 (en-US)

File : C:\Users\siri1802\AppData\Roaming\Mozilla\Firefox\Profiles\3pt7z1m9.default\prefs.js

Found : user_pref("CT3225826.BT_Stats.enc", "eyJsYXN0X2xvZyI6MTM1ODY5Nzc1MSwidXVpZCI6Nzc2MDQ4NjQxMDE5NTQxLCJ[...]
Found : user_pref("CT3225826.CBOpenMAMSettings.enc", "MA==");
Found : user_pref("CT3225826.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3225826.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3225826.FirstTime", "true");
Found : user_pref("CT3225826.FirstTimeFF3", "true");
Found : user_pref("CT3225826.LoginRevertSettingsEnabled", true);
Found : user_pref("CT3225826.RevertSettingsEnabled", true);
Found : user_pref("CT3225826.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT322[...]
Found : user_pref("CT3225826.UserID", "UN61944506999088192");
Found : user_pref("CT3225826.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3225826.browser.search.defaultthis.engineName", true);
Found : user_pref("CT3225826.cbcountry_001.enc", "TlA=");
Found : user_pref("CT3225826.cbfirsttime.enc", "U2F0IE9jdCAxMyAyMDEyIDIxOjE5OjExIEdNVCswMjAwIChTZW50cmFsZXVy[...]
Found : user_pref("CT3225826.embeddedsData", "[{\"appId\":\"129830626805552092\",\"apiPermissions\":{\"cross[...]
Found : user_pref("CT3225826.enableAlerts", "always");
Found : user_pref("CT3225826.enableSearchFromAddressBar", "true");
Found : user_pref("CT3225826.firstTimeDialogOpened", "true");
Found : user_pref("CT3225826.fixPageNotFoundError", "true");
Found : user_pref("CT3225826.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3225826.fixUrls", true);
Found : user_pref("CT3225826.installId", "fft6E8C.tmp.exe");
Found : user_pref("CT3225826.installType", "XPE");
Found : user_pref("CT3225826.isCheckedStartAsHidden", true);
Found : user_pref("CT3225826.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3225826.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3225826.isNewTabEnabled", true);
Found : user_pref("CT3225826.isPerformedSmartBarTransition", "true");
Found : user_pref("CT3225826.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3225826.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Found : user_pref("CT3225826.keyword", true);
Found : user_pref("CT3225826.migrateAppsAndComponents", true);
 

My Computer My Computer

At a glance

Windows 7 Ultimate, 32bit
OS
Windows 7 Ultimate, 32bit
Back
Top