EmptyTemp: (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe (VER_COMPANY_NAME) C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe C:\Program Files (x86)\SweetIM HKLM-x32\...\Run: [CieoNetUtilities_0e Browser Plugin Loader] => C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebrmon.exe [30096 2011-09-11] (VER_COMPANY_NAME) C:\Program Files (x86)\CieoNetUtilities_0e HKLM-x32\...\Run: [Sweetpacks Communicator] => C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe [295728 2012-02-26] (SweetIM Technologies Ltd.) C:\Program Files (x86)\SweetIM HKU\S-1-5-21-3166443478-2557979257-919970740-1000\...\Run: [Optimizer Pro] => C:\Program Files (x86)\Optimizer Pro\OptProLauncher.exe [134104 2013-02-01] (PC Utilities Pro) HKU\S-1-5-21-3166443478-2557979257-919970740-1000\...\Run: [BackgroundContainer] => "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\lin custodis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <===== ATTENTION AppInit_DLLs-x32: C:\PROGRA~2\SEARCH~2\SEARCH~1\bin\VC32LO~1.DLL => C:\Program Files (x86)\SearchProtect\SearchProtect\bin\VC32Loader.dll [0 2014-11-26] () C:\Program Files (x86)\SearchProtect URLSearchHook: HKLM-x32 - FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.) URLSearchHook: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 - YouTube Downloader Toolbar - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YouTube Downloader Toolbar\IE\4.6\youtubedownloaderToolbarIE.dll (Spigot, Inc.) URLSearchHook: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 - (No Name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - No File URLSearchHook: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 - (No Name) - {f864ba3f-9878-458a-ba2b-dad32bcbc472} - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0eSrcAs.dll (COMPANYVERS_NAME) URLSearchHook: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 - FreeOnlineRadioPlayerRecorder Toolbar - {f999a48b-1950-4d81-9971-79018f807b4b} - C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.) C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms} SearchScopes: HKLM-x32 -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms} SearchScopes: HKLM-x32 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms} SearchScopes: HKLM-x32 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.condui...&ctid=CT2737658 SearchScopes: HKLM-x32 -> {ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2} URL = http://search.mywebs...r={searchTerms} SearchScopes: HKU\.DEFAULT -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = SearchScopes: HKU\.DEFAULT -> {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL = SearchScopes: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> DefaultScope {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} SearchScopes: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> {014DB5FA-EAFB-4592-A95B-F44D3EE87FA9} URL = http://search.condui...rchTerms}&SSPV= SearchScopes: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www.max-start...0006cf049e73555 SearchScopes: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = http://websearch.ask...98-846ED669A289 SearchScopes: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD22} URL = http://dts.search-re...q={searchTerms} SearchScopes: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = http://dts.search-re...q={searchTerms} SearchScopes: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> {AFDBDDAA-5D3F-42EE-B79C-185A7020515B} URL = http://search.condui...3328496244&UM=2 SearchScopes: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> {ffab9ec5-7889-45c9-b6fa-5d19ccfea2d2} URL = http://search.mywebs...r={searchTerms} BHO-x32: Search Assistant BHO -> {4cbfd6a0-f21b-4d52-bf56-c57a37625141} -> C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0eSrcAs.dll (COMPANYVERS_NAME) BHO-x32: Browse2save -> {550C69C8-07CD-87D5-E79C-BC31116C0A7E} -> C:\ProgramData\Browse2save\512731e6ae3b1.dll No File C:\ProgramData\Browse2save BHO-x32: Search-NewTab -> {C5DA2F4B-12BC-7BC9-5413-F2EA5E02EE47} -> C:\ProgramData\Search-NewTab\512743d43f0b7.dll No File C:\ProgramData\Search-NewTab BHO-x32: FreeOnlineRadioPlayerRecorder Toolbar -> {f999a48b-1950-4d81-9971-79018f807b4b} -> C:\Program Files (x86)\FreeOnlineRadioPlayerRecorder\prxtbFre0.dll (Conduit Ltd.) Toolbar: HKLM-x32 - No Name - {98889811-442D-49dd-99D7-DC866BE87DBC} - No File Toolbar: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File Toolbar: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File Toolbar: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> No Name - {F999A48B-1950-4D81-9971-79018F807B4B} - No File Toolbar: HKU\S-1-5-21-3166443478-2557979257-919970740-1000 -> No Name - {8175E372-1FF1-4288-8E6E-ADDEBD415D47} - No File FF NewTab: FF DefaultSearchUrl: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3306061&CUI=UN22719776613119257&UM=2&SearchSource=3&q={searchTerms} FF SearchPlugin: C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\searchplugins\askcom.xml FF SearchPlugin: C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\searchplugins\babylon.xml FF SearchPlugin: C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\searchplugins\BabylonMngr.xml FF SearchPlugin: C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\searchplugins\BrowserProtect.xml FF SearchPlugin: C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\searchplugins\CieoNetUtilities_0e.xml FF SearchPlugin: C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\searchplugins\conduit.xml FF SearchPlugin: C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\searchplugins\delta.xml FF SearchPlugin: C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\searchplugins\Search_Results.xml FF SearchPlugin: C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\searchplugins\trovi-search.xml FF Extension: CieoNet Utilities - C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\Extensions\0effxtbr@CieoNetUtilities_0e.com [2011-10-13] FF Extension: SearchGBY - C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\Extensions\plugin@searchgby.com [2012-05-10] FF Extension: Wincore Mediabar - C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\Extensions\{c2d64ff7-0ab8-4263-89c9-ea3b0f8f050c} [2011-12-02] FF Extension: Personas Plus - C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\Extensions\personas@christopher.beard.xpi [2012-05-11] FF Extension: InstantFox - C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\Extensions\searchy@searchy.xpi [2012-05-10] FF Extension: Personas Rotator - C:\Users\lin custodis\AppData\Roaming\Mozilla\Firefox\Profiles\9lc9llo9.default\Extensions\{6e73f6b7-b9ab-44b8-b744-6393e3c2e351}.xpi [2014-03-28] FF HKLM-x32\...\Firefox\Extensions: [m3ffxtbr@mywebsearch.com] - C:\Program Files (x86)\MyWebSearch\bar\1.bin FF Extension: No Name - C:\Program Files (x86)\MyWebSearch\bar\1.bin [2011-08-22] FF HKLM-x32\...\Firefox\Extensions: [0effxtbr@CieoNetUtilities_0e.com] - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin FF Extension: CieoNet Utilities - C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin [2011-09-11] CHR Extension: (No Name) - C:\Users\lin custodis\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde [2013-02-21] CHR Extension: (Browse2save) - C:\Users\lin custodis\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpniiekdjpgcmdfaifojkmpllnbddjfj [2013-02-22] CHR Extension: (SweetIM for Facebook) - C:\Users\lin custodis\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn [2012-08-27] CHR Extension: (No Name) - C:\Users\lin custodis\AppData\Local\Google\Chrome\User Data\Default\Extensions\lipgolpfajiadodbcbljdpmbmbdmfcil [2013-11-05] CHR Extension: (No Name) - C:\Users\lin custodis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelbdfmbekkhdkcinodbfaacajlmjobg [2013-02-22] CHR Extension: (FreeOnlineRadioPlayerRecorder) - C:\Users\lin custodis\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe [2011-12-07] CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\lin custodis\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx [2012-07-18] R2 CieoNetUtilities_0eService; C:\Program Files (x86)\CieoNetUtilities_0e\bar\1.bin\0ebarsvc.exe [42504 2011-09-11] (COMPANYVERS_NAME) Task: {8D64A406-56EE-4E12-908E-CB5A7BF83F3F} - System32\Tasks\BackgroundContainer Startup Task => Rundll32.exe "C:\Users\lin custodis\AppData\Local\Conduit\BackgroundContainer\BackgroundContainer.dll",DllRun <==== ATTENTION Task: {CA41AC71-ACBF-4CF1-8F73-CF703B61E666} - System32\Tasks\Your File Updater => C:\Program Files (x86)\YourFileDownloader\YourFileUpdater.exe [2012-08-15] (http://yourfiledownloader.com) <==== ATTENTION C:\Program Files (x86)\YourFileDownloader AlternateDataStreams: C:\ProgramData\TEMP:373E1720 AlternateDataStreams: C:\Users\lin custodis\Local Settings:5RlhkZrE8VDzNBCjK3a6qwRJ AlternateDataStreams: C:\Users\lin custodis\AppData\Local:5RlhkZrE8VDzNBCjK3a6qwRJ AlternateDataStreams: C:\Users\lin custodis\AppData\Local\Application Data:5RlhkZrE8VDzNBCjK3a6qwRJ AlternateDataStreams: C:\Users\lin custodis\AppData\Local\H5tWpUOgWc6O:y0SlUucnpFPGZZZBRAMQwIG File: C:\Windows\system32\drivers\rsgfeafn.sys