Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

AKAMAIHD.NET


  • Please log in to reply
19 replies to this topic

#1 dolce_freak

dolce_freak

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 October 2013 - 04:25 AM

I can`t seem to get rid of this virus and these pop-ups are killing me,I can`t even surf right,I did a system restore,but it wasn`t far back enough I think...I installed a program and then all this started,and I went in and removed any program that wasn`t there before,no help,This is so annoying!!!!


Edited by hamluis, 19 October 2013 - 07:12 AM.
Moved from Vista to Am I Infected - Hamluis.


BC AdBot (Login to Remove)

 


#2 hbyton

hbyton

  • Members
  • 196 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:England
  • Local time:01:14 PM

Posted 19 October 2013 - 09:11 AM

Please run these programs and add the logs to your next post

 

Rkill

http://www.bleepingcomputer.com/download/rkill/

 

Junkware removal tool

http://www.bleepingcomputer.com/download/junkware-removal-tool/

 

ADWcleaner  (press scan, when the scan has finished press clean)

http://www.bleepingcomputer.com/download/adwcleaner/

 

Malwarebytes (decline the trial during install, run FULL scan)

http://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

 

If you have any questions about any of the programs please feel free to ask :)


Edited by hbyton, 19 October 2013 - 09:12 AM.


#3 dolce_freak

dolce_freak
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 October 2013 - 06:58 PM

I have a question.Do I have to Quarantine objects detected in Malwarebytes and do I have to send you a log for that program also?



#4 noknojon

noknojon

    Almost Retired


  • Members
  • 9,862 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:11:14 PM

Posted 19 October 2013 - 09:27 PM

Yes for Delete / Quarantine 

Please post a log for ALL of the programs listed above -

They will be on your desktop .

 

Thank You -



#5 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 32,761 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:08:14 AM

Posted 19 October 2013 - 09:29 PM

After the Malwarebytes scan, make sure that everything is checked and then click the Remove Selected button to remove all the listed malware. And yes you can post the log.

BTW, From what you describe you are most likely dealing with malware issues but akamai.net is not one of them.

Akamai Technologies (akamai.net; akamaiedge.net; akamaihd.net) is a U.S. Internet content delivery network responsible for serving approximately 15-20 percent of all web traffic. Akamai operates a network of servers around the world and rents space to customers who want their web sites to work faster by distributing content from locations close to the user. If you attempt to connect to a web site over HTTPS, it will often reveal Akamai. See Akamai and SSL.

What is akamaihd.net?

Akamai Technologies is actually a CDN, where CDN stands for Content Delivery Network.

What is a CDN ?
A CDN (content delivery network) will receive your data and place it on several different servers all over the world. This makes that particular content to load faster for anyone who wants to access it. This is because the content will be delivered to the end user from the nearest possible server holding the content. Without CDN, the content will reside only on one server. And thus the users who are close to the server can access the content faster than the users who are away from it.

Akamai has several CDN networks, where akamaihd.net is one of the CDN. Facebook is a large network and it has to deliver data at faster speeds to each and every user. And to do so, it requires a CDN. Facebook uses akamaihd.net as CDN. This is why your photos are uploaded to akamaihd and not to facebook. So whenever you request to view a photo on facebook, your request is actually sent to the nearest possible akamaihd server. This server returns the requested photo. And since its the nearest possible server, you will get the requested photo with a minimum time delay.


Akamai also delivers content utilizing a form of peer-to-peer networking and its technology is integrated into other software applications. For example, when downloading large files, users may be prompted to install the Akamai NetSession Interface which is essentially a download manger used to reduce download times.

What is Akamai NetSession Interface

Akamai NetSession Interface is a secure application that may be installed on your computer to improve the speed, reliability, and efficiency for downloads and streams from the Internet. It is used by many software and media publishers to deliver files or streams to you.


Akamai NetSession Interface Overview

Akamai NetSession Interface is a tool that can help you you enjoy faster, more reliable downloads from a variety of sources you choose. When you download software from companies like Autodesk, or other companies offering PDF files, documents, and media streams, there’s a good chance that download is powered by Akamai NetSession Interface. The NetSession Interface is installed on your computer with your permission and can be removed at any time.


Microsoft MVP - Consumer Security 2007-2014 MVP.gif

Member of UNITE, Unified Network of Instructors and Trusted Eliminators

#6 dolce_freak

dolce_freak
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 October 2013 - 10:04 PM

Can someone tell me how to upload my logs,be patient I`m new to this forum,THANX



#7 noknojon

noknojon

    Almost Retired


  • Members
  • 9,862 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:11:14 PM

Posted 19 October 2013 - 10:12 PM

Hello -

Sorry that your helper did not leave good directions for you.

 

Are you able to Copy / Paste the logs from your scans. This area has no option to Attach logs .

 

Thank You -



#8 dolce_freak

dolce_freak
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 October 2013 - 10:29 PM

Here is my logs

 

 

 

 

Rkill 2.6.2 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
 http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 10/19/2013 05:44:39 PM in x64 mode.
Windows Version: Windows Vista ™ Home Premium Service Pack 2

Checking for Windows services to stop:

 * CltMngSvc Stopped. [Win32/Conduit.SearchProtect.B]

1 service stopped!

Checking for processes to terminate:

 * C:\Windows\system32\dmwu.exe (PID: 2696) [Sweetpacks-Adware]
 * C:\Users\RDOGG1\AppData\Roaming\SearchProtect\bin\cltmng.exe (PID: 3232) [Win32/Conduit.SearchProtect.B]

2 proccesses terminated!

Checking Registry for malware related settings:

 * Explorer Policy Removed:  NoActiveDesktopChanges [HKLM]

Backup Registry file created at:
 C:\Users\RDOGG1\Desktop\rkill\rkill-10-19-2013-05-44-47.reg

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity:

 * No issues found.

Searching for Missing Digital Signatures:

 * No issues found.

Checking HOSTS File:

 * HOSTS file entries found:

  127.0.0.1       localhost
  ::1             localhost
  127.0.0.1    www.007guard.com
  127.0.0.1    007guard.com
  127.0.0.1    008i.com
  127.0.0.1    www.008k.com
  127.0.0.1    008k.com
  127.0.0.1    www.00hq.com
  127.0.0.1    00hq.com
  127.0.0.1    010402.com
  127.0.0.1    www.032439.com
  127.0.0.1    032439.com
  127.0.0.1    www.0scan.com
  127.0.0.1    0scan.com
  127.0.0.1    1000gratisproben.com
  127.0.0.1    www.1000gratisproben.com
  127.0.0.1    1001namen.com
  127.0.0.1    www.1001namen.com
  127.0.0.1    100888290cs.com
  127.0.0.1    www.100888290cs.com

  20 out of 14381 HOSTS entries shown.
  Please review HOSTS file for further entries.

Program finished at: 10/19/2013 05:46:55 PM
Execution time: 0 hours(s), 2 minute(s), and 16 seconds(s)
 

 

 

 

JRT

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.7 (10.15.2013:2)
OS: Windows Vista ™ Home Premium x64
Ran by RDOGG1 on Sat 10/19/2013 at 18:00:51.42
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services

Successfully stopped: [Service] cltmngsvc
Successfully deleted: [Service] cltmngsvc
Successfully stopped: [Service] ib updater
Successfully deleted: [Service] ib updater
Failed to stop: [Service] ibupdaterservice



~~~ Registry Values




~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\esrv.funmoodsesrvc.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\f
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.dskbnd
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.dskbnd.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.funmoodshlpr
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoods.funmoodshlpr.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoodsapp.appcore
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\funmoodsapp.appcore.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\protector_dll.protectorbho.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\extension.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\iehelperv2.5.0.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\im
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\iminstaller
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installedbrowserextensions
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\searchprotect
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarbackup
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\smartbarlog
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\sweetim
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wecarereminder
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\wnlt
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\crossrider
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\i want this
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\plus-hd-1.6
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-1498312275-4042205100-2876098699-1000\Software\IB Updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\ib updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\tarma installer
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\extension.extensionhelperobject.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\iehelperv250.wecarereminder.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\funmoods
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\wnlt
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{336d0c35-8a85-403a-b9d2-65c292c39087}_is1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{4bd8e034-e0f4-4509-a753-467a8e854cd8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{a76aa284-e52d-47e6-9e4f-b85dbf8e35c3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\funmoods
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\plus-hd-1.6
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchprotect
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\searchthewebarp
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{4bd8e034-e0f4-4509-a753-467a8e854cd8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\conduit
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0032002.BHO
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0032002.BHO.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0032002.Sandbox
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CrossriderApp0032002.Sandbox.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{11111111-1111-1111-1111-110311201102}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{22222222-2222-2222-2222-220322202202}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{55555555-5555-5555-5555-550355205502}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66666666-6666-6666-6666-660366206602}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{44444444-4444-4444-4444-440344204402}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{11111111-1111-1111-1111-110311201102}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{22222222-2222-2222-2222-220322202202}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{55555555-5555-5555-5555-550355205502}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\Interface\{66666666-6666-6666-6666-660366206602}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344204402}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0032002.BHO
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0032002.BHO.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0032002.Sandbox
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\CrossriderApp0032002.Sandbox.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3289075
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Toolbar.CT3310511
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{55555555-5555-5555-5555-550355205502}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Interface\{66666666-6666-6666-6666-660366206602}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\TypeLib\{44444444-4444-4444-4444-440344204402}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110311201102}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{55555555-5555-5555-5555-550355205502}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\Interface\{66666666-6666-6666-6666-660366206602}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\Wow6432Node\TypeLib\{44444444-4444-4444-4444-440344204402}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{285A7009-B7A0-4248-AC66-21EC4586A286}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{BCF2A5F8-496A-4EFD-B288-1D49271DA14B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\microsoft\Internet Explorer\SearchScopes\{B7971660-A1CE-4FDD-B9E0-2C37D77AFB0B}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"



~~~ Files

Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.6-chromeinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.6-codedownloader.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.6-enabler.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.6-firefoxinstaller.job
Successfully deleted: [File] C:\Windows\Tasks\Plus-HD-1.6-updater.job
Successfully deleted: [File] "C:\Users\RDOGG1\appdata\local\funmoods-speeddial_sf.crx"
Successfully deleted: [File] "C:\Users\RDOGG1\appdata\local\funmoods.crx"
Successfully deleted: [File] "C:\Users\RDOGG1\appdata\locallow\SkwConfig.bin"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npcouponprinter.dll"
Successfully deleted: [File] "C:\Program Files (x86)\mozilla firefox\plugins\npmozcouponprinter.dll"
Successfully deleted: [File] "C:\end"
Failed to delete: [File] "C:\Windows\system32\dmwu.exe"
Failed to delete: [File] "C:\Windows\system32\ImHttpComm.dll"



~~~ Folders

Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\conduit"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\wecarereminder"
Successfully deleted: [Folder] "C:\Users\RDOGG1\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\RDOGG1\AppData\Roaming\search protection"
Successfully deleted: [Folder] "C:\Users\RDOGG1\AppData\Roaming\searchprotect"
Successfully deleted: [Folder] "C:\Users\RDOGG1\appdata\local\apn"
Successfully deleted: [Folder] "C:\Users\RDOGG1\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\RDOGG1\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\RDOGG1\appdata\local\smartbar"
Successfully deleted: [Folder] "C:\Users\RDOGG1\appdata\locallow\babylontoolbar"
Successfully deleted: [Folder] "C:\Users\RDOGG1\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\RDOGG1\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\RDOGG1\appdata\locallow\smartbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\coupons"
Successfully deleted: [Folder] "C:\Program Files (x86)\funmoods"
Successfully deleted: [Folder] "C:\Program Files (x86)\glindorus"
Successfully deleted: [Folder] "C:\Program Files (x86)\searchprotect"
Successfully deleted: [Folder] "C:\Program Files (x86)\torntv.com"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\we-care reminder"
Successfully deleted: [Folder] "C:\Users\RDOGG1\AppData\Roaming\microsoft\windows\start menu\programs\torntv.com"
Successfully deleted: [Folder] "C:\Windows\syswow64\arfc"
Failed to delete: [Folder] "C:\Windows\syswow64\jmdp"
Successfully deleted: [Folder] "C:\Windows\syswow64\wnlt"
Successfully deleted: [Folder] "C:\Windows\system32\arfc"
Failed to delete: [Folder] "C:\Windows\system32\ljkb"
Successfully deleted: [Folder] "C:\Users\RDOGG1\documents\optimizer pro"
Successfully deleted: [Folder] "C:\ProgramData\ask"



~~~ FireFox

Successfully deleted: [File] C:\user.js
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg_igeared.xml"
Successfully deleted: [File] C:\Users\RDOGG1\AppData\Roaming\mozilla\firefox\profiles\5g2rjurg.default\user.js
Successfully deleted: [Folder] C:\Users\RDOGG1\AppData\Roaming\mozilla\firefox\profiles\5g2rjurg.default\smartbar
Successfully deleted: [Folder] C:\Users\RDOGG1\AppData\Roaming\mozilla\firefox\profiles\5g2rjurg.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\RDOGG1\AppData\Roaming\mozilla\firefox\profiles\5g2rjurg.default\extensions\[email protected]
Successfully deleted: [Folder] C:\Users\RDOGG1\AppData\Roaming\mozilla\firefox\profiles\5g2rjurg.default\extensions\[email protected]ea44e049.com
Successfully deleted: [Folder] C:\Users\RDOGG1\AppData\Roaming\mozilla\firefox\profiles\5g2rjurg.default\extensions\wecarereminder@bryan
Successfully deleted: [Folder] C:\Users\RDOGG1\AppData\Roaming\mozilla\firefox\profiles\5g2rjurg.default\extensions\{7e8a1050-cf67-4575-92df-dcc60e7d952d}
Successfully deleted: [Folder] C:\Users\RDOGG1\AppData\Roaming\mozilla\firefox\profiles\5g2rjurg.default\extensions\{c9b68337-e93a-44ea-94dc-cb300ec06444}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions\\[email protected]
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{336d0c35-8a85-403a-b9d2-65c292c39087}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions\\{fe1deeea-db6d-44b8-83f0-34fc0f9d1052}
Successfully deleted the following from C:\Users\RDOGG1\AppData\Roaming\mozilla\firefox\profiles\5g2rjurg.default\prefs.js

user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=akamaihd.net&l=forums.comcast.com&t=0&v=0.5&d=conduit2.enc", "MTM4MjE3MzUyNw==");
user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=akamaihd.net&l=forums.comcast.com&t=2&v=0.5&d=conduit2.enc", "MTM4MjE3MzU0NQ==");
user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=akamaihd.net&l=www.bleepingcomputer.com&t=1&p=akamaihd.net&pt=0&v=0.5&d=conduit2.en
user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=akamaihd.net&l=www.bleepingcomputer.com&t=1&p=bleepingcomputer.com&pt=1&o=akamaihd&
user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=bleepingcomputer.com&l=www.bleepingcomputer.com&t=2&v=0.5&d=conduit2.enc", "MTM4MjE
user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=how%20to%20uninstall%20akamaihd.net&l=www.pc-virusremove.com&t=2&v=0.5&d=conduit2.e
user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=torrent.eu&l=torrentz.eu&t=2&v=0.5&d=conduit2.enc", "MTM4MjE1MjYzNg==");
user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEloopback|hxxp://up.autocompleteplus.com/up?q=yahoo&l=www.yahoo.com&t=2&v=0.5&d=conduit2.enc", "MTM4MjE3NDE5NA==");
user_pref("CT3310511.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN14821626993034717&UM=2&q=");
user_pref("CT3310511.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm
user_pref("CT3310511.installType", "conduitnsisintegration");
user_pref("CT3310511.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=15&CUI=UN1482162699303471
user_pref("CT3310511.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
user_pref("CT3310511.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFV
user_pref("CT3310511.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3310511%26octid%3DCT3310511%26Sear
user_pref("CT3310511.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN14821626993034717&UM=2&UP=SPC8DB5D02-34A8-4AAF-B735-F4
user_pref("CT3310511.search.searchAppId", "10000002");
user_pref("CT3310511.search.searchCount", "0");
user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SweetPacks.OurToolbar.com//xpi\"}");
user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SweetPacks \"}");
user_pref("CT3310511.smartbar.CTID", "CT3310511");
user_pref("CT3310511.smartbar.Uninstall", "0");
user_pref("CT3310511.smartbar.homepage", true);
user_pref("CT3310511.smartbar.toolbarName", "SweetPacks ");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN14821626993034717&UM=2&UP=SPC8DB5D02-34A8-4AAF-B735
user_pref("Smartbar.ConduitSearchEngineList", "SweetPacks Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN14821626993034717&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3310511");
user_pref("browser.search.defaultenginename", "SweetPacks Customized Web Search");
user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN14821626993034717&UM=2&UP=SPC8DB5D02-34A8-4AAF-B735-F4A4
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110410");
user_pref("extensions.BabylonToolbar_i.hardId", "a63a021d000000000000001de083c98b");
user_pref("extensions.BabylonToolbar_i.id", "a63a021d000000000000001de083c98b");
user_pref("extensions.BabylonToolbar_i.instlDay", "15380");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", false);
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1717:09:04");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
user_pref("extensions.crossrider.bic", "141cd2690d24b54d69bc90a0706e7268");
user_pref("extensions.funmoods.aflt", "nv1");
user_pref("extensions.funmoods.autoRvrt", false);
user_pref("extensions.funmoods.dfltLng", "");
user_pref("extensions.funmoods.dfltSrch", true);
user_pref("extensions.funmoods.dnsErr", true);
user_pref("extensions.funmoods.envrmnt", "production");
user_pref("extensions.funmoods.excTlbr", false);
user_pref("extensions.funmoods.hmpg", true);
user_pref("extensions.funmoods.hmpgUrl", "hxxp://searchfunmoods.com/?f=1&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0EyE0C0DyCyB0AtD0CtDtBtC0DtN0D0Tzu0CtAtBzytN1L2XzutBtFtBtFtDtF
user_pref("extensions.funmoods.id", "001E4CD67A0C021D");
user_pref("extensions.funmoods.instlDay", "15668");
user_pref("extensions.funmoods.instlRef", "nv1");
user_pref("extensions.funmoods.isdcmntcmplt", true);
user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
user_pref("extensions.funmoods.newTabUrl", "hxxp://searchfunmoods.com/?f=2&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0EyE0C0DyCyB0AtD0CtDtBtC0DtN0D0Tzu0CtAtBzytN1L2XzutBtFtBtFtD
user_pref("extensions.funmoods.prdct", "funmoods");
user_pref("extensions.funmoods.prtnrId", "funmoods");
user_pref("extensions.funmoods.srchPrvdr", "Search");
user_pref("extensions.funmoods.tlbrId", "base");
user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://searchfunmoods.com/?f=3&a=nv1&chnl=nv1&cd=2XzuyEtN2Y1L1QzutDtDtC0EyE0C0DyCyB0AtD0CtDtBtC0DtN0D0Tzu0CtAtBzytN1L2XzutBtFtBtF
user_pref("extensions.funmoods.vrsn", "1.5.23.22");
user_pref("extensions.funmoods.vrsni", "1.5.23.22");
user_pref("extensions.funmoods_i.newTab", true);
user_pref("extensions.funmoods_i.smplGrp", "none");
user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:5:15");
user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6OyZhoTWCH&loc=IB_TB&i=26&search=");
user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=&ctid=CT3310511&SearchSource=2&CUI=UN14821626993034717&UM=2&q=");
user_pref("smartbar.addressBarOwnerCTID", "CT3310511");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=61&CUI=UN14821626993034717&UM=2&UP=SPC8DB5D02-34A8-4AAF-B735-
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3310511&SearchSource=2&CUI=UN14821626993034717&UM=2&q=,hxxp://search.condui
user_pref("smartbar.defaultSearchOwnerCTID", "CT3310511");
user_pref("smartbar.homePageOwnerCTID", "CT3310511");
user_pref("smartbar.machineId", "DB78K6WTLQPESS8TDMKWQGASRWDEIXURHLZOQVC5FLOMCVNG9VACGBJ6I/6HXIBFFR5TDNJQKVETZ+I+DWHJ/G");



~~~ Chrome

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Policies\Google\Chrome\extensioninstallforcelist [Blacklisted Policy]
Successfully deleted: [Folder] C:\Users\RDOGG1\appdata\local\Google\Chrome\User Data\Default\Extensions\amfclgbdpgndipgoegfpkkgobahigbcl
Successfully deleted: [Folder] C:\Users\RDOGG1\appdata\local\Google\Chrome\User Data\Default\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Folder] C:\Users\RDOGG1\appdata\local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Folder] C:\Users\RDOGG1\appdata\local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Folder] C:\Users\RDOGG1\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Folder] C:\Users\RDOGG1\appdata\local\Google\Chrome\User Data\Default\Extensions\gjkpcnacdgdlpfejlgflolpaigoicibh
Successfully deleted: [Folder] C:\Users\RDOGG1\appdata\local\Google\Chrome\User Data\Default\Extensions\jidjhchcblhlapbcpheibgdjkajekhbh
Successfully deleted: [Folder] C:\Users\RDOGG1\appdata\local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\banjjklfojcdbofbhbgiedekefohoaff
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\jplinpmadfkdgipabgcdchbdikologlh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 10/19/2013 at 18:09:26.90
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

# AdwCleaner v3.009 - Report created 19/10/2013 at 18:16:18
# Updated 19/10/2013 by Xplode
# Operating System : Windows ™ Vista Home Premium Service Pack 2 (64 bits)
# Username : RDOGG1 - RDOGG1-PC
# Running from : C:\Users\RDOGG1\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : IBUpdaterService

***** [ Files / Folders ] *****

[!] Folder Deleted : C:\OpenCandy
[!] Folder Deleted : C:\Program Files (x86)\1ClickDownload
[!] Folder Deleted : C:\Program Files (x86)\Gophoto.it
[!] Folder Deleted : C:\Program Files (x86)\Plus-HD-1.6
[!] Folder Deleted : C:\Program Files (x86)\uTorrentControl_v6
[!] Folder Deleted : C:\Windows\SysWOW64\jmdp
[!] Folder Deleted : C:\Program Files\IB Updater
[!] Folder Deleted : C:\Users\RDOGG1\AppData\Local\Temp\AirInstaller
[!] Folder Deleted : C:\Users\RDOGG1\AppData\Local\Temp\Smartbar
[!] Folder Deleted : C:\Users\RDOGG1\AppData\LocalLow\AVG Security Toolbar
[!] Folder Deleted : C:\Users\RDOGG1\AppData\LocalLow\uTorrentControl_v6
[!] Folder Deleted : C:\Users\RDOGG1\AppData\Roaming\Mozilla\Firefox\Profiles\5g2rjurg.default\CT3289075
[!] Folder Deleted : C:\Users\RDOGG1\AppData\Roaming\Mozilla\Firefox\Profiles\5g2rjurg.default\Extensions\{96f454ea-9d38-474f-b504-56193e00c1a5}
[!] Folder Deleted : C:\Users\RDOGG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\jbpkiefagocgkmemidfngdkamloieekf
[!] Folder Deleted : C:\Users\RDOGG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
[!] Folder Deleted : C:\Users\RDOGG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
[!] Folder Deleted : C:\Users\RDOGG1\AppData\Local\Google\Chrome\User Data\Default\Extensions\cflheckfmhopnialghigdlggahiomebp
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\RDOGG1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage
File Deleted : C:\Users\RDOGG1\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_cjpglkicenollcignonpgiafdgfeehoj_0.localstorage

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jbpkiefagocgkmemidfngdkamloieekf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pfmopbbadnfoelckkcmjjeaaegjpjjbk
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cflheckfmhopnialghigdlggahiomebp
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WajamUpdater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110311201102}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B78F92C8-DEB3-11E2-9A0A-FB64281D6ADE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{96F454EA-9D38-474F-B504-56193E00C1A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{CD90659F-D5B2-4104-9504-7CA36E6532DF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110311201102}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1312C43E-0D0B-45AE-88D6-1FA0392D9264}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{387A975A-A6A8-43BE-A898-984EAFF51A5F}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{96F454EA-9D38-474F-B504-56193E00C1A5}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentControl_v6
Key Deleted : HKLM\Software\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\Software\Iminent
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Plus-HD-1.6
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\Software\uTorrentControl_v6
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl_v6 Toolbar
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\1ClickDownload
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Funmoods
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\I Want This
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Plus-HD-1.6
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SearchProtect
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\wnlt
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\uTorrentControl_v6 Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMBoosterARP
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16514

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v21.0 (en-US)

[ File : C:\Users\RDOGG1\AppData\Roaming\Mozilla\Firefox\Profiles\5g2rjurg.default\prefs.js ]

Line Deleted : user_pref("CT3310511.ConnectTB_activeApp.enc", "aW5zdGFncmFt");
Line Deleted : user_pref("CT3310511.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.FirstTime", "true");
Line Deleted : user_pref("CT3310511.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3310511.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM4MjE0MDI4OQ==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM4MjE0MDMwMw==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MzU=");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "NA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MzU=");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MQ==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "Mg==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MQ==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM4MjE3NzM4Mw==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MTM4MjE3NTAzMw==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM4MjE3NzQzNg==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MTM4MjE3NTAyNQ==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MTM4MjE3NTAyOA==");
Line Deleted : user_pref("CT3310511.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MTM4MjE3MzUyNA==");
Line Deleted : user_pref("CT3310511.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3310511.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3310511.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3310511.SF_USER_ID.enc", "Y2lkXzE4MTAyMDEzMTk1MTI3MTA5OTg0MQ==");
Line Deleted : user_pref("CT3310511.UserID", "UN14821626993034717");
Line Deleted : user_pref("CT3310511.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3310511.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3310511.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3310511.cb_experience_000.enc", "NjA=");
Line Deleted : user_pref("CT3310511.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3310511.cb_user_id_000.enc", "Q0I5ODE5MDkwNDI4ODJfMTM4MjEyOTM3OTE5N19GaXJlZm94");
Line Deleted : user_pref("CT3310511.cbfirsttime.enc", "RnJpIE9jdCAxOCAyMDEzIDE2OjMzOjI4IEdNVC0wNDAwIChFYXN0ZXJuIFN0YW5kYXJkIFRpbWUp");
Line Deleted : user_pref("CT3310511.countryCode", "US");
Line Deleted : user_pref("CT3310511.defaultSearch", "true");
Line Deleted : user_pref("CT3310511.discover-experiments-photopop.enc", "eyJuYW1lIjoicGhvdG9wb3AzIiwidmVyc2lvbiI6MTB9");
Line Deleted : user_pref("CT3310511.discover-periodic-reports.enc", "eyJwaW5nXzAiOlsxMzgyMTY5MDY2MjU4LDE0NDAwMDAwXX0=");
Line Deleted : user_pref("CT3310511.discover-user-id.enc", "IjE0YzU1OGFmLTZlNDgtNDU4Yy04MmU1LTEyZGY0NjM1N2ViNCI=");
Line Deleted : user_pref("CT3310511.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
Line Deleted : user_pref("CT3310511.enableAlerts", "true");
Line Deleted : user_pref("CT3310511.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3310511.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3310511.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3310511.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3310511.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3310511.fullUserID", "UN14821626993034717.IN.20131017145602");
Line Deleted : user_pref("CT3310511.ground-country-code.enc", "IlVTIg==");
Line Deleted : user_pref("CT3310511.impression_counter.enc", "MQ==");
Line Deleted : user_pref("CT3310511.impression_session_counter.enc", "Mg==");
Line Deleted : user_pref("CT3310511.impression_session_id.enc", "IjNkZTcxZDJiLTM0MTktNDdhMC05ZWYyLWUxYzcxNTg3ZjQ5NSI=");
Line Deleted : user_pref("CT3310511.impression_session_last_active.enc", "MTM4MjE3NzQ4MjY4Mg==");
Line Deleted : user_pref("CT3310511.installId", "cid111");
Line Deleted : user_pref("CT3310511.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3310511.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3310511.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3310511.keyword", true);
Line Deleted : user_pref("CT3310511.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3310511&octid=CT3310511&SearchSource=15&CUI=UN14821626993034717&SSPV=&Lay=1&UM=2\"}");
Line Deleted : user_pref("CT3310511.lastVersion", "10.20.3.520");
Line Deleted : user_pref("CT3310511.mam_gk_appStateReportTime.enc", "MTM4MjIwNzA4MjgxMw==");
Line Deleted : user_pref("CT3310511.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Easytobookcars.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3310511.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3310511.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIwNTI5MTA0MS0zMTgwLTQzMjUtODI4NS04ZWU3NjBhZWU1NTQiLCJ[...]
Line Deleted : user_pref("CT3310511.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3310511.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_lastLoginTime.enc", "MTM4MjIwNzA3ODk3MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3310511.mam_gk_mamEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3310511.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3310511.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3310511.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3310511.mam_gk_userId.enc", "NTM1NzVmNTItNzcwZS00OTdiLTk2OGMtMDE1ODQ1Mzk2ZDU1");
Line Deleted : user_pref("CT3310511.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3310511.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3310511.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsearch.conduit.com%2F%3Fctid%3DCT3310511%26octid%3DCT3310511%26SearchSource%3D61%26CUI%3DUN1[...]
Line Deleted : user_pref("CT3310511.openThankYouPage", "false");
Line Deleted : user_pref("CT3310511.openUninstallPage", "true");
Line Deleted : user_pref("CT3310511.originalSearchAddressUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=293224&p=");
Line Deleted : user_pref("CT3310511.originalSearchEngine", "Yahoo");
Line Deleted : user_pref("CT3310511.originalSearchEngineName", "Yahoo");
Line Deleted : user_pref("CT3310511.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3310511.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3310511.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3310511.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3310511.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3310511.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3310511.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3310511.searchUserMode", "2");
Line Deleted : user_pref("CT3310511.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3310511\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://SweetPacks.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"SweetPacks \"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3310511.serviceLayer_services_Configuration_lastUpdate", "1382126367189");
Line Deleted : user_pref("CT3310511.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1382126371607");
Line Deleted : user_pref("CT3310511.serviceLayer_services_appsMetadata_lastUpdate", "1382126371576");
Line Deleted : user_pref("CT3310511.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1382126370763");
Line Deleted : user_pref("CT3310511.serviceLayer_services_login_10.20.3.520_lastUpdate", "1382207074297");
Line Deleted : user_pref("CT3310511.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1382126370696");
Line Deleted : user_pref("CT3310511.serviceLayer_services_searchAPI_lastUpdate", "1382126371666");
Line Deleted : user_pref("CT3310511.serviceLayer_services_serviceMap_lastUpdate", "1382126366908");
Line Deleted : user_pref("CT3310511.serviceLayer_services_setupAPI_lastUpdate", "1382126368551");
Line Deleted : user_pref("CT3310511.serviceLayer_services_toolbarContextMenu_lastUpdate", "1382126371614");
Line Deleted : user_pref("CT3310511.serviceLayer_services_toolbarSettings_lastUpdate", "1382207074522");
Line Deleted : user_pref("CT3310511.serviceLayer_services_translation_lastUpdate", "1382126372009");
Line Deleted : user_pref("CT3310511.settingsINI", true);
Line Deleted : user_pref("CT3310511.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3310511.showToolbarPermission", "false");
Line Deleted : user_pref("CT3310511.startPage", "true");
Line Deleted : user_pref("CT3310511.toolbarBornServerTime", "18-10-2013");
Line Deleted : user_pref("CT3310511.toolbarCurrentServerTime", "19-10-2013");
Line Deleted : user_pref("CT3310511.toolbarLoginClientTime", "Fri Oct 18 2013 15:59:27 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3310511.url_history0001.enc", "aHR0cDovL3d3dy5ibGVlcGluZ2NvbXB1dGVyLmNvbS9mb3J1bXMvaW5kZXgucGhwP2FwcD1jb3JlJm1vZHVsZT1nbG9iYWwmc2VjdGlvbj1sb2dpbiZyZXR1cm49aHR0cDovL3d3dy5ibGVlcGluZ2NvbXB1[...]
Line Deleted : user_pref("CT3310511_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1382207070294,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.InstallationThankYouPage", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.InstallationTime", 1382126359);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.active", true);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.addressbar", "NA");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.addressbarenhanced", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.asyncdb_dbWasSet", true);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.asyncinternaldb_dbWasSet", true);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.backgroundver", 2);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.certdomaininstaller", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.changeprevious", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.Affiliate_settings.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)"[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.Affiliate_settings.value", "%22%7B%5C%22initUrl%5C%22%3A%5C%22hxxp%3A//api.jollywallet.com/[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.InstallationTime.value", "1382126359");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_aoi.value", "%221382128351%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)"[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_parent_zoneid.value", "%22350054%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie._GPL_zoneid.value", "%22391975%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.geo.expiration", "Fri Oct 25 2013 16:32:34 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.geo.value", "%22US%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.jw_token.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.jw_token.value", "%2293d81f38-7132-4917-7205-098ad5cb62dd%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.key_list_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.key_list_id.value", "%2220120802-000%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.load_balancer.expiration", "Sat Oct 19 2013 05:17:05 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.load_balancer.value", "%22%7B%20%5C%22Status%5C%22%3A%201%2C%5C%22Endpoint%5C%22%3A%20%5C%2[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.previous_page.value", "%22hxxp%3A//bn3h.info/anba8679h8/lp9b2/uns.php%3Fubn%3Dff%26keyword%[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.user_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.cookie.user_id.value", "%22141cd2690d24b54d69bc90a0706e7268%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.description", "Turn YouTube videos to High Definition by default");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.domain", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.enablesearch", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.homepage", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.iframe", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight [...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%22D3DBA1910E514A16BE562A82E0938[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_appVer.value", "90");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_lastVersion.value", "2");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)"[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_nextCheck.expiration", "Sat Oct 19 2013 05:16:49 GMT-0400 (Eastern Standard T[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb._country_code_.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)"[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb._country_code_.value", "%22US%22");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.installer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.installer.value", "%7B%22InstallerIdentifiers%22%3A%7B%22installer_bic%22%3A%22D3DBA191[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.monetization_plugin_last_executable_request.expiration", "Sat Oct 19 2013 16:34:01 GMT-[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.internaldb.monetization_plugin_last_executable_request.value", "%22hxxp%3A//secure.oi-installer9.c[...]
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.lastDailyReport", "1382207078942");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.lastUpdate", "1382207077165");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.manifesturl", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.name", "Plus-HD-1.6");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.newtab", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.opensearch", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.pluginsurl", "hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/apps/32002/plugins/092/ff/plugins.json");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.pluginsversion", 77);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.publisher", "Plus HD");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.searchstatus", 0);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.setnewtab", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.thankyou", "");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.updateinterval", 360);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.32002.ver", 90);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.apps", "32002");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.bic", "141cd2690d24b54d69bc90a0706e7268");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.cid", 32002);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.firstrun", false);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.hadappinstalled", true);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.installationdate", 1382126359);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.modetype", "production");
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.reportInstall", true);
Line Deleted : user_pref("extensions.a6c937ed6be664f729a60ce5789cc7f0953ba67122cae46e2b82195baea44e049com32002.statsDailyCounter", 4);
Line Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");
Line Deleted : user_pref("extensions.incredibar_i.dfltLng", "");
Line Deleted : user_pref("extensions.incredibar_i.did", "10658");
Line Deleted : user_pref("extensions.incredibar_i.excTlbr", false);
Line Deleted : user_pref("extensions.incredibar_i.id", "a63a021d000000000000001e4cd67a0c");
Line Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");
Line Deleted : user_pref("extensions.incredibar_i.instlDay", "15709");
Line Deleted : user_pref("extensions.incredibar_i.instlRef", "");
Line Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");
Line Deleted : user_pref("extensions.incredibar_i.newTab", false);
Line Deleted : user_pref("extensions.incredibar_i.ppd", "");
Line Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");
Line Deleted : user_pref("extensions.incredibar_i.productid", "26");
Line Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.incredibar_i.upn2", "6OyZhoTWCH");
Line Deleted : user_pref("extensions.incredibar_i.upn2n", "92262740210031407");
Line Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");
Line Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1413:22:31");
Line Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");
Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "ezLooker,pagerage,buzzdock,toprelatedtopics,twittube");
Line Deleted : user_pref("extentions.y2layers.installId", "9017b5b6-3a23-422d-99cf-54de443b853a");

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\RDOGG1\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [45069 octets] - [19/10/2013 18:15:04]
AdwCleaner[S0].txt - [41350 octets] - [19/10/2013 18:16:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [41411 octets] ##########
 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.19.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
RDOGG1 :: RDOGG1-PC [administrator]

10/19/2013 6:39:20 PM
MBAM-log-2013-10-19 (20-57-35).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 463867
Time elapsed: 1 hour(s), 35 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceFinder (PUP.Optional.PriceFinder.A) -> No action taken.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordOv (PUP.Optional.WordOV) -> No action taken.
HKCU\Software\funmoodsToolbar (PUP.Optional.FunMoods.A) -> No action taken.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> No action taken.

Registry Values Detected: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {9D781106-375D-11E3-9C8E-001E4CD67A0C} -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Users\RDOGG1\AppData\Local\WordOv (PUP.Optional.WordOV) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511 (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\plugins (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\xpi\defaults (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> No action taken.

Files Detected: 76
C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\ExtensionUpdaterService.exe.vir (PUP.Optional.SweetPacks.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bg.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.dll.vir (PUP.Optional.Crossrider) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\utils.exe.vir (PUP.Optional.PlusHD.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v6\uTorrentControl_v6ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> No action taken.
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\lmrn.dll.vir (PUP.Optional.Sweetpacks) -> No action taken.
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\Gtuntwri.exe.part (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\Installer.exe (PUP.Optional.SmartBar.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\j46Hcg7w.exe.part (PUP.Optional.OutBrowse) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\Kswj7GAz.exe.part (PUP.Optional.OutBrowse) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\newsetup.exe (PUP.Optional.GreatArcadeHits.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\nsb21B9.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\nse759F.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\nsk7033.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\nskA4EC.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\nspDE63.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\nswABD.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\qx+CrXYw.exe.part (PUP.Optional.OutBrowse) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\UkG2kEOc.exe.part (PUP.Optional.TinyInstaller) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\UrSCp6O_.exe.part (PUP.Optional.TinyInstaller) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\ccp.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\MyDaleTB.exe (PUP.Optional.DaleSearch.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\Setup.exe (PUP.Optional.Babylon.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\chLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\ctbe.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\ffLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\ieLogic.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\sl.exe (PUP.Optional.Conduit) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\spch.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\spff.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\statisticsStub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ins1603\QuickShare_0909-b3f69b35.exe (PUP.Optional.QuickShare.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ins1603\SweetIMCO_0209_EN-b99dd192.exe (PUP.Optional.SweetIM.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ins1603\wajam_2207-6c14163c.exe (PUP.Optional.Wajam) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ins914\plushd_0710_EN-2aaeb3da.exe (PUP.Optional.CrossRider) -> No action taken.
C:\Users\RDOGG1\AppData\Roaming\PriceFinder\PriceFinderUninstall.exe (PUP.Optional.PriceFinder.A) -> No action taken.
G:\RDOGG1\Downloads\Firefox_Setup.exe (PUP.Optional.TinyInstaller) -> No action taken.
G:\RDOGG1\Downloads\FPP_Setup.exe (PUP.Optional.AirInstaller) -> No action taken.
G:\RDOGG1\Downloads\setup.exe (PUP.Optional.AirInstaller) -> No action taken.
C:\Users\RDOGG1\AppData\Local\WordOv\eula.txt (PUP.Optional.WordOV) -> No action taken.
C:\Users\RDOGG1\AppData\Local\WordOv\.build (PUP.Optional.WordOV) -> No action taken.
C:\Users\RDOGG1\AppData\Local\WordOv\.user (PUP.Optional.WordOV) -> No action taken.
C:\Users\RDOGG1\AppData\Local\WordOv\temp.dat (PUP.Optional.WordOV) -> No action taken.
C:\Users\RDOGG1\AppData\Local\WordOv\uninst.exe (PUP.Optional.WordOV) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\chromeid.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\conduit.xml (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\CT3310511.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\CT3310511.xpi (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\initdata.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\manifest.json (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\setup.ini.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\stub.exe (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\version.txt (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\xpi\install.rdf (PUP.Optional.Conduit.A) -> No action taken.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> No action taken.

(end)
 

 

Thank you,I got it,I tried it before and it wasn`t working!!!



#9 noknojon

noknojon

    Almost Retired


  • Members
  • 9,862 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:11:14 PM

Posted 19 October 2013 - 10:40 PM

Thank you very much for following the "rough directions" left by a group of us.

 

When you recover and now have a few minutes, can you please report on the current situation.

 

Report back with the current problems and how the computer is running

 

Regards -



#10 dolce_freak

dolce_freak
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 October 2013 - 11:31 PM

running a little better,but still freezes up,and the pop up tabs are still opening,I don`t know what to do,my dvd drive is broke so I can`t do a fresh install ;[



#11 noknojon

noknojon

    Almost Retired


  • Members
  • 9,862 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:11:14 PM

Posted 19 October 2013 - 11:47 PM

Hi -

With your Malwarebutes scan can you please Re-run it and make sure that all found items are ticked. As you can see below (I have highlighted) these all need to be removed,

The program will not remove them unless you check them for removal.

C:\Users\RDOGG1\AppData\Local\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> No action taken.
 

Thank You -


Edited by noknojon, 20 October 2013 - 12:20 AM.


#12 dolce_freak

dolce_freak
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 19 October 2013 - 11:53 PM

OK,right away,thanks for all your help,I really appreciate it!



#13 noknojon

noknojon

    Almost Retired


  • Members
  • 9,862 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:11:14 PM

Posted 20 October 2013 - 12:18 AM

OK -

How are things with your system after you finish this and Reboot -



#14 dolce_freak

dolce_freak
  • Topic Starter

  • Members
  • 11 posts
  • OFFLINE
  •  
  • Local time:08:14 AM

Posted 20 October 2013 - 03:03 AM

Hello,I ran MBytes again and followed your instructions,I haven`t been surfing the web yet to tell you how it is,but I will let you know,here`s the new log if you want to see it......

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.19.06

Windows Vista Service Pack 2 x64 NTFS
Internet Explorer 9.0.8112.16421
RDOGG1 :: RDOGG1-PC [administrator]

10/20/2013 1:01:54 AM
mbam-log-2013-10-20 (01-01-54).txt

Scan type: Full scan (C:\|D:\|G:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 464183
Time elapsed: 1 hour(s), 50 minute(s), 42 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 4
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PriceFinder (PUP.Optional.PriceFinder.A) -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WordOv (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
HKCU\Software\funmoodsToolbar (PUP.Optional.FunMoods.A) -> Quarantined and deleted successfully.
HKLM\SOFTWARE\SWEETIM (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.

Registry Values Detected: 1
HKLM\Software\SweetIM|simapp_id (PUP.Optional.SweetIM.A) -> Data: {9D781106-375D-11E3-9C8E-001E4CD67A0C} -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 6
C:\Users\RDOGG1\AppData\Local\WordOv (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511 (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\plugins (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\xpi\defaults (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\xpi\defaults\preferences (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

Files Detected: 76
C:\AdwCleaner\Quarantine\C\Program Files\IB Updater\ExtensionUpdaterService.exe.vir (PUP.Optional.SweetPacks.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bg.exe.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho.dll.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-bho64.dll.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.dll.vir (PUP.Optional.Crossrider) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil.exe.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-buttonutil64.exe.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-chromeinstaller.exe.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-codedownloader.exe.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-enabler.exe.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-firefoxinstaller.exe.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\Plus-HD-1.6-updater.exe.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Plus-HD-1.6\utils.exe.vir (PUP.Optional.PlusHD.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentControl_v6\uTorrentControl_v6ToolbarHelper.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\lmrn.dll.vir (PUP.Optional.Sweetpacks) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Windows\SysWOW64\jmdp\stij.exe.vir (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\Gtuntwri.exe.part (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\Installer.exe (PUP.Optional.SmartBar.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\j46Hcg7w.exe.part (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\Kswj7GAz.exe.part (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\mgsqlite3.7z (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\mgsqlite3.dll (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\newsetup.exe (PUP.Optional.GreatArcadeHits.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\nsb21B9.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\nse759F.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\nsk7033.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\nskA4EC.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\nspDE63.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\nswABD.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\qx+CrXYw.exe.part (PUP.Optional.OutBrowse) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\Shortcut_IMsetup.exe (PUP.Optional.SweetIM) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\SPStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\SweetIMInstallValidator.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\UkG2kEOc.exe.part (PUP.Optional.TinyInstaller) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\UrSCp6O_.exe.part (PUP.Optional.TinyInstaller) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\WSSetup.exe (PUP.Optional.InstallBrain.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\BabMaint.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\BExternal.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\ccp.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\CrxInstaller.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\MntrDLLInstall.dll (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\MyDaleTB.exe (PUP.Optional.DaleSearch.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\5E45032F-BAB0-7891-8265-5923FD3B472F\Latest\Setup.exe (PUP.Optional.Babylon.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\chLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\ctbe.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\ffLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\ieLogic.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\sl.exe (PUP.Optional.Conduit) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\spch.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\spff.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\statisticsStub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ins1603\QuickShare_0909-b3f69b35.exe (PUP.Optional.QuickShare.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ins1603\SweetIMCO_0209_EN-b99dd192.exe (PUP.Optional.SweetIM.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ins1603\wajam_2207-6c14163c.exe (PUP.Optional.Wajam) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ins914\plushd_0710_EN-2aaeb3da.exe (PUP.Optional.CrossRider) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Roaming\PriceFinder\PriceFinderUninstall.exe (PUP.Optional.PriceFinder.A) -> Quarantined and deleted successfully.
G:\RDOGG1\Downloads\Firefox_Setup.exe (PUP.Optional.TinyInstaller) -> Quarantined and deleted successfully.
G:\RDOGG1\Downloads\FPP_Setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
G:\RDOGG1\Downloads\setup.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\WordOv\eula.txt (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\WordOv\.build (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\WordOv\.user (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\WordOv\temp.dat (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\WordOv\uninst.exe (PUP.Optional.WordOV) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\chromeid.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\conduit.xml (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\CT3310511.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\CT3310511.xpi (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\initdata.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\manifest.json (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\setup.ini.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\stub.exe (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\version.txt (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\plugins\TBVerifier.dll (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\xpi\install.rdf (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\Users\RDOGG1\AppData\Local\Temp\ct3310511\xpi\defaults\preferences\defaults.js (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.

(end)

 

:thumbup2:

Thanx again you guys rock!!!!! I`ll still let u know soon.
 



#15 noknojon

noknojon

    Almost Retired


  • Members
  • 9,862 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Victoria Australia
  • Local time:11:14 PM

Posted 20 October 2013 - 03:12 AM

Now that looks better -

 

Give it an Update and a Re-run if you have any more problems prior to posting back.

 

Be sure your Antivirus is running and Updated, and you run this about every second day

Please download TFC, or Temp File Cleaner by Old Timer
Usage Instructions:

  • Download TFC from the download link above and save the file on your desktop.
  • Close ALL running applications as TFC will terminate them before attempting to clean up the temporary files.
  • Double-click on the TFC icon.
  • When the program opens, click on the Start button.  TFC will terminate the Explorer process and all running applications and then begin the process of cleaning out all of your temp folders.
  • When done, press OK and reboot your computer and finish the cleanup.

 

Good Luck -






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users