Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help removing Easy Life App


  • Please log in to reply
9 replies to this topic

#1 BenP23

BenP23

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 14 March 2013 - 10:03 AM

I clicked on something I should not have a couple of weeks ago and now the Easy Life app is installed on my computer and I want to get rid of it. 

 

I use Chrome and now when I open the browser the landing page is the Easy Life landing page. In addition, instead of the search bar default being Google it is now Yahoo. I went into the setting and changed it back to Google but every time I do this it the browser crashes shortly there after and the setting is changed back to yahoo.

 

My computer is running slower now and I'm concerned that it is because of this. I want to take care of this before it gets any worse. 

 

Any help on steps to take would be greatly appreciated. Thanks. 



BC AdBot (Login to Remove)

 


#2 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 PM

Posted 14 March 2013 - 10:20 AM

Edit: I also moved this to the Am I Infected forum..

 

 

Hello what is your Operating system?

 

Better yet run...

MiniToolBox
Please download MiniToolBox, save it to your desktop and run it.

Checkmark the following checkboxes:


  • Flush DNS
  • Report IE Proxy Settings
  • Reset IE Proxy Settings
  • Report FF Proxy Settings
  • Reset FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Users, Partitions and Memory size.

Click Go and post the result (Result.txt). A copy of Result.txt will be saved in the same directory the tool is run.

 

Note: When using "Reset FF Proxy Settings" option Firefox should be closed.


Edited by boopme, 14 March 2013 - 10:33 AM.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#3 BenP23

BenP23
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 14 March 2013 - 11:05 AM

Windows 7. Sorry, should have included that.

 

MiniToolkit Text

 

MiniToolBox by Farbar  Version:05-03-2013

Ran by odp (administrator) on 14-03-2013 at 12:03:24
Running from "C:\Users\odp\Downloads"
Windows 7 Professional Service Pack 1 (X86)
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
 
========================= FF Proxy Settings: ============================== 
 
 
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
 
========================= Hosts content: =================================
 
 
 
========================= IP Configuration: ================================
 
Intel® WiFi Link 1000 BGN = Wireless Network Connection (Connected)
Cisco Systems VPN Adapter = Local Area Connection 2 (Hardware not present)
Realtek PCIe GBE Family Controller = Local Area Connection (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled taskoffload=disabled
set interface interface="Local Area Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Wireless Network Connection" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
set interface interface="Local Area Connection 2" forwarding=disabled advertise=disabled mtu=1300 metric=0 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : odptmp10221001
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
 
Wireless LAN adapter Wireless Network Connection:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Intel® WiFi Link 1000 BGN
   Physical Address. . . . . . . . . : 00-26-C7-52-D7-AA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::58bc:6d70:c0c0:4e13%11(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.5(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Thursday, March 14, 2013 9:50:51 AM
   Lease Expires . . . . . . . . . . : Thursday, March 14, 2013 12:50:51 PM
   Default Gateway . . . . . . . . . : 192.168.1.254
   DHCP Server . . . . . . . . . . . : 192.168.1.254
   DHCPv6 IAID . . . . . . . . . . . : 318777031
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-18-38-2C-23-60-EB-69-02-CE-08
   DNS Servers . . . . . . . . . . . : 192.168.1.254
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Ethernet adapter Local Area Connection:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : 60-EB-69-02-CE-08
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter isatap.{3CD87CBD-7773-4A40-8239-E23823453DB1}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:953c:207c:ded:3f57:fefa(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::207c:ded:3f57:fefa%19(Preferred) 
   Default Gateway . . . . . . . . . : ::
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.{B1D8FD2E-FC5B-4971-AAEF-4FC74EC764F5}:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.254
 
Name:    google.com
Addresses:  2001:4860:4002:800::1004
 74.125.227.129
 74.125.227.130
 74.125.227.131
 74.125.227.132
 74.125.227.133
 74.125.227.134
 74.125.227.135
 74.125.227.136
 74.125.227.137
 74.125.227.142
 74.125.227.128
 
 
Pinging google.com [74.125.225.227] with 32 bytes of data:
Reply from 74.125.225.227: bytes=32 time=41ms TTL=52
Reply from 74.125.225.227: bytes=32 time=41ms TTL=52
 
Ping statistics for 74.125.225.227:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 41ms, Maximum = 41ms, Average = 41ms
DNS request timed out.
    timeout was 2 seconds.
Server:  UnKnown
Address:  192.168.1.254
 
Name:    yahoo.com
Addresses:  98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=893ms TTL=49
Reply from 206.190.36.45: bytes=32 time=573ms TTL=49
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 573ms, Maximum = 893ms, Average = 733ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
 11...00 26 c7 52 d7 aa ......Intel® WiFi Link 1000 BGN
 10...60 eb 69 02 ce 08 ......Realtek PCIe GBE Family Controller
  1...........................Software Loopback Interface 1
 23...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
 19...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
 25...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0    192.168.1.254      192.168.1.5     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link       192.168.1.5    281
      192.168.1.5  255.255.255.255         On-link       192.168.1.5    281
    192.168.1.255  255.255.255.255         On-link       192.168.1.5    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       192.168.1.5    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       192.168.1.5    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
 19     58 ::/0                     On-link
  1    306 ::1/128                  On-link
 19     58 2001::/32                On-link
 19    306 2001:0:9d38:953c:207c:ded:3f57:fefa/128
                                    On-link
 11    281 fe80::/64                On-link
 19    306 fe80::/64                On-link
 19    306 fe80::207c:ded:3f57:fefa/128
                                    On-link
 11    281 fe80::58bc:6d70:c0c0:4e13/128
                                    On-link
  1    306 ff00::/8                 On-link
 19    306 ff00::/8                 On-link
 11    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)
Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)
Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\system32\wshbth.dll [36352] (Microsoft Corporation)
Catalog5 06 C:\Windows\System32\mswsock.dll [232448] (Microsoft Corporation)
Catalog5 07 C:\Windows\System32\winrnr.dll [20992] (Microsoft Corporation)
Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 29 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 30 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 31 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 32 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 33 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 34 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
Catalog9 35 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/14/2013 00:03:19 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/14 12:03:19.970]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (03/14/2013 00:02:10 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/14 12:02:10.964]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (03/14/2013 00:01:01 PM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/14 12:01:01.926]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (03/14/2013 11:59:52 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/14 11:59:52.921]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (03/14/2013 11:58:43 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/14 11:58:43.915]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (03/14/2013 11:57:34 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/14 11:57:34.907]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (03/14/2013 11:56:25 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/14 11:56:25.902]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (03/14/2013 11:55:16 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/14 11:55:16.897]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (03/14/2013 11:54:07 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/14 11:54:07.891]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
Error: (03/14/2013 11:52:58 AM) (Source: Brother BrLog) (User: )
Description: STI BrtSTI: [2013/03/14 11:52:58.886]: [00002300]: SendSKeySettingToDevice:: Snmp Load Error[-1] To[192.168.1.68]
 
 
System errors:
=============
Error: (03/14/2013 10:16:05 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.145.1688.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.2.0223.00
 
Source Path: 4.2.0223.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/14/2013 10:16:05 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.145.1688.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.2.0223.00
 
Source Path: 4.2.0223.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/14/2013 10:16:05 AM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.145.1688.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.2.0223.00
 
Source Path: 4.2.0223.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (03/14/2013 09:50:48 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%2
 
Error: (03/14/2013 09:50:48 AM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error: 
%%2
 
Error: (03/14/2013 09:50:29 AM) (Source: EventLog) (User: )
Description: The previous system shutdown at 9:48:49 AM on ?3/?14/?2013 was unexpected.
 
Error: (03/14/2013 09:40:56 AM) (Source: Service Control Manager) (User: )
Description: The Windows Update service hung on starting.
 
Error: (03/14/2013 09:36:26 AM) (Source: Service Control Manager) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Microsoft .NET Framework NGEN v4.0.30319_X86 service to connect.
 
Error: (03/14/2013 09:33:36 AM) (Source: Service Control Manager) (User: )
Description: The LogMeIn Kernel Information Provider service failed to start due to the following error: 
%%2
 
Error: (03/14/2013 09:33:36 AM) (Source: Service Control Manager) (User: )
Description: The LMIGuardianSvc service failed to start due to the following error: 
%%2
 
 
Microsoft Office Sessions:
=========================
Error: (02/06/2012 02:22:15 PM) (Source: Microsoft Office 12 Sessions)(User: )
Description: ID: 1, Application Name: Microsoft Office Excel, Application Version: 12.0.6654.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 153 seconds with 0 seconds of active time.  This session ended with a crash.
 
 
=========================== Installed Programs ============================
 
 Registry Patch to arrange icons in Device and Printers folder of Windows 7 (Version: 1.00)
 Update for Microsoft Office 2007 (KB2508958)
µTorrent (Version: 2.2.1)
2007 Microsoft Office system (Version: 12.0.6612.1000)
Adobe AIR (Version: 3.0.0.4080)
Adobe Flash Player 10 ActiveX (Version: 10.0.32.18)
Adobe Flash Player 10 Plugin (Version: 10.2.152.26)
Adobe Reader X (10.1.3) (Version: 10.1.3)
Anti-phishing Domain Advisor (Version: 1.1.0.1)
Apple Application Support (Version: 2.3.2)
Apple Mobile Device Support (Version: 6.0.1.3)
Apple Software Update (Version: 2.1.3.127)
Bonjour (Version: 3.0.0.10)
Brother MFL-Pro Suite MFC-9460CDN (Version: 1.0.21.0)
Browse2save (Version: )
BrowseToSave 1.74
Bucksbee Loyalty Plugin - Air Installer
Cisco Systems VPN Client 5.0.02.0090 (Version: 5.0.2)
Create Recovery Media (Version: 1.20.0.00)
DirectX 9 Runtime (Version: 1.00.0000)
Dropbox (Version: 1.6.16)
EasyLife Gadget (Version: 1.0)
EasyLife Search 1.74
EasyLife Updater (Version: 1.0)
Evernote v. 4.6.3 (Version: 4.6.3.8096)
Google Apps (Version: 1.2.279.2381)
Google Chrome (Version: 25.0.1364.172)
Google Desktop (Version: 5.9.1005.12335)
Google Update Helper (Version: 1.3.21.135)
Google Updater (Version: 2.4.2432.1652)
GoToMeeting 4.8.0.723 (Version: 4.8.0.723)
Graboid Video 3.11 (Version: 3.11)
iCloud (Version: 2.1.1.3)
Integrated Camera Driver Installer Package Ver.1.0.1.2 (Version: 1.0.1.2)
Integrated Camera TWAIN (Version: 1.0.8.601)
Intel PROSet Wireless
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.1872)
Intel® PROSet/Wireless WiFi Software (Version: 13.00.0000)
Intel® TV Wizard
Intel® Matrix Storage Manager
InterVideo WinDVD 8 (Version: 8.0.20.172)
iTunes (Version: 11.0.1.12)
Java Auto Updater (Version: 2.0.7.1)
Java™ 6 Update 35 (Version: 6.0.350)
JMicron Flash Media Controller Driver (Version: 1.00.29.02)
KONICA MINOLTA C360Series
Lenovo System Interface Driver (Version: 1.01)
Malwarebytes' Anti-Malware version 1.51.2.1300 (Version: 1.51.2.1300)
McAfee Security Scan Plus (Version: 3.0.318.3)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Professional Hybrid 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.2.0223.1)
Microsoft Security Essentials (Version: 4.2.223.1)
Microsoft Silverlight (Version: 5.1.20125.0)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
MobileMe Control Panel (Version: 3.1.8.0)
Mozilla Firefox 13.0.1 (x86 en-US) (Version: 13.0.1)
Mozilla Maintenance Service (Version: 13.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
MSXML 4.0 SP3 Parser (KB2721691) (Version: 4.30.2114.0)
MSXML 4.0 SP3 Parser (KB2758694) (Version: 4.30.2117.0)
MSXML 4.0 SP3 Parser (KB973685) (Version: 4.30.2107.0)
MSXML 4.0 SP3 Parser (Version: 4.30.2100.0)
Nuance PaperPort 12 (Version: 12.1.0000)
Nuance PDF Viewer Plus (Version: 5.30.3290)
Octoshape add-in for Adobe Flash Player
On Screen Display (Version: 5.32.00)
PaperPort Image Printer (Version: 1.00.0001)
PrimoPDF -- by Nitro PDF Software (Version: 5.0.0.19)
QuickTime (Version: 7.73.80.64)
R for Windows 2.15.2 (Version: 2.15.2)
Realtek 8136 8168 8169 Ethernet Driver (Version: 1.00.0005)
Realtek High Definition Audio Driver (Version: 6.0.1.5892)
Registry Patch to Enable Maximum Power Saving on WiFi Adapters for Windows 7 (Version: 1.00)
RocketDock 1.3.5
Roxio Activation Module (Version: 1.0)
Roxio Central Audio (Version: 3.8.0)
Roxio Central Copy (Version: 3.8.0)
Roxio Central Core (Version: 3.8.0)
Roxio Central Data (Version: 3.8.0)
Roxio Central Tools (Version: 3.8.0)
Roxio Creator Small Business Edition (Version: 10.3)
Roxio Creator Small Business Edition (Version: 10.3.081)
Roxio Express Labeler 3 (Version: 3.2.1)
Scansoft PDF Professional
Skype Toolbars (Version: 5.0.4137)
Skype™ 5.10 (Version: 5.10.116)
Sonic CinePlayer Decoder Pack (Version: 4.3.0)
Sonic Icons for Lenovo (Version: 2.0.0)
Spotify (Version: 0.5.2)
Spyware Doctor 7.0 (Version: 7.0)
System Update (Version: 4.00.0009)
Tableau Public 7.0 (Version: 7.0.403)
ThinkPad FullScreen Magnifier (Version: 2.10)
ThinkPad Power Management Driver (Version: 1.55)
ThinkPad UltraNav Driver (Version: 14.0.17.0)
Trend Micro Client/Server Security Agent (Version: 16.0.1331)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596802) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2768024) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
uTorrentBar Toolbar
VC80CRTRedist - 8.0.50727.6195 (Version: 1.2.0)
Veetle TV 0.9.18 (Version: 0.9.18)
Version Checker for Funmoods
Virtual DJ - Atomix Productions
VirtualDJ Home FREE (Version: 7.0.4.1)
VLC media player 1.0.1 (Version: 1.0.1)
Windows Driver Package - Intel hdc  (06/04/2009 7.0.0.1013) (Version: 06/04/2009 7.0.0.1013)
Windows Driver Package - Intel System  (06/04/2009 1.0.0.0002) (Version: 06/04/2009 1.0.0.0002)
Windows Driver Package - Lenovo 1.55 (08/18/2009 1.55) (Version: 08/18/2009 1.55)
Windows Driver Package - Realtek Semiconductor Corp. HD Audio Driver (07/10/2009 6.0.1.5892) (Version: 07/10/2009 6.0.1.5892)
Windows Media Player Firefox Plugin (Version: 1.0.0.8)
WinRAR 4.00 (32-bit) (Version: 4.00.0)
Xerox Support Centre
Yontoo 1.10.02 (Version: 1.10.02)
YTD Toolbar v7.0 (Version: 7.0)
YTD YouTube Downloader & Converter 3.6
 
========================= Memory info: ===================================
 
Percentage of memory in use: 84%
Total physical RAM: 1912.86 MB
Available physical RAM: 298.45 MB
Total Pagefile: 3825.72 MB
Available Pagefile: 1065.23 MB
Total Virtual: 2047.88 MB
Available Virtual: 1941.85 MB
 
========================= Partitions: =====================================
 
1 Drive c: (Windows7_OS) (Fixed) (Total:221.95 GB) (Free:84.5 GB) NTFS
3 Drive q: (Lenovo_Recovery) (Fixed) (Total:9.77 GB) (Free:3.04 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\ODPTMP10221001
 
Administrator            Guest                    odp                      
 
 
**** End of log ****


#4 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 PM

Posted 14 March 2013 - 11:22 AM

No problem... Thru control panel..Uninstall remove these

 

EasyLife Gadget (Version: 1.0)
EasyLife Search 1.74
EasyLife Updater (Version: 1.0)
and if you see a "unknown" remove that also/.
Reboot.
 

In Chrome, look in the Add ons/Plugins. disable any thing easy life.

 Disable All Extensions

 

 

 

Please download AdwCleaner by Xplode onto your desktop.
•Close all open programs and internet browsers.
•Double click on adwcleaner.exe to run the tool.
•Click on Delete.
•Confirm each time with Ok.
•You will be prompted to restart your computer. A text file will open after the restart.
•Please post the contents of that logfile with your next reply.
•You can find the logfile at C:\AdwCleaner[S1].txt as well.


>>>>

Now I'd like us to scan your machine with ESET OnlineScan

  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png  button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

NOTE:Sometimes if ESET finds no infections it will not create a log.


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#5 BenP23

BenP23
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 14 March 2013 - 11:40 PM

Thanks for your help.

 

AdwCleaner text 

 

# AdwCleaner v2.114 - Logfile created 03/14/2013 at 17:07:15

# Updated 05/03/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (32 bits)
# User : odp - ODPTMP10221001
# Boot Mode : Normal
# Running from : C:\Users\odp\Downloads\AdwCleaner.exe
# Option [Delete]
 
 
***** [Services] *****
 
Stopped & Deleted : Application Updater
 
***** [Files / Folders] *****
 
File Deleted : C:\Users\odp\AppData\Local\funmoods.crx
File Deleted : C:\Users\odp\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\searchplugins\search.xml
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\Application Updater
Folder Deleted : C:\Program Files\Common Files\spigot
Folder Deleted : C:\ProgramData\Anti-phishing Domain Advisor
Folder Deleted : C:\ProgramData\Browse2save
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Browse2save
Folder Deleted : C:\ProgramData\RightClick
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\administrator\AppData\Local\Temp\OpenCandy
Folder Deleted : C:\Users\odp\AppData\LocalLow\Browse2save
Folder Deleted : C:\Users\odp\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\odp\AppData\Roaming\Funmoods
Folder Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\Conduit
Folder Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\ConduitCommon
Folder Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\ConduitEngine
Folder Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\CT2786678
Folder Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\extensions\ffxtlbr@funmoods.com
Folder Deleted : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\extensions\staged
 
***** [Registry] *****
 
Data Deleted : HKLM\..\Windows [AppInit_DLLs] = c:\progra~1\browse~1\sprote~1.dll
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\Funmoods
Key Deleted : HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKCU\Software\GreenTree Applications
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6FD9DB4E-42D1-B650-E683-3AECA944B578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6FD9DB4E-42D1-B650-E683-3AECA944B578}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKLM\Software\Application Updater
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FD9DB4E-42D1-B650-E683-3AECA944B578}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{965B9DBE-B104-44AC-950A-8A5F97AFF439}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9DB719C-7156-415E-B49D-BAD039DE4F13}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F03FD9D0-4F2B-497C-8A71-DD41D70B07D9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\f
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100770.FCTB000100770Pos
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100770.FCTB000100770Pos.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100770.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100770.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100770.JSOptionsImpl
Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100770.JSOptionsImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr
Key Deleted : HKLM\SOFTWARE\Classes\funmoods.funmoodsHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\funmoodsApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D085C0A-E4F4-4F66-BDBF-4BE51015BFC3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\FCTB000100770
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6FD9DB4E-42D1-B650-E683-3AECA944B578}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1CAE30F47D14B41B5FC8FA53658044
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3F3165C-74D3-6FDB-3274-14FDA8698CFA}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Anti-phishing Domain Advisor
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\Software\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [SearchSettings]
 
***** [Internet Browsers] *****
 
-\\ Internet Explorer v8.0.7601.17514
 
[OK] Registry is clean.
 
-\\ Mozilla Firefox v13.0.1 (en-US)
 
File : C:\Users\administrator\AppData\Roaming\Mozilla\Firefox\Profiles\y4tpggbo.default\prefs.js
 
[OK] File is clean.
 
File : C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\prefs.js
 
C:\Users\odp\AppData\Roaming\Mozilla\Firefox\Profiles\4o29xxeh.default\user.js ... Deleted !
 
Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2786678.AppTrackingLastCheckTime", "Thu Mar 01 2012 10:16:01 GMT-0500 (Eastern Standard[...]
Deleted : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Deleted : user_pref("CT2786678.CTID", "CT2786678");
Deleted : user_pref("CT2786678.CurrentServerDate", "5-1-2013");
Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sat Jan 05 2013 10:50:54 GMT-0500 (Eastern Standa[...]
Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Thu Mar 01 2012 10:15:50 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 501);
Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Sat Jun 04 2011 12:50:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Sat Jun 04 2011 12:50:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Sat Jun 04 2011 12:50:08 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Sat Jun 04 2011 12:50:08 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Sat Jun 04 2011 12:50:08 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Sat Jun 04 2011 12:50:08 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Sat Jun 04 2011 12:50:08 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Sat Jun 04 2011 12:50:08 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Sat Jun 04 2011 12:50:08 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Sat Jun 04 2011 12:50:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Sat Jun 04 2011 12:50:11 GMT-0400 (Eastern Da[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156812186649977", "Thu Mar 01 2012 10:15:53 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813040823546", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813130095866", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813224203613", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813230837251", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813454291735", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813729834876", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156813860870021", "Thu Mar 01 2012 10:15:53 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814264681793", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156814863075366", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedPollDate2429156815257761081", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Deleted : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Deleted : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Deleted : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Deleted : user_pref("CT2786678.FirstServerDate", "4-5-2011");
Deleted : user_pref("CT2786678.FirstTime", true);
Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Deleted : user_pref("CT2786678.HomePageProtectorEnabled", false);
Deleted : user_pref("CT2786678.HomepageBeforeUnload", "resource:/browserconfig.properties");
Deleted : user_pref("CT2786678.Initialize", true);
Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2786678.InstalledDate", "Tue May 03 2011 19:42:39 GMT-0400 (Eastern Daylight Time)");
Deleted : user_pref("CT2786678.IsAlertDBUpdated", true);
Deleted : user_pref("CT2786678.IsGrouping", false);
Deleted : user_pref("CT2786678.IsMulticommunity", false);
Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Sat Jan 05 2013 10:50:54 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2786678.LastLogin_3.13.0.6", "Mon Jul 30 2012 14:27:56 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.14.1.0", "Sat Jan 05 2013 10:50:54 GMT-0500 (Eastern Standard Time)[...]
Deleted : user_pref("CT2786678.LastLogin_3.3.3.2", "Thu Nov 03 2011 10:14:08 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT2786678.LastLogin_3.8.0.8", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT2786678.LatestVersion", "3.16.0.3");
Deleted : user_pref("CT2786678.Locale", "en");
Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2786678.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT278[...]
Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sat Jan 05 2013 10:50:53 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2786678.SearchProtectorEnabled", false);
Deleted : user_pref("CT2786678.SearchProtectorToolbarDisabled", false);
Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Sat Jan 05 2013 10:50:49 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Sat Jan 05 2013 10:50:48 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT2786678.SettingsLastUpdate", "1357395074");
Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Thu Mar 01 2012 10:15:49 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Deleted : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2786678.UserID", "UN76150641368254194");
Deleted : user_pref("CT2786678.ValidationData_Toolbar", 1);
Deleted : user_pref("CT2786678.WeatherNetwork", "");
Deleted : user_pref("CT2786678.WeatherPollDate", "Thu Mar 01 2012 10:15:53 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT2786678.WeatherUnit", "F");
Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Deleted : user_pref("CT2786678.approveUntrustedApps", false);
Deleted : user_pref("CT2786678.backendstorage.cbfirsttime", "546875204E6F7620303320323031312031303A31343A31322[...]
Deleted : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F67[...]
Deleted : user_pref("CT2786678.backendstorage.url_history", "687474703A2F2F73747564656E746169642E65642E676F762[...]
Deleted : user_pref("CT2786678.backendstorage.url_history_time", "31333039323130323537353834");
Deleted : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Thu Mar 01 2012 10:15:54 GMT-0500 (Eastern [...]
Deleted : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.initDone", true);
Deleted : user_pref("CT2786678.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2786678.myStuffEnabled", true);
Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2786678.oldAppsList", "129295695672325902,129295695672325903,1000234,129295698017012804[...]
Deleted : user_pref("CT2786678.revertSettingsEnabled", false);
Deleted : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2786678.testingCtid", "");
Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sat Jan 05 2013 10:50:54 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Thu Mar 01 2012 10:15:52 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT2786678.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2786678&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"52a[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\odp\\AppData\\Roaming\\Mozilla\\Fir[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT2786678");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "utorrentbar");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "ConduitEngine,CT2786678");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Tue May 03 2011 19:42:36 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Nov 16 2011 12:38:51 GMT-0500 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Nov 16 2011 12:38:41 GMT-0500 (Eastern S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "189f5e3a-bad6-46ed-ae61-568ba1e70a8f");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Thu Mar 01 2012 10:15:51 GMT-0500 (Eas[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "0041a141-a903-4fa3-acac-b98d398fd79a");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.killedEngine", true);
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Mar 01 2012 10:15:5[...]
Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Mar 01 2012 10:16:00 GMT-050[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Mar 01 2012 10:15:51 GMT-0500 (E[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "42f457a6-da4b-4f8f-89ff-ecbc5f89d2d3");
Deleted : user_pref("CommunityToolbar.undefined", "");
Deleted : user_pref("extensions.enabledAddons", "{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33,plugin@yontoo.c[...]
Deleted : user_pref("extensions.funmoods.aflt", "fmtoby");
Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Deleted : user_pref("extensions.funmoods.brwsrsrc", "ietlbr");
Deleted : user_pref("extensions.funmoods.cntry", "US");
Deleted : user_pref("extensions.funmoods.cv", "cv5");
Deleted : user_pref("extensions.funmoods.dfltLng", "");
Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Deleted : user_pref("extensions.funmoods.dfltlng", "en");
Deleted : user_pref("extensions.funmoods.dfltsrch", true);
Deleted : user_pref("extensions.funmoods.dnsErr", true);
Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Deleted : user_pref("extensions.funmoods.excTlbr", false);
Deleted : user_pref("extensions.funmoods.hdrMd5", "C50124DCAA4CAFF917B0B32BBE8B8F0F");
Deleted : user_pref("extensions.funmoods.hmpg", true);
Deleted : user_pref("extensions.funmoods.hmpgUrl", "hxxp://start.funmoods.com/?f=1&a=fmtoby&chnl=fmtoby&cd=2Xz[...]
Deleted : user_pref("extensions.funmoods.hrdid", "60EB6902CE0866CA");
Deleted : user_pref("extensions.funmoods.id", "60EB6902CE0866CA");
Deleted : user_pref("extensions.funmoods.instlDay", "15530");
Deleted : user_pref("extensions.funmoods.instlRef", "fmtoby");
Deleted : user_pref("extensions.funmoods.instlday", "15530");
Deleted : user_pref("extensions.funmoods.instlref", "fmtoby");
Deleted : user_pref("extensions.funmoods.isdcmntcmplt", false);
Deleted : user_pref("extensions.funmoods.keywordurl", "");
Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2214:27:11");
Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Deleted : user_pref("extensions.funmoods.newTab", true);
Deleted : user_pref("extensions.funmoods.newTabUrl", "hxxp://start.funmoods.com/?f=2&a=fmtoby&chnl=fmtoby&cd=2[...]
Deleted : user_pref("extensions.funmoods.newtab", true);
Deleted : user_pref("extensions.funmoods.newtaburl", "hxxp://start.funmoods.com/?f=2&a=fmtoby&chnl=fmtoby&cd=2[...]
Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Deleted : user_pref("extensions.funmoods.prtnrid", "funmoods");
Deleted : user_pref("extensions.funmoods.savedVrsnTs", "1");
Deleted : user_pref("extensions.funmoods.sg", "none");
Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Deleted : user_pref("extensions.funmoods.smplgrp", "none");
Deleted : user_pref("extensions.funmoods.srch", "");
Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Deleted : user_pref("extensions.funmoods.srchprvdr", "Search");
Deleted : user_pref("extensions.funmoods.tlbrId", "base");
Deleted : user_pref("extensions.funmoods.tlbrSrchUrl", "hxxp://start.funmoods.com/?f=3&a=fmtoby&chnl=fmtoby&cd[...]
Deleted : user_pref("extensions.funmoods.tlbrid", "base");
Deleted : user_pref("extensions.funmoods.tlbrsrchurl", "hxxp://start.funmoods.com/?f=3&a=fmtoby&chnl=fmtoby&cd[...]
Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2214:27:11");
Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Deleted : user_pref("extensions.funmoods.vrsnts", "1.5.23.2214:27:11");
Deleted : user_pref("extensions.funmoods.xpestat\\xpereportdata", "5-0-2013");
Deleted : user_pref("extensions.funmoods_i.newTab", true);
Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2214:27:11");
 
-\\ Google Chrome v25.0.1364.172
 
File : C:\Users\odp\AppData\Local\Google\Chrome\User Data\Default\Preferences
 
[OK] File is clean.
 
*************************
 
AdwCleaner[S1].txt - [31278 octets] - [14/03/2013 17:07:15]
 
########## EOF - C:\AdwCleaner[S1].txt - [31339 octets] ##########

 

ESETScan text 

 

C:\Program Files\BrowseToSave\sprotector.dll a variant of Win32/SProtector.A application cleaned by deleting - quarantined

C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.10 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.11 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.12 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.13 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.14 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.15 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.16 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.17 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.18 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.19 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.20 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.21 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.5 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.6 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.7 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.8 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\FF\components\ytdFF.dll.9 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\YTD Toolbar\IE\7.0\ytdToolbarIE.dll a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\odp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\995UJUDO\agent_setup[1].exe Win32/InstalleRex.H.Gen application cleaned by deleting - quarantined
C:\Users\odp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\GU3LZXC0\512264994a160[1].exe multiple threats cleaned by deleting - quarantined
C:\Users\odp\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZV1INF45\search_defender_166[1].exe a variant of Win32/SProtector.A application cleaned by deleting - quarantined
C:\Users\odp\AppData\Local\Temp\airB0CC.exe multiple threats cleaned by deleting - quarantined
C:\Users\odp\AppData\Local\Temp\SearchSettings.exe.680464567 a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\odp\AppData\Local\Temp\YontooSetup-S.exe multiple threats cleaned by deleting - quarantined
C:\Users\odp\AppData\LocalLow\FCTB000100770\Toolbar\Toolbar.dll Win32/Toolbar.BHO.B application cleaned by deleting - quarantined
C:\Users\odp\Downloads\ANV1.rar.exe Win32/InstalleRex.E.Gen application cleaned by deleting - quarantined
C:\Users\odp\Downloads\DownloadSetup.exe Win32/InstallMate.A application cleaned by deleting - quarantined
C:\Users\odp\Downloads\galaxy_2_galaxy_a_hi_tech_jazz_compilation_mp3_192kbps.exe a variant of Win32/MediaGet application cleaned by deleting - quarantined
C:\Users\odp\Downloads\GraboidVideoSetup-3.11.exe Win32/Graboid application cleaned by deleting - quarantined
C:\Users\odp\Downloads\Twelve_O_Clock_High.exe Win32/Adware.1ClickDownload.C application cleaned by deleting - quarantined
C:\Windows\Installer\ad6eaed.msi a variant of Win32/Bundled.Toolbar.Ask application deleted - quarantined
C:\Windows\Installer\f5591b3.msi a variant of Win32/Toolbar.Widgi application deleted - quarantined


#6 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 PM

Posted 15 March 2013 - 10:57 AM

Please download TFC (Temp File Cleaner) by Old Timer and save it to your desktop.
alternate download link
  • Save any unsaved work. TFC will close ALL open programs including your browser!
  • Double-click on TFC.exe to run it. If you are using Vista, right-click on the file and choose Run As Administrator.
  • Click the Start button to begin the cleaning process and let it run uninterrupted to completion.
  • TFC will clear out all temp folders for all user accounts (temp, IE temp, Java, FF, Opera, Chrome, Safari), including Administrator, All Users, LocalService, NetworkService, and any other accounts in the user folder.
  • Important! If TFC prompts you to reboot, please do so immediately. If not prompted, manually reboot the machine anyway to ensure a complete clean.
  • Note: It is normal for the computer to be slow to boot after running TFC cleaner the first time.



    Do you see any more EasyLife??



How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#7 BenP23

BenP23
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 15 March 2013 - 11:29 AM

I ran the TFC Cleaner and then rebooted. I opened Chrome and it seems to be working fine. I opened Firefox though and the homepage is the "Easylifeapp Search". It looks like this.

 

easylife.jpg



#8 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 PM

Posted 15 March 2013 - 11:35 AM

Do the same in FF with the addons


In FireFox it may be the Add ons/Plugins. try disabling them one at a time and see which one was at fault.

How to disable extensions and plugins

Keeping your third-party plugins up to date


How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook

#9 BenP23

BenP23
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:06:59 PM

Posted 15 March 2013 - 12:14 PM

I disabled all add-ons and extensions and the homepage was still the same. I then decided to manually change the homepage to a different page and it seems to have worked. My concern is that in the past Easylife would change certain settings in Chrome and I would have to change them back. They would work fine for a couple days or hours and then Easylife would change them again. You think I should be concerned about that at all?

 

Also, any suggestions on 1) steps I can take to protect myself (of course, not clicking on things I should not be clicking on will be at the top of that list) and 2) any suggestions on steps I can take to clean-up my computer to help improve performance. The Chrome and pretty much everything has just been running somewhat slow lately and I'm just wondering if you have any suggestions.

 

Thanks for all of your help. I really appreciate your assistance. 



#10 boopme

boopme

    To Insanity and Beyond


  • Global Moderator
  • 73,323 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:NJ USA
  • Local time:06:59 PM

Posted 15 March 2013 - 02:49 PM

Hello.. When you install apps.. do not install the extras they put there ,like Toolbars,homepage settings ,browsers etc..
 
You should dtill update Internet Explorer even if you do not use it (at least the Critical security updates).
 
 
In addition to your Antivirus you should run ADWcleaner and Malwarebytes weekly
 
Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.
  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.
Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.
  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware. -- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).



Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to StartBtn.gif > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.

How do I get help? Who is helping me?For the time will come when men will not put up with sound doctrine. Instead, to suit their own desires, they will gather around them a great number of teachers to say what their itching ears want to hear....Become a BleepingComputer fan: Facebook




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users