Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Hello my name is paul, and my pc is infected..


  • Please log in to reply
7 replies to this topic

#1 enzokool1

enzokool1

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 11 May 2013 - 11:31 PM

So far this is what i know... that got me started on looking up solutions to what might be wrong. When i listen to Pandora it always plays many songs without interuption. Now i listen to it and it plays one then stops. Also some random flash player problems come up. Last year i had a static sound on my pc i thought its because it could be old.. then it stopped.. yesturday it happen again and stopped. Then after coming up to this site while looking for solutions to flash on google i find myself reading forums that are very interesting. One admin says to a someone who needed help that he needs to run ESET online scanner and toolbox and other stuff.. so anyway, im running the scanner right now and its up 31 infected files, while it was scrolling the files down i saw flash pop up, win32 amonetize, domaIQ and bunch of other garbage.  Its still scanning and its at 99 % .. but its been scanning at that % for a while now.. im totalling 1hr:54 minutes. I didnt run any toolbox or malware. I did run malware the other day but it didnt catch anything. I read from the same admin that you need to make a new name when downloading malwarebyte,.. i dont know if i did that so, is it working properly. Anyways i feel like their could be some problems on my PC , can someone please help.

 

I also feel like a third party is watching my every move.

 

Mod Edit: Deleted a duplicate from Windows 7 forum to avoid confusion.


Edited by Platypus, 12 May 2013 - 03:02 AM.


BC AdBot (Login to Remove)

 


#2 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:55 AM

Posted 12 May 2013 - 01:11 PM

Welcome aboard p22002758.gif

 

p22002970.gif Download Security Check from here or here and save it to your Desktop.

  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2 SecurityCheck may produce some false warning(s), so leave the results reading to me.

p22002970.gif Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
  • Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Press "Scan".
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.


p22002970.gif Please download MiniToolBox and run it.

Checkmark following boxes:
  • Report IE Proxy Settings
  • Report FF Proxy Settings
  • List content of Hosts
  • List IP configuration
  • List Winsock Entries
  • List last 10 Event Viewer log
  • List Installed Programs
  • List Devices (do NOT change any settings here)
  • List Users, Partitions and Memory size

Click Go and post the result.

p22002970.gif Download Malwarebytes' Anti-Malware (aka MBAM): https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/ to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

p22002970.gifDownload Malwarebytes Anti-Rootkit from HERE to your Desktop.
  • Unzip downloaded file.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • DO NOT click on the Cleanup button. Simply exit the program.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log-xxxxx.txt and system-log.txt


p22002970.gif NOTE. Make sure all logs are pasted not attached.

p22002970.gif Please download Rkill (courtesy of BleepingComputer.com) to your desktop.
There are 2 different versions. If one of them won't run then download and try to run the other one.
You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

rKill.exe: http://www.bleepingcomputer.com/download/rkill/dl/10/
iExplore.exe (renamed rKill.exe): http://www.bleepingcomputer.com/download/rkill/dl/11/

  • Double-click on the Rkill desktop icon to run the tool.
  • If using Vista or Windows 7 right-click on it and choose Run As Administrator.
  • A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
  • If not, delete the file, then download and use the one provided in Link 2.
  • Do not reboot until instructed.
  • If the tool does not run from any of the links provided, please let me know.


If normal mode still doesn't work, run the tool from safe mode.

When the scan is done Notepad will open with rKill log.
Post it in your next reply.

NOTE. rKill.txt log will also be present on your desktop.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#3 enzokool1

enzokool1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 13 May 2013 - 12:26 AM

Thank you for replying. Actually after i finished ESET online scanner the other night, it found 45 infected files and i deleted them, and the pc seemed like it even worked faster. That is one good scan. This is what it deleted.

ESET online scanner

C:\Program Files\Playbryte\uninstall.exe  a variant of MSIL/Adware.iBryte.A application               cleaned by deleting - quarantined

C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\nbelncgeajbinnmijpjbdbeiocehiahm\1\51195400a51170.56972330.js                        Win32/Adware.MultiPlug.H application     cleaned by deleting - quarantined

C:\Users\Paul\AppData\Local\Temp\FlashPlayer__2114_i15665872_il42840.exe     a variant of Win32/Amonetize.D application                  cleaned by deleting - quarantined

C:\Users\Paul\AppData\Local\Temp\QZKFlstJ.exe.part                     Win32/DomaIQ.E application     cleaned by deleting - quarantined

C:\Users\Paul\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ.exe Win32/DomaIQ.E application     cleaned by deleting - quarantined

C:\Users\Paul\AppData\Local\Temp\DIQM\FlashPlayer_151\DomaIQ10.exe                   Win32/DomaIQ.E application     cleaned by deleting - quarantined

C:\Users\Paul\AppData\Local\Temp\DIQM\FlashPlayer_151\exes.zip           Win32/DomaIQ.E application     deleted - quarantined

C:\Users\Paul\AppData\Local\Temp\DIQM\FlashPlayer_151\setup__120.exe                a variant of Win32/Amonetize.D application                  cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1\678a5481-3facbe1b         multiple threats          cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12\4604e10c-4f07926e     Java/Agent.BZ trojan                         cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15\5bbe980f-22151c3b     multiple threats          cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19\6b527313-2377ac21    a variant of Java/TrojanDownloader.Agent.NDJ trojan                        cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23\5eab9fd7-3cf59b3a       multiple threats          cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\3cb4aa99-6bd43d6c     a variant of Java/Agent.A trojan                        cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25\3f16759-20de0187       Java/Agent.X trojan   cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\7a9d5d5b-3a8e8657    Java/Exploit.CVE-2011-3544.F trojan            cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31\73a02c9f-57bf810d       probably a variant of Win32/Agent.FQWXKXL trojan                        cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35\5bb7d9e3-4073311e   multiple threats          cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36\70190024-331e84ee   a variant of Java/TrojanDownloader.Agent.NDJ trojan                        cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\6c6c0728-398de4e4    multiple threats          cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\58630b2b-615f6044    Java/TrojanDownloader.OpenStream.NCM trojan       cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\be97b6f-68e3b096       multiple threats          cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50\13c9a6b2-52f0d91d     a variant of Java/TrojanDownloader.Agent.NDJ trojan                        cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\7cea6c39-1115b1fa      a variant of Java/TrojanDownloader.Agent.NDJ trojan                        cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6\7e67ef86-2ae0cf7e          Java/Exploit.CVE-2012-0507.DN trojan        cleaned by deleting - quarantined

C:\Users\Paul\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63\375f92ff-4928ea90        multiple threats          cleaned by deleting - quarantined

C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\oufl41ii.default\extensions\51195400a51c6@51195400a5200.com\content\bg.js                        Win32/Adware.MultiPlug.H application     cleaned by deleting - quarantined

C:\Users\Paul\Downloads\FlashPlayer_V.120692784b.exe          Win32/DomaIQ.E application     cleaned by deleting - quarantined

C:\Users\Paul\Downloads\FlashPlayer_V.121718397b.exe          Win32/DomaIQ.E application     cleaned by deleting - quarantined

C:\Users\Paul\Downloads\FlashPlayer__2114_i15665872_il42840.exe    a variant of Win32/Amonetize.D application                  cleaned by deleting - quarantined

C:\Users\Paul\Downloads\setup.exe             Win32/InstalleRex.J application                      cleaned by deleting - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\32QFHO80\upgrade[1].cab                      a variant of Win32/Adware.OneStep.AI application       deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIOGOV8R\upgrade[1].cab                     a variant of Win32/Adware.OneStep.AG application     deleted - quarantined

C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WIOGOV8R\upgrade[2].cab                     a variant of Win32/Adware.OneStep.AG application     deleted - quarantined

D:\PAUL-PC\Backup Set 2012-08-26 190007\Backup Files 2012-08-26 190007\Backup files 9.zip                  multiple threats          deleted - quarantined

D:\PAUL-PC\Backup Set 2012-08-26 190007\Backup Files 2012-11-11 190007\Backup files 1.zip                  HTML/Hoax.Agent.H.Gen application           deleted - quarantined

D:\PAUL-PC\Backup Set 2012-08-26 190007\Backup Files 2012-11-11 190007\Backup files 3.zip                  HTML/Hoax.Agent.H.Gen application           deleted - quarantined

D:\PAUL-PC\Backup Set 2012-08-26 190007\Backup Files 2012-11-11 190007\Backup files 5.zip                  HTML/Hoax.Agent.H.Gen application           deleted - quarantined

D:\PAUL-PC\Backup Set 2012-08-26 190007\Backup Files 2012-11-11 190007\Backup files 6.zip                  a variant of Win32/Adware.iBryte.D application                        deleted - quarantined

D:\PAUL-PC\Backup Set 2012-08-26 190007\Backup Files 2013-02-17 190008\Backup files 1.zip                  Win32/Adware.MultiPlug.H application     deleted - quarantined

D:\PAUL-PC\Backup Set 2012-08-26 190007\Backup Files 2013-02-17 190008\Backup files 2.zip                  Win32/TopMedia.B application                        deleted - quarantined

D:\PAUL-PC\Backup Set 2013-03-10 190007\Backup Files 2013-03-10 190007\Backup files 11.zip               Win32/Adware.MultiPlug.H application     deleted - quarantined

D:\PAUL-PC\Backup Set 2013-03-10 190007\Backup Files 2013-03-10 190007\Backup files 12.zip               Win32/Adware.MultiPlug.H application     deleted - quarantined

D:\PAUL-PC\Backup Set 2013-03-10 190007\Backup Files 2013-03-10 190007\Backup files 14.zip               multiple threats          deleted - quarantined

D:\PAUL-PC\Backup Set 2013-03-10 190007\Backup Files 2013-03-10 190007\Backup files 15.zip               multiple threats          deleted - quarantined

Here is everything that you guys posted I should do! To further cleanse my PC!

Security check Log

 Results of screen317's Security Check version 0.99.63 

 Windows 7 Service Pack 1 x86 (UAC is enabled) 

 Internet Explorer 9 

``````````````Antivirus/Firewall Check:``````````````

 Windows Firewall Enabled! 

AVG AntiVirus Free Edition 2013  

 Antivirus up to date!  

`````````Anti-malware/Other Utilities Check:`````````

 CCleaner (remove only)  

 Java™ 6 Update 37 

 Java 7 Update 21 

 Adobe Flash Player 10 Flash Player out of Date!

 Adobe Flash Player        11.7.700.169 

 Adobe Reader XI 

 Mozilla Firefox (20.0.1)

 Google Chrome 26.0.1410.43 

 Google Chrome 26.0.1410.64 

````````Process Check: objlist.exe by Laurent```````` 

 AVG avgwdsvc.exe

 AVG avgrsx.exe

 AVG avgnsx.exe

 AVG avgemc.exe

`````````````````System Health check`````````````````

 Total Fragmentation on Drive C: 0%

````````````````````End of Log``````````````````````

 

FSS farbar

Farbar Service Scanner Version: 14-04-2013

Ran by Paul (administrator) on 13-05-2013 at 00:11:59

Running from "C:\Users\Paul\Desktop"

Windows 7 Ultimate Service Pack 1 (X86)

Boot Mode: Normal

****************************************************************

 

Internet Services:

============

 

Connection Status:

==============

Localhost is accessible.

LAN connected.

Google IP is accessible.

Google.com is accessible.

Attempt to access Yahoo IP returned error. Yahoo IP is offline

Yahoo.com is accessible.

 

 

Windows Firewall:

=============

 

Firewall Disabled Policy:

==================

 

 

System Restore:

============

 

System Restore Disabled Policy:

========================

 

 

Action Center:

============

 

Windows Update:

============

 

Windows Autoupdate Disabled Policy:

============================

 

 

Windows Defender:

==============

WinDefend Service is not running. Checking service configuration:

The start type of WinDefend service is set to Demand. The default start type is Auto.

The ImagePath of WinDefend service is OK.

The ServiceDll of WinDefend service is OK.

 

 

Windows Defender Disabled Policy:

==========================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]

"DisableAntiSpyware"=DWORD:1

 

 

Other Services:

==============

 

 

File Check:

========

C:\Windows\system32\nsisvc.dll => MD5 is legit

C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit

C:\Windows\system32\dhcpcore.dll => MD5 is legit

C:\Windows\system32\Drivers\afd.sys => MD5 is legit

C:\Windows\system32\Drivers\tdx.sys => MD5 is legit

C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit

C:\Windows\system32\dnsrslvr.dll => MD5 is legit

C:\Windows\system32\mpssvc.dll => MD5 is legit

C:\Windows\system32\bfe.dll => MD5 is legit

C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit

C:\Windows\system32\SDRSVC.dll => MD5 is legit

C:\Windows\system32\vssvc.exe => MD5 is legit

C:\Windows\system32\wscsvc.dll => MD5 is legit

C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit

C:\Windows\system32\wuaueng.dll => MD5 is legit

C:\Windows\system32\qmgr.dll => MD5 is legit

C:\Windows\system32\es.dll => MD5 is legit

C:\Windows\system32\cryptsvc.dll => MD5 is legit

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit

C:\Windows\system32\ipnathlp.dll => MD5 is legit

C:\Windows\system32\iphlpsvc.dll => MD5 is legit

C:\Windows\system32\svchost.exe => MD5 is legit

C:\Windows\system32\rpcss.dll => MD5 is legit

 

 

**** End of log ****

 

 

MIniTOolBox

MiniToolBox by Farbar  Version:21-04-2013

Ran by Paul (administrator) on 13-05-2013 at 00:21:26

Running from "C:\Users\Paul\Desktop"

Windows 7 Ultimate Service Pack 1 (X86)

Boot Mode: Normal

***************************************************************************

 

========================= IE Proxy Settings: ==============================

 

Proxy is not enabled.

No Proxy Server is set.

 

========================= FF Proxy Settings: ==============================

 

========================= Hosts content: =================================

 

 

127.0.0.1 validation.sls.microsoft.com

 

========================= IP Configuration: ================================

 

Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller = Local Area Connection 2 (Connected)

NVIDIA nForce Networking Controller = Local Area Connection (Media disconnected)

 

 

# ----------------------------------

# IPv4 Configuration

# ----------------------------------

pushd interface ipv4

 

reset

set global

 

 

popd

# End of IPv4 configuration

 

 

 

Windows IP Configuration

 

   Host Name . . . . . . . . . . . . : Paul-PC

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Ethernet adapter Local Area Connection 2:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller

   Physical Address. . . . . . . . . : 00-17-31-40-4E-BE

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

   Link-local IPv6 Address . . . . . : fe80::3c58:355f:5a27:d4d4%12(Preferred)

   IPv4 Address. . . . . . . . . . . : 192.168.1.3(Preferred)

   Subnet Mask . . . . . . . . . . . : 255.255.255.0

   Lease Obtained. . . . . . . . . . : Sunday, May 12, 2013 2:53:57 AM

   Lease Expires . . . . . . . . . . : Monday, May 13, 2013 2:53:59 PM

   Default Gateway . . . . . . . . . : 192.168.1.1

   DHCP Server . . . . . . . . . . . : 192.168.1.1

   DHCPv6 IAID . . . . . . . . . . . : 301995825

   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-13-BD-97-CC-00-17-31-40-44-F6

   DNS Servers . . . . . . . . . . . : 192.168.1.1

   NetBIOS over Tcpip. . . . . . . . : Enabled

 

Ethernet adapter Local Area Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : NVIDIA nForce Networking Controller

   Physical Address. . . . . . . . . : 00-17-31-40-44-F6

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.{88732C3E-4CE3-4828-93BD-72B980ED8221}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter isatap.{908AA621-BB0C-4EAC-BB08-E836FE529D0C}:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

 

Tunnel adapter Teredo Tunneling Pseudo-Interface:

 

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface

   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0

   DHCP Enabled. . . . . . . . . . . : No

   Autoconfiguration Enabled . . . . : Yes

   IPv6 Address. . . . . . . . . . . : 2001:0:4137:9e76:184b:501:bb96:e4ee(Preferred)

   Link-local IPv6 Address . . . . . : fe80::184b:501:bb96:e4ee%13(Preferred)

   Default Gateway . . . . . . . . . : ::

   NetBIOS over Tcpip. . . . . . . . : Disabled

Server:  UnKnown

Address:  192.168.1.1

 

Name:    google.com

Addresses:  2001:4860:4007:801::100e

                  74.125.224.167

                  74.125.224.168

                  74.125.224.169

                  74.125.224.174

                  74.125.224.160

                  74.125.224.161

                  74.125.224.162

                  74.125.224.163

                  74.125.224.164

                  74.125.224.165

                  74.125.224.166

 

 

Pinging google.com [74.125.224.193] with 32 bytes of data:

Reply from 74.125.224.193: bytes=32 time=83ms TTL=51

Reply from 74.125.224.193: bytes=32 time=84ms TTL=51

 

Ping statistics for 74.125.224.193:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 83ms, Maximum = 84ms, Average = 83ms

Server:  UnKnown

Address:  192.168.1.1

 

Name:    yahoo.com

Addresses:  206.190.36.45

                  98.138.253.109

                  98.139.183.24

 

 

Pinging yahoo.com [206.190.36.45] with 32 bytes of data:

Reply from 206.190.36.45: bytes=32 time=105ms TTL=52

Reply from 206.190.36.45: bytes=32 time=111ms TTL=52

 

Ping statistics for 206.190.36.45:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 105ms, Maximum = 111ms, Average = 108ms

 

Pinging 127.0.0.1 with 32 bytes of data:

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

 

Ping statistics for 127.0.0.1:

    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 0ms, Maximum = 0ms, Average = 0ms

===========================================================================

Interface List

 12...00 17 31 40 4e be ......Marvell Yukon 88E8001/8003/8010 PCI Gigabit Ethernet Controller

 10...00 17 31 40 44 f6 ......NVIDIA nForce Networking Controller

  1...........................Software Loopback Interface 1

 11...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter

 15...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2

 13...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface

===========================================================================

 

IPv4 Route Table

===========================================================================

Active Routes:

Network Destination        Netmask          Gateway       Interface  Metric

          0.0.0.0          0.0.0.0      192.168.1.1      192.168.1.3     20

        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306

        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306

  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306

      192.168.1.0    255.255.255.0         On-link       192.168.1.3    276

      192.168.1.3  255.255.255.255         On-link       192.168.1.3    276

    192.168.1.255  255.255.255.255         On-link       192.168.1.3    276

        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306

        224.0.0.0        240.0.0.0         On-link       192.168.1.3    276

  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306

  255.255.255.255  255.255.255.255         On-link       192.168.1.3    276

===========================================================================

Persistent Routes:

  None

 

IPv6 Route Table

===========================================================================

Active Routes:

 If Metric Network Destination      Gateway

 13     58 ::/0                     On-link

  1    306 ::1/128                  On-link

 13     58 2001::/32                On-link

 13    306 2001:0:4137:9e76:184b:501:bb96:e4ee/128

                                    On-link

 12    276 fe80::/64                On-link

 13    306 fe80::/64                On-link

 13    306 fe80::184b:501:bb96:e4ee/128

                                    On-link

 12    276 fe80::3c58:355f:5a27:d4d4/128

                                    On-link

  1    306 ff00::/8                 On-link

 13    306 ff00::/8                 On-link

 12    276 ff00::/8                 On-link

===========================================================================

Persistent Routes:

  None

========================= Winsock entries =====================================

 

Catalog5 01 C:\Windows\system32\NLAapi.dll [52224] (Microsoft Corporation)

Catalog5 02 C:\Windows\system32\napinsp.dll [52224] (Microsoft Corporation)

Catalog5 03 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 04 C:\Windows\system32\pnrpnsp.dll [65024] (Microsoft Corporation)

Catalog5 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog5 06 C:\Windows\system32\winrnr.dll [20992] (Microsoft Corporation)

Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)

Catalog9 01 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 02 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 03 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 04 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 05 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 06 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 07 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 08 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 09 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 10 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 11 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 12 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 13 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 14 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 15 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 16 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 17 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 18 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 19 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 20 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 21 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 22 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 23 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 24 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 25 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 26 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 27 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

Catalog9 28 C:\Windows\system32\mswsock.dll [232448] (Microsoft Corporation)

 

========================= Event log errors: ===============================

 

Application errors:

==================

Error: (05/12/2013 03:17:57 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is <. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

Error: (05/12/2013 03:17:57 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is <. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

Error: (05/12/2013 03:17:56 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is 8. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

Error: (05/12/2013 03:17:40 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is ?0Ä%???. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

Error: (05/12/2013 03:17:40 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is ?Ä???. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

Error: (05/12/2013 03:16:39 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service MSDTC Bridge 4.0.0.0 (MSDTC Bridge 4.0.0.0) failed. The first DWORD in the Data section contains the error code.

 

Error: (05/12/2013 03:16:39 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (05/12/2013 03:16:39 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: Unloading the performance counter strings for service SMSvcHost 4.0.0.0 (SMSvcHost 4.0.0.0) failed. The first DWORD in the Data section contains the error code.

 

Error: (05/12/2013 03:16:39 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance strings in the Performance registry value is corrupted when process Performance extension counter provider. The BaseIndex value from the Performance registry is the first DWORD in the Data section, LastCounter value is the second DWORD in the Data section, and LastHelp value is the third DWORD in the Data section.

 

Error: (05/12/2013 03:15:56 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT AUTHORITY)

Description: The performance counter explain text string value in the registry is not formatted correctly. The malformed string is <. The first DWORD in the Data section contains the index value to the malformed string while the second and third DWORDs in the Data section contain the last valid index values.

 

 

System errors:

=============

Error: (05/12/2013 09:01:29 PM) (Source: volsnap) (User: )

Description: The shadow copies of volume D: were aborted because the shadow copy storage failed to grow.

 

Error: (05/12/2013 02:54:01 AM) (Source: Service Control Manager) (User: )

Description: The McAfee SiteAdvisor Service service failed to start due to the following error:

%%2

 

Error: (05/12/2013 02:52:06 AM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

 

Error: (05/12/2013 02:39:50 AM) (Source: Service Control Manager) (User: )

Description: The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (05/12/2013 02:26:43 AM) (Source: Service Control Manager) (User: )

Description: The ESET Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.

 

Error: (05/09/2013 00:20:04 PM) (Source: Service Control Manager) (User: )

Description: The McAfee SiteAdvisor Service service failed to start due to the following error:

%%2

 

Error: (04/27/2013 11:56:35 AM) (Source: Service Control Manager) (User: )

Description: The McAfee SiteAdvisor Service service failed to start due to the following error:

%%2

 

Error: (04/24/2013 03:18:18 AM) (Source: Service Control Manager) (User: )

Description: The McAfee SiteAdvisor Service service failed to start due to the following error:

%%2

 

Error: (04/24/2013 03:16:40 AM) (Source: Service Control Manager) (User: )

Description: The Windows Time service terminated with the following error:

%%1115

 

Error: (04/24/2013 03:16:02 AM) (Source: Service Control Manager) (User: )

Description: The ScRegSetValueExW call failed for FailureActions with the following error:

%%5

 

 

Microsoft Office Sessions:

=========================

Error: (05/12/2013 03:17:57 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: <16000000001528000015280000980B0000

 

Error: (05/12/2013 03:17:57 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: <16000000001528000015280000980B0000

 

Error: (05/12/2013 03:17:56 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: 816080000001528000015280000980B0000

 

Error: (05/12/2013 03:17:40 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: ?0Ä%???16000000001528000015280000980B0000

 

Error: (05/12/2013 03:17:40 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: ?Ä???16000000001528000015280000980B0000

 

Error: (05/12/2013 03:16:39 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: MSDTC Bridge 4.0.0.0MSDTC Bridge 4.0.0.08F20300004D070000

 

Error: (05/12/2013 03:16:39 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: Performance1637070000000000000000000009030000

 

Error: (05/12/2013 03:16:39 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: SMSvcHost 4.0.0.0SMSvcHost 4.0.0.08F20300004D070000

 

Error: (05/12/2013 03:16:39 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: Performance1637070000000000000000000009030000

 

Error: (05/12/2013 03:15:56 AM) (Source: Microsoft-Windows-LoadPerf)(User: NT AUTHORITY)

Description: <16000000007D2700007D270000980B0000

 

 

=========================== Installed Programs ============================

 

µTorrent (Version: 3.2.0)

µTorrent (Version: 3.3.0.28918)

32 Bit HP CIO Components Installer (Version: 7.1.8)

4500_G510af_Help (Version: 000.0.439.000)

4500G510af (Version: 000.0.423.000)

4500G510af_Software_Min (Version: 000.0.423.000)

Adobe AIR (Version: 2.0.2.12610)

Adobe Flash Player 10 ActiveX (Version: 10.0.22.87)

Adobe Flash Player 11 Plugin (Version: 11.7.700.169)

Adobe Reader XI (11.0.02) (Version: 11.0.02)

Adobe Shockwave Player 11.6 (Version: 11.6.5.635)

Akamai NetSession Interface Service

Apple Application Support (Version: 2.3.3)

Apple Mobile Device Support (Version: 6.1.0.13)

Apple Software Update (Version: 2.1.3.127)

AVG 2013 (Version: 13.0.2904)

AVG 2013 (Version: 13.0.3162)

AVG 2013 (Version: 2013.0.2904)

Bandisoft MPEG-1 Decoder

Bonjour (Version: 3.0.0.10)

BufferChm (Version: 130.0.331.000)

CCleaner (remove only)

Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition

Destinations (Version: 140.0.77.000)

DeviceDiscovery (Version: 130.0.372.000)

DocMgr (Version: 130.0.000.000)

DocProc (Version: 13.0.0.0)

DomaIQ

Fax (Version: 130.0.418.000)

FilesFrog Update Checker

Google Chrome (Version: 26.0.1410.64)

Google Update Helper (Version: 1.3.21.145)

GPBaseService2 (Version: 130.0.371.000)

Hewlett-Packard ACLM.NET v1.1.0.0 (Version: 1.00.0000)

HP Customer Participation Program 13.0 (Version: 13.0)

HP Document Manager 2.0 (Version: 2.0)

HP Imaging Device Functions 13.0 (Version: 13.0)

HP Officejet 4500 G510a-f (Version: 13.0)

HP Product Detection (Version: 11.14.0001)

HP Smart Web Printing 4.60 (Version: 4.60)

HP Solution Center 13.0 (Version: 13.0)

HP Update (Version: 5.005.000.002)

HPDiagnosticAlert (Version: 1.00.0000)

HPProductAssistant (Version: 130.0.371.000)

IB Updater Service (Version: 3.0.4.6)

iCloud (Version: 2.1.2.8)

iTunes (Version: 11.0.2.26)

Java 7 Update 21 (Version: 7.0.210)

Java Auto Updater (Version: 2.1.9.5)

Java™ 6 Update 37 (Version: 6.0.370)

League of Legends (Version: 1.3)

MarketResearch (Version: 130.0.374.000)

Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319)

Microsoft .NET Framework 4 Extended (Version: 4.0.30319)

Microsoft DirectX SDK (June 2010) (Version: 9.29.1962.0)

Microsoft Office Access MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Access Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Excel MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Groove MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office InfoPath MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office OneNote MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Outlook MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office PowerPoint MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Professional Plus 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (French) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proof (Spanish) 2010 (Version: 14.0.4734.1000)

Microsoft Office Proofing (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Publisher MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Shared Setup Metadata MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Office Word MUI (English) 2010 (Version: 14.0.4734.1000)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.56336)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.59193)

Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)

Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)

MobileMe Control Panel (Version: 3.1.8.0)

Mozilla Firefox 20.0.1 (x86 en-US) (Version: 20.0.1)

Mozilla Maintenance Service (Version: 20.0.1)

MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)

MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)

Nexon Game Manager

NVIDIA 3D Vision Controller Driver (Version: 275.33)

NVIDIA 3D Vision Controller Driver 301.42 (Version: 301.42)

NVIDIA 3D Vision Driver 311.06 (Version: 311.06)

NVIDIA Control Panel 311.06 (Version: 311.06)

NVIDIA Graphics Driver 311.06 (Version: 311.06)

NVIDIA Install Application (Version: 2.1002.108.688)

NVIDIA PhysX (Version: 9.12.0213)

NVIDIA PhysX System Software 9.12.0213 (Version: 9.12.0213)

NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.1106)

NVIDIA Update 1.11.3 (Version: 1.11.3)

NVIDIA Update Components (Version: 1.11.3)

OCR Software by I.R.I.S. 13.0 (Version: 13.0)

Pando Media Booster (Version: 2.3.5.6)

PlayBryte

QuickTime (Version: 7.73.80.64)

Realtek AC'97 Audio

Safari (Version: 5.34.57.2)

Scan (Version: 140.0.80.000)

Skype Click to Call (Version: 5.9.9216)

Skype™ 5.10 (Version: 5.10.116)

SmartWebPrinting (Version: 140.0.186.000)

Software Version Updater (Version: 1.1.3.7)

SolutionCenter (Version: 130.0.373.000)

Spotify (Version: 0.9.0.133.gd18ed589)

Status (Version: 130.0.373.000)

Steam (Version: 1.0.0.0)

swMSM (Version: 12.0.0.1)

Toolbox (Version: 130.0.648.000)

TrayApp (Version: 130.0.376.000)

Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2468871) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2533523) (Version: 1)

Update for Microsoft .NET Framework 4 Extended (KB2600217) (Version: 1)

Update for Microsoft Office 2010 (KB2494150)

Update for Microsoft Office 2010 (KB2553092)

Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition

Ventrilo Client (Version: 3.0.5)

Web Assistant 2.0.0.570 (Version: 2.0.0.570)

WebReg (Version: 130.0.132.017)

Windows 7 Codec Pack 2.6.1

Windows Media Player Firefox Plugin (Version: 1.0.0.8)

 

========================= Devices: ================================

 

Name: A8TMTHZ7 IDE Controller

Description: A8TMTHZ7 IDE Controller

Class Guid: {4D36E97B-E325-11CE-BFC1-08002BE10318}

Manufacturer: (Standard mass storage controllers)

Service: ay8xwawu

Problem: : Windows cannot load the device driver for this hardware. The driver may be corrupted or missing. (Code 39)

Resolution: Reasons for this error include a driver that is not present; a binary file that is corrupt; a file I/O problem, or a driver that references an entry point in another binary file that could not be loaded.

Uninstall the driver, and then click "Scan for hardware changes" to reinstall or upgrade the driver.

 

 

========================= Memory info: ===================================

 

Percentage of memory in use: 42%

Total physical RAM: 3071.55 MB

Available physical RAM: 1752.63 MB

Total Pagefile: 6141.4 MB

Available Pagefile: 4638.79 MB

Total Virtual: 2047.88 MB

Available Virtual: 1927.64 MB

 

========================= Partitions: =====================================

 

2 Drive c: () (Fixed) (Total:298.08 GB) (Free:204.04 GB) NTFS

3 Drive d: (New Volume) (Fixed) (Total:298.09 GB) (Free:291.36 GB) NTFS

 

========================= Users: ========================================

 

User accounts for \\PAUL-PC

 

Administrator            Guest                    Paul                    

UpdatusUser             

 

 

**** End of log ****

Malwarebyte

Malwarebytes Anti-Malware 1.75.0.1300

www.malwarebytes.org

 

Database version: v2013.05.13.01

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Paul :: PAUL-PC [administrator]

 

5/13/2013 12:28:49 AM

mbam-log-2013-05-13 (00-28-49).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM

Scan options disabled: P2P

Objects scanned: 240060

Time elapsed: 7 minute(s), 10 second(s)

 

Memory Processes Detected: 1

C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 432 -> Delete on reboot.

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 31

HKCR\AppID\{0D82ACD6-A652-4496-A298-2BDE705F4227} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\{7025E484-D4B0-441a-9F0B-69063BD679CE} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\{8258B35C-05B8-4c0e-9525-9BCCC70F8F2D} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\{A89256AD-EC17-4a83-BEF5-4B8BC4F39306} (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\CLSID\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.

HKCR\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Updater.AmiUpd.1 (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCR\Updater.AmiUpd (PUP.Software.Updater) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C} (Adware.QuestScan) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{61E0EF7A-9BC0-45EA-9B2F-F3E9F02692BD} (PUP.PlayBryte) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{61e0ef7a-9bc0-45ea-9b2f-f3e9f02692bd} (PUP.PlayBryte) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{89F88394-3828-4d03-A0CF-8203604C3DA6} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4233F04-1789-483c-A137-731E8F113DD5} (Adware.Hotbar) -> Quarantined and deleted successfully.

HKCR\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

HKCR\Interface\{31E3BC75-2A09-4CFF-9C92-8D0ED8D1DC0F} (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

HKCR\AppID\BRNstIE.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\CmndFF.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\mozillaps.dll (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCR\AppID\Pltfrm.DLL (Adware.ClickPotato) -> Quarantined and deleted successfully.

HKCU\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKCU\Software\hblitesa (Adware.HotBar) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\HBLite (Adware.HotBar) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\ShopperReports3 (Adware.ShopperReports) -> Quarantined and deleted successfully.

HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\PLAYBRYTE (PUP.PlayBryte) -> Quarantined and deleted successfully.

HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Quarantined and deleted successfully.

 

Registry Values Detected: 6

HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow|playbryte.com (PUP.PlayBryte) -> Data:  -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|ShopperReports 3.1.69.0 (Adware.HotBar) -> Data:  -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform|playbrytetoolbar_Playbryte (PUP.PlayBryte) -> Data:  -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte|Publisher (PUP.PlayBryte) -> Data: Playbryte -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Mozilla\Firefox\extensions|ShopperReports@ShopperReports.com (ShopperReports) -> Data: C:\Program Files\ShopperReports3\bin\3.1.69.0\firefox\firefoxtoolbar\extensions -> Quarantined and deleted successfully.

HKLM\SOFTWARE\Mozilla\Firefox\extensions|HBLite@HBLite.com (Adware.HotBar) -> Data: C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions -> Quarantined and deleted successfully.

 

Registry Data Items Detected: 1

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main|Start Page (Hijack.StartPage) -> Bad: (http://searchab.com/?aff=7&uid=7dbada5c-7485-11e2-97e8-0017314044f6) Good: (http://www.google.com) -> Quarantined and repaired successfully.

 

Folders Detected: 11

C:\ProgramData\MagniPic (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

C:\Program Files\HBLite (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\HBLite\bin (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\HBLite\bin\11.0.363.0 (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\HBLite\bin\11.0.363.0\firefox (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\HBLite\bin\11.0.363.0\firefox\extensions\plugins (Adware.Hotbar) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096} (Adware.QuestScan) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome (Adware.QuestScan) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults (Adware.QuestScan) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences (Adware.QuestScan) -> Quarantined and deleted successfully.

 

Files Detected: 10

C:\Users\Paul\AppData\Local\SwvUpdater\Updater.exe (PUP.Software.Updater) -> Quarantined and deleted successfully.

C:\Windows\Tasks\AmiUpdXp.job (PUP.Software.Updater) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\searchplugins\Mp3Tube.xml (Adware.Mp3Tube) -> Quarantined and deleted successfully.

C:\ProgramData\MagniPic\51195400a535a.tlb (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

C:\ProgramData\MagniPic\settings.ini (PUP.Adware.Magnipic) -> Quarantined and deleted successfully.

C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Delete on reboot.

C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome.manifest (Adware.QuestScan) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\install.rdf (Adware.QuestScan) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\chrome\questscan.jar (Adware.QuestScan) -> Quarantined and deleted successfully.

C:\Program Files\Mozilla Firefox\extensions\{F0E1168A-B4B5-484C-B77E-0D28E6B64096}\defaults\preferences\prefs.js (Adware.QuestScan) -> Quarantined and deleted successfully.

 

(end)

Malware byte-rootkill

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

www.malwarebytes.org

 

Database version: v2013.05.13.01

 

Windows 7 Service Pack 1 x86 NTFS

Internet Explorer 9.0.8112.16421

Paul :: PAUL-PC [administrator]

 

5/13/2013 1:12:49 AM

mbar-log-2013-05-13 (01-12-49).txt

 

Scan type: Quick scan

Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P

Scan options disabled:

Objects scanned: 29122

Time elapsed: 19 minute(s), 4 second(s)

 

Memory Processes Detected: 0

(No malicious items detected)

 

Memory Modules Detected: 0

(No malicious items detected)

 

Registry Keys Detected: 8

HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\INTERFACE\{21BA420E-161C-413A-B21E-4E42AE1F4226} (Adware.ClickPotato) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} (Adware.ClickPotato) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\INTERFACE\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699} (Adware.ClickPotato) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\INTERFACE\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71} (Adware.ClickPotato) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\INTERFACE\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A} (Adware.ClickPotato) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\INTERFACE\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6} (Adware.ClickPotato) -> Delete on reboot.

HKLM\SOFTWARE\CLASSES\INTERFACE\{DA6305B9-0869-4235-8C1D-533A65E639E5} (Adware.ClickPotato) -> Delete on reboot.

 

Registry Values Detected: 0

(No malicious items detected)

 

Registry Data Items Detected: 0

(No malicious items detected)

 

Folders Detected: 0

(No malicious items detected)

 

Files Detected: 0

(No malicious items detected)

 

(end)

System-log

---------------------------------------

Malwarebytes Anti-Rootkit BETA 1.05.0.1001

 

© Malwarebytes Corporation 2011-2012

 

OS version: 6.1.7601 Windows 7 Service Pack 1 x86

 

Account is Administrative

 

Internet Explorer version: 9.0.8112.16421

 

Java version: 1.6.0_37

 

File system is: NTFS

Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED

CPU speed: 2.412000 GHz

Memory total: 3220758528, free: 1845813248

 

------------ Kernel report ------------

     05/13/2013 00:52:29

------------ Loaded modules -----------

\SystemRoot\system32\ntkrnlpa.exe

\SystemRoot\system32\halmacpi.dll

\SystemRoot\system32\kdcom.dll

\SystemRoot\system32\mcupdate_AuthenticAMD.dll

\SystemRoot\system32\PSHED.dll

\SystemRoot\system32\BOOTVID.dll

\SystemRoot\system32\CLFS.SYS

\SystemRoot\system32\CI.dll

\SystemRoot\System32\drivers\nekntl.sys

\SystemRoot\system32\drivers\Wdf01000.sys

\SystemRoot\system32\drivers\WDFLDR.SYS

\SystemRoot\System32\Drivers\sptd.sys

\SystemRoot\system32\drivers\ACPI.sys

\SystemRoot\system32\drivers\WMILIB.SYS

\SystemRoot\system32\drivers\msisadrv.sys

\SystemRoot\system32\drivers\vdrvroot.sys

\SystemRoot\system32\drivers\pci.sys

\SystemRoot\System32\drivers\partmgr.sys

\SystemRoot\system32\drivers\volmgr.sys

\SystemRoot\System32\drivers\volmgrx.sys

\SystemRoot\system32\drivers\pciide.sys

\SystemRoot\system32\drivers\PCIIDEX.SYS

\SystemRoot\System32\drivers\mountmgr.sys

\SystemRoot\system32\drivers\vmbus.sys

\SystemRoot\system32\drivers\winhv.sys

\SystemRoot\system32\drivers\atapi.sys

\SystemRoot\system32\drivers\ataport.SYS

\SystemRoot\system32\DRIVERS\Si3114r5.sys

\SystemRoot\system32\DRIVERS\SCSIPORT.SYS

\SystemRoot\system32\drivers\amdxata.sys

\SystemRoot\system32\drivers\fltmgr.sys

\SystemRoot\system32\drivers\fileinfo.sys

\SystemRoot\system32\DRIVERS\SiWinAcc.sys

\SystemRoot\System32\Drivers\Ntfs.sys

\SystemRoot\System32\Drivers\msrpc.sys

\SystemRoot\System32\Drivers\ksecdd.sys

\SystemRoot\System32\Drivers\cng.sys

\SystemRoot\System32\drivers\pcw.sys

\SystemRoot\System32\Drivers\Fs_Rec.sys

\SystemRoot\system32\drivers\ndis.sys

\SystemRoot\system32\drivers\NETIO.SYS

\SystemRoot\System32\Drivers\ksecpkg.sys

\SystemRoot\System32\drivers\tcpip.sys

\SystemRoot\System32\drivers\fwpkclnt.sys

\SystemRoot\system32\drivers\vmstorfl.sys

\SystemRoot\system32\drivers\volsnap.sys

\SystemRoot\System32\Drivers\spldr.sys

\SystemRoot\System32\drivers\rdyboost.sys

\SystemRoot\system32\DRIVERS\SiRemFil.sys

\SystemRoot\System32\Drivers\mup.sys

\SystemRoot\System32\drivers\hwpolicy.sys

\SystemRoot\System32\DRIVERS\fvevol.sys

\SystemRoot\system32\DRIVERS\disk.sys

\SystemRoot\system32\DRIVERS\CLASSPNP.SYS

\SystemRoot\system32\DRIVERS\avgrkx86.sys

\SystemRoot\system32\DRIVERS\avglogx.sys

\SystemRoot\system32\DRIVERS\avgmfx86.sys

\SystemRoot\system32\DRIVERS\avgidshx.sys

\SystemRoot\system32\DRIVERS\cdrom.sys

\SystemRoot\System32\Drivers\Null.SYS

\SystemRoot\System32\Drivers\Beep.SYS

\SystemRoot\System32\drivers\vga.sys

\SystemRoot\System32\drivers\VIDEOPRT.SYS

\SystemRoot\System32\drivers\watchdog.sys

\SystemRoot\System32\DRIVERS\RDPCDD.sys

\SystemRoot\system32\drivers\rdpencdd.sys

\SystemRoot\system32\drivers\rdprefmp.sys

\SystemRoot\System32\Drivers\Msfs.SYS

\SystemRoot\System32\Drivers\Npfs.SYS

\SystemRoot\system32\DRIVERS\tdx.sys

\SystemRoot\system32\DRIVERS\TDI.SYS

\SystemRoot\system32\DRIVERS\avgtdix.sys

\SystemRoot\System32\DRIVERS\netbt.sys

\SystemRoot\system32\drivers\afd.sys

\SystemRoot\system32\DRIVERS\wfplwf.sys

\SystemRoot\system32\DRIVERS\pacer.sys

\SystemRoot\system32\DRIVERS\netbios.sys

\SystemRoot\system32\DRIVERS\serial.sys

\SystemRoot\system32\DRIVERS\wanarp.sys

\SystemRoot\system32\drivers\termdd.sys

\SystemRoot\system32\DRIVERS\rdbss.sys

\SystemRoot\system32\drivers\nsiproxy.sys

\SystemRoot\system32\drivers\mssmbios.sys

\SystemRoot\System32\drivers\discache.sys

\SystemRoot\system32\drivers\csc.sys

\SystemRoot\System32\Drivers\dfsc.sys

\SystemRoot\system32\DRIVERS\blbdrive.sys

\SystemRoot\system32\DRIVERS\avgldx86.sys

\SystemRoot\system32\DRIVERS\avgidsshimx.sys

\SystemRoot\system32\DRIVERS\avgidsdriverx.sys

\SystemRoot\system32\DRIVERS\tunnel.sys

\SystemRoot\system32\DRIVERS\amdk8.sys

\SystemRoot\system32\DRIVERS\usbohci.sys

\SystemRoot\system32\DRIVERS\USBPORT.SYS

\SystemRoot\system32\DRIVERS\usbehci.sys

\SystemRoot\system32\drivers\RTKVAC.SYS

\SystemRoot\system32\drivers\portcls.sys

\SystemRoot\system32\drivers\drmk.sys

\SystemRoot\system32\drivers\ks.sys

\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys

\SystemRoot\system32\drivers\1394ohci.sys

\SystemRoot\system32\DRIVERS\yk62x86.sys

\SystemRoot\system32\DRIVERS\nvm62x32.sys

\SystemRoot\system32\DRIVERS\nvlddmkm.sys

\SystemRoot\System32\Drivers\nvBridge.kmd

\SystemRoot\System32\drivers\dxgkrnl.sys

\SystemRoot\System32\drivers\dxgmms1.sys

\SystemRoot\system32\DRIVERS\ASACPI.sys

\SystemRoot\system32\DRIVERS\fdc.sys

\SystemRoot\system32\DRIVERS\serenum.sys

\SystemRoot\system32\DRIVERS\parport.sys

\SystemRoot\system32\drivers\nvmpu401.sys

\SystemRoot\system32\drivers\CompositeBus.sys

\SystemRoot\system32\DRIVERS\AgileVpn.sys

\SystemRoot\system32\DRIVERS\rasl2tp.sys

\SystemRoot\system32\DRIVERS\ndistapi.sys

\SystemRoot\system32\DRIVERS\ndiswan.sys

\SystemRoot\system32\DRIVERS\raspppoe.sys

\SystemRoot\system32\DRIVERS\raspptp.sys

\SystemRoot\system32\DRIVERS\rassstp.sys

\SystemRoot\system32\DRIVERS\rdpbus.sys

\SystemRoot\system32\DRIVERS\kbdclass.sys

\SystemRoot\system32\DRIVERS\mouclass.sys

\SystemRoot\system32\drivers\swenum.sys

\SystemRoot\system32\drivers\umbus.sys

\SystemRoot\system32\DRIVERS\usbhub.sys

\SystemRoot\system32\DRIVERS\flpydisk.sys

\SystemRoot\System32\Drivers\NDProxy.SYS

\SystemRoot\system32\DRIVERS\usbccgp.sys

\SystemRoot\system32\DRIVERS\USBD.SYS

\SystemRoot\system32\DRIVERS\usbscan.sys

\SystemRoot\system32\DRIVERS\usbprint.sys

\SystemRoot\system32\DRIVERS\dot4usb.sys

\SystemRoot\system32\DRIVERS\Dot4.sys

\SystemRoot\system32\DRIVERS\Dot4Prt.sys

\SystemRoot\System32\win32k.sys

\SystemRoot\System32\drivers\Dxapi.sys

\SystemRoot\system32\DRIVERS\hidusb.sys

\SystemRoot\system32\DRIVERS\HIDCLASS.SYS

\SystemRoot\system32\DRIVERS\HIDPARSE.SYS

\SystemRoot\system32\DRIVERS\mouhid.sys

\SystemRoot\System32\Drivers\crashdmp.sys

\SystemRoot\System32\Drivers\dump_dumpata.sys

\SystemRoot\System32\Drivers\dump_atapi.sys

\SystemRoot\System32\Drivers\dump_dumpfve.sys

\SystemRoot\System32\Drivers\usbvideo.sys

\SystemRoot\system32\DRIVERS\kbdhid.sys

\SystemRoot\system32\DRIVERS\monitor.sys

\SystemRoot\System32\TSDDD.dll

\SystemRoot\System32\cdd.dll

\SystemRoot\system32\drivers\luafv.sys

\SystemRoot\system32\DRIVERS\lltdio.sys

\SystemRoot\system32\DRIVERS\rspndr.sys

\SystemRoot\system32\drivers\HTTP.sys

\SystemRoot\system32\DRIVERS\bowser.sys

\SystemRoot\System32\drivers\mpsdrv.sys

\SystemRoot\system32\DRIVERS\mrxsmb.sys

\SystemRoot\system32\DRIVERS\mrxsmb10.sys

\SystemRoot\system32\DRIVERS\mrxsmb20.sys

\SystemRoot\system32\DRIVERS\parvdm.sys

\SystemRoot\system32\drivers\peauth.sys

\SystemRoot\System32\Drivers\secdrv.SYS

\SystemRoot\System32\DRIVERS\srvnet.sys

\SystemRoot\System32\drivers\tcpipreg.sys

\SystemRoot\System32\DRIVERS\srv2.sys

\SystemRoot\System32\DRIVERS\srv.sys

\??\C:\Windows\system32\drivers\mbamchameleon.sys

\??\C:\Windows\system32\drivers\mbamswissarmy.sys

\Windows\System32\ntdll.dll

\Windows\System32\smss.exe

\Windows\System32\apisetschema.dll

----------- End -----------

<<<1>>>

Upper Device Name: \Device\Harddisk1\DR1

Upper Device Object: 0xffffffff8650a840

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP2T0L0-2\

Lower Device Object: 0xffffffff860c3908

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Initialization returned 0x0

Port sub-driver loaded: \??\C:\Windows\System32\drivers\ataport.sys (0x0)

Load Function returned 0x0

<<<1>>>

Upper Device Name: \Device\Harddisk0\DR0

Upper Device Object: 0xffffffff865095f8

Upper Device Driver Name: \Driver\Disk\

Lower Device Name: \Device\Ide\IdeDeviceP3T0L0-3\

Lower Device Object: 0xffffffff860c4338

Lower Device Driver Name: \Driver\atapi\

Driver name found: atapi

Downloaded database version: v2013.05.13.01

Downloaded database version: v2013.05.07.01

Initializing...

Done!

<<<2>>>

Device number: 1, partition: 1

Physical Sector Size: 512

Drive: 1, DevicePointer: 0xffffffff8650a840, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8650a3d0, DeviceName: Unknown, DriverName: \Driver\SiRemFil\

DevicePointer: 0xffffffff8650a520, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff8650a840, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff860a1900, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff860c3908, DeviceName: \Device\Ide\IdeDeviceP2T0L0-2\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\

Upper DeviceData: 0xffffffffb228b258, 0xffffffff8650a840, 0xffffffff855c0460

Lower DeviceData: 0xffffffffa97a7870, 0xffffffff860c3908, 0xffffffff857a59c0

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Scanning directory: C:\Windows\system32\drivers...

<<<2>>>

Device number: 1, partition: 1

<<<3>>>

Volume: C:

File system type: NTFS

SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes

Done!

Physical Sector Size: 512

Drive: 0, DevicePointer: 0xffffffff865095f8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

--------- Disk Stack ------

DevicePointer: 0xffffffff8650a020, DeviceName: Unknown, DriverName: \Driver\SiRemFil\

DevicePointer: 0xffffffff865092d8, DeviceName: Unknown, DriverName: \Driver\partmgr\

DevicePointer: 0xffffffff865095f8, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\

DevicePointer: 0xffffffff860987e0, DeviceName: Unknown, DriverName: \Driver\ACPI\

DevicePointer: 0xffffffff860c4338, DeviceName: \Device\Ide\IdeDeviceP3T0L0-3\, DriverName: \Driver\atapi\

------------ End ----------

Alternate DeviceName: Unknown, DriverName: \Driver\partmgr\

Upper DeviceData: 0xffffffffbe730860, 0xffffffff865095f8, 0xffffffff857107d0

Lower DeviceData: 0xffffffffae213ab8, 0xffffffff860c4338, 0xffffffff85610c10

Drive 0

Scanning MBR on drive 0...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: E161E161

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 63  Numsec = 625136337

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 320072933376 bytes

Sector size: 512 bytes

 

Scanning physical sectors of unpartitioned space on drive 0 (1-62-625122448-625142448)...

Drive 1

Scanning MBR on drive 1...

Inspecting partition table:

MBR Signature: 55AA

Disk Signature: DF2ADF2A

 

Partition information:

 

    Partition 0 type is Primary (0x7)

    Partition is ACTIVE.

    Partition starts at LBA: 63  Numsec = 625121217

    Partition file system is NTFS

    Partition is bootable

 

    Partition 1 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 2 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

    Partition 3 type is Empty (0x0)

    Partition is NOT ACTIVE.

    Partition starts at LBA: 0  Numsec = 0

 

Disk Size: 320072933376 bytes

Sector size: 512 bytes

 

Done!

Performing system, memory and registry scan...

Infected: HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{11111111-1111-1111-1111-110011221158} --> [Adware.GamePlayLab]

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{21BA420E-161C-413A-B21E-4E42AE1F4226} --> [Adware.ClickPotato]

Infected: HKLM\SOFTWARE\CLASSES\TypeLib\{ACC62306-9A63-4864-BD2F-C8825D2D7EA6} --> [Adware.ClickPotato]

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699} --> [Adware.ClickPotato]

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71} --> [Adware.ClickPotato]

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A} --> [Adware.ClickPotato]

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6} --> [Adware.ClickPotato]

Infected: HKLM\SOFTWARE\CLASSES\INTERFACE\{DA6305B9-0869-4235-8C1D-533A65E639E5} --> [Adware.ClickPotato]

Read File:  File "c:\ProgramData\AVG2013\Chjw\22f0c36bf0c3442f.dat" is sparse (flags = 32768)

Done!

Scan finished

Krill.exe

Rkill 2.4.7 by Lawrence Abrams (Grinler)

http://www.bleepingcomputer.com/

Copyright 2008-2013 BleepingComputer.com

More Information about Rkill can be found at this link:

 http://www.bleepingcomputer.com/forums/topic308364.html

 

Program started at: 05/13/2013 01:17:16 AM in x86 mode.

Windows Version: Windows 7 Ultimate Service Pack 1

 

Checking for Windows services to stop:

 

 * No malware services found to stop.

 

Checking for processes to terminate:

 

 * No malware processes found to kill.

 

Checking Registry for malware related settings:

 

 * No issues found in the Registry.

 

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

 

Performing miscellaneous checks:

 

 * Windows Defender Disabled

 

   [HKLM\SOFTWARE\Microsoft\Windows Defender]

   "DisableAntiSpyware" = dword:00000001

 

Checking Windows Service Integrity:

 

 * Windows Defender (WinDefend) is not Running.

   Startup Type set to: Manual

 

Searching for Missing Digital Signatures:

 

 * No issues found.

 

Checking HOSTS File:

 

 * HOSTS file entries found:

 

  127.0.0.1 validation.sls.microsoft.com

 

Program finished at: 05/13/2013 01:17:31 AM

Execution time: 0 hours(s), 0 minute(s), and 15 seconds(s)

 

Thanks again! Let me know if something bad is still on it! The PC works great though, it did before ESET scan, just with the scan it works better and feels quicker! Plus its always good to delete all those bad bugs and stuff... Pandora plays again without just one song.



#4 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:55 AM

Posted 13 May 2013 - 05:33 PM

p22002970.gif Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

=============================================================================

p22002970.gif Please download AdwCleaner by Xplode onto your desktop.

  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Delete.
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.


=============================================================================

p22002970.gif Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.


=======================================
 


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#5 enzokool1

enzokool1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 13 May 2013 - 11:40 PM

Thanks again for the reply. Here are the following logs.

TFC

Getting user folders.

 

Stopping running processes.

 

Emptying Temp folders.

 

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

 

User: Paul

->Temp folder emptied: 26946171 bytes

->Temporary Internet Files folder emptied: 2933087 bytes

->Java cache emptied: 6177646 bytes

->FireFox cache emptied: 465793861 bytes

->Google Chrome cache emptied: 0 bytes

->Apple Safari cache emptied: 33733632 bytes

->Flash cache emptied: 2955 bytes

 

User: Public

->Temp folder emptied: 0 bytes

 

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 56504 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 111474347 bytes

%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 16534014 bytes

%systemroot%\system32\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 741 bytes

 

Emptying RecycleBin. Do not interrupt.

 

RecycleBin emptied: 0 bytes

Process complete!

AdwCleaner

# AdwCleaner v2.300 - Logfile created 05/14/2013 at 00:15:32

# Updated 28/04/2013 by Xplode

# Operating system : Windows 7 Ultimate Service Pack 1 (32 bits)

# User : Paul - PAUL-PC

# Boot Mode : Normal

# Running from : C:\Users\Paul\Desktop\adwcleaner.exe

# Option [Delete]

 

 

***** [Services] *****

 

Stopped & Deleted : Web Assistant

 

***** [Files / Folders] *****

 

File Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\oufl41ii.default\searchplugins\daemon-search.xml

File Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\oufl41ii.default\searchplugins\MyStart Search.xml

File Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\oufl41ii.default\searchplugins\Searchab.xml

File Deleted : C:\Windows\system32\ImhxxpComm.dll

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\DomaIQ Uninstaller

Folder Deleted : C:\Program Files\FilesFrog Update Checker

Folder Deleted : C:\Program Files\MagniPic

Folder Deleted : C:\Program Files\Playbryte

Folder Deleted : C:\Program Files\Web Assistant

Folder Deleted : C:\ProgramData\AVG Security Toolbar

Folder Deleted : C:\ProgramData\clsoft ltd

Folder Deleted : C:\ProgramData\InstallMate

Folder Deleted : C:\Users\Paul\AppData\Local\Conduit

Folder Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Folder Deleted : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Folder Deleted : C:\Users\Paul\AppData\Local\Ilivid Player

Folder Deleted : C:\Users\Paul\AppData\Local\SwvUpdater

Folder Deleted : C:\Users\Paul\AppData\LocalLow\Conduit

Folder Deleted : C:\Users\Paul\AppData\LocalLow\Playbryte

Folder Deleted : C:\Users\Paul\AppData\LocalLow\ShopperReports3

Folder Deleted : C:\Users\Paul\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FilesFrog Update Checker

Folder Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\oufl41ii.default\ConduitCommon

Folder Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\oufl41ii.default\CT3220468

Folder Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\oufl41ii.default\extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}

Folder Deleted : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\oufl41ii.default\Smartbar

Folder Deleted : C:\Windows\system32\WNLT

 

***** [Registry] *****

 

Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider

Key Deleted : HKCU\Software\AppDataLow\Software\Mp3Tube

Key Deleted : HKCU\Software\AppDataLow\Software\ShopperReports3

Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar

Key Deleted : HKCU\Software\AppDataLow\SProtector

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKCU\Software\IM

Key Deleted : HKCU\Software\ImInstaller

Key Deleted : HKCU\Software\InstallCore

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKCU\Software\Somoto

Key Deleted : HKCU\Software\StartSearch

Key Deleted : HKCU\Software\WNLT

Key Deleted : HKLM\Software\AVG Secure Search

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL

Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject

Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{21BA420E-161C-413A-B21E-4E42AE1F4226}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{453DB0C5-F41C-4D97-8DD6-CC72ECD5F699}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AFC07D0-59BB-46B8-B097-1A46E88EEF71}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6511CE4C-4722-40D0-AD3D-4AFA2F50978A}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B86D82BF-D39F-439A-A07C-43EDDC6F6EA6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DA6305B9-0869-4235-8C1D-533A65E639E5}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\I Want This_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32

Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094

Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Playbryte

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WNLT

Key Deleted : HKLM\Software\Playbryte

Key Deleted : HKLM\Software\SP Global

Key Deleted : HKLM\Software\SProtector

Key Deleted : HKLM\Software\Web Assistant

Key Deleted : HKLM\Software\WNLT

Key Deleted : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{4B8C28A7-A9BC-45F8-990D-21499EED643C}

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]

Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [SDP]

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}]

 

***** [Internet Browsers] *****

 

-\\ Internet Explorer v9.0.8112.16476

 

[OK] Registry is clean.

 

-\\ Mozilla Firefox v20.0.1 (en-US)

 

File : C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\oufl41ii.default\prefs.js

 

C:\Users\Paul\AppData\Roaming\Mozilla\Firefox\Profiles\oufl41ii.default\user.js ... Deleted !

 

Deleted : user_pref("CT3072253..clientLogIsEnabled", true);

Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);

Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);

Deleted : user_pref("CT3072253.CTID", "CT3072253");

Deleted : user_pref("CT3072253.CurrentServerDate", "6-4-2012");

Deleted : user_pref("CT3072253.DSInstall", false);

Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Wed Apr 04 2012 20:38:46 GMT-0400 (Eastern Daylig[...]

Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");

Deleted : user_pref("CT3072253.FirstServerDate", "5-4-2012");

Deleted : user_pref("CT3072253.FirstTime", true);

Deleted : user_pref("CT3072253.FirstTimeFF3", true);

Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);

Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3072253.HPInstall", false);

Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);

Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);

Deleted : user_pref("CT3072253.HomepageBeforeUnload", "hxxp://www.google.com/");

Deleted : user_pref("CT3072253.Initialize", true);

Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);

Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT3072253.InstallationId", "ConduitXPEIntegration");

Deleted : user_pref("CT3072253.InstallationType", "ConduitXPEIntegration");

Deleted : user_pref("CT3072253.InstalledDate", "Wed Apr 04 2012 20:38:46 GMT-0400 (Eastern Daylight Time)");

Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);

Deleted : user_pref("CT3072253.IsGrouping", false);

Deleted : user_pref("CT3072253.IsInitSetupIni", true);

Deleted : user_pref("CT3072253.IsMulticommunity", false);

Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);

Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);

Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Thu Apr 05 2012 22:26:31 GMT-0400 (Eastern Dayligh[...]

Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3072253.LastLogin_3.10.0.1", "Fri Apr 06 2012 15:44:27 GMT-0400 (Eastern Daylight Time)[...]

Deleted : user_pref("CT3072253.LatestVersion", "3.10.0.1");

Deleted : user_pref("CT3072253.Locale", "en");

Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.10.0.1");

Deleted : user_pref("CT3072253.SHRINK_TOOLBAR", 1);

Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");

Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "DAEMON Search");

Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT307[...]

Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Thu Apr 05 2012 22:26:30 GMT-0400 (Eastern Dayli[...]

Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);

Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", true);

Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Thu Apr 05 2012 22:26:31 GMT-0400 (Eastern Daylight [...]

Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Fri Apr 06 2012 15:44:26 GMT-0400 (Eastern Daylight Ti[...]

Deleted : user_pref("CT3072253.SettingsLastUpdate", "1333628621");

Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");

Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Wed Apr 04 2012 20:38:43 GMT-0400 (Eastern Day[...]

Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1312887586");

Deleted : user_pref("CT3072253.ToolbarDisabled", true);

Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");

Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3072253.UserID", "UN68476199168579314");

Deleted : user_pref("CT3072253.ValidationData_Toolbar", 2);

Deleted : user_pref("CT3072253.alertChannelId", "1463702");

Deleted : user_pref("CT3072253.autoDisableScopes", -1);

Deleted : user_pref("CT3072253.backendstorage.cbcountry_000", "5553");

Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "5765642041707220303420323031322032303A33383A35302[...]

Deleted : user_pref("CT3072253.backendstorage.facebbok_user_cuid_1835083475", "32366433303030312D366436312D303[...]

Deleted : user_pref("CT3072253.backendstorage.facebbok_user_id", "31383335303833343735");

Deleted : user_pref("CT3072253.backendstorage.facebook_conduit_social_sskey_1835083475", "4A7561544A41476D6C71[...]

Deleted : user_pref("CT3072253.backendstorage.facebook_ctid_connect_send_n", "73656E646564");

Deleted : user_pref("CT3072253.backendstorage.facebook_first_visit", "6E6F744669727374");

Deleted : user_pref("CT3072253.backendstorage.facebook_last_message_choice", "616C6C");

Deleted : user_pref("CT3072253.backendstorage.facebook_loggedin", "796573");

Deleted : user_pref("CT3072253.backendstorage.facebook_login_refresh", "302E3039343134373837333833393236343034[...]

Deleted : user_pref("CT3072253.backendstorage.facebook_login_status", "33");

Deleted : user_pref("CT3072253.backendstorage.facebook_lust_recievegadet", "");

Deleted : user_pref("CT3072253.backendstorage.facebook_mode", "32");

Deleted : user_pref("CT3072253.backendstorage.facebook_toolbar_not_numer", "32");

Deleted : user_pref("CT3072253.backendstorage.facebook_user_locale", "656E");

Deleted : user_pref("CT3072253.backendstorage.facebook_user_name", "3078303035302C3078303036312C3078303037352C[...]

Deleted : user_pref("CT3072253.backendstorage.facebook_user_token", "41414141414D4E7539495367424149657775476C6[...]

Deleted : user_pref("CT3072253.backendstorage.facebooknotifications", "31");

Deleted : user_pref("CT3072253.backendstorage.hxxp://facebook_conduitapps_com/v3_13.facebook_last_visit_tab", [...]

Deleted : user_pref("CT3072253.backendstorage.toolbar_prefs", "7B22636F6E6E5F74797065223A226C6F63616C227D");

Deleted : user_pref("CT3072253.backendstorage.url_history0001", "687474703A2F2F7777772E676F6F64616E696D652E6E6[...]

Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Wed Apr 04 2012 20:38:46 GMT-0400 (Eastern [...]

Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3072253.initDone", true);

Deleted : user_pref("CT3072253.isAppTrackingManagerOn", true);

Deleted : user_pref("CT3072253.myStuffEnabled", true);

Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3072253.navigateToUrlOnSearch", false);

Deleted : user_pref("CT3072253.revertSettingsEnabled", false);

Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3072253.testingCtid", "");

Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Thu Apr 05 2012 22:26:31 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Wed Apr 04 2012 20:38:47 GMT-0400 (Eastern D[...]

Deleted : user_pref("CT3072253.usagesFlag", 2);

Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1348171386,\"uuid\":427365468117245,\"seq_id\":1,\"ss[...]

Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]

Deleted : user_pref("CT3220468.Facebook_Mode", "2");

Deleted : user_pref("CT3220468.Facebook_User_Locale", "en");

Deleted : user_pref("CT3220468.FirstTime", "true");

Deleted : user_pref("CT3220468.FirstTimeFF3", "true");

Deleted : user_pref("CT3220468.UserID", "UN47482072321138074");

Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");

Deleted : user_pref("CT3220468.autoDisableScopes", 0);

Deleted : user_pref("CT3220468.cbcountry_001", "US");

Deleted : user_pref("CT3220468.cbfirsttime", "Thu Sep 20 2012 16:03:05 GMT-0400 (Eastern Daylight Time)");

Deleted : user_pref("CT3220468.defaultSearch", "FALSE");

Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"cross[...]

Deleted : user_pref("CT3220468.enableAlerts", "always");

Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");

Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");

Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");

Deleted : user_pref("CT3220468.fixUrls", true);

Deleted : user_pref("CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscro[...]

Deleted : user_pref("CT3220468.installId", "fftAC84.tmp.exe");

Deleted : user_pref("CT3220468.installType", "XPE");

Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.isNewTabEnabled", true);

Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");

Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");

Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about[...]

Deleted : user_pref("CT3220468.openThankYouPage", "true");

Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");

Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");

Deleted : user_pref("CT3220468.search.searchCount", "0");

Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");

Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");

Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]

Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]

Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]

Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1348171383274");

Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1348171383228");

Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1348171383956");

Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1348171384598");

Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1348171384150");

Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1348171382797");

Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1348171382268");

Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1348171384105");

Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1348171382458");

Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1348171383279");

Deleted : user_pref("CT3220468.settingsINI", true);

Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");

Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");

Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");

Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");

Deleted : user_pref("CT3220468.toolbarBornServerTime", "20-9-2012");

Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "20-9-2012");

Deleted : user_pref("CT3220468.toolbarDisabled", "true");

Deleted : user_pref("CT3220468.url_history0001", "hxxp://www.facebook.com/events/379935878745581/:::clickhandl[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/US", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.10[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"ced[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Paul\\AppData\\Roaming\\Mozilla\\Fi[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.10.0.1");

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mp3tubetoolbar.com/?tmp=nemo_resu[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");

Deleted : user_pref("CommunityToolbar.globalUserId", "797aaae6-e8b2-4193-8073-193d21e0282a");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Apr 04 2012 20:38:4[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Thu Apr 05 2012 22:26:39 GMT-040[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Thu Apr 05 2012 22:26:31 GMT-0400 (E[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "477577eb-2cf7-4a5f-8e18-755565cfa2b9");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.google.com/");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "DAEMON Search");

Deleted : user_pref("aol_toolbar.default.homepage.check", false);

Deleted : user_pref("aol_toolbar.default.search.check", false);

Deleted : user_pref("browser.newtab.url", "hxxp://mystart.incredibar.com/mb174?a=6R8D6RXTzW&loc=FF_NT");

Deleted : user_pref("browser.search..selectedEngineURL", "hxxp://mp3tubetoolbar.com/?&prt=pinballtbfour01ff&cl[...]

Deleted : user_pref("extensions.51195400a5272.scode", "(function(){try{if('aol.com,mail.google.com,premiumrepo[...]

Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);

Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

Deleted : user_pref("extensions.incredibar.admin", false);

Deleted : user_pref("extensions.incredibar.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar.cntry", "US");

Deleted : user_pref("extensions.incredibar.dfltLng", "");

Deleted : user_pref("extensions.incredibar.dfltSrch", false);

Deleted : user_pref("extensions.incredibar.did", "10671");

Deleted : user_pref("extensions.incredibar.envrmnt", "production");

Deleted : user_pref("extensions.incredibar.excTlbr", false);

Deleted : user_pref("extensions.incredibar.hdrMd5", "AE8B707A6E947400C115834B67E90592");

Deleted : user_pref("extensions.incredibar.hmpg", false);

Deleted : user_pref("extensions.incredibar.id", "f0c3442f000000000000001731404ebe");

Deleted : user_pref("extensions.incredibar.installerproductid", "26");

Deleted : user_pref("extensions.incredibar.instlDay", "15577");

Deleted : user_pref("extensions.incredibar.instlRef", "");

Deleted : user_pref("extensions.incredibar.isDcmntCmplt", true);

Deleted : user_pref("extensions.incredibar.lastVrsnTs", "1.5.11.1422:43:03");

Deleted : user_pref("extensions.incredibar.mntrvrsn", "1.2.0");

Deleted : user_pref("extensions.incredibar.newTab", false);

Deleted : user_pref("extensions.incredibar.noFFXTlbr", false);

Deleted : user_pref("extensions.incredibar.ppd", "777772");

Deleted : user_pref("extensions.incredibar.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar.productid", "26");

Deleted : user_pref("extensions.incredibar.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar.sg", "none");

Deleted : user_pref("extensions.incredibar.smplGrp", "none");

Deleted : user_pref("extensions.incredibar.tlbrId", "base");

Deleted : user_pref("extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8D6RXTzW&loc=IB_T[...]

Deleted : user_pref("extensions.incredibar.upn2", "6R8D6RXTzW");

Deleted : user_pref("extensions.incredibar.upn2n", "92824939293836040");

Deleted : user_pref("extensions.incredibar.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar.vrsnTs", "1.5.11.1422:43:03");

Deleted : user_pref("extensions.incredibar.vrsni", "1.5.11.14");

Deleted : user_pref("extensions.incredibar_i.aflt", "orgnl");

Deleted : user_pref("extensions.incredibar_i.dfltLng", "");

Deleted : user_pref("extensions.incredibar_i.did", "10671");

Deleted : user_pref("extensions.incredibar_i.excTlbr", false);

Deleted : user_pref("extensions.incredibar_i.id", "f0c3442f000000000000001731404ebe");

Deleted : user_pref("extensions.incredibar_i.installerproductid", "26");

Deleted : user_pref("extensions.incredibar_i.instlDay", "15577");

Deleted : user_pref("extensions.incredibar_i.instlRef", "");

Deleted : user_pref("extensions.incredibar_i.ms_url_id", "");

Deleted : user_pref("extensions.incredibar_i.newTab", false);

Deleted : user_pref("extensions.incredibar_i.ppd", "777772");

Deleted : user_pref("extensions.incredibar_i.prdct", "incredibar");

Deleted : user_pref("extensions.incredibar_i.productid", "26");

Deleted : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");

Deleted : user_pref("extensions.incredibar_i.smplGrp", "none");

Deleted : user_pref("extensions.incredibar_i.tlbrId", "base");

Deleted : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8D6RXTzW&loc=IB[...]

Deleted : user_pref("extensions.incredibar_i.upn2", "6R8D6RXTzW");

Deleted : user_pref("extensions.incredibar_i.upn2n", "92824939293836040");

Deleted : user_pref("extensions.incredibar_i.vrsn", "1.5.11.14");

Deleted : user_pref("extensions.incredibar_i.vrsnTs", "1.5.11.1422:43:03");

Deleted : user_pref("extensions.incredibar_i.vrsni", "1.5.11.14");

Deleted : user_pref("keyword.URL", "hxxp://mp3tubetoolbar.com/?tmp=nemo_results_removelink2&q=");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");

Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");

Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

Deleted : user_pref("{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]

Deleted : user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

 

-\\ Google Chrome v26.0.1410.64

 

File : C:\Users\Paul\AppData\Local\Google\Chrome\User Data\Default\Preferences

 

Deleted [l.26] : keyword = "searchab.com",

Deleted [l.30] : search_url = "hxxp://searchab.com/?aff=7&uid=7dbada5c-7485-11e2-97e8-0017314044f6&q={searchTe[...]

 

*************************

 

AdwCleaner[S1].txt - [32017 octets] - [14/05/2013 00:15:32]

 

########## EOF - C:\AdwCleaner[S1].txt - [32078 octets] ##########

JRT

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu

Version: 4.9.4 (05.06.2013:1)

OS: Windows 7 Ultimate x86

Ran by Paul on Tue 05/14/2013 at  0:31:37.66

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

 

 

 

~~~ Services

 

 

 

~~~ Registry Values

 

 

 

~~~ Registry Keys

 

Successfully deleted: [Registry Key] "HKEY_CURRENT_USER\Software\Microsoft\internet explorer\internetregistry\registry\user\S-1-5-21-2777281878-2384139919-99816093-1001\software\web assistant"

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{1B85BC49-45E1-43FE-A9BC-2F238E9C20AB}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3004999B-2693-40DD-9069-DE22F053F63E}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{967F3CFA-449A-48D0-9348-F7B060CDC9C6}

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{EE7313DE-C2FE-4D88-BD92-876F29D36313}

 

 

 

~~~ Files

 

 

 

~~~ Folders

 

 

 

~~~ FireFox

 

Successfully deleted: [File] C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\oufl41ii.default\searchplugins\mp3tube.xml

Successfully deleted: [Folder] C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\oufl41ii.default\extensions\51195400a51c6@51195400a5200.com

Successfully deleted the following from C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\oufl41ii.default\prefs.js

 

user_pref("browser.search..defaultengine", "Yahoo-Mp3Tube");

user_pref("browser.search..defaultenginename", "Yahoo-Mp3Tube");

user_pref("browser.search..order.1", "Yahoo-Mp3Tube");

user_pref("browser.search..selectedEngine", "Yahoo-Mp3Tube");

user_pref("browser.search.defaultengine", "Privitize VPN");

user_pref("browser.search.defaultenginename", "Privitize VPN");

user_pref("browser.search.order.1", "Privitize VPN");

user_pref("browser.search.selectedEngine", "Privitize VPN");

user_pref("extensions.crossrider.bic", "137990a4caea2e2af6f302d4a5a2f12d");

user_pref("extensions.questscan.init", true);

user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_referrer", "hxxp://mysearch.avg.com/?pid=safeguard&sg=1&cid=%7B90ea8770-8e9b-41bd-b45e-6fe2ccdfbe3b%7D&mid=6f5

user_pref("{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}.ScriptData_WSG_temp_referer", "hxxp://mysearch.avg.com/?pid=safeguard&sg=1&cid=%7B90ea8770-8e9b-41bd-b45e-6fe2ccdfbe3b%7D&mid

Emptied folder: C:\Users\Paul\AppData\Roaming\mozilla\firefox\profiles\oufl41ii.default\minidumps [316 files]

 

 

 

~~~ Chrome

 

Successfully deleted: [Folder] C:\Users\Paul\appdata\local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd

Successfully deleted: [Folder] C:\Users\Paul\appdata\local\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda

 

 

 

~~~ Event Viewer Logs were cleared

 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Tue 05/14/2013 at  0:33:07.92

End of JRT log

 

Thanks again. Please let me know if anything is found. PC works great.



#6 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:55 AM

Posted 13 May 2013 - 11:47 PM

Good news :)

 

Your computer is clean p3879546.jpg

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll remove all old restore points and create fresh, clean restore point.

Turn system restore off.
Restart computer.
Turn system restore back on.

If you don't know how to do it...
Windows XP: http://support.microsoft.com/kb/310405
Vista and Windows 7: http://www.howtogeek.com/howto/windows-vista/disable-system-restore-in-windows-vista/
Windows 8: http://www.bleepingcomputer.com/tutorials/windows-8-system-restore-guide/#disable

2. Make sure Windows Updates are current.

3. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

12. Except for MBAM and TFC, which are keepers you can simply delete all other tools we used as they don't install.


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 


#7 enzokool1

enzokool1
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:55 AM

Posted 14 May 2013 - 01:10 PM

Thanks for everything! Ill run the suggested programs weekly to keep the computer running smooth. Also, i updated some programs with the optional programs PSI and HIppo! You guys can close this down if you need to.



#8 Broni

Broni

    The Coolest BC Computer


  • BC Advisor
  • 42,696 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Daly City, CA
  • Local time:01:55 AM

Posted 14 May 2013 - 07:26 PM

thumbsup-thumbs-up-approve-ok-smiley-emo


My Website

p4433470.gif

My help doesn't cost a penny, but if you'd like to consider a donation, click p22001735.gif


 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users