Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE slooooow. Everything else including Firefox works fine.


  • This topic is locked This topic is locked
23 replies to this topic

#1 Montana Mad Dog

Montana Mad Dog

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:29 PM

Posted 20 August 2013 - 11:31 PM

Hello,

 

Although I know IE is not the preferred browser...my friends like it.  It's really slow for some reason and nothing has worked to get it back to normal.

 

Steps so far are:

Updates to all plugins.

Scans with Norton and MBAM.

Reset IE (from advanced options).

 

I've read through alot of the other posts that relate to this issue, but I thought it be best to get help specifically since I suspect there's plenty of variables to consider.

 

Please help.

 

Thanks.

 

=======================

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by Lohman at 22:15:01 on 2013-08-20
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1636 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60181
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60181
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
uRun: [Google Update] "c:\users\lohman\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\lohman\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7315E3B3-3466-4280-9389-963AAD867CD3} : DHCPNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\users\lohman\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-29 21:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2010-05-27 14:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\SymDS.sys [2013-6-30 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\SymEFA.sys [2013-6-30 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccSetx86.sys [2013-6-30 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\ipsdefs\20130820.006\IDSvix86.sys [2013-8-20 392792]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\Ironx86.sys [2013-6-30 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-6-30 352344]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-27 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-29 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-27 701512]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.4.0.40\ccSvcHst.exe [2013-6-30 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-19 108120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-27 22856]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-08-21 03:41:26    --------    d-----w-    c:\users\lohman\appdata\local\Macromedia
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin6.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin5.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin4.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin3.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin2.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\mozilla firefox\plugins\npqtplugin.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-08-20 04:14:11    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-20 04:14:11    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-20 04:14:11    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-20 04:14:11    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-20 04:14:09    905664    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-20 04:14:09    24064    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-20 04:14:09    15872    ----a-w-    c:\windows\system32\icaapi.dll
2013-08-20 04:14:00    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-20 04:13:57    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-20 04:13:53    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-20 04:13:52    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-20 04:13:52    1205168    ----a-w-    c:\windows\system32\ntdll.dll
2013-07-31 03:09:26    --------    d-----w-    c:\program files\Belarc
2013-07-31 02:55:31    --------    d-----w-    c:\program files\AMD APP
2013-07-31 02:47:32    --------    d-----w-    C:\AMD
2013-07-30 03:42:02    --------    d-----w-    c:\windows\ERUNT
2013-07-30 03:34:07    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-30 03:33:55    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-30 03:20:25    86528    ----a-w-    c:\windows\system32\iesysprep.dll
2013-07-30 03:20:25    466432    ----a-w-    c:\program files\internet explorer\ieinstal.exe
2013-07-30 03:20:25    161792    ----a-w-    c:\windows\system32\msls31.dll
2013-07-30 02:54:02    74136    ----a-w-    c:\program files\mozilla firefox\breakpadinjector.dll
2013-07-30 02:54:02    263576    ----a-w-    c:\program files\mozilla firefox\browser\components\browsercomps.dll
2013-07-30 02:54:01    770384    ----a-w-    c:\program files\mozilla firefox\msvcr100.dll
2013-07-30 02:54:01    421200    ----a-w-    c:\program files\mozilla firefox\msvcp100.dll
2013-07-30 02:54:00    26520    ----a-w-    c:\program files\mozilla firefox\plugin-hang-ui.exe
2013-07-30 02:54:00    170232    ----a-w-    c:\program files\mozilla firefox\webapp-uninstaller.exe
2013-07-30 02:53:59    92056    ----a-w-    c:\program files\mozilla firefox\webapprt-stub.exe
.
==================== Find3M  ====================
.
2013-08-20 04:59:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 04:59:16    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-30 03:33:39    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-25 02:32:35    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-07-25 02:26:10    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-07-25 02:25:30    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-25 02:22:35    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-06-30 17:16:50    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-04 01:50:43    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-06-01 04:06:08    505344    ----a-w-    c:\windows\system32\qedit.dll
2013-05-23 05:25:28    934488    ----a-r-    c:\windows\system32\drivers\n360\1404000.028\SymEFA.sys
.
============= FINISH: 22:16:04.17 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,600 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:29 PM

Posted 25 August 2013 - 11:35 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/505082 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:29 PM

Posted 26 August 2013 - 11:19 PM

Hello,

 

Although I know IE is not the preferred browser...my friends like it.  It's really slow for some reason and nothing has worked to get it back to normal.

 

Steps so far are:

Updates to all plugins.

Scans with Norton and MBAM.

Reset IE (from advanced options).

 

I've read through alot of the other posts that relate to this issue, but I thought it be best to get help specifically since I suspect there's plenty of variables to consider.

 

I have the original Windows Vista disk available.

 

Please help.

 

Thanks.

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by Lohman at 21:59:59 on 2013-08-26
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.2172 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\RunDll32.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Adobe\Reader 11.0\Reader\Reader_sl.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mSearchAssistant = hxxp://www.crawler.com/search/ie.aspx?tb_id=60181
mCustomizeSearch = hxxp://dnl.crawler.com/support/sa_customize.aspx?TbId=60181
BHO: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - <orphaned>
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
uRun: [Google Update] "c:\users\lohman\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\lohman\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7315E3B3-3466-4280-9389-963AAD867CD3} : DHCPNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\users\lohman\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-29 21:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2010-05-27 14:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\SymDS.sys [2013-6-30 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\SymEFA.sys [2013-6-30 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccSetx86.sys [2013-6-30 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\ipsdefs\20130821.003\IDSvix86.sys [2013-8-22 392792]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\Ironx86.sys [2013-6-30 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-6-30 352344]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-29 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-27 701512]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.4.0.40\ccSvcHst.exe [2013-6-30 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-20 106656]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-27 22856]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-27 21504]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-08-21 04:40:41    --------    d-----w-    c:\users\lohman\appdata\local\ElevatedDiagnostics
2013-08-21 03:41:26    --------    d-----w-    c:\users\lohman\appdata\local\Macromedia
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-08-20 04:14:11    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-20 04:14:11    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-20 04:14:11    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-20 04:14:11    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-20 04:14:09    905664    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-20 04:14:09    24064    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-20 04:14:09    15872    ----a-w-    c:\windows\system32\icaapi.dll
2013-08-20 04:14:00    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-20 04:13:57    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-20 04:13:53    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-20 04:13:52    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-20 04:13:52    1205168    ----a-w-    c:\windows\system32\ntdll.dll
2013-07-31 03:09:26    --------    d-----w-    c:\program files\Belarc
2013-07-31 02:55:31    --------    d-----w-    c:\program files\AMD APP
2013-07-31 02:47:32    --------    d-----w-    C:\AMD
2013-07-30 03:42:02    --------    d-----w-    c:\windows\ERUNT
2013-07-30 03:34:07    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-30 03:33:55    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-30 03:20:25    86528    ----a-w-    c:\windows\system32\iesysprep.dll
2013-07-30 03:20:25    466432    ----a-w-    c:\program files\internet explorer\ieinstal.exe
2013-07-30 03:20:25    161792    ----a-w-    c:\windows\system32\msls31.dll
.
==================== Find3M  ====================
.
2013-08-20 04:59:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 04:59:16    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-30 03:33:39    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-25 02:32:35    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-07-25 02:26:10    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-07-25 02:25:30    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-25 02:22:35    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-06-30 17:16:50    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-04 01:50:43    2049024    ----a-w-    c:\windows\system32\win32k.sys
2013-06-01 04:06:08    505344    ----a-w-    c:\windows\system32\qedit.dll
.
============= FINISH: 22:01:10.89 ===============
 



Attach from DDS

 

Attached Files



#4 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:29 PM

Posted 28 August 2013 - 03:38 AM

Hello, my name is Elise and I'll assist you with this issue.

Please download AdwCleaner by Xplode onto your desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search. When done click the Report button.
  • A logfile will automatically open after the scan has finished.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#5 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:29 PM

Posted 28 August 2013 - 09:21 PM

Hi Elise, it's been a while.  Hope things are well with you.

 

Below are the results of AdwCleaner.  IE still extremely slow.  Additionally, there have be a number of "script errors" when using Firefox, which I failed to mention in my initial post.  I can get specifics if you require.

 

By the way...you say "search" in your instructions, however, there is no "search" button, only "scan".  I realize that it does a search, but wanted to alert you of the semantics.

 

Thanks for the help.

 

=============================

 

# AdwCleaner v3.001 - Report created 28/08/2013 at 20:07:46
# Updated 24/08/2013 by Xplode
# Operating System : Windows Vista ™ Home Premium Service Pack 2 (32 bits)
# Username : Lohman - LOHMAN-PC
# Running from : C:\Users\Lohman\Downloads\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Lohman\AppData\Roaming\Mozilla\Firefox\Profiles\ftcj06yy.default\Conduit
Folder Deleted : C:\Users\Lohman\AppData\Roaming\Mozilla\Firefox\Profiles\ftcj06yy.default\ConduitCommon
Folder Deleted : C:\Users\Lohman\AppData\Roaming\Mozilla\Firefox\Profiles\ftcj06yy.default\ConduitEngine
Folder Deleted : C:\Users\Lohman\AppData\Roaming\Mozilla\Firefox\Profiles\ftcj06yy.default\CT2077543
Folder Deleted : C:\Users\Lohman\AppData\Roaming\Mozilla\Firefox\Profiles\ftcj06yy.default\Extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\crawlersrch.xml
File Deleted : C:\Users\Lohman\AppData\Roaming\Mozilla\Firefox\Profiles\ftcj06yy.default\searchplugins\safesearch.xml

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3D233D5-9F6D-436C-B6C7-E63F77503B30}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FD79F359-E577-46DB-AA74-D6E6B8B45BA8}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{4B3803EA-5230-4DC3-A7FC-33638F3D3542}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D7E97865-918F-41E4-9CD0-25AB1C574CE8}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\TotalRecipeSearch_14EI
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16502

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [CustomizeSearch]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [SearchAssistant]
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\Search [CustomizeSearch]

-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\Lohman\AppData\Roaming\Mozilla\Firefox\Profiles\ftcj06yy.default\prefs.js ]

Line Deleted : user_pref("CT2077543..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2077543..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2077543..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2077543.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT2077543.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2077543.AppTrackingLastCheckTime", "Tue Aug 20 2013 21:41:30 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.BrowserCompStateIsOpen_129457904600615786", true);
Line Deleted : user_pref("CT2077543.BrowserCompStateIsOpen_129682603540351465", true);
Line Deleted : user_pref("CT2077543.BrowserCompStateIsOpen_1367226181000", true);
Line Deleted : user_pref("CT2077543.CTID", "CT2077543");
Line Deleted : user_pref("CT2077543.CurrentServerDate", "29-8-2013");
Line Deleted : user_pref("CT2077543.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2077543.DialogsGetterLastCheckTime", "Mon Aug 26 2013 22:11:57 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2077543.EMailNotifierPollDate", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.ExternalComponentPollDate128975755269762860", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.ExternalComponentPollDate128981701947088292", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.ExternalComponentPollDate129006033237069158", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedLastCount128728594662093846", 342);
Line Deleted : user_pref("CT2077543.FeedLastCount129300601765607025", 500);
Line Deleted : user_pref("CT2077543.FeedPollDate128728593579282204", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate128728593868969193", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate128728594303656973", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate128728594641156345", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate128728605119906817", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate128728631330531749", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate128728637292250655", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate128728637427719582", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate128728637736781257", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate129300601766857027", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate129300601766857028", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate129300601766857029", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate129300601766857030", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate129300601766857031", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate129300601766857032", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate129300601766857033", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate129300601766857034", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate129300601766857035", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedPollDate129300601766857036", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.FeedTTL128728593579282204", 5);
Line Deleted : user_pref("CT2077543.FeedTTL128728594641156345", 5);
Line Deleted : user_pref("CT2077543.FeedTTL128728637292250655", 15);
Line Deleted : user_pref("CT2077543.FeedTTL129300601766857027", 40);
Line Deleted : user_pref("CT2077543.FeedTTL129300601766857028", 40);
Line Deleted : user_pref("CT2077543.FeedTTL129300601766857029", 40);
Line Deleted : user_pref("CT2077543.FeedTTL129300601766857030", 40);
Line Deleted : user_pref("CT2077543.FeedTTL129300601766857031", 40);
Line Deleted : user_pref("CT2077543.FeedTTL129300601766857032", 40);
Line Deleted : user_pref("CT2077543.FeedTTL129300601766857033", 40);
Line Deleted : user_pref("CT2077543.FeedTTL129300601766857034", 40);
Line Deleted : user_pref("CT2077543.FeedTTL129300601766857035", 40);
Line Deleted : user_pref("CT2077543.FeedTTL129300601766857036", 40);
Line Deleted : user_pref("CT2077543.FirstServerDate", "30-5-2011");
Line Deleted : user_pref("CT2077543.FirstTime", true);
Line Deleted : user_pref("CT2077543.FirstTimeFF3", true);
Line Deleted : user_pref("CT2077543.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT2077543.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2077543.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2077543.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2077543.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT2077543.HomepageBeforeUnload", "hxxp://www.msn.com/");
Line Deleted : user_pref("CT2077543.Initialize", true);
Line Deleted : user_pref("CT2077543.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2077543.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2077543.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2077543.InstalledDate", "Mon May 30 2011 13:01:21 GMT-0600 (Mountain Daylight Time)");
Line Deleted : user_pref("CT2077543.InvalidateCache", false);
Line Deleted : user_pref("CT2077543.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT2077543.IsGrouping", false);
Line Deleted : user_pref("CT2077543.IsMulticommunity", false);
Line Deleted : user_pref("CT2077543.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2077543.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT2077543.LanguagePackLastCheckTime", "Tue Aug 27 2013 22:11:58 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2077543.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2077543.LastLogin_3.19.0.3", "Wed Aug 28 2013 20:00:56 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.LastLogin_3.2.5.2", "Sun Jan 13 2013 08:18:25 GMT-0700 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.LatestVersion", "3.19.0.3");
Line Deleted : user_pref("CT2077543.Locale", "en-us");
Line Deleted : user_pref("CT2077543.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2077543.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2077543.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2077543.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT2077543.RadioIsPodcast", false);
Line Deleted : user_pref("CT2077543.RadioLastCheckTime", "Tue Aug 27 2013 22:11:58 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT2077543.RadioLastUpdateServer", "129300667913300000");
Line Deleted : user_pref("CT2077543.RadioMediaID", "9395359");
Line Deleted : user_pref("CT2077543.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT2077543.RadioMenuSelectedID", "EBRadioMenu_CT20775439395359");
Line Deleted : user_pref("CT2077543.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT2077543.RadioStationName", "BBC%20live%205%20");
Line Deleted : user_pref("CT2077543.RadioStationURL", "hxxp://www.bbc.co.uk/fivelive/live/live.asx");
Line Deleted : user_pref("CT2077543.SavedHomepage", "hxxp://www.ask.com?o=16148&l=dis");
Line Deleted : user_pref("CT2077543.SearchEngineBeforeUnload", "My Way");
Line Deleted : user_pref("CT2077543.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2077543.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2077543.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2077543.SearchInNewTabLastCheckTime", "Tue Aug 27 2013 22:11:56 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT2077543.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT2077543.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT2077543.ServiceMapLastCheckTime", "Tue Aug 27 2013 22:11:57 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.SettingsLastCheckTime", "Wed Aug 28 2013 20:04:43 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.SettingsLastUpdate", "1377708382");
Line Deleted : user_pref("CT2077543.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2077543.ThirdPartyComponentsLastCheck", "Wed Aug 21 2013 08:38:21 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT2077543.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT2077543.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2077543");
Line Deleted : user_pref("CT2077543.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT2077543.UserID", "UN65153248267516887");
Line Deleted : user_pref("CT2077543.ValidationData_Search", 1);
Line Deleted : user_pref("CT2077543.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2077543.WeatherNetwork", "");
Line Deleted : user_pref("CT2077543.WeatherPollDate", "Wed Aug 28 2013 20:00:54 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.WeatherUnit", "F");
Line Deleted : user_pref("CT2077543.alertChannelId", "511572");
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e.:2z527", "247E70716B71773C37276F2979757475772F26312323234F484B4C552E53493D263F302B30352F453C4739383C3D64605C5B5F716571704974696C4D7A675C455E4F4A4F4E4D645B665[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e06cg5el8:", "6E6D6A6B6C70746F7078");
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473707172767A75767E242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E414F444D327A344352574757532F445D57515235605558453C472A615E5C5B6F5B57616D523B5443564D583B67636D795E476[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6E414F444D327A344352574757532F5A4F515C4C594F3762575A473E492C58545E6A4F38513C534A553864656E5A435C4B5E5[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D306C626F74716669676C7466767D7979732068614A6[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e31;cjhb>f!lad", "247E61393F236B2573737929202B6D404E434C317933534D49512C574C4F3C333E214D49535F442D4631483F4A2D595A634F385140534A5562666D594222625D6D7B7A614A636[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e31;cji;<ai\"mbe", "247E61393F236B256E7378762A212C6E414F444D327A345547484D552E594E513E3540236055505853565049324B787B4E455033707361553E5749425A515C3F6B6C75614A6[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e31;cjig=ki\"mbe", "247E61393F236B2574717829202B6D404E434C31793354524856542D584D503D343F225F6250442D46383649404B2E5A5B645039524342554C5764686F5B44635E6E7C7B624[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e31;cjii=8:\"mbe", "247E61393F236B2576717373792B222D6F4250454E337B3556564A45472F5A4F523F36414E5259452E6D4E495967664D364F566F6B6F726B6863657B777B697943262156694[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT2077543.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Deleted : user_pref("CT2077543.backendstorage./9b-0?3g>d", "6C696D3E704074727A73797779207776794D252051514F2A532926562B255C2C2E2D2C2E");
Line Deleted : user_pref("CT2077543.backendstorage./9b-0?3g@6:5;", "");
Line Deleted : user_pref("CT2077543.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Deleted : user_pref("CT2077543.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Deleted : user_pref("CT2077543.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Deleted : user_pref("CT2077543.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("CT2077543.backendstorage./9b5ba==9cjag", "663F3B3D3F3F43747A6F70747B4A767B7C2121517D");
Line Deleted : user_pref("CT2077543.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6A6B6C70746F6F6F797A76");
Line Deleted : user_pref("CT2077543.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT2077543.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Deleted : user_pref("CT2077543.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT2077543.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT2077543.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT2077543.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT2077543.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Line Deleted : user_pref("CT2077543.backendstorage.cb_experience_000", "313032");
Line Deleted : user_pref("CT2077543.backendstorage.cb_firstuse0100", "31");
Line Deleted : user_pref("CT2077543.backendstorage.cb_user_id_000", "43423731343031353136383732375F313337373035383036313737315F46697265666F78");
Line Deleted : user_pref("CT2077543.backendstorage.cbcountry_000", "5553");
Line Deleted : user_pref("CT2077543.backendstorage.cbcountry_001", "5553");
Line Deleted : user_pref("CT2077543.backendstorage.cbfirsttime", "5765642046656220323220323031322031343A33313A313820474D542D3037303020284D6F756E7461696E205374616E646172642054696D6529");
Line Deleted : user_pref("CT2077543.backendstorage.d_date_ginyas1", "31333232313435353538323934");
Line Deleted : user_pref("CT2077543.backendstorage.d_ginyas1", "30");
Line Deleted : user_pref("CT2077543.backendstorage.d_ginyas1_d", "");
Line Deleted : user_pref("CT2077543.backendstorage.d_ginyas1_t", "31333234343434333232303033");
Line Deleted : user_pref("CT2077543.backendstorage.facebook_mode", "32");
Line Deleted : user_pref("CT2077543.backendstorage.facebook_user_locale", "656E");
Line Deleted : user_pref("CT2077543.backendstorage.ginyasstest", "676F6F64");
Line Deleted : user_pref("CT2077543.backendstorage.hxxp://facebook_conduitapps_com/v3_16.facebook_last_visit_tab", "");
Line Deleted : user_pref("CT2077543.backendstorage.hxxp://facebook_conduitapps_com/v3_16.facebooklanguagebyuser", "");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_appstatereporttime", "31333737373431363535383136");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_calledsetupservice", "31");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A22436F75706F6E4275646479222C22637269746572696173223A5B7B2263726974657269614964223A2261666165[...]
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_currentversion", "312E31302E342E30");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_first_time", "31");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_lastlogintime", "31333737373431363536323133");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_settings1.10.2.5", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A22305F30222C22697354657374223A6[...]
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A22305F30222C22697354657374223A6[...]
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_settings1.9.0.4", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A2235345F30222C22697354657374223A[...]
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_userid", "36366537346433322D383132322D346539372D626362362D663438663565633866663234");
Line Deleted : user_pref("CT2077543.backendstorage.mam_gk_welcomedialogmode", "31");
Line Deleted : user_pref("CT2077543.backendstorage.pg_enable", "74727565");
Line Deleted : user_pref("CT2077543.backendstorage.shoppingapp.gk.exipres", "4672692053657020323820323031322030393A33333A303020474D542D3036303020284D6F756E7461696E204461796C696768742054696D6529");
Line Deleted : user_pref("CT2077543.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");
Line Deleted : user_pref("CT2077543.backendstorage.url_history0001", "687474703A2F2F7777772E736F667470656469612E636F6D2F6765742F53797374656D2F53797374656D2D496E666F2F57696E646F77732D372D50726F647563742D4B65792D43686[...]
Line Deleted : user_pref("CT2077543.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT2077543.globalFirstTimeInfoLastCheckTime", "Tue Aug 20 2013 21:41:20 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2077543.initDone", true);
Line Deleted : user_pref("CT2077543.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT2077543.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT2077543.myStuffEnabled", true);
Line Deleted : user_pref("CT2077543.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2077543.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2077543.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2077543.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2077543.oldAppsList", "128719124367600658,128719124391506909,111,1367226181000,129608928800167832,128727934544925103,129457904600615786,129300601765607025,128981701947088292,1289757552697[...]
Line Deleted : user_pref("CT2077543.revertSettingsEnabled", true);
Line Deleted : user_pref("CT2077543.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT2077543.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT2077543.testingCtid", "");
Line Deleted : user_pref("CT2077543.toolbarAppMetaDataLastCheckTime", "Tue Aug 27 2013 22:11:58 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.toolbarContextMenuLastCheckTime", "Mon Aug 19 2013 22:05:16 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CT2077543.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2077543/CT2077543", "\"9d82449f522adc80002b3eb4bf6877683\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/511572/507442/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2077543", "\"1367226853\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:16c0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2077543", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"b0247494cf7d18dd5da86e5d578c7bdb\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT2077543&octid=CT2077543", "\"1323933160\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2077543/CT2077543", "\"1311168840\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/equalizer_dead.gif", "\"0a8c48d3330c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/minimize.gif", "\"0e2106f3030c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/play.gif", "\"0f475394430c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/stop.gif", "\"08d9ef44430c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Bluenote/vol.gif", "\"066e8863030c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"8aa74feb0d95d41396e3124ec410ef45\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16409683.xml", "\"1441fb5cb1b65fe3c87f34ed9cfa4439\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/16727535.xml", "\"22be5a9af711fc7740961c6c1aae5068\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/18863815.xml", "\"5b918ff22de86ca571c63e7cf4185079\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19058681.xml", "\"dcec0f8b7bfc3eafd7c12bece54abafa\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19248106.xml", "\"004b57cacb98de089b47121846381b8b\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/19554706.xml", "\"9200134604d66ad5adcf3e8ae7b66a84\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/20536157.xml", "\"920280fddf7fbdd564bf8473c102e560\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/428333.xml", "\"f716f3b62f2a341a9cb907311313efd8\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/807095.xml", "\"e429ba48bd703b3d666a0695efd54f10\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://twitter.com/users/show/813286.xml", "\"e1e18a27fd945c5b867cb823711d0558\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Lohman\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ftcj06yy.default\\conduitCommon\\modules\\3.19.0.3");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.19.0.3");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "a8a0886b-0cac-4d8c-baf6-d1de31e934ff");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Mon Aug 19 2013 22:05:16 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Aug 27 2013 22:12:05 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Aug 27 2013 22:11:57 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "66e09ed2-a80a-4317-9adc-8406fec66351");
Line Deleted : user_pref("CommunityToolbar.twitter.user_16409683.LastCheckTime", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.twitter.user_16727535.LastCheckTime", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.twitter.user_18863815.LastCheckTime", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.twitter.user_19058681.LastCheckTime", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.twitter.user_19248106.LastCheckTime", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.twitter.user_19554706.LastCheckTime", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.twitter.user_20536157.LastCheckTime", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.twitter.user_428333.LastCheckTime", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.twitter.user_807095.LastCheckTime", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("CommunityToolbar.twitter.user_813286.LastCheckTime", "Wed Aug 28 2013 20:00:55 GMT-0600 (Mountain Standard Time)");
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,toolbar@ask.com:3.15.1.22229,{20a82645-c095-46ed-80e3-08825760534b}:1.1,{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20100[...]

[ File : C:\Users\Kids\AppData\Roaming\Mozilla\Firefox\Profiles\apzlb3bj.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Lohman\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [37917 octets] - [28/08/2013 20:06:09]
AdwCleaner[S0].txt - [38239 octets] - [28/08/2013 20:07:46]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [38300 octets] ##########
 



#6 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:29 PM

Posted 28 August 2013 - 10:11 PM

Shockwave Flash is the unresponsive plugin in Firefox.



#7 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:29 PM

Posted 29 August 2013 - 02:23 AM

Can you uninstall and reinstall that plugin and see if that makes any difference?

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#8 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:29 PM

Posted 29 August 2013 - 07:44 PM

Shockwave uninstalled and reinstalled.  Ran CCleaner (files and registry cleaners).  Still having Shockwave script errors in Firefox...program stalls when I select "continue" but allows navigation after selecting "stop plugin".  IE still extremely slow.



#9 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:29 PM

Posted 30 August 2013 - 02:42 AM

Please post me a new DDS log, include also attach.txt


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#10 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:29 PM

Posted 30 August 2013 - 10:13 AM

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16502  BrowserJavaVersion: 10.25.2
Run by Lohman at 9:05:08 on 2013-08-30
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.1.1033.18.3069.1687 [GMT -6:00]
.
AV: Norton 360 *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Norton 360 *Enabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\APC\APC PowerChute Personal Edition\mainserv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\STacSV.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\SigmaTel\C-Major Audio\WDM\sttray.exe
C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\system32\RunDll32.exe
C:\Program Files\Norton 360\Engine\20.4.0.40\ccSvcHst.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\DllHost.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\APC\APC PowerChute Personal Edition\apcsystray.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uSearch Bar = Preserve
mSearchAssistant = hxxp://www.google.com
mCustomizeSearch = hxxp://www.google.com
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
BHO: Norton Vulnerability Protection: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\norton 360\engine\20.4.0.40\ips\IPSBHO.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: WOT Helper: {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} - c:\program files\wot\WOT.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: WOT: {71576546-354D-41C9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
TB: WOT: {71576546-354D-41c9-AAE8-31F2EC22BF0D} - c:\program files\wot\WOT.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - c:\program files\norton 360\engine\20.4.0.40\CoIEPlg.dll
uRun: [Google Update] "c:\users\lohman\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [SigmatelSysTrayApp] c:\program files\sigmatel\c-major audio\wdm\sttray.exe
mRun: [Nikon Transfer Monitor] c:\program files\common files\nikon\monitor\NkMonitor.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
StartupFolder: c:\users\lohman\appdata\roaming\micros~1\windows\startm~1\programs\startup\monito~1.lnk - c:\windows\system32\RunDll32.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\apcups~1.lnk - c:\program files\apc\apc powerchute personal edition\Display.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{7315E3B3-3466-4280-9389-963AAD867CD3} : DHCPNameServer = 192.168.1.1
Handler: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - c:\program files\belarc\belarcadvisor\system\BAVoilaX.dll
Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - c:\program files\wot\WOT.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\
FF - prefs.js: browser.search.selectedEngine - My Way
FF - prefs.js: browser.startup.homepage - hxxp://www.msn.com/
FF - component: c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_5.1.0.29\ipsffplgn\components\IPSFFPl.dll
FF - component: c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: c:\users\lohman\appdata\local\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1203133.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-07-29 21:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\lohman\appdata\roaming\mozilla\firefox\profiles\ftcj06yy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: !HIDDEN! 2010-05-27 14:04; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
============= SERVICES / DRIVERS ===============
.
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\n360\1404000.028\SymDS.sys [2013-6-30 367704]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\n360\1404000.028\SymEFA.sys [2013-6-30 934488]
R1 BHDrvx86;BHDrvx86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\bashdefs\20130715.001\BHDrvx86.sys [2013-7-16 1002072]
R1 ccSet_N360;Norton 360 Settings Manager;c:\windows\system32\drivers\n360\1404000.028\ccSetx86.sys [2013-6-30 134744]
R1 IDSVix86;IDSVix86;c:\programdata\norton\{0c55c096-0f1d-4f28-aaa2-85ef591126e7}\n360_20.4.0.40\definitions\ipsdefs\20130829.001\IDSvix86.sys [2013-8-29 392792]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\n360\1404000.028\Ironx86.sys [2013-6-30 175264]
R1 SYMTDIv;Symantec Vista Network Dispatch Driver;c:\windows\system32\drivers\n360\1404000.028\symtdiv.sys [2013-6-30 352344]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-16 217088]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-27 21504]
R2 MBAMScheduler;MBAMScheduler;c:\program files\malwarebytes' anti-malware\mbamscheduler.exe [2013-7-29 418376]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2010-5-27 701512]
R2 N360;Norton 360;c:\program files\norton 360\engine\20.4.0.40\ccSvcHst.exe [2013-6-30 144368]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-8-26 108120]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2010-5-27 22856]
R3 VST_DPV;VST_DPV;c:\windows\system32\drivers\VSTDPV3.SYS [2006-11-2 987648]
R3 VSTHWBS2;VSTHWBS2;c:\windows\system32\drivers\VSTBS23.SYS [2006-11-2 251904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-4-18 754856]
.
=============== Created Last 30 ================
.
2013-08-29 02:04:01    --------    d-----w-    C:\AdwCleaner
2013-08-28 02:28:28    1548288    ----a-w-    c:\windows\system32\WMVDECOD.DLL
2013-08-21 04:40:41    --------    d-----w-    c:\users\lohman\appdata\local\ElevatedDiagnostics
2013-08-21 03:41:26    --------    d-----w-    c:\users\lohman\appdata\local\Macromedia
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin6.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin5.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin4.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin3.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin2.dll
2013-08-20 05:13:21    159744    ----a-w-    c:\program files\internet explorer\plugins\npqtplugin.dll
2013-08-20 04:14:11    992768    ----a-w-    c:\windows\system32\crypt32.dll
2013-08-20 04:14:11    98304    ----a-w-    c:\windows\system32\cryptnet.dll
2013-08-20 04:14:11    172544    ----a-w-    c:\windows\system32\wintrust.dll
2013-08-20 04:14:11    133120    ----a-w-    c:\windows\system32\cryptsvc.dll
2013-08-20 04:14:09    905664    ----a-w-    c:\windows\system32\drivers\tcpip.sys
2013-08-20 04:14:09    24064    ----a-w-    c:\windows\system32\drivers\tssecsrv.sys
2013-08-20 04:14:09    15872    ----a-w-    c:\windows\system32\icaapi.dll
2013-08-20 04:14:00    2048    ----a-w-    c:\windows\system32\tzres.dll
2013-08-20 04:13:57    783360    ----a-w-    c:\windows\system32\rpcrt4.dll
2013-08-20 04:13:53    3551680    ----a-w-    c:\windows\system32\ntoskrnl.exe
2013-08-20 04:13:52    3603904    ----a-w-    c:\windows\system32\ntkrnlpa.exe
2013-08-20 04:13:52    1205168    ----a-w-    c:\windows\system32\ntdll.dll
.
==================== Find3M  ====================
.
2013-08-20 04:59:16    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 04:59:16    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-07-30 03:33:43    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-07-30 03:33:40    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-07-30 03:33:39    789416    ----a-w-    c:\windows\system32\deployJava1.dll
2013-07-30 03:20:25    86528    ----a-w-    c:\windows\system32\iesysprep.dll
2013-07-30 03:20:25    161792    ----a-w-    c:\windows\system32\msls31.dll
2013-07-25 02:32:35    1800704    ----a-w-    c:\windows\system32\jscript9.dll
2013-07-25 02:26:10    1129472    ----a-w-    c:\windows\system32\wininet.dll
2013-07-25 02:25:30    1427968    ----a-w-    c:\windows\system32\inetcpl.cpl
2013-07-25 02:23:59    142848    ----a-w-    c:\windows\system32\ieUnatt.exe
2013-07-25 02:23:58    420864    ----a-w-    c:\windows\system32\vbscript.dll
2013-07-25 02:22:35    2382848    ----a-w-    c:\windows\system32\mshtml.tlb
2013-06-30 17:16:50    142496    ----a-w-    c:\windows\system32\drivers\SYMEVENT.SYS
2013-06-04 01:50:43    2049024    ----a-w-    c:\windows\system32\win32k.sys
.
============= FINISH:  9:05:32.87 ===============
 

 

Attached Files



#11 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:29 PM

Posted 30 August 2013 - 11:17 AM

I would uninstall the Norton toolbars both on Firefox and IE and see if that makes any difference.


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#12 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:29 PM

Posted 03 September 2013 - 10:25 PM

Hi Elise...long weekend here in the States.  Thanks for sticking with me on this.  I unistalled Norton toolbars and in fact, everything Norton.  I've unistalled some other junk and ran CCleaner again.

 

No change...IE has trouble loading.

 

I played around a bit and discovered that other pages, loaded in new tabs, will sometimes appear instantly while the original tab takes forever to load, regardless of it being the homepage or any other page I choose.  When I try to close the IE window, it will have a delay and many times will "clone" the other windows that may be open, such as Firefox or and Explorer window.  Which leads me to suspect something to do with video drivers?  Just a guess.

 

What do you suggest at this point?

 

Thanks again.  Would love to get to the bottom of this!



#13 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:29 PM

Posted 04 September 2013 - 02:07 AM

Please restart your computer in safe mode with networking, open IE there and see if the same problem occurs. This should be able to help determine whether or not video drivers are involved.

regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#14 Elise

Elise

    Bleepin' Blonde


  • Malware Study Hall Admin
  • 60,925 posts
  • ONLINE
  •  
  • Gender:Female
  • Location:Romania
  • Local time:09:29 PM

Posted 08 September 2013 - 03:58 AM

Hi, do you still need help?


regards, Elise


"Now faith is the substance of things hoped for, the evidence of things not seen."

 

Follow BleepingComputer on: Facebook | Twitter | Google+ | lockerdome

 

Malware analyst @ Emsisoft


#15 Montana Mad Dog

Montana Mad Dog
  • Topic Starter

  • Members
  • 149 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montana
  • Local time:12:29 PM

Posted 08 September 2013 - 12:30 PM

Sorry, been working out of town.  I will do that today and let you know what happens.  Thanks.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users