Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

toparcadehits Has invaded my computer


  • This topic is locked This topic is locked
41 replies to this topic

#1 lotty

lotty

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 03 September 2013 - 10:02 AM

I downloaded a program from what I thought was a reliable source the other day and apparently it loaded all kinds of things.. I ran malware Bites and it go rid of most.. but toparcadehits still shows up.. please help..

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.19412  BrowserJavaVersion: 10.25.2
Run by W. R. DREDGE at 9:34:10 on 2013-09-03
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.2045.900 [GMT -5:00]
.
AV: ZoneAlarm Extreme Security Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: ZoneAlarm Extreme Security Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\SLsvc.exe
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\WiTopia\WiTopiaService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\fxssvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe
C:\Program Files\Microsoft IntelliType Pro\itype.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Brother\ControlCenter3\brccMCtl.exe
C:\Program Files\AutoTask\AutoTask.exe
C:\Program Files\Brother\Brmfcmon\BrMfcmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\WiTopia\WiTopia.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\PROGRA~1\CHECKP~1\ZONEAL~1\MAILFR~1\mantispm.exe
C:\Windows\system32\vssvc.exe
c:\program files\windows defender\MpCmdRun.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k swprv
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=PTB&M=NX860XL
uSearch Bar = hxxp://www.gateway.com/g/sidepanel.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=PTB&M=NX860XL
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=PTB&M=NX860XL
mDefault_Page_URL = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=PTB&M=NX860XL
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=PTB&M=NX860XL
uURLSearchHooks: {a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - <orphaned>
uURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
mURLSearchHooks: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
BHO: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - c:\program files\google\googletoolbarnotifier\5.7.8313.1002\swg.dll
BHO: CBrowserHelperObject Object: {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\google\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Toolbar: {91da5e8a-3318-4f8c-b67e-5964de3ab546} - c:\program files\zonealarm_security\prxtbZone.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [Picasa Media Detector] c:\program files\picasa2\PicasaMediaDetector.exe
uRun: [WiTopia] c:\program files\witopia\WiTopia.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IAAnotif] "c:\program files\intel\intel matrix storage manager\Iaanotif.exe"
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [SSBkgdUpdate] "c:\program files\common files\scansoft shared\ssbkgdupdate\SSBkgdupdate.exe" -Embedding -boot
mRun: [PaperPort PTD] "c:\program files\scansoft\paperport\pptd40nt.exe"
mRun: [IndexSearch] "c:\program files\scansoft\paperport\IndexSearch.exe"
mRun: [PPort11reminder] "c:\program files\scansoft\paperport\ereg\ereg.exe" -r "c:\programdata\scansoft\paperport\11\config\ereg\Ereg.ini
mRun: [BrMfcWnd] c:\program files\brother\brmfcmon\BrMfcWnd.exe /AUTORUN
mRun: [ControlCenter3] c:\program files\brother\controlcenter3\brctrcen.exe /autorun
mRun: [itype] "c:\program files\microsoft intellitype pro\itype.exe"
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [NvSvc] RUNDLL32.EXE c:\windows\system32\nvsvc.dll,nvsvcStart
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [BackupSoft] "\RunRedem.exe" /STARTUP
mRun: [AutoTask] "c:\program files\autotask\AutoTask.exe" /STARTUP
mRun: [AdobeAAMUpdater-1.0] "c:\program files\common files\adobe\oobe\pdapp\uwa\UpdaterStartupUtility.exe"
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [ZoneAlarm] "c:\program files\checkpoint\zonealarm\zatray.exe"
mRun: [ISW] <no file>
mRunOnce: [Malwarebytes Anti-Malware (cleanup)] rundll32.exe "c:\programdata\malwarebytes\malwarebytes' anti-malware\cleanup.dll",ProcessCleanupScript
StartupFolder: c:\users\wre759~1.dre\appdata\roaming\micros~1\windows\startm~1\programs\startup\nikonm~1.lnk - c:\program files\common files\nikon\monitor\NkMonitor.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\blueto~1.lnk - c:\program files\widcomm\bluetooth software\BTTray.exe
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\program files\widcomm\bluetooth software\btsendto_ie.htm
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{0407AA9A-A9AB-4F3B-836D-AA90E93D4AA3} : DHCPNameServer = 10.118.0.1
TCP: Interfaces\{5ECAB51B-F76F-47D7-B0AC-69D60B3094D3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{CF0FB16C-C339-4C28-B7B3-A8C31A9D206C} : DHCPNameServer = 10.118.0.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} -
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\w. r. dredge\appdata\roaming\mozilla\firefox\profiles\aarqjoqw.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2925418&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={9066F14E-6FBD-4D1D-8767-64C24651FB64}&mid=9114103b064347d3b402d15f890c51a3-8193c31293412f1b98b60cbd96fe4a0f895f8ea2&lang=en&ds=dn011&pr=sa&d=2013-08-28 19:17:12&v=15.4.0.5&pid=safeguard&sg=0&sap=hp
FF - prefs.js: keyword.URL -
FF - plugin: c:\program files\checkpoint\zaforcefield\trustchecker\bin\npFFApi.dll
FF - plugin: c:\program files\common files\avg secure search\sitesafetyinstaller\15.5.0\npsitesafety.dll
FF - plugin: c:\program files\google\picasa3\npPicasa2.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\google\update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: c:\users\w. r. dredge\appdata\roaming\mozilla\firefox\profiles\aarqjoqw.default\extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_8_800_94.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: 2013-08-28 19:17; avg@toolbar; c:\programdata\avg safeguard toolbar\firefoxext\15.5.0.2
FF - ExtSQL: 2013-08-28 19:19; addon@defaulttab.com; c:\users\w. r. dredge\appdata\roaming\mozilla\firefox\profiles\aarqjoqw.default\extensions\addon@defaulttab.com.xpi
.
============= SERVICES / DRIVERS ===============
.
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [2010-10-14 11352]
R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2011-11-3 27016]
S3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2011-11-3 36744]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2013-9-1 40776]
S3 NETw2v32;Intel® PRO/Wireless 2200BG Network Connection Driver for Windows Vista;c:\windows\system32\drivers\NETw2v32.sys [2006-11-2 2589184]
S3 REFILERW;REFILERW;c:\windows\system32\drivers\REFILERW.SYS [2009-12-2 4224]
.
=============== Created Last 30 ================
.
2013-09-03 12:34:06    60872    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{92a758bb-0700-4938-90c2-1198087323e5}\offreg.dll
2013-09-03 12:24:38    7166848    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{92a758bb-0700-4938-90c2-1198087323e5}\mpengine.dll
2013-09-01 11:20:28    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-29 00:23:39    --------    d-----w-    c:\users\w. r. dredge\appdata\roaming\Awesome Duplicate Photo Finder
2013-08-29 00:23:13    --------    d-----w-    c:\program files\Awesome Duplicate Photo Finder
2013-08-29 00:19:53    --------    d-----w-    c:\users\w. r. dredge\appdata\roaming\DefaultTab
2013-08-29 00:16:34    --------    d--h--w-    c:\programdata\Common Files
.
==================== Find3M  ====================
.
2013-08-20 18:37:38    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-08-20 18:37:38    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-06-25 17:18:07    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 17:18:04    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-06-25 17:18:04    789416    ----a-w-    c:\windows\system32\deployJava1.dll
.
============= FINISH:  9:36:03.15 ===============
 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 06 September 2013 - 11:30 AM

Hi and Welcome!!   
 
My name is Jeff. I would be more than happy to take a look at your malware results logs and help you with solving any malware problems you might have. Logs can take a while to research, so please be patient and know that I am working hard to get you a clean and functional system back in your hands. I'd be grateful if you would note the following:

  • The fixes are specific to your problem and should only be used for the issues on this machine.
  • It's often worth reading through these instructions and printing them for ease of reference.
  • If you don't know or understand something, please don't hesitate to say or ask!! It's better to be sure and safe than sorry.
  • Please reply to this thread. Do not start a new topic.
  • If you happen to have a flash drive/thumb drive please have that ready in the event that we need to use it.
  • Please be sure to subscribe to the topic if you have not already done so.

IMPORTANT NOTE : Please do not delete, download or install anything unless instructed to do so.
DO NOT use any TOOLS such as Combofix or HijackThis fixes without supervision. Doing so could make your system inoperable and could require a full reinstall of your operating system and losing all your programs and data.

 
Having said that....   YBCQLm4.gif   Let's get going!!  
----------

1QYkxTZ.jpg Please download aswMBR to your desktop.

  • Double click the aswMBR icon to run it.
  • Click the Scan button to start scan.
  • If you are asked to update the Avast Virus database please allow it to do so.
  • When it finishes, press the save log button, save the logfile to your desktop and post its contents in your next reply.
  • ----------
      
    81mYIKe.jpg  AdwCleaner
     
    Please download AdwCleaner by Xplode and save to your Desktop.
    • Double click on AdwCleaner.exe to run the tool
      Vista/Windows 7/8 users right-click and select Run As Administrator.
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it. If you see an entry you want to keep, let me know about it.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
    ----------

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#3 lotty

lotty
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 07 September 2013 - 11:01 AM

Thank you so much for your responce.. Since my original post I have not attemted to correct anything... bu one issue I thought was fone from my original malware scan was I have had Emails in only my hotmail account show up "from Myself" ... May be related..

 

Ok here is the aswmbr scan

 

aswMBR version 0.9.9.1771 Copyright© 2011 AVAST Software
Run date: 2013-09-07 09:43:52
-----------------------------
09:43:52.484    OS Version: Windows 6.0.6002 Service Pack 2
09:43:52.484    Number of processors: 2 586 0xF06
09:43:52.485    ComputerName: BUSINESS  UserName:
09:44:00.153    Initialize success
09:45:32.176    AVAST engine defs: 13090700
09:45:35.686    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
09:45:35.692    Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
09:45:35.853    Disk 0 MBR read successfully
09:45:35.860    Disk 0 MBR scan
09:45:35.972    Disk 0 unknown MBR code
09:45:35.981    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS        10103 MB offset 63
09:45:36.038    Disk 0 Partition 2 80 (A) 07    HPFS/NTFS NTFS       142521 MB offset 20691720
09:45:36.069    Disk 0 scanning sectors +312576705
09:45:36.582    Disk 0 scanning C:\Windows\system32\drivers
09:46:24.013    Service scanning
09:47:03.095    Modules scanning
09:47:11.075    Disk 0 trace - called modules:
09:47:11.112    ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
09:47:11.122    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87b5aac8]
09:47:11.133    3 CLASSPNP.SYS[89dcf8b3] -> nt!IofCallDriver -> [0x86a2b6c8]
09:47:11.146    5 acpi.sys[806a66bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x869f6030]
09:47:12.840    AVAST engine scan C:\Windows
09:47:18.384    AVAST engine scan C:\Windows\system32
09:54:11.438    AVAST engine scan C:\Windows\system32\drivers
09:54:44.556    AVAST engine scan C:\Users\W. R. DREDGE
09:58:55.044    AVAST engine scan C:\ProgramData
10:24:10.388    Scan finished successfully
10:31:26.380    Disk 0 MBR has been saved successfully to "C:\Users\RANDY\Desktop\MBR.dat"
10:31:26.401    The log file has been saved successfully to "C:\Users\RANDY\Desktop\aswMBR.txt"

 

And here is the adwcleaner scan

 

# AdwCleaner v3.003 - Report created 07/09/2013 at 10:35:04
# Updated 07/09/2013 by Xplode
# Operating System : Windows Vista ™ Ultimate Service Pack 2 (32 bits)
# Username : W. R. DREDGE - BUSINESS
# Running from : C:\Users\RANDY\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : \END
File Found : C:\Users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\Extensions\addon@defaulttab.com.xpi
File Found : C:\Users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\searchplugins\Conduit.xml
File Found : C:\Users\WRE759~1.DRE\AppData\Local\Temp\Uninstall.exe
File Found : C:\Users\WRE759~1.DRE\AppData\Local\Temp\Uninstall.exe
File Found : C:\Windows\system32\conduitEngine.tmp
Folder Found : C:\Users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\Extensions\{91da5e8a-3318-4f8c-b67e-5964de3ab546}
Folder Found C:\Program Files\Conduit
Folder Found C:\Program Files\ZoneAlarm_Security
Folder Found C:\Users\RANDY\AppData\LocalLow\Conduit
Folder Found C:\Users\RANDY\AppData\LocalLow\PriceGong
Folder Found C:\Users\RANDY\AppData\LocalLow\ZoneAlarm_Security
Folder Found C:\Users\RANDY\AppData\Roaming\Mozilla\Firefox\Profiles\lzbvy093.default\ConduitCommon
Folder Found C:\Users\W. R. DREDGE\AppData\Local\Conduit
Folder Found C:\Users\W. R. DREDGE\AppData\Roaming\DefaultTab
Folder Found C:\Users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\ConduitCommon
Folder Found C:\Users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\CT2645238

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\conduitEngine
Key Found : HKCU\Software\AppDataLow\Software\DefaultTab
Key Found : HKCU\Software\AppDataLow\Software\ZoneAlarm_Security
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\DefaultTab
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ZoneAlarm_Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Key Found : HKLM\SOFTWARE\Classes\AppID\DefaultTabBHO.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{FEB40468-2C9A-4868-A0A2-A5318974F879}
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX
Key Found : HKLM\SOFTWARE\Classes\DefaultTabBHO.DefaultTabBrowserActiveX.1
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2645238
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Key Found : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{228578CC-FF30-4D19-B681-945B803FE47D}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8EBA5BC8-1358-4BA7-8516-294B1B808692}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{FEB40468-2C9A-4868-A0A2-A5318974F879}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DefaultTab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ZoneAlarm_Security Toolbar
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Found : HKLM\Software\ZoneAlarm_Security
Value Found : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{91DA5E8A-3318-4F8C-B67E-5964DE3AB546}]

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.19412


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\prefs.js ]

Line Found : user_pref("CT2645238..clientLogIsEnabled", false);
Line Found : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2645238.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2645238.BrowserCompStateIsOpen_130040896818121391", true);
Line Found : user_pref("CT2645238.BrowserCompStateIsOpen_130100881511418153", true);
Line Found : user_pref("CT2645238.CTID", "CT2645238");
Line Found : user_pref("CT2645238.CurrentServerDate", "1-9-2013");
Line Found : user_pref("CT2645238.DSInstall", false);
Line Found : user_pref("CT2645238.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2645238.DialogsGetterLastCheckTime", "Wed Aug 28 2013 19:23:57 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.DownloadReferralCookieData", "");
Line Found : user_pref("CT2645238.EMailNotifierPollDate", "Sun Sep 01 2013 06:17:07 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.FirstServerDate", "10-3-2012");
Line Found : user_pref("CT2645238.FirstTime", true);
Line Found : user_pref("CT2645238.FirstTimeFF3", true);
Line Found : user_pref("CT2645238.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2645238.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2645238.HPInstall", false);
Line Found : user_pref("CT2645238.HasUserGlobalKeys", true);
Line Found : user_pref("CT2645238.HomePageProtectorEnabled", false);
Line Found : user_pref("CT2645238.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CT2645238.Initialize", true);
Line Found : user_pref("CT2645238.InitializeCommonPrefs", true);
Line Found : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2645238.InstallationId", "CT2645238_ZoneAlarm_Security.exe");
Line Found : user_pref("CT2645238.InstallationType", "ConduitIntegration");
Line Found : user_pref("CT2645238.InstalledDate", "Fri Mar 09 2012 17:49:32 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.IsAlertDBUpdated", true);
Line Found : user_pref("CT2645238.IsGrouping", false);
Line Found : user_pref("CT2645238.IsInitSetupIni", true);
Line Found : user_pref("CT2645238.IsMulticommunity", false);
Line Found : user_pref("CT2645238.IsOpenThankYouPage", false);
Line Found : user_pref("CT2645238.IsOpenUninstallPage", false);
Line Found : user_pref("CT2645238.LanguagePackLastCheckTime", "Sun Sep 01 2013 06:07:07 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2645238.LastLogin_3.18.0.7", "Sun Sep 01 2013 06:07:06 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.LastLogin_3.8.0.8", "Tue Mar 26 2013 21:03:57 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.LatestVersion", "3.19.0.3");
Line Found : user_pref("CT2645238.Locale", "en");
Line Found : user_pref("CT2645238.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2645238.MCDetectTooltipShow", false);
Line Found : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2645238.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2645238.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2645238.OriginalFirstVersion", "3.8.0.8");
Line Found : user_pref("CT2645238.SearchCaption", "ZoneAlarm Security Customized Web Search");
Line Found : user_pref("CT2645238.SearchEngineBeforeUnload", "ZoneAlarm Extreme Security Customized Web Search");
Line Found : user_pref("CT2645238.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q=");
Line Found : user_pref("CT2645238.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Sun Sep 01 2013 06:07:04 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Found : user_pref("CT2645238.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2645238.SearchProtectorEnabled", false);
Line Found : user_pref("CT2645238.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT2645238.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2645238.ServiceMapLastCheckTime", "Sun Sep 01 2013 06:07:07 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.SettingsLastCheckTime", "Sun Sep 01 2013 06:07:03 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.SettingsLastUpdate", "1377965966");
Line Found : user_pref("CT2645238.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2645238&SearchSource=13");
Line Found : user_pref("CT2645238.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Wed Aug 28 2013 19:23:53 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1331805997");
Line Found : user_pref("CT2645238.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238");
Line Found : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2645238.UserID", "UN34966590860686243");
Line Found : user_pref("CT2645238.alertChannelId", "1037922");
Line Found : user_pref("CT2645238.approveUntrustedApps", false);
Line Found : user_pref("CT2645238.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e.:2z527", "247E70716B71773C37276F2979757475772F26312323234F484B4C552E53493D263F302B30352F453C4739383C3D64605C5B5F716571704974696C4D7A675C455E4F4A4F4E4D645B665[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e06cg5el8:", "6E6D6A6A737172707377");
Line Found : user_pref("CT2645238.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473707079777876797D242F4B49474F42357D5D5C3D");
Line Found : user_pref("CT2645238.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e31;cj7fk;kg#8qkef)til", "247E61393F236B25737476742A212C6E414F444D327A344352574757532F445D57515235605558453C472A615E5C5B6F5B57616D523B5443564D583B67636D795E476[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D306C626F74716669676C7466767D7979732068614A6[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e31;cji5e k@c", "247E61393F236B2573787229202B6D404E434C3179335440502B564B4E3B323D205D524D5550534D462F4875784B424D306D705E523B5443564D583B6768715D465F4E61586370[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Found : user_pref("CT2645238.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Found : user_pref("CT2645238.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Found : user_pref("CT2645238.backendstorage./9b-0?3g>d", "686A3F6D6B4043757A77447148207A7E777B25792421232A552424542725275B2828312C");
Line Found : user_pref("CT2645238.backendstorage./9b-0?3g@6:5;", "");
Line Found : user_pref("CT2645238.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Found : user_pref("CT2645238.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F297B7E7D21202F26313E4249357D37382F3A494D5D513F283338435D6554695B65546D57695D5D686365533C70766C66755E");
Line Found : user_pref("CT2645238.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Line Found : user_pref("CT2645238.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Found : user_pref("CT2645238.backendstorage./9b5ba==9cjag", "693A71406D6E74437A777177787A74794D4A4B797B");
Line Found : user_pref("CT2645238.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6A6A737172707471777A7B");
Line Found : user_pref("CT2645238.backendstorage./9b9643g3/9e", "6A");
Line Found : user_pref("CT2645238.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Found : user_pref("CT2645238.backendstorage./9b<:222h64<", "393F352F3E");
Line Found : user_pref("CT2645238.backendstorage./9b<:222h64<l8daj", "6D70706F76746C7977772A797A727D77757E21");
Line Found : user_pref("CT2645238.backendstorage./9b=+03eh8h8j?:", "4443");
Line Found : user_pref("CT2645238.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Found : user_pref("CT2645238.backendstorage./9b?b0d:8aj62<h", "6D");
Line Found : user_pref("CT2645238.backendstorage./9ba@0<0bi6a7gn:6@l?", "6C");
Line Found : user_pref("CT2645238.backendstorage.acp_personal.appstate", "656E61626C65");
Line Found : user_pref("CT2645238.backendstorage.cb_experience_000", "35");
Line Found : user_pref("CT2645238.backendstorage.cb_firstuse0100", "31");
Line Found : user_pref("CT2645238.backendstorage.cb_user_id_000", "43423339353238373430333639355F313337383033333634313830325F46697265666F78");
Line Found : user_pref("CT2645238.backendstorage.cbfirsttime", "5765642041756720323820323031332031393A32343A333020474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Found : user_pref("CT2645238.backendstorage.last_client_stats_submit_2", "31333737373335383432");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_stats_last_submit_6", "31333738303333363439");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_stats_stats_site_irrelevant", "31");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_stats_stats_site_new", "30");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_stats_stats_site_not_supported", "30");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_stats_stats_site_supported", "3131");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_stats_stats_use_history", "30");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_stats_stats_use_pop", "30");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_stats_stats_use_related", "30");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_stats_stats_use_typed", "30");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_irrelevant", "31333738303334323734");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_supported", "31333738303334313934");
Line Found : user_pref("CT2645238.backendstorage.local_cookie_throttle_baseloopback|hxxp://up.autocompleteplus.com/up?q=firefox%2bhome%2bpage&l=support.mozilla.org&t=2&v=0.4&d=conduit2", "31333738303333383333");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appstate_acplus", "6F6E");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appstate_discover", "6F6E");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appstate_find-a-pro", "6F6E");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appstate_piclickv2-websearch", "6F6E");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_appstatereporttime", "31333738303333363333323132");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_calledsetupservice", "31");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225069636C69636B56322D576562536561726368222C22637269746572696173223A5B7B22637269746572696149[...]
Line Found : user_pref("CT2645238.backendstorage.mam_gk_currentversion", "312E31302E342E30");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_first_time", "31");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_lastlogintime", "31333738303333363333363935");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]
Line Found : user_pref("CT2645238.backendstorage.mam_gk_new_welcome_experience", "31");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223135375F30222C226973546573742[...]
Line Found : user_pref("CT2645238.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_user_approval_interacted", "31");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_userid", "64396438323336312D643163382D346266642D616131662D636233353833616335353730");
Line Found : user_pref("CT2645238.backendstorage.mam_gk_welcomedialogmode", "31");
Line Found : user_pref("CT2645238.backendstorage.pg_enable", "74727565");
Line Found : user_pref("CT2645238.backendstorage.searchappstate", "32");
Line Found : user_pref("CT2645238.backendstorage.searchapptracking", "73656E74");
Line Found : user_pref("CT2645238.backendstorage.sf_just_installed", "46414C5345");
Line Found : user_pref("CT2645238.backendstorage.sf_status", "454E41424C4544");
Line Found : user_pref("CT2645238.backendstorage.sf_user_id", "6369645F32383832303133313932343135373531393231");
Line Found : user_pref("CT2645238.backendstorage.url_history0001", "687474703A2F2F737570706F72742E6D6F7A696C6C612E6F72672F656E2D55532F6B622F486F77253230746F253230736574253230746865253230686F6D652532307061676523775[...]
Line Found : user_pref("CT2645238.components.129791241750835138", false);
Line Found : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Wed Aug 28 2013 19:23:57 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2645238.initDone", true);
Line Found : user_pref("CT2645238.isAppTrackingManagerOn", false);
Line Found : user_pref("CT2645238.myStuffEnabled", true);
Line Found : user_pref("CT2645238.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2645238.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2645238.revertSettingsEnabled", false);
Line Found : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2645238.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2645238.testingCtid", "");
Line Found : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Sun Sep 01 2013 06:07:07 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Wed Aug 28 2013 19:23:55 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2645238.usagesFlag", 2);
Line Found : user_pref("CT2925418..clientLogIsEnabled", false);
Line Found : user_pref("CT2925418..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2925418..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2925418.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2925418.CTID", "CT2925418");
Line Found : user_pref("CT2925418.CurrentServerDate", "22-12-2011");
Line Found : user_pref("CT2925418.DSInstall", true);
Line Found : user_pref("CT2925418.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2925418.DialogsGetterLastCheckTime", "Thu Dec 22 2011 12:19:36 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.DownloadReferralCookieData", "");
Line Found : user_pref("CT2925418.EMailNotifierPollDate", "Thu Dec 22 2011 12:19:35 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.FirstServerDate", "9-12-2011");
Line Found : user_pref("CT2925418.FirstTime", true);
Line Found : user_pref("CT2925418.FirstTimeFF3", true);
Line Found : user_pref("CT2925418.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2925418.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2925418.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2925418.HPInstall", false);
Line Found : user_pref("CT2925418.HasUserGlobalKeys", true);
Line Found : user_pref("CT2925418.Initialize", true);
Line Found : user_pref("CT2925418.InitializeCommonPrefs", true);
Line Found : user_pref("CT2925418.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2925418.InstallationType", "Unknown");
Line Found : user_pref("CT2925418.InstalledDate", "Thu Dec 08 2011 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.IsAlertDBUpdated", true);
Line Found : user_pref("CT2925418.IsGrouping", false);
Line Found : user_pref("CT2925418.IsInitSetupIni", true);
Line Found : user_pref("CT2925418.IsMulticommunity", false);
Line Found : user_pref("CT2925418.IsOpenThankYouPage", true);
Line Found : user_pref("CT2925418.IsOpenUninstallPage", true);
Line Found : user_pref("CT2925418.LanguagePackLastCheckTime", "Thu Dec 22 2011 12:19:36 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2925418.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2925418.LastLogin_3.7.0.6", "Thu Dec 22 2011 12:19:36 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.LatestVersion", "3.8.1.0");
Line Found : user_pref("CT2925418.Locale", "en");
Line Found : user_pref("CT2925418.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2925418.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2925418.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2925418.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2925418.OriginalFirstVersion", "3.7.0.6");
Line Found : user_pref("CT2925418.SearchCaption", "ZoneAlarm Extreme Security Customized Web Search");
Line Found : user_pref("CT2925418.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2925418.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2925418&SearchSource=2&q=");
Line Found : user_pref("CT2925418.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2925418.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2925418.SearchInNewTabLastCheckTime", "Thu Dec 22 2011 12:19:35 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2925418.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usage.ashx?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2925418.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2925418.ServiceMapLastCheckTime", "Thu Dec 22 2011 12:19:35 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.SettingsLastCheckTime", "Thu Dec 22 2011 12:19:34 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.SettingsLastUpdate", "1321973268");
Line Found : user_pref("CT2925418.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2925418&SearchSource=13");
Line Found : user_pref("CT2925418.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2925418.ThirdPartyComponentsLastCheck", "Thu Dec 08 2011 16:02:41 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT2925418.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2925418.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2925418");
Line Found : user_pref("CT2925418.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2925418.UserID", "UN36325314923094763");
Line Found : user_pref("CT2925418.alertChannelId", "1317307");
Line Found : user_pref("CT2925418.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2925418.globalFirstTimeInfoLastCheckTime", "Thu Dec 22 2011 12:19:36 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2925418.initDone", true);
Line Found : user_pref("CT2925418.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2925418.myStuffEnabled", true);
Line Found : user_pref("CT2925418.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2925418.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2925418.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2925418.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2925418.oldAppsList", "129403465893419378,129403465893731879,111,129547531465455574,129454670619237939,129403465894356881,129403465895763137,1000080,129538368125733219,1000034,12940346589[...]
Line Found : user_pref("CT2925418.revertSettingsEnabled", false);
Line Found : user_pref("CT2925418.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2925418.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2925418.testingCtid", "");
Line Found : user_pref("CT2925418.toolbarAppMetaDataLastCheckTime", "Thu Dec 22 2011 12:19:36 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2925418.toolbarContextMenuLastCheckTime", "Thu Dec 08 2011 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.ConduitSearchList", "ZoneAlarm Extreme Security Customized Web Search");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2645238/CT2645238", "\"44df076df79e7d778ea20613bdbccc4b3\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2925418/CT2925418", "\"1321973269\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1317307/1312978/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", "\"1365614551\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2925418", "\"1295868936\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "uG7mdamLoNmpmgC2c0JctQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "jf4tQQjNr2TQ31uHimzTMg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "0BEXfBAJ1PdxmWK9VOejOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "ZU6zjERHpZr7lBpInn+HyA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:16c0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"23c5489aa686ce1:16c0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.0.6", "\"6a637346d78ccc1:127c\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.0.8", "\"0343677cfb1cd1:1633\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2925418", "\"3e5a4f275840b518b14c5ff3d7391b70\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/634084960850172500.png", "\"42eee7aac1eaca1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"401d32483340a129bdc6ddc544721839\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\W. R. DREDGE\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\aarqjoqw.default\\conduitCommon\\modules\\3.18.0.7");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.18.0.7");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2925418,CT2645238");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2925418,CT2645238");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT2925418,CT2645238");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Mar 09 2012 17:49:32 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.globalUserId", "a6141c59-6393-4366-af65-da0e659760a6");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2925418");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Aug 28 2013 19:23:57 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Sep 01 2013 06:07:15 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Sep 01 2013 06:07:07 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "3599f605-bb53-4d6f-8e6a-4905abad8838");
Line Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm Extreme Security Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2925418&SearchSource=3&q={searchTerms}");

[ File : C:\Users\RANDY\AppData\Roaming\Mozilla\Firefox\Profiles\lzbvy093.default\prefs.js ]

Line Found : user_pref("CT3013950..clientLogIsEnabled", false);
Line Found : user_pref("CT3013950..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT3013950..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3013950.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT3013950.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT3013950.AppTrackingLastCheckTime", "Wed Aug 17 2011 10:19:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.BrowserCompStateIsOpen_129575140458944218", true);
Line Found : user_pref("CT3013950.BrowserCompStateIsOpen_129683320557836220", true);
Line Found : user_pref("CT3013950.CT3013950", "CT3013950");
Line Found : user_pref("CT3013950.CurrentServerDate", "21-4-2013");
Line Found : user_pref("CT3013950.DialogsAlignMode", "LTR");
Line Found : user_pref("CT3013950.DialogsGetterLastCheckTime", "Mon Apr 15 2013 14:00:14 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.DownloadReferralCookieData", "");
Line Found : user_pref("CT3013950.EMailNotifierPollDate", "Sun Jun 12 2011 08:02:56 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.ExternalComponentPollDate129505101446450230", "Sat Jun 11 2011 17:02:26 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.FirstServerDate", "12-6-2011");
Line Found : user_pref("CT3013950.FirstTime", true);
Line Found : user_pref("CT3013950.FirstTimeFF3", true);
Line Found : user_pref("CT3013950.FixPageNotFoundErrors", false);
Line Found : user_pref("CT3013950.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT3013950.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT3013950.HasUserGlobalKeys", true);
Line Found : user_pref("CT3013950.HomePageProtectorEnabled", false);
Line Found : user_pref("CT3013950.Initialize", true);
Line Found : user_pref("CT3013950.InitializeCommonPrefs", true);
Line Found : user_pref("CT3013950.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT3013950.InstalledDate", "Sat Jun 11 2011 17:02:27 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.InvalidateCache", false);
Line Found : user_pref("CT3013950.IsAlertDBUpdated", true);
Line Found : user_pref("CT3013950.IsGrouping", false);
Line Found : user_pref("CT3013950.IsMulticommunity", false);
Line Found : user_pref("CT3013950.IsOpenThankYouPage", true);
Line Found : user_pref("CT3013950.IsOpenUninstallPage", true);
Line Found : user_pref("CT3013950.IsProtectorsInit", true);
Line Found : user_pref("CT3013950.LanguagePackLastCheckTime", "Sun Apr 21 2013 08:31:40 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT3013950.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT3013950.LastLogin_3.12.0.7", "Thu Apr 26 2012 08:49:19 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.LastLogin_3.12.2.3", "Wed May 30 2012 11:40:15 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.LastLogin_3.13.0.6", "Sun Jul 15 2012 18:26:42 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.LastLogin_3.14.1.0", "Wed Aug 22 2012 17:26:03 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.LastLogin_3.15.1.0", "Tue Mar 05 2013 10:09:01 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.LastLogin_3.18.0.7", "Sun Apr 21 2013 08:31:40 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.LastLogin_3.4.2.0", "Thu Jun 23 2011 08:34:56 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.LastLogin_3.5.0.12", "Wed Aug 17 2011 10:19:26 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.LastLogin_3.6.0.10", "Mon Aug 22 2011 13:09:27 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.LatestVersion", "3.18.0.7");
Line Found : user_pref("CT3013950.Locale", "en");
Line Found : user_pref("CT3013950.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT3013950.MCDetectTooltipShow", false);
Line Found : user_pref("CT3013950.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT3013950.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT3013950.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT3013950.OriginalFirstVersion", "3.4.2.0");
Line Found : user_pref("CT3013950.RadioIsPodcast", false);
Line Found : user_pref("CT3013950.RadioLastCheckTime", "Sat Jun 11 2011 17:02:27 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT3013950.RadioLastUpdateServer", "3");
Line Found : user_pref("CT3013950.RadioMediaID", "9962");
Line Found : user_pref("CT3013950.RadioMediaType", "Media Player");
Line Found : user_pref("CT3013950.RadioMenuSelectedID", "EBRadioMenu_CT30139509962");
Line Found : user_pref("CT3013950.RadioStationName", "California%20Rock");
Line Found : user_pref("CT3013950.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Found : user_pref("CT3013950.SHRINK_TOOLBAR", 1);
Line Found : user_pref("CT3013950.SavedHomepage", "resource:/browserconfig.properties");
Line Found : user_pref("CT3013950.SearchBoxWidth", 546);
Line Found : user_pref("CT3013950.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CT3013950.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT3013950.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3013950&SearchSource=2&q=");
Line Found : user_pref("CT3013950.SearchInNewTabEnabled", true);
Line Found : user_pref("CT3013950.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT3013950.SearchInNewTabLastCheckTime", "Sun Apr 21 2013 08:31:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Found : user_pref("CT3013950.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3013950.SearchProtectorEnabled", false);
Line Found : user_pref("CT3013950.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT3013950.ServiceMapLastCheckTime", "Sun Apr 21 2013 08:31:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.SettingsLastCheckTime", "Sun Apr 21 2013 08:31:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.SettingsLastUpdate", "1366537686");
Line Found : user_pref("CT3013950.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT3013950.ThirdPartyComponentsLastCheck", "Wed Aug 17 2011 10:19:21 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.ThirdPartyComponentsLastUpdate", "1246786978");
Line Found : user_pref("CT3013950.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3013950");
Line Found : user_pref("CT3013950.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT3013950.UserID", "UN09247446155608052");
Line Found : user_pref("CT3013950.ValidationData_Search", 0);
Line Found : user_pref("CT3013950.ValidationData_Toolbar", 2);
Line Found : user_pref("CT3013950.WeatherNetwork", "");
Line Found : user_pref("CT3013950.WeatherPollDate", "Sun Jun 12 2011 07:53:20 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.WeatherUnit", "F");
Line Found : user_pref("CT3013950.alertChannelId", "1405617");
Line Found : user_pref("CT3013950.appApproved.129505101445981479", true);
Line Found : user_pref("CT3013950.approveUntrustedApps", false);
Line Found : user_pref("CT3013950.backendstorage.smspunuid", "736D737031333037383239373732393735");
Line Found : user_pref("CT3013950.backendstorage.url_history", "687474703A2F2F7777772E636C61726B686F776172642E636F6D2F6E6577732F636C61726B686F776172642F636172732F706F6C6963652D616E642D6175746F6D616B6572732D63616E2[...]
Line Found : user_pref("CT3013950.backendstorage.url_history_time", "31333133363832363335373333");
Line Found : user_pref("CT3013950.components.1000034", false);
Line Found : user_pref("CT3013950.components.1000082", false);
Line Found : user_pref("CT3013950.components.1000234", false);
Line Found : user_pref("CT3013950.components.129505101445825228", false);
Line Found : user_pref("CT3013950.components.129505101445981479", false);
Line Found : user_pref("CT3013950.components.129505101446450230", false);
Line Found : user_pref("CT3013950.components.129505101446450231", false);
Line Found : user_pref("CT3013950.components.129505101446762733", false);
Line Found : user_pref("CT3013950.components.129505101446918984", false);
Line Found : user_pref("CT3013950.components.129505101447543986", false);
Line Found : user_pref("CT3013950.components.129575140458944218", false);
Line Found : user_pref("CT3013950.components.6582016152709143170", false);
Line Found : user_pref("CT3013950.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT3013950.globalFirstTimeInfoLastCheckTime", "Mon Aug 22 2011 13:09:33 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT3013950.initDone", true);
Line Found : user_pref("CT3013950.isAppTrackingManagerOn", true);
Line Found : user_pref("CT3013950.myStuffEnabled", true);
Line Found : user_pref("CT3013950.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT3013950.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT3013950.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT3013950.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT3013950.oldAppsList", "129505101444575214,129505101445512726,111,129505101445825228,129505101445981479,129505101446450230,129505101446450231,1000082,129505101446762733,129505101446918984,[...]
Line Found : user_pref("CT3013950.revertSettingsEnabled", false);
Line Found : user_pref("CT3013950.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT3013950.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT3013950.testingCtid", "");
Line Found : user_pref("CT3013950.toolbarAppMetaDataLastCheckTime", "Sun Apr 21 2013 08:31:40 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.toolbarContextMenuLastCheckTime", "Wed Aug 17 2011 10:19:53 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3013950.usagesFlag", 2);
Line Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3013950&SearchSource=13");
Line Found : user_pref("CommunityToolbar.ConduitSearchList", "TV Radio 1 Customized Web Search");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3013950/CT3013950", "\"8eedc7f5645e0a4441f38f125ca928093\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1405617/1401275/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3013950", "\"1323858456\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"07879643d3acc1:10d4\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:160f\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:166e\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.4.2.0", "\"07b2625f8cb1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.0.12", "\"80161a5ed5ccc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"80ee9485875dcc1:10d4\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3013950", "\"2cf4f33c40cf096b2e9e9778267eb346\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3013950&octid=CT3013950", "\"1313504459\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT3013950/CT3013950", "\"1311168862\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"0cb8f15bfffadacc9b4df0a623e57668\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\RANDY\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\lzbvy093.default\\conduitCommon\\modules\\3.6.0.10");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.6.0.10");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT3013950");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3013950");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3013950");
Line Found : user_pref("CommunityToolbar.globalUserId", "9589ca22-8ba4-458c-9a0e-4f7968253821");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3013950");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Thu Aug 18 2011 09:05:21 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Mon Aug 22 2011 13:05:30 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Mon Aug 22 2011 13:05:22 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "08e238fb-7a42-4218-be4c-35ef480a2441");
Line Found : user_pref("browser.search.defaultthis.engineName", "TV Radio 1 Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3013950&SearchSource=3&q={searchTerms}");

*************************

AdwCleaner[R0].txt - [58393 octets] - [07/09/2013 10:35:04]

########## EOF - \AdwCleaner\AdwCleaner[R0].txt - [58454 octets] ##########
 



#4 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 07 September 2013 - 11:19 AM

Hi,
 
81mYIKe.jpgAdwCleaner
 
Double click on AdwCleaner.exe to run the tool again.

  • Click on the Scan button.
  • AdwCleaner will begin to scan your computer like it did before.
  • After the scan has finished...
  • This time, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.

------------
 
ComboFix
 
Download Combofix from either of the links below, and save it to your desktop.  
Link 1
Link 2
 
**Note:  It is important that it is saved directly to your desktop**
If you get a message saying "Illegal operation attempted on a registry key that has been marked for deletion", please restart your computer.


 
--------------------------------------------------------------------
 
IMPORTANT - Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you have difficulty properly disabling your protective programs, refer to this link here
 
--------------------------------------------------------------------
 
Right-Click and Run as Administrator on ComboFix.exe & follow the prompts.

  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt for further review.

WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#5 lotty

lotty
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 07 September 2013 - 12:05 PM

I rand the clean but I did not get an new report after reboot.... and my zone alarm did not start... what now



#6 lotty

lotty
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 07 September 2013 - 02:31 PM

I have zone alarm running now.... but still cannot find the file from adwcleaner



#7 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 07 September 2013 - 06:37 PM

Don't worry about AdwCleaner.  :)

 

Just continue and run ComboFix and then post the log that is created.  Before you run ComboFix, be sure to disable ZoneAlarm while it is scanning your system.


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#8 lotty

lotty
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 08 September 2013 - 11:25 AM

Here is the log from combo fix... I did change my desktop, toolbars and favorites... but if it got rid of the problem I guess I can rebuild that...

 

 

ComboFix 13-09-08.01 - W. R. DREDGE 09/08/2013  10:57:02.1.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.2045.1143 [GMT -5:00]
Running from: c:\users\RANDY\Desktop\ComboFix.exe
FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\RANDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool
c:\users\RANDY\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tool\System Tool 2011.lnk
c:\users\RANDY\Windows_PVPN_Installer.EXE
D:\Autorun.inf
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-08 to 2013-09-08  )))))))))))))))))))))))))))))))
.
.
2013-09-08 16:11 . 2013-09-08 16:11    --------    d-----w-    c:\users\WRE759~1~DRE\AppData\Local\temp
2013-09-08 16:11 . 2013-09-08 16:11    --------    d-----w-    c:\users\RANDY\AppData\Local\temp
2013-09-08 16:11 . 2013-09-08 16:11    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-08 16:11 . 2013-09-08 16:12    --------    d-----w-    c:\users\W. R. DREDGE\AppData\Local\temp
2013-09-08 15:09 . 2013-09-08 15:09    60872    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{89DA9B23-75E1-4E8A-B137-32129AD8A8A0}\offreg.dll
2013-09-08 15:00 . 2013-08-06 07:28    7166848    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{89DA9B23-75E1-4E8A-B137-32129AD8A8A0}\mpengine.dll
2013-09-07 15:34 . 2013-09-07 16:39    --------    d-----w-    C:\AdwCleaner
2013-09-01 11:20 . 2013-09-01 11:20    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-29 16:01 . 2013-08-29 17:18    --------    d-----w-    c:\users\RANDY\AppData\Roaming\Awesome Duplicate Photo Finder
2013-08-29 00:23 . 2013-08-29 12:18    --------    d-----w-    c:\users\W. R. DREDGE\AppData\Roaming\Awesome Duplicate Photo Finder
2013-08-29 00:23 . 2013-08-29 00:23    --------    d-----w-    c:\program files\Awesome Duplicate Photo Finder
2013-08-29 00:16 . 2013-08-29 00:16    --------    d--h--w-    c:\programdata\Common Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 18:37 . 2013-04-22 15:36    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-20 18:37 . 2011-10-01 14:04    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-25 17:18 . 2013-06-25 17:18    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 17:18 . 2013-06-24 20:14    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-06-25 17:18 . 2013-06-24 20:14    789416    ----a-w-    c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WiTopia"="c:\program files\WiTopia\WiTopia.exe" [2013-05-02 655960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-12 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-12 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-12 81920]
"AutoTask"="c:\program files\AutoTask\AutoTask.exe" [2009-06-22 335872]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\W. R. DREDGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2011-11-03 14:44    738944    ----a-w-    c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-22 18:37]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-10 13:57]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-10 13:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=PTB&M=NX860XL
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=PTB&M=NX860XL
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: real.com\rhap-app-4-0
Trusted Zone: real.com\rhapreg
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\
FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={9066F14E-6FBD-4D1D-8767-64C24651FB64}&mid=9114103b064347d3b402d15f890c51a3-8193c31293412f1b98b60cbd96fe4a0f895f8ea2&lang=en&ds=dn011&pr=sa&d=2013-08-28 19:17&v=15.4.0.5&pid=safeguard&sg=0&sap=hp
FF - prefs.js: keyword.URL -
FF - ExtSQL: 2013-08-28 19:17; avg@toolbar; c:\programdata\AVG SafeGuard toolbar\FireFoxExt\15.5.0.2
FF - ExtSQL: 2013-08-28 19:19; addon@defaulttab.com; c:\users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\extensions\addon@defaulttab.com.xpi
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{a94e8dc9-07aa-45a7-8af2-a0375473a5cd} - (no file)
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKLM-Run-BackupSoft - \RunRedem.exe
HKLM-Run-ISW - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
SafeBoot-Lavasoft Ad-Aware Service
MSConfigStartUp-BigFix - c:\program files\Bigfix\bigfix.exe
AddRemove-ShockwaveFlash - c:\windows\system32\Macromed\Flash\FlashUtil9b.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-08 11:12
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
 [0] 0x000000FF
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-09-08  11:14:44
ComboFix-quarantined-files.txt  2013-09-08 16:14
.
Pre-Run: 28,758,347,776 bytes free
Post-Run: 41,026,289,664 bytes free
.
- - End Of File - - FC54FA62C508E05849B5C9EB84E0E022
D0A37B66A9B60F135B25640CB1AA1477
 



#9 lotty

lotty
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 08 September 2013 - 11:54 AM

After a reboot all of desktop and favorites are back.... sorry



#10 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 08 September 2013 - 12:59 PM

ComboFix

  • Please open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the code box below:

    ClearJavaCache::
     
    DDS::
    Trusted Zone: real.com\rhap-app-4-0
    Trusted Zone: real.com\rhapreg
     
    Firefox::
    FF - ProfilePath - c:\users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\
    FF - prefs.js: browser.startup.homepage - hxxp://mysearch.avg.com/?cid={9066F14E-6FBD-4D1D-8767-64C24651FB64}&mid=9114103b064347d3b402d15f890c51a3-8193c31293412f1b98b60cbd96fe4a0f895f8ea2&lang=en&ds=dn011&pr=sa&d=2013-08-28 19:17&v=15.4.0.5&pid=safeguard&sg=0&sap=hp
    FF - ExtSQL: 2013-08-28 19:19; addon@defaulttab.com; c:\users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\extensions\addon@defaulttab.com.xpi

  • Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.
     
    CFScriptB-4.gif
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix may request an update; please allow it.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.
---------- 
 
Post the new ComboFix log and then let me know how your system is running.   :)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#11 lotty

lotty
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 08 September 2013 - 04:14 PM

Here you go Thanks

 

ComboFix 13-09-08.02 - W. R. DREDGE 09/08/2013  15:51:01.2.2 - x86
Microsoft® Windows Vista™ Ultimate   6.0.6002.2.1252.1.1033.18.2045.1269 [GMT -5:00]
Running from: c:\users\RANDY\Desktop\ComboFix.exe
Command switches used :: c:\users\RANDY\Desktop\CFScript.txt
FW: ZoneAlarm Extreme Security Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Extreme Security Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
 * Created a new restore point
.
.
(((((((((((((((((((((((((   Files Created from 2013-08-08 to 2013-09-08  )))))))))))))))))))))))))))))))
.
.
2013-09-08 21:01 . 2013-09-08 21:02    --------    d-----w-    c:\users\W. R. DREDGE\AppData\Local\temp
2013-09-08 21:01 . 2013-09-08 21:01    --------    d-----w-    c:\users\WRE759~1~DRE\AppData\Local\temp
2013-09-08 21:01 . 2013-09-08 21:01    --------    d-----w-    c:\users\Default\AppData\Local\temp
2013-09-08 16:14 . 2013-09-08 21:01    --------    d-----w-    c:\users\RANDY\AppData\Local\temp
2013-09-08 15:00 . 2013-08-06 07:28    7166848    ----a-w-    c:\programdata\Microsoft\Windows Defender\Definition Updates\{89DA9B23-75E1-4E8A-B137-32129AD8A8A0}\mpengine.dll
2013-09-07 15:34 . 2013-09-07 16:39    --------    d-----w-    C:\AdwCleaner
2013-09-01 11:20 . 2013-09-01 11:20    40776    ----a-w-    c:\windows\system32\drivers\mbamswissarmy.sys
2013-08-29 16:01 . 2013-08-29 17:18    --------    d-----w-    c:\users\RANDY\AppData\Roaming\Awesome Duplicate Photo Finder
2013-08-29 00:23 . 2013-08-29 12:18    --------    d-----w-    c:\users\W. R. DREDGE\AppData\Roaming\Awesome Duplicate Photo Finder
2013-08-29 00:23 . 2013-08-29 00:23    --------    d-----w-    c:\program files\Awesome Duplicate Photo Finder
2013-08-29 00:16 . 2013-08-29 00:16    --------    d--h--w-    c:\programdata\Common Files
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-08-20 18:37 . 2013-04-22 15:36    692104    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2013-08-20 18:37 . 2011-10-01 14:04    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-06-25 17:18 . 2013-06-25 17:18    94632    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2013-06-25 17:18 . 2013-06-24 20:14    867240    ----a-w-    c:\windows\system32\npDeployJava1.dll
2013-06-25 17:18 . 2013-06-24 20:14    789416    ----a-w-    c:\windows\system32\deployJava1.dll
.
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-19 125952]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-19 202240]
"WiTopia"="c:\program files\WiTopia\WiTopia.exe" [2013-05-02 655960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-09-29 151552]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-11-17 815104]
"SMSERIAL"="c:\program files\Motorola\SMSERIAL\sm56hlpr.exe" [2007-01-17 634880]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-01-23 101136]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2007-01-30 30248]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2007-01-30 46632]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-02-06 622592]
"ControlCenter3"="c:\program files\Brother\ControlCenter3\brctrcen.exe" [2006-07-19 65536]
"itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2008-06-10 1442888]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2008-06-10 1406024]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-03-12 90191]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-03-12 7770112]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-03-12 81920]
"AutoTask"="c:\program files\AutoTask\AutoTask.exe" [2009-06-22 335872]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-29 497648]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2011-08-31 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-12 59280]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-11-10 73360]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-09-10 421776]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-10-25 421888]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"ISW"="" [BU]
.
c:\users\W. R. DREDGE\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Nikon Monitor.lnk - c:\program files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-10-18 479232]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-3-29 719664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISW]
2011-11-03 14:44    738944    ----a-w-    c:\program files\CheckPoint\ZAForceField\ForceField.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs    REG_MULTI_SZ       BthServ
LocalServiceAndNoImpersonation    REG_MULTI_SZ       FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2013-09-08 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-22 18:37]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-10 13:57]
.
2013-09-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-09-10 13:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=PTB&M=NX860XL
mStart Page = hxxp://www.gateway.com/g/startpage.html?Ch=Consumer&Br=GTW&Loc=ENG_US&Sys=PTB&M=NX860XL
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_43C348BC2E93EB2B.dll/cmsidewiki.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\W. R. DREDGE\AppData\Roaming\Mozilla\Firefox\Profiles\aarqjoqw.default\
FF - prefs.js: keyword.URL -
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-09-08 16:02
Windows 6.0.6002 Service Pack 2 NTFS
.
scanning hidden processes ...  
.
scanning hidden autostart entries ...
.
scanning hidden files ...  
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
Completion time: 2013-09-08  16:04:29
ComboFix-quarantined-files.txt  2013-09-08 21:04
ComboFix2.txt  2013-09-08 16:14
.
Pre-Run: 41,331,560,448 bytes free
Post-Run: 41,369,661,440 bytes free
.
- - End Of File - - 65EF46DB13A28DE21D5E39640C7C30F0
D0A37B66A9B60F135B25640CB1AA1477
 



#12 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 08 September 2013 - 06:40 PM

and then let me know how your system is running

:)


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#13 lotty

lotty
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 08 September 2013 - 07:52 PM

I am sorry but if you look at your last post it wa cut off on the front I am not sure what you want me to do



#14 jeffce

jeffce

    Bleepin' Super Saiyan


  • Malware Response Team
  • 3,442 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:USA
  • Local time:10:42 PM

Posted 09 September 2013 - 06:56 AM

How is your system running?  :)  


WFxJwA4.png
 
mvp_horizontal_fullcolor-(copy2).jpeg
 


#15 lotty

lotty
  • Topic Starter

  • Members
  • 32 posts
  • OFFLINE
  •  
  • Local time:11:42 PM

Posted 09 September 2013 - 07:17 AM

Thank you... my system appears to be running fine... Am I now clean.... and how serious was it... Was data in jeopardy or ws it just pop ups...

 

Thank you so much






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users