Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Possible infection with unknown malware


  • Please log in to reply
7 replies to this topic

#1 katydidonline

katydidonline

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest USA
  • Local time:05:01 AM

Posted 22 November 2013 - 11:08 AM

I don’t know if I have any script-blocking programs to disable but I did not receive a warning from your antimalware product asking if you would like DDS.com to run.

 

For some time now my computer giving me problems.  It hangs up often and I have to wait minutes before responsiveness comes back or sometimes I have to reboot.  My search function does not work at all and it will not shut down without asking me to close running programs even though I have nothing running.

 

When I do click to close anyway I get a flash of information that I can't read (flashes to fast on the screen) it says something about host PC.

 

Thank you in advance for any help in this matter.

 

Christy

Attached Files



BC AdBot (Login to Remove)

 


#2 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:01 AM

Posted 22 November 2013 - 06:09 PM

:welcome:

 

thisisujrt.gif  Please download Junkware Removal Tool to your desktop.

  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

 

Run adwCleaner.

Download : ADWCleaner to your desktop.

NOTE: If using Internet Explorer and get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close  all programs and click on the AdwCleaner icon.

scan-results.jpg

Click on Scan  and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder. as AdwCleaner[S0].txt

 

bf_new.gif Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.

Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediatly.
 


No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#3 katydidonline

katydidonline
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest USA
  • Local time:05:01 AM

Posted 22 November 2013 - 11:42 PM

As requested...

 

 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Christy_2 on Fri 11/22/2013 at 22:19:40.21
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
~~~ Services
 
Successfully stopped: [Service] webcake desktop updater 
Successfully deleted: [Service] webcake desktop updater 
 
 
 
~~~ Registry Values
 
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\searchsettings
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Successfully deleted: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440}
 
 
 
~~~ Registry Keys
 
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\delta.deltadskbnd
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\delta.deltadskbnd.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\escort.escortiepane.1
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{39CB8175-E224-4446-8746-00566302DF8D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escort.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortapp.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escorteng.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\escortlbr.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\esrv.exe
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\genericasktoolbar.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\AppID\secman.dll
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{261DD098-8A3E-43D4-87AA-63324FA897D8}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{86838207-681D-469D-9511-D0DCC6F19F9B}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{A0B10EBE-4E51-4CAE-949B-E6B9E7D68CEA}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{E97A663B-81A6-49C5-A6D3-BCB05BA1DE26}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Failed to delete: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{39CB8175-E224-4446-8746-00566302DF8D}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\1clickdownload
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\babsolution
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\delta
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\installcore
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\privitizevpninstalldates
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\softonic
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\startsearch
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\visualbee
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\yahoopartnertoolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\zugo
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduit
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\conduitsearchscopes
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\freecause
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\pricegong
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\search settings
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\smartbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\toolbar
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\application updater
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\conduit
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\installiq
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\visualbee
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\applications\ilividsetupv1.exe
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltaappcore.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\delta.deltahlpr.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\esrv.deltaesrvc.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\ftdownloader
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\genericasktoolbar.toolbarwnd.1
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Classes\prod.cap
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\apnstub_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\datamngrui_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ftdownloader_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ftdownloader_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\ilividsetupv1_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\setupdatamngr_searchqu_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\webcakedesktop_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\1clickdownload
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\delta chrome toolbar
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Uninstall\{86d4b82a-abed-442a-be86-96357b70f4fe}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_wavepad[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\SoftonicDownloader_for_wavepad[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_wavepad[1]_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\SoftonicDownloader_for_wavepad[1]_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F20ED7CF-AA51-4383-A5BB-713E0A515209}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F9F3C54D-B977-4974-9C92-9885EF7C5671}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Successfully deleted: [Registry Key] "hkey_current_user\software\apn pip"
Successfully deleted: [Registry Key] "hkey_current_user\software\apn"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\asktoolbarinfo"
Successfully deleted: [Registry Key] "hkey_current_user\software\appdatalow\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_current_user\software\ask.com"
Successfully deleted: [Registry Key] "hkey_current_user\software\microsoft\internet explorer\low rights\elevationpolicy\{a5aa24ea-11b8-4113-95ae-9ed71deaf12a}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\apn"
Successfully deleted: [Registry Key] "hkey_local_machine\software\asktoolbar"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\appid\{9b0cb95c-933a-4b8c-b6d4-edcd19a43874}"
Successfully deleted: [Registry Key] "hkey_local_machine\software\classes\typelib\{2996f0e7-292b-4cae-893f-47b8b1c05b56}"
 
 
 
~~~ Files
 
Successfully deleted: [File] "C:\Users\Christy_2\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Christy_2\appdata\local\google\chrome\user data\default\local storage\http_app.mam.conduit.com_0.localstorage-journal"
Successfully deleted: [File] "C:\Users\Christy_2\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage"
Successfully deleted: [File] "C:\Users\Christy_2\appdata\local\google\chrome\user data\default\local storage\http_facebook.conduitapps.com_0.localstorage-journal"
 
 
 
~~~ Folders
 
Successfully deleted: [Folder] "C:\ProgramData\apn"
Successfully deleted: [Folder] "C:\ProgramData\babylon"
Successfully deleted: [Folder] "C:\ProgramData\boost_interprocess"
Successfully deleted: [Folder] "C:\ProgramData\partner"
Successfully deleted: [Folder] "C:\ProgramData\tarma installer"
Successfully deleted: [Folder] "C:\ProgramData\ytd video downloader"
Successfully deleted: [Folder] "C:\Users\Christy_2\AppData\Roaming\babsolution"
Successfully deleted: [Folder] "C:\Users\Christy_2\AppData\Roaming\babylon"
Successfully deleted: [Folder] "C:\Users\Christy_2\AppData\Roaming\delta"
Successfully deleted: [Folder] "C:\Users\Christy_2\AppData\Roaming\opencandy"
Successfully deleted: [Folder] "C:\Users\Christy_2\AppData\Roaming\webcake"
Successfully deleted: [Folder] "C:\Users\Christy_2\appdata\local\conduit"
Successfully deleted: [Folder] "C:\Users\Christy_2\appdata\local\cre"
Successfully deleted: [Folder] "C:\Users\Christy_2\appdata\locallow\conduit"
Successfully deleted: [Folder] "C:\Users\Christy_2\appdata\locallow\datamngr"
Successfully deleted: [Folder] "C:\Users\Christy_2\appdata\locallow\pricegong"
Successfully deleted: [Folder] "C:\Users\Christy_2\appdata\locallow\search settings"
Successfully deleted: [Folder] "C:\Program Files (x86)\application updater"
Successfully deleted: [Folder] "C:\Program Files (x86)\conduit"
Successfully deleted: [Folder] "C:\Program Files (x86)\delta"
Successfully deleted: [Folder] "C:\Program Files (x86)\ftdownloader.com"
Successfully deleted: [Folder] "C:\Program Files (x86)\webcake"
Successfully deleted: [Folder] "C:\Program Files (x86)\youtube downloader toolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\Common Files\spigot"
Successfully deleted: [Folder] "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ytd video downloader"
Successfully deleted: [Folder] "C:\ai_recyclebin"
Successfully deleted: [Folder] "C:\Windows\syswow64\ai_recyclebin"
Successfully deleted: [Folder] "C:\Users\Christy_2\appdata\locallow\asktoolbar"
Successfully deleted: [Folder] "C:\Program Files (x86)\ask.com"
Successfully deleted: [Folder] "C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}"
 
 
 
~~~ FireFox
 
Failed to delete: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] "C:\Program Files (x86)\Mozilla Firefox\searchplugins\search_results.xml"
Successfully deleted: [File] C:\Users\Christy_2\AppData\Roaming\mozilla\firefox\profiles\l4opoepm.default\user.js
Successfully deleted: [File] C:\Users\Christy_2\AppData\Roaming\mozilla\firefox\profiles\l4opoepm.default\searchplugins\babylon.xml
Successfully deleted: [File] C:\Users\Christy_2\AppData\Roaming\mozilla\firefox\profiles\l4opoepm.default\searchplugins\delta.xml
Successfully deleted: [File] C:\Users\Christy_2\AppData\Roaming\mozilla\firefox\profiles\l4opoepm.default\searchplugins\privitize.xml
Successfully deleted: [File] C:\Users\Christy_2\AppData\Roaming\mozilla\firefox\profiles\l4opoepm.default\searchplugins\safesearch.xml
Successfully deleted: [File] C:\Users\Christy_2\AppData\Roaming\mozilla\firefox\profiles\l4opoepm.default\searchplugins\search_results.xml
Successfully deleted: [Folder] C:\Users\Christy_2\AppData\Roaming\mozilla\firefox\profiles\l4opoepm.default\smartbar
Successfully deleted: [Folder] C:\Users\Christy_2\AppData\Roaming\mozilla\firefox\profiles\l4opoepm.default\extensions\plugin@getwebcake.com
Successfully deleted the following from C:\Users\Christy_2\AppData\Roaming\mozilla\firefox\profiles\l4opoepm.default\prefs.js
 
user_pref("CT3287806.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287806&SearchSource=2&CUI=UN26209649752697845&UM=2&q=");
user_pref("CT3287806.embeddedsData", "[{\"appId\":\"130058504727552979\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"get
user_pref("CT3287806.installType", "conduitnsisintegration");
user_pref("CT3287806.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287806&octid=CT3287806&SearchSource=15&CUI=UN2620964975269784
user_pref("CT3287806.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnN
user_pref("CT3287806.originalHomepage", "hxxp://searchou.com/?id=e28538370000000000000002765a9001");
user_pref("CT3287806.originalSearchAddressUrl", "hxxp://searchou.com/?q={searchTerms}&id=e28538370000000000000002765a9001");
user_pref("CT3287806.originalSearchEngine", "Search The Web (privitize)");
user_pref("CT3287806.search.searchAppId", "130058504727552979");
user_pref("CT3287806.search.searchCount", "0");
user_pref("CT3287806.smartbar.CTID", "CT3287806");
user_pref("CT3287806.smartbar.Uninstall", "0");
user_pref("CT3287806.smartbar.homepage", "true");
user_pref("CT3287806.smartbar.toolbarName", "VisualBee V.7 ");
user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3287806&CUI=UN26209649752697845&UM=2&SearchSource=13");
user_pref("Smartbar.ConduitSearchEngineList", "VisualBee V.7 Customized Web Search");
user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287806&SearchSource=2&CUI=UN26209649752697845&UM=2&q=");
user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://searchou.com/?q={searchTerms}&id=e28538370000000000000002765a9001");
user_pref("Smartbar.keywordURLSelectedCTID", "CT3287806");
user_pref("browser.newtab.url", "hxxp://www.delta-search.com/?babsrc=NT_ss&mntrId=E2850E0050390000&affID=119781&tt=250613_gr2&tsp=4925");
user_pref("browser.search.defaultthis.engineName", "VisualBee V.7 Customized Web Search");
user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287806&CUI=UN26209649752697845&UM=2&SearchSource=3&q={searchTerms}");
user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "e28538370000000000000e0050390000");
user_pref("extensions.delta.instlDay", "15882");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.21.5");
user_pref("extensions.delta.vrsnTs", "1.8.21.516:31:37");
user_pref("extensions.delta.vrsni", "1.8.21.5");
user_pref("extensions.delta_i.babExt", "");
user_pref("extensions.delta_i.babTrack", "affID=119781&tt=250613_gr2&tsp=4925");
user_pref("extensions.delta_i.srcExt", "ss");
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=e28538370000000000000002765a9001");
user_pref("extensions.privitize.hpOld0", "hxxp://google.com");
user_pref("extensions.privitize.id", "e28538370000000000000002765a9001");
user_pref("extensions.privitize.instlDay", "15838");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=e28538370000000000000002765a9001");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=e28538370000000000000002765a9001");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=e28538370000000000000002765a9001&q=");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.2213:43:12");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("smartbar.addressBarOwnerCTID", "CT3287806");
user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3287806&CUI=UN26209649752697845&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3287806&CUI
user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3287806&SearchSource=2&CUI=UN26209649752697845&UM=2&q=");
user_pref("smartbar.defaultSearchOwnerCTID", "CT3287806");
user_pref("smartbar.homePageOwnerCTID", "CT3287806");
user_pref("smartbar.machineId", "D8+6HYX7GSW21/L+TTHU3DYPZ+YMUN4CKGQN/CD3HIDBSFSRY6XNYHO6SYUBGLKUKXUWGSVB9WZVLG7FY0I96A");
user_pref("smartbar.originalHomepage", "hxxp://search.conduit.com/?ctid=CT3287806&CUI=UN26209649752697845&UM=2&SearchSource=13&UP=SP6C674C2C-B329-4B27-B1AD-CA265E112DDF");
Emptied folder: C:\Users\Christy_2\AppData\Roaming\mozilla\firefox\profiles\l4opoepm.default\minidumps [20 files]
 
 
 
~~~ Chrome
 
Successfully deleted: [Folder] C:\Users\Christy_2\appdata\local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Folder] C:\Users\Christy_2\appdata\local\Google\Chrome\User Data\Default\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\eooncjejnppfjjklapaamhcdmjbilmde
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Google\Chrome\Extensions\fjoijdanhaiflhibkljeklcghcmmfffh
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Fri 11/22/2013 at 22:34:15.41
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#4 katydidonline

katydidonline
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest USA
  • Local time:05:01 AM

Posted 23 November 2013 - 12:00 AM

# AdwCleaner v3.012 - Report created 22/11/2013 at 22:50:25
# Updated 11/11/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Christy_2 - CHRISTY-VAIO
# Running from : C:\Users\Christy_2\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\Searchprotect
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\Program Files (x86)\iMesh Applications
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Users\Christy\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Christy\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Christy\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Christy\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Christy\AppData\Roaming\Searchprotect
Folder Deleted : C:\Users\Christy_2\AppData\Local\PackageAware
Folder Deleted : C:\Users\Christy_2\AppData\Local\PutLockerDownloader
Folder Deleted : C:\Users\Christy_2\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Christy_2\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Deleted : C:\Users\Damein\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Damein\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Damein\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\Damein\AppData\LocalLow\Zynga
Folder Deleted : C:\Users\Christy_2\AppData\Local\Google\Chrome\User Data\Default\Extensions\acohkacenjkkllhbfgfflibmenakobco
File Deleted : C:\Users\Christy_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_eooncjejnppfjjklapaamhcdmjbilmde_0.localstorage
File Deleted : C:\Users\Christy_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage
File Deleted : C:\Users\Christy_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Christy_2\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Windows\System32\Tasks\EPUpdater
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKCU\Software\Google\Chrome\Extensions\acohkacenjkkllhbfgfflibmenakobco
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\acohkacenjkkllhbfgfflibmenakobco
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iMesh_V11_en_Setup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{20E1481B-E285-4ABC-ADC7-AE24842B81CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4599D05A-D545-4069-BB42-5895B4EAE05B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F3FEE66E-E034-436A-86E4-9690573BEE8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{31D8407C-62E4-4125-A4A9-717EFB1A56AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{348C2DF3-1191-4C3E-92A6-B3A89A9D9C85}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F3FEE66E-E034-436A-86E4-9690573BEE8A}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0194532A-A99C-4337-937E-2A452C8957BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B37B4BA6-334E-72C1-B57E-6AFE8F8A5AF3}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B77AD4AC-C1C2-B293-7737-71E13A11FFEA}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E773F2CF-5E6E-FF2B-81A1-AC581A26B2B2}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD21}
Key Deleted : HKCU\Software\Imesh
Key Deleted : HKCU\Software\NCH Software
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\iMeshSRTB
Key Deleted : HKLM\Software\NCH Software
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : [x64] HKLM\SOFTWARE\DataMngr
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C4ED781C-7394-4906-AAFF-D6AB64FF7C38}
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16736
 
 
-\\ Mozilla Firefox v24.0 (en-US)
 
[ File : C:\Users\Christy_2\AppData\Roaming\Mozilla\Firefox\Profiles\l4opoepm.default\prefs.js ]
 
Line Deleted : user_pref("CT3287806.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT3287806.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description\":\"California Rock - Rock\",\"url\":\"hxxp://www.feedlive.net/california.asx\"}");
Line Deleted : user_pref("CT3287806.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287806.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287806.FF19Solved", "true");
Line Deleted : user_pref("CT3287806.FirstTime", "true");
Line Deleted : user_pref("CT3287806.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3287806.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287806.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3287806.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3287806.SF_USER_ID.enc", "Y2lkXzIxNTIwMTMyMjQ1MjgzNjk2ODM0");
Line Deleted : user_pref("CT3287806.UserID", "UN26209649752697845");
Line Deleted : user_pref("CT3287806.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3287806.autoDisableScopes", -1);
Line Deleted : user_pref("CT3287806.browser.search.defaultthis.engineName", "true");
Line Deleted : user_pref("CT3287806.cbfirsttime.enc", "VHVlIE1heSAyMSAyMDEzIDIyOjQ1OjE0IEdNVC0wNTAwIChDZW50cmFsIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT3287806.defaultSearch", "true");
Line Deleted : user_pref("CT3287806.embeddedsData", "[{\"appId\":\"130058504727552979\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3287806.enableAlerts", "true");
Line Deleted : user_pref("CT3287806.enableFix404ByUser", "TRUE");
Line Deleted : user_pref("CT3287806.enableSearchFromAddressBar", "true");
Line Deleted : user_pref("CT3287806.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3287806.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3287806.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3287806.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3287806.fixUrls", true);
Line Deleted : user_pref("CT3287806.installDate", "21/5/2013 20:36:52");
Line Deleted : user_pref("CT3287806.installId", "stub.exe");
Line Deleted : user_pref("CT3287806.installSessionId", "{6448318D-8780-4543-8498-719E91DBD898}");
Line Deleted : user_pref("CT3287806.installSp", "true");
Line Deleted : user_pref("CT3287806.installUsage", "2013-05-22T06:44:39.0549703+03:00");
Line Deleted : user_pref("CT3287806.installUsageEarly", "2013-05-22T06:44:37.3676107+03:00");
Line Deleted : user_pref("CT3287806.installerVersion", "1.4.2.3");
Line Deleted : user_pref("CT3287806.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3287806.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287806.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3287806.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3287806.keyword", "true");
Line Deleted : user_pref("CT3287806.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3287806&octid=CT3287806&SearchSource=15&CUI=UN26209649752697845&SSPV=EB_SSPV&Lay=1&UM=2[...]
Line Deleted : user_pref("CT3287806.lastVersion", "10.16.2.9");
Line Deleted : user_pref("CT3287806.mam_gk_appStateReportTime.enc", "MTM2OTE5NDI4OTgxMg==");
Line Deleted : user_pref("CT3287806.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3287806.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3287806.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3287806.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3287806.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3287806.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287806.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkVhc3l0b2Jvb2tfdGFyZ2V0ZWQiLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiIxM2RhYWE2YS02NzYwLTQ0NDAtOTJhMy1hYmEwNzliNzI4ZjAiLCJ[...]
Line Deleted : user_pref("CT3287806.mam_gk_currentVersion.enc", "MS42LjAuMQ==");
Line Deleted : user_pref("CT3287806.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3287806.mam_gk_installer_preapproved.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287806.mam_gk_lastLoginTime.enc", "MTM2OTE5NDI4NjA3OQ==");
Line Deleted : user_pref("CT3287806.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3287806.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287806.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3287806.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3287806.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3287806.mam_gk_userId.enc", "ZTNhYjc3ZjEtZDUyMC00MzEyLWE1NTktOGYzMWIzNjhjZTkz");
Line Deleted : user_pref("CT3287806.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3287806.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"about%3Aaddons\",\"EB_MAIN_FRAME_TITLE\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp://VisualBeeV7.OurToolbar.c[...]
Line Deleted : user_pref("CT3287806.openThankYouPage", "false");
Line Deleted : user_pref("CT3287806.openUninstallPage", "true");
Line Deleted : user_pref("CT3287806.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3287806.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT3287806.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3287806.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3287806.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3287806.searchRevert", "false");
Line Deleted : user_pref("CT3287806.searchUserMode", "2");
Line Deleted : user_pref("CT3287806.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287806.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287806.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3287806.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3287806\"}");
Line Deleted : user_pref("CT3287806.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://VisualBeeV7.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3287806.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"VisualBee V.7\"}");
Line Deleted : user_pref("CT3287806.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3287806.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369194279512");
Line Deleted : user_pref("CT3287806.serviceLayer_services_appsMetadata_lastUpdate", "1369194279546");
Line Deleted : user_pref("CT3287806.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369194279417");
Line Deleted : user_pref("CT3287806.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369194278076");
Line Deleted : user_pref("CT3287806.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1369194280403");
Line Deleted : user_pref("CT3287806.serviceLayer_services_location_lastUpdate", "1369194278339");
Line Deleted : user_pref("CT3287806.serviceLayer_services_login_10.16.2.9_lastUpdate", "1369194280150");
Line Deleted : user_pref("CT3287806.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369194279558");
Line Deleted : user_pref("CT3287806.serviceLayer_services_searchAPI_lastUpdate", "1369194278349");
Line Deleted : user_pref("CT3287806.serviceLayer_services_serviceMap_lastUpdate", "1369194275916");
Line Deleted : user_pref("CT3287806.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369194279475");
Line Deleted : user_pref("CT3287806.serviceLayer_services_toolbarSettings_lastUpdate", "1369194278083");
Line Deleted : user_pref("CT3287806.serviceLayer_services_translation_lastUpdate", "1369194279387");
Line Deleted : user_pref("CT3287806.settingsINI", true);
Line Deleted : user_pref("CT3287806.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3287806.showToolbarPermission", "false");
Line Deleted : user_pref("CT3287806.startPage", "true");
Line Deleted : user_pref("CT3287806.toolbarBornServerTime", "22-5-2013");
Line Deleted : user_pref("CT3287806.toolbarCurrentServerTime", "22-5-2013");
Line Deleted : user_pref("CT3287806.toolbarLoginClientTime", "Tue May 21 2013 22:44:40 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT3287806.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3287806.versionFromInstaller", "10.16.2.9");
Line Deleted : user_pref("CT3287806_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1369194273155,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Line Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Line Deleted : user_pref("extensions.asktb.cbid", "3U");
Line Deleted : user_pref("extensions.asktb.config-updated", false);
Line Deleted : user_pref("extensions.asktb.crumb", "2012.04.05+12.08.09-toolbar010iad-US-QXRsYW50YSxHQSxVbml0ZWQgU3RhdGVz");
Line Deleted : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}&qsrc={qsrc}&gct=bar");
Line Deleted : user_pref("extensions.asktb.displaybehavior", "");
Line Deleted : user_pref("extensions.asktb.displaytext", "");
Line Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Line Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USGA0028");
Line Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.guid", "AF5AFE37-6C80-433C-8BF3-56665F1D37B2");
Line Deleted : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxps://websearch.ask.com\", [...]
Line Deleted : user_pref("extensions.asktb.if", "su");
Line Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1369194271946");
Line Deleted : user_pref("extensions.asktb.last-search-timestamp", "1350666030009");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.location", "Atlanta,GA,United States");
Line Deleted : user_pref("extensions.asktb.lstation", "");
Line Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Line Deleted : user_pref("extensions.asktb.news-native-on", true);
Line Deleted : user_pref("extensions.asktb.o", "16799");
Line Deleted : user_pref("extensions.asktb.options-lang", "en");
Line Deleted : user_pref("extensions.asktb.options-locale", "US");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.pstate", "");
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "19");
Line Deleted : user_pref("extensions.asktb.sa", "NO");
Line Deleted : user_pref("extensions.asktb.search-history-queries", "www.zynga.com");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "10000");
Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.timeinstalled", "10/14/2012 12:05:29 PM");
Line Deleted : user_pref("extensions.asktb.to", "");
Line Deleted : user_pref("extensions.asktb.v", "3.15.15.100013");
Line Deleted : user_pref("extensions.asktb.version", "5.15.15.35882");
Line Deleted : user_pref("extensions.asktb.volume", "");
Line Deleted : user_pref("extensions.enabledAddons", "plugin%40getwebcake.com:1.00.01,leethax%40leethax.net:2013.07.12,%7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:12.0.3.2%20-%201,%7B2D3F3651-74B9-4795-BDEC-6DA2F431C[...]
Line Deleted : user_pref("extentions.webcake.defaultEnableAppsList", "layers,brain/features,newOffers/wc");
Line Deleted : user_pref("extentions.webcake.installId", "562b62b7-8a82-4167-8d9a-9dfdbb66df8c");
 
[ File : C:\Users\Damein\AppData\Roaming\Mozilla\Firefox\Profiles\ot4ylfu8.default\prefs.js ]
 
 
-\\ Google Chrome v
 
[ File : C:\Users\Christy\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
[ File : C:\Users\Christy_2\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted : homepage
Deleted : urls_to_restore_on_startup
 
*************************
 
AdwCleaner[R0].txt - [23755 octets] - [22/11/2013 22:46:17]
AdwCleaner[S0].txt - [23727 octets] - [22/11/2013 22:50:25]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [23788 octets] ##########


#5 katydidonline

katydidonline
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest USA
  • Local time:05:01 AM

Posted 23 November 2013 - 05:28 AM

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org
 
Database version: v2013.11.23.02
 
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16736
Christy_2 :: CHRISTY-VAIO [administrator]
 
Protection: Enabled
 
11/22/2013 11:05:27 PM
mbam-log-2013-11-22 (23-05-27).txt
 
Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 822182
Time elapsed: 3 hour(s), 55 minute(s), 15 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 11
C:\$Recycle.Bin\S-1-5-21-2044977448-1085329002-2427339864-1003\$R8BTRV3.exe (PUP.Optional.AirInstaller) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Christy\AppData\Roaming\Searchprotect\bin\ChromeModule.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Christy\AppData\Roaming\Searchprotect\bin\cltmng.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Christy\AppData\Roaming\Searchprotect\bin\CltMngSvc.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Christy\AppData\Roaming\Searchprotect\bin\FirefoxModule.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Christy\AppData\Roaming\Searchprotect\bin\InternetExplorerModule.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Christy\AppData\Roaming\Searchprotect\bin\SPHook32.dll.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\AdwCleaner\Quarantine\C\Users\Christy\AppData\Roaming\Searchprotect\bin\uninstall.exe.vir (PUP.Optional.Conduit.A) -> Quarantined and deleted successfully.
C:\ProgramData\YTD YouTube Downloader & Converter\ytd_installer.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
C:\Users\Christy_2\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.50\agent\stub_data\stubinst_pkg_en-us.cab (PUP.Optional.OpenCandy) -> Quarantined and deleted successfully.
C:\Users\Christy_2\Downloads\aTubeCatcher.exe (PUP.Optional.Spigot.A) -> Quarantined and deleted successfully.
 
(end)


#6 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:01 AM

Posted 23 November 2013 - 09:14 AM

How does it feel now?


Edited by JSntgRvr, 23 November 2013 - 09:14 AM.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif


#7 katydidonline

katydidonline
  • Topic Starter

  • Members
  • 43 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Midwest USA
  • Local time:05:01 AM

Posted 24 November 2013 - 09:57 AM

Still hanging...still won't shut down due to running apps?



#8 JSntgRvr

JSntgRvr

    Master Surgeon General


  • Malware Response Team
  • 11,751 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Puerto Rico
  • Local time:07:01 AM

Posted 24 November 2013 - 11:16 AM

Lets try Combofix.

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**
  • Please, never rename Combofix unless instructed.
  • Close any open browsers.
  • Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    -----------------------------------------------------------

    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    • Click on this link or this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

    -----------------------------------------------------------

  • Close any open browsers.
  • WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
  • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
  • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

-----------------------------------------------------------

  • Double click on combofix.exe & follow the prompts.
  • Install the Recovery Console if prompted.
  • When finished, it will produce a report for you.
  • Please post the "C:\ComboFix.txt" .
  • **Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

No request for help throughout private messaging will be attended.

If I have helped you, consider making a donation to help me continue the fight against Malware!
btn_donate_SM.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users