Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Computer Infected


  • This topic is locked This topic is locked
73 replies to this topic

#1 Kananu Reeves

Kananu Reeves

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 12 December 2013 - 05:09 PM

Hello, I have a friend's Acer Aspire 5516 laptop running Windows Vista Basic, AMD Processor TF-20, 1.6 Ghz, 2Gb Ram that seems to be infected. When I first got it, it was not configuring Windows updates correctly.  It would get stuck in a loop upon reboot. So, I ran the usual virus removal tools which detected and removed numerous viruses and other Malware.  I finally got it to boot up correctly and have tried downloading updates again, but it still will not configure correctly.  Other than the configuration/updates issue, it seems to be booting up somewhat normally, however, it's acting strangely, and I still think it's infected, so I tried running Gmer and RootRepeal. Gmer came back okay, but Rootrepeal detected 2 threats almost immediately, and the computer then crashed with the BSoD.

One more thing, I'm not sure if this is important or not.  But while I was trying to run if you different filesystem repair tools, one of the error messages I would get is that one of the 'system volumes was encrypted.' Also, it had a program named Winlocker (an encryption tool, I think??) which had been installed, but the owner claims to know nothing about how it got there.

 

thanks

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16506  BrowserJavaVersion: 10.25.2
Run by joani at 13:06:58 on 2013-12-12
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1789.928 [GMT -8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Users\joani\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_5516
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/armhelper.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{571F8497-06E1-42C8-85FD-F3FE3A80AE24} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{778FA5F4-EDE7-48CD-A486-643C85678181} : DHCPNameServer = 64.13.115.12 75.94.255.12
TCP: Interfaces\{8977969B-D9B0-45D5-B37A-BAB1F410EDFF} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joani\appdata\roaming\mozilla\firefox\profiles\yy9e5cdj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&CUI=UN02694718892254033&UM=&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\joani\appdata\local\microsoft\internet explorer\downloaded program files\npsoe.dll
FF - plugin: c:\users\joani\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\joani\appdata\roaming\mozilla\firefox\profiles\yy9e5cdj.default\extensions\{bb45ef8e-1e36-4535-a017-ec908fb1e335}\plugins\np-mswmp.dll
FF - plugin: c:\users\joani\appdata\roaming\mozilla\firefox\profiles\yy9e5cdj.default\extensions\{bb45ef8e-1e36-4535-a017-ec908fb1e335}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 07:14; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-5-23 723488]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-2-17 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-4-18 49664]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-7-8 318464]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-7-8 51456]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-12-14 13312]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-12-14 9472]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-12-14 96416]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [2010-5-12 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [2010-5-12 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [2010-5-12 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [2010-5-12 90880]
.
=============== Created Last 30 ================
.
2013-12-12 06:42:43    --------    d-----w-    c:\users\joani\appdata\roaming\Philipp Winterberg
2013-12-12 06:42:15    --------    d-----w-    c:\program files\Free RAR Extract Frog
2013-12-11 05:31:35    103680    ----a-w-    C:\awdoypog.sys
2013-12-10 05:57:28    --------    d-----w-    c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-10 05:55:48    74456    ----a-w-    c:\windows\system32\drivers\mbamchameleon.sys
2013-12-10 00:54:41    --------    d-----w-    c:\users\joani\appdata\local\temp
2013-12-10 00:53:52    --------    d-sh--w-    C:\$RECYCLE.BIN
2013-12-08 05:05:41    7772552    ----a-w-    c:\programdata\microsoft\windows defender\definition updates\{c295c50a-4e09-4ae9-a87b-590d131d4abc}\mpengine.dll
2013-12-07 22:07:12    --------    d-----w-    c:\program files\CCleaner
2013-12-07 20:25:45    --------    d-----w-    c:\users\joani\appdata\roaming\Malwarebytes
2013-12-07 20:25:23    --------    d-----w-    c:\programdata\Malwarebytes
2013-12-07 20:25:21    22856    ----a-w-    c:\windows\system32\drivers\mbam.sys
2013-12-07 20:25:21    --------    d-----w-    c:\program files\Malwarebytes' Anti-Malware
2013-12-07 18:29:52    98816    ----a-w-    c:\windows\sed.exe
2013-12-07 18:29:52    256000    ----a-w-    c:\windows\PEV.exe
2013-12-07 18:29:52    208896    ----a-w-    c:\windows\MBR.exe
.
==================== Find3M  ====================
.
2013-11-19 11:33:38    230048    ------w-    c:\windows\system32\MpSigStub.exe
2013-10-12 03:10:36    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-12 03:10:36    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 13:08:35.89 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,604 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:49 PM

Posted 17 December 2013 - 05:10 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/517292 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new DDS log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from the following link if you no longer have it available and save it to your destop.

    DDS.com Download Link
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control can be found HERE.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 17 December 2013 - 08:05 PM

new log
 
 
 
DDS (Ver_2012-11-20.01) - NTFS_x86 
Internet Explorer: 9.0.8112.16506  BrowserJavaVersion: 10.25.2
Run by joani at 16:42:53 on 2013-12-17
Microsoft® Windows Vista™ Home Basic   6.0.6002.2.1252.1.1033.18.1789.1181 [GMT -8:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\Ati2evxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\joani\AppData\Local\Temp\RtkBtMnt.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_5516
uSearchURL,(Default) = hxxp://www.google.com/search/?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
EB: <No Name>: {555D4D79-4BD2-4094-A395-CFC534424A05} - LocalServer32 - <no file>
mRun: [Acer Assist Launcher] c:\program files\acer\acer assist\launcher.exe
mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [Acer ePower Management] c:\program files\acer\acer epower management\ePowerTray.exe
mRun: [Skytel] c:\program files\realtek\audio\hda\Skytel.exe
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} - file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/armhelper.ocx
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{571F8497-06E1-42C8-85FD-F3FE3A80AE24} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{778FA5F4-EDE7-48CD-A486-643C85678181} : DHCPNameServer = 64.13.115.12 75.94.255.12
TCP: Interfaces\{8977969B-D9B0-45D5-B37A-BAB1F410EDFF} : DHCPNameServer = 192.168.0.1 205.171.3.25
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\31.0.1650.63\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\joani\appdata\roaming\mozilla\firefox\profiles\yy9e5cdj.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://google.com
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&CUI=UN02694718892254033&UM=&q=
FF - plugin: c:\program files\adobe\reader 9.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: c:\program files\google\google earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\google\update\1.3.22.3\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.20913.0\npctrlui.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\users\joani\appdata\local\microsoft\internet explorer\downloaded program files\npsoe.dll
FF - plugin: c:\users\joani\appdata\roaming\facebook\npfbplugin_1_0_3.dll
FF - plugin: c:\users\joani\appdata\roaming\mozilla\firefox\profiles\yy9e5cdj.default\extensions\{bb45ef8e-1e36-4535-a017-ec908fb1e335}\plugins\np-mswmp.dll
FF - plugin: c:\users\joani\appdata\roaming\mozilla\firefox\profiles\yy9e5cdj.default\extensions\{bb45ef8e-1e36-4535-a017-ec908fb1e335}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_9_900_117.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
FF - ExtSQL: !HIDDEN! 2009-09-01 07:14; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
============= SERVICES / DRIVERS ===============
.
R2 ePowerSvc;Acer ePower Service;c:\program files\acer\acer epower management\ePowerSvc.exe [2009-5-23 723488]
R2 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2008-1-20 21504]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\newtech infosystems\acer backup manager\IScheduleSvc.exe [2009-2-17 44800]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\newtech infosystems\nti backup now 5\SchedulerSvc.exe [2008-9-23 144632]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\L1C60x86.sys [2009-4-18 49664]
S3 bcm;WiMAX Network Adapter;c:\windows\system32\drivers\drxvi314.sys [2010-7-8 318464]
S3 bcmbusctr;WiMAX Bus Driver;c:\windows\system32\drivers\BcmBusCtr.sys [2010-7-8 51456]
S3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\newtech infosystems\nti backup now 5\BackupSvc.exe [2008-9-23 50424]
S3 pneteth;PdaNet Broadband;c:\windows\system32\drivers\pneteth.sys [2010-12-14 13312]
S3 pnetmdm;PdaNet Modem;c:\windows\system32\drivers\pnetmdm.sys [2010-12-14 9472]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\drivers\ssadbus.sys [2010-12-14 96416]
S3 uts_bus;UTStarcom USB Composite Device driver (WDM);c:\windows\system32\drivers\uts_bus.sys [2010-5-12 84352]
S3 uts_mdfl;UTStarcom USB Modem Filter;c:\windows\system32\drivers\uts_mdfl.sys [2010-5-12 14976]
S3 uts_mdm;UTStarcom USB Modem Drivers;c:\windows\system32\drivers\uts_mdm.sys [2010-5-12 110848]
S3 uts_serd;UTStarcom USB Diagnostic Serial Port (WDM);c:\windows\system32\drivers\uts_serd.sys [2010-5-12 90880]
.
=============== Created Last 30 ================
.
2013-12-12 06:42:43 -------- d-----w- c:\users\joani\appdata\roaming\Philipp Winterberg
2013-12-12 06:42:15 -------- d-----w- c:\program files\Free RAR Extract Frog
2013-12-11 05:31:35 103680 ----a-w- C:\awdoypog.sys
2013-12-10 05:57:28 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-12-10 05:55:48 74456 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-12-10 00:54:41 -------- d-----w- c:\users\joani\appdata\local\temp
2013-12-10 00:53:52 -------- d-sh--w- C:\$RECYCLE.BIN
2013-12-08 05:05:41 7772552 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c295c50a-4e09-4ae9-a87b-590d131d4abc}\mpengine.dll
2013-12-07 22:07:12 -------- d-----w- c:\program files\CCleaner
2013-12-07 20:25:45 -------- d-----w- c:\users\joani\appdata\roaming\Malwarebytes
2013-12-07 20:25:23 -------- d-----w- c:\programdata\Malwarebytes
2013-12-07 20:25:21 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-12-07 20:25:21 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-12-07 18:29:52 98816 ----a-w- c:\windows\sed.exe
2013-12-07 18:29:52 256000 ----a-w- c:\windows\PEV.exe
2013-12-07 18:29:52 208896 ----a-w- c:\windows\MBR.exe
.
==================== Find3M  ====================
.
2013-11-19 11:33:38 230048 ------w- c:\windows\system32\MpSigStub.exe
2013-10-12 03:10:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-10-12 03:10:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
============= FINISH: 16:43:34.90 ===============


#4 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 17 December 2013 - 08:51 PM

and where did the attach button go?



#5 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 20 December 2013 - 12:28 PM

hello, it's been a few days since helpbot responded to my post, was just wondering if everything was cool.



#6 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 20 December 2013 - 06:57 PM

Greetings Kananu Reeves and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that. :thumbup2:

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met. :)
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
  • Now let's get started :thumbup2:
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far, I apologize for the extended delay. Please run this program for me.

===================================================

Farbar Recovery Scan Tool (FRST)

--------------------
  • Download Farbar Recover Scan Tool for either 32 bit or 64 bit systems and save it to your desktop
  • If you are unsure if you have 32 bit or 64 bit simply download and try one. If that doesn't run properly the other one should
  • Double click the icon
  • Click Yes to the disclaimer
  • Click Scan and allow the program to run
  • Click OK on the Scan complete screen, then OK on the Addition.txt pop up screen
  • 2 Notepad documents should now be open on your desktop.
  • Please copy and paste the contents of both in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • FRST results
  • Addition log

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#7 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 21 December 2013 - 04:34 PM

here you go,

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-12-2013 02
Ran by joani (administrator) on JOANI-PC on 21-12-2013 13:28:45
Running from C:\Users\joani\Desktop
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) ===================

(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(ATI Technologies Inc.) C:\Windows\System32\Ati2evxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
(NewTech Infosystems, Inc.) C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
(Realtek Semiconductor Corp.) C:\Users\joani\AppData\Local\temp\RtkBtMnt.exe
(Synaptics, Inc.) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) \\?\C:\Windows\system32\wbem\WMIADAP.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Farbar) C:\Users\joani\Desktop\FRST(1).exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Acer Assist Launcher] - C:\Program Files\Acer\Acer Assist\launcher.exe [1261568 2007-11-19] ()
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [6711840 2009-04-09] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [1418536 2009-01-08] (Synaptics, Inc.)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [862728 2009-02-11] (Dritek System Inc.)
HKLM\...\Run: [Acer ePower Management] - C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [698912 2009-04-03] (Acer Incorporated)
HKLM\...\Run: [Skytel] - C:\Program Files\Realtek\Audio\HDA\SkyTel.exe [1833504 2009-04-09] (Realtek Semiconductor Corp.)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKU\Default\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Default User\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\Guest\...\Run: [WindowsWelcomeCenter] - rundll32.exe oobefldr.dll,ShowWelcomeCenter

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://global.acer.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&s=2&o=vb32&d=0509&m=aspire_5516
SearchScopes: HKLM - DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810
SearchScopes: HKLM - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810
SearchScopes: HKCU - {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKCU - {8C1A36A1-F5EF-3B23-94E4-ED31FE1B3197} URL = http://www.bing.com/search?q={searchTerms}&pc=Z003&form=ZGAIDF
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3101810
SearchScopes: HKCU - {AFDD25F9-C4AA-4457-8821-823B7CD07A32} URL = http://search.yahoo.com/search?fr=mcafee&p={SearchTerms}
SearchScopes: HKCU - {F84A279B-C380-4F2A-8E68-69153564A0AF} URL = http://websearch.ask.com/redirect?client=ie&tb=PPC&o=102944&src=kw&q={searchTerms}&locale=en_US&apn_ptnrs=6L&apn_dtid=YYYYYYSVUS&apn_uid=b9179958-039e-4d76-99a7-5111c8aca9f8&apn_sauid=52F9557F-3783-4968-9E77-989787A85190
BHO: No Name - {02478D38-C3F9-4efb-9B51-7695ECA05670} -  No File
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU - No Name - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} -  No File
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file:///C:/Program%20Files/Mahjong%20Escape%20-%20Ancient%20China/Images/armhelper.ocx
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
Handler: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
Handler: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8050.1202.dll (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default
FF user.js: detected! => C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\user.js
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Secure Search
FF SearchEngineOrder.user_pref("browser.search.order.2", "");: user_pref("browser.search.order.2", "");
FF SelectedSearchEngine: Google
FF Homepage: hxxp://google.com
FF Keyword.URL: hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&CUI=UN02694718892254033&UM=&q=
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin: @checkpoint.com/FFApi - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll No File
FF Plugin: @divx.com/DivX Browser Plugin,version=1.0.0 - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF Plugin: @Google.com/GoogleEarthPlugin - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WLPG,version=14.0.8051.1204 - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: @facebook.com/FBPlugin,version=1.0.3 - C:\Users\joani\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
FF Plugin HKCU: @soe.sony.com/installer,version=1.0.3 - C:\Users\joani\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
FF SearchPlugin: C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\searchplugins\mywebsearch.xml
FF SearchPlugin: C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\searchplugins\somoto-customized-web-search.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\McSiteAdvisor.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml
FF Extension:     Play Pickle TextLinks         - C:\Users\joani\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com
FF Extension: Conduit Engine  - C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\engine@conduit.com
FF Extension: No Name - C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\staged
FF Extension: Microsoft .NET Framework Assistant - C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF Extension: Yahoo! Toolbar - C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF Extension: Somoto  - C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\{bb45ef8e-1e36-4535-a017-ec908fb1e335}
FF Extension: uTorrentBar Community Toolbar - C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

Chrome:
=======
CHR DefaultSearchKeyword: mcafee
CHR DefaultSearchProvider: McAfee
CHR DefaultSearchURL: http://search.yahoo.com/search?fr=mcafee&p={searchTerms}
CHR DefaultNewTabURL:
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\31.0.1650.63\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.220.4) - C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java™ Platform SE 6 U22) - C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (ClickPotatoLite Firefox Plugin) - C:\Program Files\Mozilla Firefox\plugins\npclntax_ClickPotatoLiteSA.dll No File
CHR Plugin: (2007 Microsoft Office system) - C:\Program Files\Mozilla Firefox\plugins\NPOFF12.DLL (Microsoft Corporation)
CHR Plugin: (getPlusPlus for Adobe 16263) - C:\Program Files\Mozilla Firefox\plugins\np_gp.dll (NOS Microsystems Ltd.)
CHR Plugin: (CANON iMAGE GATEWAY Album Plugin Utility) - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL No File
CHR Plugin: (DivX Web Player) - C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll No File
CHR Plugin: (McAfee Security Scanner +) - C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll No File
CHR Plugin: (McAfee SiteAdvisor) - C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll No File
CHR Plugin: (VLC Web Plugin) - C:\Program Files\VideoLAN\VLC\npvlc.dll No File
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Free Realms Installer) - C:\Users\joani\AppData\Local\Microsoft\Internet Explorer\Downloaded Program Files\npsoe.dll ()
CHR Plugin: (BrowserPlus (from Yahoo!) v2.9.8) - C:\Users\joani\AppData\Local\Yahoo!\BrowserPlus\2.9.8\Plugins\npybrowserplus_2.9.8.dll No File
CHR Plugin: (Facebook Plugin) - C:\Users\joani\AppData\Roaming\Facebook\npfbplugin_1_0_3.dll ( )
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll No File
CHR Plugin: (Windows Presentation Foundation) - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
CHR Extension: (Google Docs) - C:\Users\joani\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\joani\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\joani\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\joani\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Google Wallet) - C:\Users\joani\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0
CHR Extension: (Gmail) - C:\Users\joani\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1

========================== Services (Whitelisted) =================

R2 ePowerSvc; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [723488 2009-04-03] (Acer Incorporated)
S3 getPlusHelper; C:\Program Files\NOS\bin\getPlus_Helper.dll [68000 2010-03-29] (NOS Microsystems Ltd.)
R2 NTI IScheduleSvc; C:\Program Files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [44800 2009-02-17] (NewTech Infosystems, Inc.)
R2 NTISchedulerSvc; C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [144632 2008-09-23] (NewTech Infosystems, Inc.)

==================== Drivers (Whitelisted) ====================

R0 ahcix86s; C:\Windows\System32\DRIVERS\ahcix86s.sys [183312 2009-01-03] (Advanced Micro Devices, Inc)
S3 bcm; C:\Windows\System32\DRIVERS\drxvi314.sys [318464 2010-07-08] (Beceem communications pvt ltd.)
S3 bcmbusctr; C:\Windows\System32\DRIVERS\BcmBusCtr.sys [51456 2010-07-08] (Beceem communications pvt ltd.)
R1 DritekPortIO; C:\Program Files\Launch Manager\DPortIO.sys [20112 2006-11-02] (Dritek System Inc.)
S3 grmnusb; C:\Windows\System32\drivers\grmnusb.sys [9344 2009-04-17] (GARMIN Corp.)
R3 L1C; C:\Windows\System32\DRIVERS\L1C60x86.sys [49664 2009-01-14] (Atheros Communications, Inc.)
S3 LVUSBSta; C:\Windows\System32\DRIVERS\LVUSBSta.sys [41888 2007-05-09] (Logitech Inc.)
R3 NuidFltr; C:\Windows\System32\DRIVERS\NuidFltr.sys [14736 2009-05-09] (Microsoft Corporation)
S3 PID_PEPI; C:\Windows\System32\DRIVERS\LV302V32.SYS [1276832 2007-05-09] (Logitech Inc.)
S3 pneteth; C:\Windows\System32\DRIVERS\pneteth.sys [13312 2010-09-02] (June Fabrics Technology Inc.)
S3 pnetmdm; C:\Windows\System32\DRIVERS\pnetmdm.sys [9472 2006-09-28] (June Fabrics Technology)
S3 uts_bus; C:\Windows\System32\DRIVERS\uts_bus.sys [84352 2007-12-05] (MCCI)
S3 uts_mdfl; C:\Windows\System32\DRIVERS\uts_mdfl.sys [14976 2007-12-05] (MCCI Corporation)
S3 uts_mdm; C:\Windows\System32\DRIVERS\uts_mdm.sys [110848 2007-12-05] (MCCI)
S3 uts_serd; C:\Windows\System32\DRIVERS\uts_serd.sys [90880 2007-12-05] (MCCI)
U5 AppMgmt; C:\Windows\system32\svchost.exe [21504 2008-01-20] (Microsoft Corporation)
S3 catchme; \??\C:\Users\joani\AppData\Local\Temp\catchme.sys [x]
S3 Generalusbserialser20675; system32\DRIVERS\CT_U_USBSER.sys [x]
S1 iikrrzwt; \??\C:\Windows\system32\drivers\iikrrzwt.sys [x]
S3 IpInIp; system32\DRIVERS\ipinip.sys [x]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [x]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [x]
S3 PCTINDIS5; \??\C:\Windows\system32\PCTINDIS5.SYS [x]
S3 rootrepeal; \??\C:\Windows\system32\drivers\rootrepeal.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-12-21 12:32 - 2013-12-21 12:32 - 00021954 _____ C:\Users\joani\Desktop\Addition.txt
2013-12-21 12:31 - 2013-12-21 13:28 - 00017611 _____ C:\Users\joani\Desktop\FRST.txt
2013-12-21 12:30 - 2013-12-21 12:30 - 00000000 ____D C:\FRST
2013-12-21 12:29 - 2013-12-21 12:29 - 01325858 _____ (Farbar) C:\Users\joani\Desktop\FRST(1).exe
2013-12-12 13:10 - 2013-12-17 16:44 - 00008091 _____ C:\Users\joani\Desktop\attach.txt
2013-12-12 13:10 - 2013-12-17 16:43 - 00011648 _____ C:\Users\joani\Desktop\dds.txt
2013-12-12 13:06 - 2013-12-12 13:06 - 00000272 _____ C:\Users\joani\Desktop\Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com.URL
2013-12-12 13:05 - 2013-12-12 13:05 - 00688992 ____R (Swearware) C:\Users\joani\Desktop\dds.com
2013-12-12 13:05 - 2013-12-12 13:05 - 00000234 _____ C:\Users\joani\Desktop\Downloading DDS.URL
2013-12-12 13:01 - 2013-12-12 12:48 - 00001181 _____ C:\Users\joani\Desktop\notes adam's laptop.txt
2013-12-12 12:59 - 2013-12-12 12:59 - 00002033 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-11 22:57 - 2013-12-11 22:58 - 00142600 _____ C:\Windows\Minidump\Mini121113-02.dmp
2013-12-11 22:47 - 2013-12-11 22:47 - 00142600 _____ C:\Windows\Minidump\Mini121113-01.dmp
2013-12-11 22:46 - 2013-12-11 22:57 - 229902916 _____ C:\Windows\MEMORY.DMP
2013-12-11 22:44 - 2013-12-11 22:44 - 00000223 _____ C:\Users\joani\Desktop\rootrepeal.URL
2013-12-11 22:43 - 2013-12-11 22:43 - 00000000 _____ C:\Users\joani\Desktop\settings.dat
2013-12-11 22:43 - 2009-08-13 11:14 - 00472064 _____ ( ) C:\Users\joani\Desktop\RootRepeal.exe
2013-12-11 22:42 - 2013-12-11 22:42 - 00000919 _____ C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
2013-12-11 22:42 - 2013-12-11 22:42 - 00000000 ____D C:\Users\joani\AppData\Roaming\Philipp Winterberg
2013-12-11 22:42 - 2013-12-11 22:42 - 00000000 ____D C:\Program Files\Free RAR Extract Frog
2013-12-10 21:31 - 2013-12-10 21:31 - 00103680 _____ (GMER) C:\awdoypog.sys
2013-12-10 21:29 - 2013-12-10 21:29 - 00377856 _____ C:\Users\joani\Desktop\3fpv8enx.exe
2013-12-09 21:57 - 2013-12-09 21:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-09 21:55 - 2013-12-09 22:04 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-09 21:55 - 2013-12-09 21:58 - 00000000 ____D C:\Users\joani\Desktop\mbar
2013-12-09 17:47 - 2013-12-09 17:47 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2013-12-09 17:43 - 2013-12-09 17:44 - 05636096 _____ C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2013-12-09 17:43 - 2013-12-09 17:44 - 00131072 _____ C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2013-12-09 17:43 - 2013-12-09 17:44 - 00065536 _____ C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2013-12-09 16:54 - 2013-12-09 16:54 - 00010938 _____ C:\ComboFix.txt
2013-12-08 18:21 - 2013-12-08 18:24 - 00001555 _____ C:\Users\joani\AppData\Local\MyWinLockerInstaller.txt-20131208.log
2013-12-07 16:10 - 2013-12-11 22:46 - 00010928 _____ C:\Windows\PFRO.log
2013-12-07 16:06 - 2013-12-16 21:50 - 00000795 _____ C:\Windows\setupact.log
2013-12-07 16:06 - 2013-12-07 16:06 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 14:07 - 2013-12-07 14:07 - 00000808 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-07 14:07 - 2013-12-07 14:07 - 00000000 ____D C:\Program Files\CCleaner
2013-12-07 12:25 - 2013-12-08 12:46 - 00000910 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-07 12:25 - 2013-12-08 12:46 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-07 12:25 - 2013-12-07 12:25 - 00000000 ____D C:\Users\joani\AppData\Roaming\Malwarebytes
2013-12-07 12:25 - 2013-12-07 12:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-07 12:25 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2013-12-07 10:29 - 2013-12-09 16:54 - 00000000 ____D C:\Qoobox
2013-12-07 10:29 - 2011-06-25 22:45 - 00256000 _____ C:\Windows\PEV.exe
2013-12-07 10:29 - 2010-11-07 09:20 - 00208896 _____ C:\Windows\MBR.exe
2013-12-07 10:29 - 2009-04-19 20:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2013-12-07 10:29 - 2000-08-30 16:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2013-12-07 10:29 - 2000-08-30 16:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2013-12-07 10:29 - 2000-08-30 16:00 - 00098816 _____ C:\Windows\sed.exe
2013-12-07 10:29 - 2000-08-30 16:00 - 00080412 _____ C:\Windows\grep.exe
2013-12-07 10:29 - 2000-08-30 16:00 - 00068096 _____ C:\Windows\zip.exe
2013-12-07 10:28 - 2013-12-07 10:45 - 00000000 ____D C:\Windows\erdnt
2013-12-07 10:27 - 2013-12-08 12:01 - 05153091 ____R (Swearware) C:\Users\joani\Desktop\ComboFix.exe
2013-12-07 10:27 - 2013-12-07 10:27 - 00000000 ____D C:\Users\joani\Desktop\Computer Repair and Maintenance
2013-12-07 10:27 - 2013-12-07 08:32 - 04618136 _____ (Piriform Ltd) C:\Users\joani\Desktop\ccsetup408.exe
2013-12-07 10:27 - 2013-12-07 08:31 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\joani\Desktop\mbam-setup-1.75.0.1300.exe
2013-12-07 10:19 - 2013-12-07 10:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_NuidFltr_01005.Wdf

==================== One Month Modified Files and Folders =======

2013-12-21 13:29 - 2013-12-21 12:31 - 00017611 _____ C:\Users\joani\Desktop\FRST.txt
2013-12-21 13:29 - 2006-11-02 02:33 - 00709154 _____ C:\Windows\system32\PerfStringBackup.INI
2013-12-21 13:27 - 2009-05-23 01:45 - 01881614 _____ C:\Windows\WindowsUpdate.log
2013-12-21 13:22 - 2006-11-02 04:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-21 13:22 - 2006-11-02 04:45 - 00003216 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-21 13:21 - 2006-11-02 04:58 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-21 12:32 - 2013-12-21 12:32 - 00021954 _____ C:\Users\joani\Desktop\Addition.txt
2013-12-21 12:30 - 2013-12-21 12:30 - 00000000 ____D C:\FRST
2013-12-21 12:29 - 2013-12-21 12:29 - 01325858 _____ (Farbar) C:\Users\joani\Desktop\FRST(1).exe
2013-12-17 16:44 - 2013-12-12 13:10 - 00008091 _____ C:\Users\joani\Desktop\attach.txt
2013-12-17 16:43 - 2013-12-12 13:10 - 00011648 _____ C:\Users\joani\Desktop\dds.txt
2013-12-17 16:27 - 2006-11-02 04:58 - 00032610 _____ C:\Windows\Tasks\SCHEDLGU.TXT
2013-12-16 21:50 - 2013-12-07 16:06 - 00000795 _____ C:\Windows\setupact.log
2013-12-13 09:07 - 2009-07-31 07:13 - 00007268 _____ C:\Users\joani\AppData\Local\d3d9caps.dat
2013-12-12 13:06 - 2013-12-12 13:06 - 00000272 _____ C:\Users\joani\Desktop\Virus, Trojan, Spyware, and Malware Removal Logs Forum - BleepingComputer.com.URL
2013-12-12 13:05 - 2013-12-12 13:05 - 00688992 ____R (Swearware) C:\Users\joani\Desktop\dds.com
2013-12-12 13:05 - 2013-12-12 13:05 - 00000234 _____ C:\Users\joani\Desktop\Downloading DDS.URL
2013-12-12 12:59 - 2013-12-12 12:59 - 00002033 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-12-12 12:56 - 2009-04-18 19:00 - 00000000 ____D C:\Program Files\Google
2013-12-12 12:48 - 2013-12-12 13:01 - 00001181 _____ C:\Users\joani\Desktop\notes adam's laptop.txt
2013-12-11 22:58 - 2013-12-11 22:57 - 00142600 _____ C:\Windows\Minidump\Mini121113-02.dmp
2013-12-11 22:57 - 2013-12-11 22:46 - 229902916 _____ C:\Windows\MEMORY.DMP
2013-12-11 22:57 - 2010-11-02 17:58 - 00000000 ____D C:\Windows\Minidump
2013-12-11 22:47 - 2013-12-11 22:47 - 00142600 _____ C:\Windows\Minidump\Mini121113-01.dmp
2013-12-11 22:46 - 2013-12-07 16:10 - 00010928 _____ C:\Windows\PFRO.log
2013-12-11 22:44 - 2013-12-11 22:44 - 00000223 _____ C:\Users\joani\Desktop\rootrepeal.URL
2013-12-11 22:43 - 2013-12-11 22:43 - 00000000 _____ C:\Users\joani\Desktop\settings.dat
2013-12-11 22:42 - 2013-12-11 22:42 - 00000919 _____ C:\Users\Public\Desktop\Free RAR Extract Frog.lnk
2013-12-11 22:42 - 2013-12-11 22:42 - 00000000 ____D C:\Users\joani\AppData\Roaming\Philipp Winterberg
2013-12-11 22:42 - 2013-12-11 22:42 - 00000000 ____D C:\Program Files\Free RAR Extract Frog
2013-12-10 21:31 - 2013-12-10 21:31 - 00103680 _____ (GMER) C:\awdoypog.sys
2013-12-10 21:29 - 2013-12-10 21:29 - 00377856 _____ C:\Users\joani\Desktop\3fpv8enx.exe
2013-12-09 22:04 - 2013-12-09 21:55 - 00074456 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2013-12-09 22:04 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\rescache
2013-12-09 21:58 - 2013-12-09 21:55 - 00000000 ____D C:\Users\joani\Desktop\mbar
2013-12-09 21:57 - 2013-12-09 21:57 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-12-09 17:56 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Microsoft.NET
2013-12-09 17:47 - 2013-12-09 17:47 - 00000000 ____D C:\Windows\system32\WindowsPowerShell
2013-12-09 17:44 - 2013-12-09 17:43 - 05636096 _____ C:\Windows\ocsetup_install_MicrosoftWindowsPowerShell.etl
2013-12-09 17:44 - 2013-12-09 17:43 - 00131072 _____ C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.perf
2013-12-09 17:44 - 2013-12-09 17:43 - 00065536 _____ C:\Windows\ocsetup_cbs_install_MicrosoftWindowsPowerShell.dpx
2013-12-09 16:54 - 2013-12-09 16:54 - 00010938 _____ C:\ComboFix.txt
2013-12-09 16:54 - 2013-12-07 10:29 - 00000000 ____D C:\Qoobox
2013-12-09 16:51 - 2006-11-02 02:23 - 00000215 _____ C:\Windows\system.ini
2013-12-08 18:25 - 2011-10-06 20:22 - 00000000 ____D C:\Program Files\Canon
2013-12-08 18:24 - 2013-12-08 18:21 - 00001555 _____ C:\Users\joani\AppData\Local\MyWinLockerInstaller.txt-20131208.log
2013-12-08 15:28 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\LiveKernelReports
2013-12-08 12:46 - 2013-12-07 12:25 - 00000910 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2013-12-08 12:46 - 2013-12-07 12:25 - 00000000 ____D C:\Program Files\Malwarebytes' Anti-Malware
2013-12-08 12:01 - 2013-12-07 10:27 - 05153091 ____R (Swearware) C:\Users\joani\Desktop\ComboFix.exe
2013-12-07 20:16 - 2012-06-06 05:43 - 00000884 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-07 20:16 - 2012-06-06 05:43 - 00000880 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-07 16:11 - 2013-06-02 08:55 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-12-07 16:06 - 2013-12-07 16:06 - 00000000 _____ C:\Windows\setuperr.log
2013-12-07 15:37 - 2009-04-18 19:22 - 00000000 ____D C:\ProgramData\McAfee
2013-12-07 14:22 - 2010-11-30 14:31 - 00000000 ____D C:\Windows\pss
2013-12-07 14:18 - 2012-02-05 10:09 - 00000000 ____D C:\Users\joani\AppData\Local\Conduit
2013-12-07 14:08 - 2010-06-03 16:05 - 00000000 ____D C:\Users\joani\AppData\Roaming\Azureus
2013-12-07 14:08 - 2009-07-15 09:43 - 00000000 ____D C:\Users\joani\Tracing
2013-12-07 14:08 - 2007-07-11 17:49 - 00000000 ____D C:\Windows\Panther
2013-12-07 14:07 - 2013-12-07 14:07 - 00000808 _____ C:\Users\Public\Desktop\CCleaner.lnk
2013-12-07 14:07 - 2013-12-07 14:07 - 00000000 ____D C:\Program Files\CCleaner
2013-12-07 13:41 - 2006-11-02 03:18 - 00000000 ____D C:\Windows\Web
2013-12-07 13:40 - 2010-11-17 20:59 - 00000000 ____D C:\Users\joani\AppData\Local\OpenCandy
2013-12-07 13:18 - 2013-06-12 05:44 - 00001931 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-12-07 12:25 - 2013-12-07 12:25 - 00000000 ____D C:\Users\joani\AppData\Roaming\Malwarebytes
2013-12-07 12:25 - 2013-12-07 12:25 - 00000000 ____D C:\ProgramData\Malwarebytes
2013-12-07 10:47 - 2006-11-02 03:18 - 00000000 __RHD C:\Users\Default
2013-12-07 10:47 - 2006-11-02 03:18 - 00000000 ___RD C:\Users\Public
2013-12-07 10:45 - 2013-12-07 10:28 - 00000000 ____D C:\Windows\erdnt
2013-12-07 10:27 - 2013-12-07 10:27 - 00000000 ____D C:\Users\joani\Desktop\Computer Repair and Maintenance
2013-12-07 10:22 - 2009-04-18 18:55 - 00000000 ____D C:\Program Files\Microsoft Works
2013-12-07 10:19 - 2013-12-07 10:19 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_NuidFltr_01005.Wdf
2013-12-07 08:32 - 2013-12-07 10:27 - 04618136 _____ (Piriform Ltd) C:\Users\joani\Desktop\ccsetup408.exe
2013-12-07 08:31 - 2013-12-07 10:27 - 10285040 _____ (Malwarebytes Corporation                                    ) C:\Users\joani\Desktop\mbam-setup-1.75.0.1300.exe

Some content of TEMP:
====================
C:\Users\joani\AppData\Local\temp\RtkBtMnt.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-12-21 13:29

==================== End Of Log ============================

 

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 20-12-2013 02
Ran by joani at 2013-12-21 12:32:22
Running from C:\Users\joani\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

 Update for Microsoft Office 2007 (KB2508958)
Acer Assist
Acer Backup Manager (Version: 1.0.0.26)
Acer ePower Management (Version: 4.00.3006)
Acer eRecovery Management (Version: 4.00.3006)
Acer GridVista (Version: 2.75.825)
Acer Registration
Acrobat.com (Version: 0.0.0)
Acrobat.com (Version: 1.1.377)
Adobe AIR (Version: 3.7.0.1860)
Adobe Download Manager (Version: 1.6.2.63)
Adobe Flash Player 11 ActiveX (Version: 11.9.900.117)
Adobe Flash Player 11 Plugin (Version: 11.9.900.117)
Adobe Reader 9.5.0 (Version: 9.5.0)
Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (Version: 1.0.0.7)
ATI Catalyst Install Manager (Version: 3.0.704.0)
Backup Manager Basic (Version: 1.0.0.26)
Catalyst Control Center Core Implementation (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Full Existing (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Full New (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Light (Version: 2008.1210.1623.29379)
Catalyst Control Center Graphics Previews Vista (Version: 2008.1210.1623.29379)
Catalyst Control Center InstallProxy (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Chinese Standard (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Czech (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Danish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Dutch (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Finnish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization French (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization German (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Greek (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Hungarian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Italian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Japanese (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Korean (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Norwegian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Polish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Portuguese (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Russian (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Spanish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Swedish (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Thai (Version: 2008.1210.1623.29379)
Catalyst Control Center Localization Turkish (Version: 2008.1210.1623.29379)
CCC Help Chinese Standard (Version: 2008.1210.1622.29379)
CCC Help Chinese Traditional (Version: 2008.1210.1622.29379)
CCC Help Czech (Version: 2008.1210.1622.29379)
CCC Help Danish (Version: 2008.1210.1622.29379)
CCC Help Dutch (Version: 2008.1210.1622.29379)
CCC Help English (Version: 2008.1210.1622.29379)
CCC Help Finnish (Version: 2008.1210.1622.29379)
CCC Help French (Version: 2008.1210.1622.29379)
CCC Help German (Version: 2008.1210.1622.29379)
CCC Help Greek (Version: 2008.1210.1622.29379)
CCC Help Hungarian (Version: 2008.1210.1622.29379)
CCC Help Italian (Version: 2008.1210.1622.29379)
CCC Help Japanese (Version: 2008.1210.1622.29379)
CCC Help Korean (Version: 2008.1210.1622.29379)
CCC Help Norwegian (Version: 2008.1210.1622.29379)
CCC Help Polish (Version: 2008.1210.1622.29379)
CCC Help Portuguese (Version: 2008.1210.1622.29379)
CCC Help Russian (Version: 2008.1210.1622.29379)
CCC Help Spanish (Version: 2008.1210.1622.29379)
CCC Help Swedish (Version: 2008.1210.1622.29379)
CCC Help Thai (Version: 2008.1210.1622.29379)
CCC Help Turkish (Version: 2008.1210.1622.29379)
ccc-core-static (Version: 2008.1210.1623.29379)
ccc-utility (Version: 2008.1210.1623.29379)
CCleaner (Version: 4.08)
Choice Guard (Version: 1.2.87.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
DivX Setup (Version: 2.0.4.2)
Facebook Plug-In
Free RAR Extract Frog (Version: 5.20)
Google Chrome (Version: 31.0.1650.63)
Google Earth (Version: 7.1.2.2041)
Google Update Helper (Version: 1.3.22.3)
HP Update (Version: 4.000.007.003)
Java 7 Update 25 (Version: 7.0.250)
Java Auto Updater (Version: 2.1.9.5)
Java™ 6 Update 22 (Version: 6.0.220)
Junk Mail filter update (Version: 14.0.8050.1202)
Launch Manager (Version: 0.0.01)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729)
Microsoft Application Error Reporting (Version: 12.0.6012.5000)
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Access Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Enterprise 2007 (Version: 12.0.6612.1000)
Microsoft Office Excel MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office File Validation Add-In (Version: 14.0.5130.5003)
Microsoft Office Groove MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Groove Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office InfoPath MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office OneNote MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Outlook MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Office Proof (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (French) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proof (Spanish) 2007 (Version: 12.0.6612.1000)
Microsoft Office Proofing (English) 2007 (Version: 12.0.4518.1014)
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Shared Setup Metadata MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Office Suite Activation Assistant (Version: 2.9)
Microsoft Office Word MUI (English) 2007 (Version: 12.0.6612.1000)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft SQL Server 2005 Compact Edition [ENU] (Version: 3.1.0000)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Works (Version: 9.7.0621)
Mozilla Firefox 25.0.1 (x86 en-US) (Version: 25.0.1)
Mozilla Maintenance Service (Version: 25.0.1)
MSVCRT (Version: 14.0.1468.721)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
My Vapor Record 1.3
NTI Backup Now 5 (Version: 5.1.2.616)
NTI Backup Now Standard (Version: 5.1.2.616)
NTI Media Maker 8 (Version: 8.0.12.6509)
OGA Notifier 2.0.0048.0 (Version: 2.0.0048.0)
Realtek High Definition Audio Driver (Version: 6.0.1.5776)
Realtek USB 2.0 Card Reader (Version: 6.0.6000.20118)
Skins (Version: 2008.1210.1623.29379)
Spelling Dictionaries Support For Adobe Reader 9 (Version: 9.0.0)
StruCalc 8.0.97 (Version: 8.0.97)
Synaptics Pointing Device Driver (Version: 12.1.3.1)
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825642) 32-Bit Edition
UTStarcom USB Modem Software
VC80CRTRedist - 8.0.50727.4053 (Version: 1.1.0)
Windows Live Call (Version: 14.0.8050.1202)
Windows Live Communications Platform (Version: 14.0.8050.1202)
Windows Live Essentials (Version: 14.0.8050.1202)
Windows Live ID Sign-in Assistant (Version: 6.500.3165.0)
Windows Live Mail (Version: 14.0.8050.1202)
Windows Live Messenger (Version: 14.0.8050.1202)
Windows Live Photo Gallery (Version: 14.0.8051.1204)
Windows Live Sync (Version: 14.0.8050.1202)
Windows Live Writer (Version: 14.0.8050.1202)

==================== Restore Points  =========================

18-11-2013 11:00:31 Windows Update
26-11-2013 01:47:11 Scheduled Checkpoint
26-11-2013 11:00:27 Windows Update
07-12-2013 18:18:45 Windows Update
07-12-2013 22:09:19 Removed Ask Toolbar.
07-12-2013 22:11:45 Removed Bing Bar
08-12-2013 01:05:06 Windows Update
08-12-2013 04:55:02 Windows Update
09-12-2013 02:21:11 Removed MyWinLocker.
09-12-2013 02:48:55 Windows Update
10-12-2013 01:45:25 Windows Update
12-12-2013 06:34:19 Scheduled Checkpoint
12-12-2013 22:11:56 Scheduled Checkpoint
18-12-2013 01:31:11 Scheduled Checkpoint

==================== Hosts content: ==========================

2006-11-02 02:23 - 2013-12-07 10:44 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {1736FBA0-AAA9-4E11-A581-5FED698E56C7} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-11-22] (Piriform Ltd)
Task: {18DFD9FC-082E-4E9B-8285-5F21D2B4EDAE} - System32\Tasks\Microsoft\Windows\MobilePC\TMM
Task: {31B07158-457D-4163-AC52-8F480A2EC978} - System32\Tasks\task341142 => C:\Users\joani\AppData\Local\Temp\0.9425562308380074.exe
Task: {3E4336DB-5D9E-4677-938A-7A254A9C2B77} - System32\Tasks\task6933308 => C:\Users\joani\AppData\Local\Temp\0.6097297498472453.exe
Task: {5916F864-469C-4391-8604-E4EA141A2699} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\System32\gatherWirelessInfo.vbs [2008-01-20] ()
Task: {69A571E8-9EB3-4A35-8229-B8A28D87F070} - System32\Tasks\{9BC268FE-15A4-48A1-94E6-86719AC8724B} => C:\Program Files\Skype\\Phone\Skype.exe
Task: {7C5A51E8-1AD7-48C6-8879-257A8A9609F5} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI
Task: {7FB4972D-85A3-4F31-8729-B9D53FAD9E58} - System32\Tasks\{0779E87D-79EA-469F-A8AF-F6F420334757} => Firefox.exe http://ui.skype.com/ui/0/5.9.0.115/en/abandoninstall?page=tsProgressBar
Task: {8067DBFF-A11E-4F44-8F76-480B3E57731F} - System32\Tasks\Microsoft\Windows\RestartManager\{12AF0CF2-0ECA-40e5-A030-C284B26C8039} => C:\Windows\System32\RmClient.exe [2006-11-02] (Microsoft Corporation)
Task: {8251E3B1-26EA-44DA-95AF-55C757A081EB} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-06] (Google Inc.)
Task: {8B0E6FAB-F43A-4988-AF0A-A21646C212F0} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages
Task: {8C127708-1A14-44C7-B4FA-0DBB4FC8ACC1} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2012-06-06] (Google Inc.)
Task: {9CC23DC7-F960-4B77-8038-2E75B5784731} - System32\Tasks\Acer\Burn Notification => C:\Program Files\Acer\Acer eRecovery Management\NotificationCenter\Notification.exe [2009-02-25] (Acer)
Task: {9ED703A9-5FFD-40D5-895A-4385EE1509DE} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\System32\RacAgent.exe [2008-01-20] (Microsoft Corporation)
Task: {BE1BDB52-64DF-44C6-941C-466C60C116F3} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Signature Update => C:\Program Files\Windows Defender\MpCmdRun.exe [2008-01-20] (Microsoft Corporation)
Task: {D2B1FBFC-A902-4663-ACFB-6B5D5D06EA80} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-11] (Adobe Systems Incorporated)
Task: {DF78DCA1-980C-449D-AF06-75C0033155EB} - \task6972573 No Task File
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\User_Feed_Synchronization-{91B83DBF-4AB5-42ED-A117-350E6B447AFE}.job => C:\Windows\system32\msfeedssync.exe

==================== Loaded Modules (whitelisted) =============

2009-04-18 17:54 - 2009-01-03 16:41 - 00159744 _____ () C:\Windows\system32\atitmmxx.dll
2003-06-06 21:30 - 2003-06-06 21:30 - 00057344 _____ () C:\Program Files\Launch Manager\PowerUtl.dll
2013-11-16 18:53 - 2013-11-16 18:53 - 03363952 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2013-10-11 19:10 - 2013-10-11 19:10 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData\Temp:3064D21D
AlternateDataStreams: C:\ProgramData\Temp:35759C73
AlternateDataStreams: C:\ProgramData\Temp:40E5AD89
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:4A9220C3
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:814B9485
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:ADE16379
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DDCA146A
AlternateDataStreams: C:\ProgramData\Temp:E1982A23

==================== Safe Mode (whitelisted) ===================

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vsmon => ""="Service"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/17/2013 04:40:13 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/16/2013 09:47:01 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/12/2013 00:48:37 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 11:02:52 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/11/2013 10:58:10 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 10:48:27 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/11/2013 07:00:21 PM) (Source: Application Error) (User: )
Description: Faulting application Ati2evxx.exe, version 6.14.10.4213, time stamp 0x49403cc4, faulting module Ati2evxx.exe, version 6.14.10.4213, time stamp 0x49403cc4, exception code 0xc0000005, fault offset 0x00065ffc,
process id 0x55c, application start time 0xAti2evxx.exe0.

Error: (12/11/2013 11:59:02 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/10/2013 10:13:43 PM) (Source: EventSystem) (User: )
Description: 80070005EventSystem.EventSubscription{CEB8B221-89C5-41A8-98CE-79B413BF150B}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}

Error: (12/10/2013 09:53:20 PM) (Source: Perflib) (User: )
Description: EmdCacheC:\Windows\system32\emdmgmt.dll4


System errors:
=============
Error: (12/17/2013 04:40:13 PM) (Source: Service Control Manager) (User: )
Description: Parallel port driver%%1058

Error: (12/17/2013 04:39:00 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue76.115.208.246:63331

Error: (12/17/2013 04:39:00 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue71.59.234.189:63331

Error: (12/17/2013 04:39:00 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.100.10:63331

Error: (12/17/2013 04:39:00 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue192.168.0.2:63331

Error: (12/17/2013 04:39:00 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue169.254.53.69:63331

Error: (12/17/2013 04:39:00 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue10.99.98.118:63331

Error: (12/17/2013 04:39:00 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue10.99.93.23:63331

Error: (12/17/2013 04:39:00 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue10.99.93.193:63331

Error: (12/17/2013 04:39:00 PM) (Source: HTTP) (User: )
Description: \Device\Http\ReqQueue10.99.92.9:63331


Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2013-12-21 12:32:12.413
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-21 12:32:11.914
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-21 12:32:11.383
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-21 12:32:10.853
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-21 12:32:10.322
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-21 12:32:09.823
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-21 12:32:09.262
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-21 12:32:08.762
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-11 22:58:54.625
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.

  Date: 2013-12-11 22:58:54.126
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\drivers\mbamchameleon.sys because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Percentage of memory in use: 54%
Total physical RAM: 1789.38 MB
Available physical RAM: 816.66 MB
Total Pagefile: 3825.27 MB
Available Pagefile: 2821.71 MB
Total Virtual: 2047.88 MB
Available Virtual: 1907.4 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:139.04 GB) (Free:64.68 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 149 GB) (Disk ID: 1AF9FEA7)
Partition 1: (Not Active) - (Size=10 GB) - (Type=27)
Partition 2: (Active) - (Size=139 GB) - (Type=07 NTFS)

==================== End Of Log ============================



#8 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 21 December 2013 - 05:01 PM

Greetings and welcome aboard. This is what I would like to do in our first post.

===================================================

AdwCleaner by Xplode - Delete Adware

-------------------
  • Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browser
  • Double click on AdwCleaner.exe, select OK, then Run
  • Click on Scan
  • Upon completion click Clean and close programs if necessary
  • Click OK twice to reboot your computer
  • Copy and paste the contents of the text file on your desktop in your reply
  • You can also find the logfile at C:\AdwCleaner.txt
===================================================

Junkware Removal Tool by thisisu

-------------------
  • Please download Junkware Removal Tool and save it to your desktop.
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Right-mouse click JRT.exe and select Run as administrator (Windows XP double click the icon)
  • Please allow the program time to run
  • Once completed a Notepad document will open on your desktop
  • Copy and paste the contents in your reply
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it to your desktop (<<<Important) as fixlist.txt
S1 iikrrzwt; \??\C:\Windows\system32\drivers\iikrrzwt.sys [x]
Task: {31B07158-457D-4163-AC52-8F480A2EC978} - System32\Tasks\task341142 => C:\Users\joani\AppData\Local\Temp\0.9425562308380074.exe
Task: {3E4336DB-5D9E-4677-938A-7A254A9C2B77} - System32\Tasks\task6933308 => C:\Users\joani\AppData\Local\Temp\0.6097297498472453.exe
Task: {DF78DCA1-980C-449D-AF06-75C0033155EB} - \task6972573 No Task File
C:\Windows\system32\drivers\iikrrzwt.sys
C:\Users\joani\AppData\Local\Temp\0.9425562308380074.exe
C:\Users\joani\AppData\Local\Temp\0.6097297498472453.exe
AlternateDataStreams: C:\ProgramData\Temp:3064D21D
AlternateDataStreams: C:\ProgramData\Temp:35759C73
AlternateDataStreams: C:\ProgramData\Temp:40E5AD89
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:4A9220C3
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:814B9485
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:ADE16379
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DDCA146A
AlternateDataStreams: C:\ProgramData\Temp:E1982A23
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Farbar's Service Scanner

--------------------
  • Please download Farbar Service Scanner, save it to your desktop, and run it.
  • Make sure the following options are checked:

Internet Services
Windows Firewall
System Restore
Security Center/Action Center
Windows Update
Windows Defender
Other Services

  • Press Scan
  • It will create a log (FSS.txt) in the same directory the tool is run.
  • Please copy and paste the log to your reply.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • AdwCleaner log
  • Junkware log
  • Fixlog
  • FSS log
  • How is the computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#9 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 21 December 2013 - 07:43 PM

for some reason adwc saved two logs...

 

 

 

# AdwCleaner v3.015 - Report created 21/12/2013 at 16:12:17
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : joani - JOANI-PC
# Running from : C:\Users\joani\Desktop\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\searchplugins\Askcom.xml
File Found : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\searchplugins\mywebsearch.xml
File Found : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\user.js
Folder Found : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Found : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\{bb45ef8e-1e36-4535-a017-ec908fb1e335}
Folder Found : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\engine@conduit.com
Folder Found C:\Program Files\Conduit
Folder Found C:\Users\joani\AppData\Local\Conduit
Folder Found C:\Users\joani\AppData\Local\OpenCandy
Folder Found C:\Users\joani\AppData\LocalLow\Conduit
Folder Found C:\Users\joani\AppData\LocalLow\MyWebSearch
Folder Found C:\Users\joani\AppData\LocalLow\PriceGong
Folder Found C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Conduit
Folder Found C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\ConduitCommon
Folder Found C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\ConduitEngine
Folder Found C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\CT2786678
Folder Found C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\CT3101810
Folder Found C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Smartbar
Folder Found C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\ValueApps

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\FLEXnet
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\searchresultstb
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Somoto Toolbar
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Found : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3101810
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\Freeze.com
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4
Key Found : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\prefs.js ]

Line Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2786678.CTID", "CT2786678");
Line Found : user_pref("CT2786678.CurrentServerDate", "1-12-2010");
Line Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Found : user_pref("CT2786678.EMailNotifierPollDate", "Tue Nov 30 2010 14:38:41 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 525);
Line Found : user_pref("CT2786678.FeedPollDate129301619375443753", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375443759", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444699", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444705", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444711", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444717", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444723", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444729", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444735", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444741", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate129301619375444747", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Found : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Found : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Found : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Found : user_pref("CT2786678.FirstServerDate", "10-11-2010");
Line Found : user_pref("CT2786678.FirstTime", true);
Line Found : user_pref("CT2786678.FirstTimeFF3", true);
Line Found : user_pref("CT2786678.FirstTimeSettingsDone", true);
Line Found : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2786678.Initialize", true);
Line Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Found : user_pref("CT2786678.InstalledDate", "Wed Nov 10 2010 05:40:19 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.IsGrouping", false);
Line Found : user_pref("CT2786678.IsMulticommunity", false);
Line Found : user_pref("CT2786678.IsOpenThankYouPage", false);
Line Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Nov 30 2010 14:38:48 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2786678.LastLogin_2.7.2.0", "Tue Nov 30 2010 14:38:43 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.LatestVersion", "3.2.3.3");
Line Found : user_pref("CT2786678.Locale", "en");
Line Found : user_pref("CT2786678.LoginCache", 4);
Line Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2786678.SavedHomepage", "hxxp://www.yahoo.com/?fr=w3i&type=W3i_SP,151,0_0,StartPage,20100938,6692,0,16,0");
Line Found : user_pref("CT2786678.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2786678&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Mon Nov 29 2010 19:58:59 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SettingsCheckIntervalMin", 120);
Line Found : user_pref("CT2786678.SettingsLastCheckTime", "Tue Nov 30 2010 14:02:49 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastUpdate", "1289989723");
Line Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Wed Nov 10 2010 05:40:17 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Found : user_pref("CT2786678.UserID", "UN65839481385269525");
Line Found : user_pref("CT2786678.ValidationData_Toolbar", 2);
Line Found : user_pref("CT2786678.WeatherNetwork", "");
Line Found : user_pref("CT2786678.WeatherPollDate", "Tue Nov 30 2010 14:38:42 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT2786678.WeatherUnit", "F");
Line Found : user_pref("CT2786678.alertChannelId", "1178763");
Line Found : user_pref("CT2786678.clientLogIsEnabled", false);
Line Found : user_pref("CT2786678.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2786678.myStuffEnabled", true);
Line Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2786678.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3101810..clientLogIsEnabled", false);
Line Found : user_pref("CT3101810..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT3101810..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3101810.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT3101810.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT3101810.BrowserCompStateIsOpen_7210292239237281805", true);
Line Found : user_pref("CT3101810.CTID", "CT3101810");
Line Found : user_pref("CT3101810.CurrentServerDate", "5-2-2012");
Line Found : user_pref("CT3101810.DSChangedManually", false);
Line Found : user_pref("CT3101810.DSInstall", true);
Line Found : user_pref("CT3101810.DialogsAlignMode", "LTR");
Line Found : user_pref("CT3101810.DialogsGetterLastCheckTime", "Sun Feb 05 2012 12:13:45 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.DownloadReferralCookieData", "");
Line Found : user_pref("CT3101810.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3101810.FirstServerDate", "5-2-2012");
Line Found : user_pref("CT3101810.FirstTime", true);
Line Found : user_pref("CT3101810.FirstTimeFF3", true);
Line Found : user_pref("CT3101810.FixPageNotFoundErrors", true);
Line Found : user_pref("CT3101810.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT3101810.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT3101810.HPChangedManually", false);
Line Found : user_pref("CT3101810.HPInstall", true);
Line Found : user_pref("CT3101810.HasUserGlobalKeys", true);
Line Found : user_pref("CT3101810.HomePageProtectorEnabled", true);
Line Found : user_pref("CT3101810.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3101810&SearchSource=13");
Line Found : user_pref("CT3101810.Initialize", true);
Line Found : user_pref("CT3101810.InitializeCommonPrefs", true);
Line Found : user_pref("CT3101810.InstallationAndCookieDataSentCount", 1);
Line Found : user_pref("CT3101810.InstallationId", "ConduitNSISIntegration");
Line Found : user_pref("CT3101810.InstallationType", "ConduitXPEIntegration");
Line Found : user_pref("CT3101810.InstalledDate", "Sun Feb 05 2012 12:13:38 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.InvalidateCache", false);
Line Found : user_pref("CT3101810.IsGrouping", false);
Line Found : user_pref("CT3101810.IsInitSetupIni", true);
Line Found : user_pref("CT3101810.IsMulticommunity", false);
Line Found : user_pref("CT3101810.IsOpenThankYouPage", false);
Line Found : user_pref("CT3101810.IsOpenUninstallPage", true);
Line Found : user_pref("CT3101810.IsProtectorsInit", true);
Line Found : user_pref("CT3101810.LanguagePackLastCheckTime", "Sun Feb 05 2012 12:13:41 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT3101810.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT3101810.LastLogin_3.9.0.3", "Sun Feb 05 2012 12:13:41 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.LatestVersion", "3.9.0.3");
Line Found : user_pref("CT3101810.Locale", "en");
Line Found : user_pref("CT3101810.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT3101810.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT3101810.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT3101810.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT3101810.OriginalFirstVersion", "3.9.0.3");
Line Found : user_pref("CT3101810.RadioIsPodcast", false);
Line Found : user_pref("CT3101810.RadioLastCheckTime", "Tue Feb 07 2012 20:28:05 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT3101810.RadioLastUpdateServer", "3");
Line Found : user_pref("CT3101810.RadioMediaID", "9962");
Line Found : user_pref("CT3101810.RadioMediaType", "Media Player");
Line Found : user_pref("CT3101810.RadioMenuSelectedID", "EBRadioMenu_CT31018109962");
Line Found : user_pref("CT3101810.RadioShrinkedFromSetup", false);
Line Found : user_pref("CT3101810.RadioStationName", "California%20Rock");
Line Found : user_pref("CT3101810.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Found : user_pref("CT3101810.SavedHomepage", "hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=4rine8kpd5kds");
Line Found : user_pref("CT3101810.SearchCaption", "Somoto Customized Web Search");
Line Found : user_pref("CT3101810.SearchEngineBeforeUnload", "Somoto Customized Web Search");
Line Found : user_pref("CT3101810.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT3101810.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&q=");
Line Found : user_pref("CT3101810.SearchInNewTabEnabled", true);
Line Found : user_pref("CT3101810.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT3101810.SearchInNewTabLastCheckTime", "Sun Feb 05 2012 12:13:42 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3101810.SearchProtectorEnabled", true);
Line Found : user_pref("CT3101810.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT3101810.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT3101810.ServiceMapLastCheckTime", "Sun Feb 05 2012 12:13:32 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.SettingsLastCheckTime", "Sun Feb 05 2012 12:13:36 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.SettingsLastUpdate", "1326723880");
Line Found : user_pref("CT3101810.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3101810&SearchSource=13");
Line Found : user_pref("CT3101810.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT3101810.ThirdPartyComponentsLastCheck", "Sun Feb 05 2012 12:13:32 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT3101810.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT3101810.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT3101810.UserID", "UN02694718892254033");
Line Found : user_pref("CT3101810.WeatherNetwork", "");
Line Found : user_pref("CT3101810.WeatherPollDate", "Sun Feb 05 2012 12:13:41 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.WeatherUnit", "F");
Line Found : user_pref("CT3101810.addressBarTakeOverEnabledInHidden", "true");
Line Found : user_pref("CT3101810.alertChannelId", "1495057");
Line Found : user_pref("CT3101810.browser.search.defaultthis.engineName", true);
Line Found : user_pref("CT3101810.countryCode", "US");
Line Found : user_pref("CT3101810.firstTimeDialogOpened", true);
Line Found : user_pref("CT3101810.fixPageNotFoundErrorByUser", "TRUE");
Line Found : user_pref("CT3101810.fixPageNotFoundErrorInHidden", "true");
Line Found : user_pref("CT3101810.fullUserID", "UN02694718892254033.UP.202507183705");
Line Found : user_pref("CT3101810.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT3101810.globalFirstTimeInfoLastCheckTime", "Sun Feb 05 2012 12:13:37 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT3101810.homepageuserchanged", true);
Line Found : user_pref("CT3101810.initDone", true);
Line Found : user_pref("CT3101810.installId", "ConduitNSISIntegration");
Line Found : user_pref("CT3101810.installType", "ConduitXPEIntegration");
Line Found : user_pref("CT3101810.isAppTrackingManagerOn", true);
Line Found : user_pref("CT3101810.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3101810.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3101810.isFirstRadioInstallation", false);
Line Found : user_pref("CT3101810.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3101810.isPerformedSmartBarTransition", "true");
Line Found : user_pref("CT3101810.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3101810.keyword", true);
Line Found : user_pref("CT3101810.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3101810&octid=CT3101810&SearchSource=15&CUI=UN02694718892254033&SSPV=&Lay=1&UM=\"}");
Line Found : user_pref("CT3101810.lastVersion", "10.23.0.822");
Line Found : user_pref("CT3101810.myStuffEnabled", true);
Line Found : user_pref("CT3101810.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT3101810.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT3101810.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT3101810.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT3101810.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomputer.com%2Fdownload%2Fadwcleaner%2Fdl%2F125%2F\",\"EB_MAIN_FRAME_TITLE\":\"D[...]
Line Found : user_pref("CT3101810.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3101810.originalHomepage", "hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=4rine8kpd5kds");
Line Found : user_pref("CT3101810.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=UjnkLqpFvO8cG0aXMqkTUw&psa=&ind=2010071210&ptnrS=ZJfox000&si=&st=kwd&n=77cf40aa&[...]
Line Found : user_pref("CT3101810.originalSearchEngine", "Ask.com");
Line Found : user_pref("CT3101810.revertSettingsEnabled", false);
Line Found : user_pref("CT3101810.searchFromAddressBarEnabledByUser", "true");
Line Found : user_pref("CT3101810.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3101810.searchInNewTabEnabledInHidden", "true");
Line Found : user_pref("CT3101810.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT3101810.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT3101810.searchSuggestEnabledByUser", "false");
Line Found : user_pref("CT3101810.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3101810.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3101810.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Found : user_pref("CT3101810.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3101810\"}");
Line Found : user_pref("CT3101810.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Somoto.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3101810.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Somoto \"}");
Line Found : user_pref("CT3101810.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3101810.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Found : user_pref("CT3101810.serviceLayer_services_Configuration_lastUpdate", "1387657698550");
Line Found : user_pref("CT3101810.serviceLayer_services_login_10.20.101.5_lastUpdate", "1386470230249");
Line Found : user_pref("CT3101810.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387657697918");
Line Found : user_pref("CT3101810.serviceLayer_services_login_10.23.0.822_lastUpdate", "1387661475852");
Line Found : user_pref("CT3101810.serviceLayer_services_searchAPI_lastUpdate", "1387657698555");
Line Found : user_pref("CT3101810.serviceLayer_services_serviceMap_lastUpdate", "1387657698079");
Line Found : user_pref("CT3101810.serviceLayer_services_toolbarSettings_lastUpdate", "1387664911916");
Line Found : user_pref("CT3101810.serviceLayer_services_translation_lastUpdate", "1387657697810");
Line Found : user_pref("CT3101810.settingsINI", true);
Line Found : user_pref("CT3101810.showToolbarPermission", "false");
Line Found : user_pref("CT3101810.smartbar.CTID", "CT3101810");
Line Found : user_pref("CT3101810.smartbar.Uninstall", "0");
Line Found : user_pref("CT3101810.smartbar.homepage", true);
Line Found : user_pref("CT3101810.smartbar.toolbarName", "Somoto ");
Line Found : user_pref("CT3101810.testingCtid", "");
Line Found : user_pref("CT3101810.toolbarAppMetaDataLastCheckTime", "Sun Feb 05 2012 12:13:37 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.toolbarBornServerTime", "5-2-2012");
Line Found : user_pref("CT3101810.toolbarContextMenuLastCheckTime", "Sun Feb 05 2012 12:13:41 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.toolbarCurrentServerTime", "22-12-2013");
Line Found : user_pref("CT3101810.toolbarLoginClientTime", "Sat Dec 07 2013 18:37:10 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CT3101810.usagesFlag", 1);
Line Found : user_pref("CT3101810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387661469728,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3101810&SearchSource=13");
Line Found : user_pref("CommunityToolbar.ConduitSearchList", "Somoto Customized Web Search");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3101810/CT3101810", "\"89516c12ec786f5414427646178c83f71\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3101810", "\"1316601518\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"4bb1de6bebc9cc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"8028f138140cc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"023d3d3f2c9cc1:12d2\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3101810", "\"13a760730d9291f1df061003ecf304ce\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde759bd30c070995eab32eddc00c079\"");
Line Found : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Found : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line Found : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Found : user_pref("CommunityToolbar.IsEngineShown", true);
Line Found : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\joani\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\yy9e5cdj.default\\conduitCommon\\modules\\3.9.0.3");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Line Found : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://listen.grooveshark.com/ ", "473x101");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line Found : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=UjnkLqpFvO8cG0aXMqkTUw&psa=&ind=2010071210&ptnrS=ZJfox000&si=&st=kwd&[...]
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,ConduitEngine,CT3101810");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT3101810");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3101810");
Line Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jul 31 2011 08:45:41 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 08:01:16 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.locale", "en");
Line Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 03 2011 09:10:07 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.alert.userId", "7b9f49a1-483e-48e7-866d-7d3a67c81729");
Line Found : user_pref("CommunityToolbar.facebook.sessionKey", "2.7dKvRqBintse1Oa0ytOThw__.86400.1289844000-1599113244");
Line Found : user_pref("CommunityToolbar.facebook.sessionSecret", "LztfKHrbIuLko_IPpKE90w__");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Nov 29 2010 19:59:00 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CommunityToolbar.facebook.userId", "1599113244");
Line Found : user_pref("CommunityToolbar.globalUserId", "9fd9c9bc-c004-4627-9887-073f5fafcfdb");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3101810");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Feb 05 2012 12:13:37 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Feb 05 2012 12:13:33 GMT-0800 (Pacific Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "f8c7d44c-7e3b-4eb8-aab5-3d8ab6e7b199");
Line Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=4rine8kpd5kds");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Line Found : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Jun 04 2011 08:59:01 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Found : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Aug 01 2011 13:45:15 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("ConduitEngine.FirstServerDate", "05/20/2011 16");
Line Found : user_pref("ConduitEngine.FirstTime", true);
Line Found : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Found : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Found : user_pref("ConduitEngine.Initialize", true);
Line Found : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Found : user_pref("ConduitEngine.InstalledDate", "Fri May 20 2011 06:57:22 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("ConduitEngine.IsMulticommunity", false);
Line Found : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Found : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Found : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Aug 03 2011 09:10:11 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Aug 03 2011 09:10:09 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Found : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Aug 03 2011 09:10:11 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("ConduitEngine.UserID", "UN71696231825625626");
Line Found : user_pref("ConduitEngine.componentAlertEnabled", false);
Line Found : user_pref("ConduitEngine.engineLocale", "en-US");
Line Found : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Aug 03 2011 09:10:09 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Aug 03 2011 09:10:11 GMT-0700 (Pacific Daylight Time)");
Line Found : user_pref("ConduitEngine.initDone", true);
Line Found : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Found : user_pref("Smartbar.ConduitHomepagesList", "");
Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Found : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?CUI=UN02694718892254033&ctid=CT3101810&SearchSource=3&q={searchTerms}");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=UjnkLqpFvO8cG0aXMqkTUw&psa=&ind=2010071210&ptnrS=ZJfox000&si=&st=kwd&n=77cf40[...]
Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3101810");
Line Found : user_pref("browser.search.defaultengine", "Ask.com");
Line Found : user_pref("browser.search.defaultthis.engineName", "Somoto Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=3&q={searchTerms}");
Line Found : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZJfox000&ptb=UjnkLqpFvO8cG0aXMqkTUw&ind=2010071210&ptnrS=ZJfox000&si=&n=77cf40aa&osp=mw[...]
Line Found : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Found : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=UjnkLqpFvO8cG0aXMqkTUw&psa=&ind=2010071210&ptnrS=ZJfox000&si=&st=kwd&n=77cf40aa&s[...]
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&CUI=UN02694718892254033&UM=&q=");
Line Found : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Found : user_pref("smartbar.addressBarOwnerCTID", "CT3101810");
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3101810&SearchSource=13");
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&CU[...]
Line Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3101810");
Line Found : user_pref("smartbar.homePageOwnerCTID", "CT3101810");
Line Found : user_pref("smartbar.machineId", "OZF/EWLVICSBDYQT0HURTBHYMPPKFC338CAO55DKDR8W+YKQSDR3/BQI8DLRQJ9ZXEL40BUQ9IYKX5HYPG++YQ");
Line Found : user_pref("valueApps.CT3101810.mam_gk_currentVersion", "312E31322E302E35");
Line Found : user_pref("valueApps.CT3101810.mam_gk_currentVersion.storedInFile", false);
Line Found : user_pref("valueApps.CT3101810.mam_gk_migrated_from_ls", "31");
Line Found : user_pref("valueApps.CT3101810.mam_gk_migrated_from_ls.storedInFile", false);

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\joani\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [38624 octets] - [21/12/2013 16:12:17]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [38685 octets] ##########
 

 

 

# AdwCleaner v3.015 - Report created 21/12/2013 at 16:16:34
# Updated 10/12/2013 by Xplode
# Operating System : Windows Vista ™ Home Basic Service Pack 2 (32 bits)
# Username : joani - JOANI-PC
# Running from : C:\Users\joani\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Users\joani\AppData\Local\Conduit
Folder Deleted : C:\Users\joani\AppData\Local\OpenCandy
Folder Deleted : C:\Users\joani\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\joani\AppData\LocalLow\MyWebSearch
Folder Deleted : C:\Users\joani\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Conduit
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\ConduitCommon
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\ConduitEngine
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Smartbar
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\ValueApps
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\CT3101810
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\CT2786678
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\engine@conduit.com
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\{bb45ef8e-1e36-4535-a017-ec908fb1e335}
Folder Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
File Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\searchplugins\Askcom.xml
File Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\searchplugins\mywebsearch.xml
File Deleted : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\WLXQuickTimeShellExt.DLL
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3101810
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2E9937FC-CF2F-4F56-AF54-5A6A3DD375CC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\FLEXnet
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\Freeze.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\conduitEngine
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\searchresultstb
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Somoto Toolbar
Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08121C32A9C319F4CB0C11FF059552A4

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16506


-\\ Mozilla Firefox v25.0.1 (en-US)

[ File : C:\Users\joani\AppData\Roaming\Mozilla\Firefox\Profiles\yy9e5cdj.default\prefs.js ]

Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "1-12-2010");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Tue Nov 30 2010 14:38:41 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 525);
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Tue Nov 30 2010 14:02:50 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "10-11-2010");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FirstTimeSettingsDone", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Wed Nov 10 2010 05:40:19 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Tue Nov 30 2010 14:38:48 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_2.7.2.0", "Tue Nov 30 2010 14:38:43 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.2.3.3");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.LoginCache", 4);
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.SavedHomepage", "hxxp://www.yahoo.com/?fr=w3i&type=W3i_SP,151,0_0,StartPage,20100938,6692,0,16,0");
Line Deleted : user_pref("CT2786678.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TERM&ctid=CT2786678&octid=EB_ORIGINAL_CTID&SearchSource=1");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Mon Nov 29 2010 19:58:59 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Tue Nov 30 2010 14:02:49 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1289989723");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Wed Nov 10 2010 05:40:17 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2786678.UserID", "UN65839481385269525");
Line Deleted : user_pref("CT2786678.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Tue Nov 30 2010 14:38:42 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "F");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.clientLogIsEnabled", false);
Line Deleted : user_pref("CT2786678.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3101810..clientLogIsEnabled", false);
Line Deleted : user_pref("CT3101810..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3101810..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3101810.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3101810.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT3101810.BrowserCompStateIsOpen_7210292239237281805", true);
Line Deleted : user_pref("CT3101810.CTID", "CT3101810");
Line Deleted : user_pref("CT3101810.CurrentServerDate", "5-2-2012");
Line Deleted : user_pref("CT3101810.DSChangedManually", false);
Line Deleted : user_pref("CT3101810.DSInstall", true);
Line Deleted : user_pref("CT3101810.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3101810.DialogsGetterLastCheckTime", "Sun Feb 05 2012 12:13:45 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3101810.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3101810.FirstServerDate", "5-2-2012");
Line Deleted : user_pref("CT3101810.FirstTime", true);
Line Deleted : user_pref("CT3101810.FirstTimeFF3", true);
Line Deleted : user_pref("CT3101810.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT3101810.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3101810.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3101810.HPChangedManually", false);
Line Deleted : user_pref("CT3101810.HPInstall", true);
Line Deleted : user_pref("CT3101810.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3101810.HomePageProtectorEnabled", true);
Line Deleted : user_pref("CT3101810.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3101810&SearchSource=13");
Line Deleted : user_pref("CT3101810.Initialize", true);
Line Deleted : user_pref("CT3101810.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3101810.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT3101810.InstallationId", "ConduitNSISIntegration");
Line Deleted : user_pref("CT3101810.InstallationType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT3101810.InstalledDate", "Sun Feb 05 2012 12:13:38 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.InvalidateCache", false);
Line Deleted : user_pref("CT3101810.IsGrouping", false);
Line Deleted : user_pref("CT3101810.IsInitSetupIni", true);
Line Deleted : user_pref("CT3101810.IsMulticommunity", false);
Line Deleted : user_pref("CT3101810.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT3101810.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT3101810.IsProtectorsInit", true);
Line Deleted : user_pref("CT3101810.LanguagePackLastCheckTime", "Sun Feb 05 2012 12:13:41 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3101810.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3101810.LastLogin_3.9.0.3", "Sun Feb 05 2012 12:13:41 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.LatestVersion", "3.9.0.3");
Line Deleted : user_pref("CT3101810.Locale", "en");
Line Deleted : user_pref("CT3101810.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3101810.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3101810.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3101810.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3101810.OriginalFirstVersion", "3.9.0.3");
Line Deleted : user_pref("CT3101810.RadioIsPodcast", false);
Line Deleted : user_pref("CT3101810.RadioLastCheckTime", "Tue Feb 07 2012 20:28:05 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT3101810.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT3101810.RadioMediaID", "9962");
Line Deleted : user_pref("CT3101810.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT3101810.RadioMenuSelectedID", "EBRadioMenu_CT31018109962");
Line Deleted : user_pref("CT3101810.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT3101810.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT3101810.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT3101810.SavedHomepage", "hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=4rine8kpd5kds");
Line Deleted : user_pref("CT3101810.SearchCaption", "Somoto Customized Web Search");
Line Deleted : user_pref("CT3101810.SearchEngineBeforeUnload", "Somoto Customized Web Search");
Line Deleted : user_pref("CT3101810.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3101810.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&q=");
Line Deleted : user_pref("CT3101810.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3101810.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3101810.SearchInNewTabLastCheckTime", "Sun Feb 05 2012 12:13:42 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT3101810.SearchProtectorEnabled", true);
Line Deleted : user_pref("CT3101810.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3101810.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT3101810.ServiceMapLastCheckTime", "Sun Feb 05 2012 12:13:32 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.SettingsLastCheckTime", "Sun Feb 05 2012 12:13:36 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.SettingsLastUpdate", "1326723880");
Line Deleted : user_pref("CT3101810.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3101810&SearchSource=13");
Line Deleted : user_pref("CT3101810.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3101810.ThirdPartyComponentsLastCheck", "Sun Feb 05 2012 12:13:32 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT3101810.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT3101810.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3101810.UserID", "UN02694718892254033");
Line Deleted : user_pref("CT3101810.WeatherNetwork", "");
Line Deleted : user_pref("CT3101810.WeatherPollDate", "Sun Feb 05 2012 12:13:41 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.WeatherUnit", "F");
Line Deleted : user_pref("CT3101810.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3101810.alertChannelId", "1495057");
Line Deleted : user_pref("CT3101810.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3101810.countryCode", "US");
Line Deleted : user_pref("CT3101810.firstTimeDialogOpened", true);
Line Deleted : user_pref("CT3101810.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3101810.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3101810.fullUserID", "UN02694718892254033.UP.202507183705");
Line Deleted : user_pref("CT3101810.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT3101810.globalFirstTimeInfoLastCheckTime", "Sun Feb 05 2012 12:13:37 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3101810.homepageuserchanged", true);
Line Deleted : user_pref("CT3101810.initDone", true);
Line Deleted : user_pref("CT3101810.installId", "ConduitNSISIntegration");
Line Deleted : user_pref("CT3101810.installType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT3101810.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT3101810.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3101810.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3101810.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT3101810.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3101810.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3101810.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3101810.keyword", true);
Line Deleted : user_pref("CT3101810.lastNewTabSettings", "{\"isEnabled\":true,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3101810&octid=CT3101810&SearchSource=15&CUI=UN02694718892254033&SSPV=&Lay=1&UM=\"}");
Line Deleted : user_pref("CT3101810.lastVersion", "10.23.0.822");
Line Deleted : user_pref("CT3101810.myStuffEnabled", true);
Line Deleted : user_pref("CT3101810.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3101810.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3101810.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3101810.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3101810.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.bleepingcomputer.com%2Fdownload%2Fadwcleaner%2Fdl%2F125%2F\",\"EB_MAIN_FRAME_TITLE\":\"D[...]
Line Deleted : user_pref("CT3101810.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3101810.originalHomepage", "hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=4rine8kpd5kds");
Line Deleted : user_pref("CT3101810.originalSearchAddressUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=UjnkLqpFvO8cG0aXMqkTUw&psa=&ind=2010071210&ptnrS=ZJfox000&si=&st=kwd&n=77cf40aa&[...]
Line Deleted : user_pref("CT3101810.originalSearchEngine", "Ask.com");
Line Deleted : user_pref("CT3101810.revertSettingsEnabled", false);
Line Deleted : user_pref("CT3101810.searchFromAddressBarEnabledByUser", "true");
Line Deleted : user_pref("CT3101810.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3101810.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3101810.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3101810.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3101810.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3101810.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3101810.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3101810.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3101810.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3101810\"}");
Line Deleted : user_pref("CT3101810.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://Somoto.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3101810.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Somoto \"}");
Line Deleted : user_pref("CT3101810.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3101810.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3101810.serviceLayer_services_Configuration_lastUpdate", "1387657698550");
Line Deleted : user_pref("CT3101810.serviceLayer_services_login_10.20.101.5_lastUpdate", "1386470230249");
Line Deleted : user_pref("CT3101810.serviceLayer_services_login_10.22.5.510_lastUpdate", "1387657697918");
Line Deleted : user_pref("CT3101810.serviceLayer_services_login_10.23.0.822_lastUpdate", "1387661475852");
Line Deleted : user_pref("CT3101810.serviceLayer_services_searchAPI_lastUpdate", "1387657698555");
Line Deleted : user_pref("CT3101810.serviceLayer_services_serviceMap_lastUpdate", "1387657698079");
Line Deleted : user_pref("CT3101810.serviceLayer_services_toolbarSettings_lastUpdate", "1387664911916");
Line Deleted : user_pref("CT3101810.serviceLayer_services_translation_lastUpdate", "1387657697810");
Line Deleted : user_pref("CT3101810.settingsINI", true);
Line Deleted : user_pref("CT3101810.showToolbarPermission", "false");
Line Deleted : user_pref("CT3101810.smartbar.CTID", "CT3101810");
Line Deleted : user_pref("CT3101810.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3101810.smartbar.homepage", true);
Line Deleted : user_pref("CT3101810.smartbar.toolbarName", "Somoto ");
Line Deleted : user_pref("CT3101810.testingCtid", "");
Line Deleted : user_pref("CT3101810.toolbarAppMetaDataLastCheckTime", "Sun Feb 05 2012 12:13:37 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.toolbarBornServerTime", "5-2-2012");
Line Deleted : user_pref("CT3101810.toolbarContextMenuLastCheckTime", "Sun Feb 05 2012 12:13:41 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.toolbarCurrentServerTime", "22-12-2013");
Line Deleted : user_pref("CT3101810.toolbarLoginClientTime", "Sat Dec 07 2013 18:37:10 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CT3101810.usagesFlag", 1);
Line Deleted : user_pref("CT3101810_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1387661469728,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3101810&SearchSource=13");
Line Deleted : user_pref("CommunityToolbar.ConduitSearchList", "Somoto Customized Web Search");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3101810/CT3101810", "\"89516c12ec786f5414427646178c83f71\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3101810", "\"1316601518\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"4bb1de6bebc9cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3.2", "\"8028f138140cc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"023d3d3f2c9cc1:12d2\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3101810", "\"13a760730d9291f1df061003ecf304ce\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/2011 11:17:11 AM", "634356118310000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde759bd30c070995eab32eddc00c079\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\joani\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\yy9e5cdj.default\\conduitCommon\\modules\\3.9.0.3");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Line Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://listen.grooveshark.com/ ", "473x101");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=UjnkLqpFvO8cG0aXMqkTUw&psa=&ind=2010071210&ptnrS=ZJfox000&si=&st=kwd&[...]
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678,ConduitEngine,CT3101810");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678,CT3101810");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3101810");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sun Jul 31 2011 08:45:41 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Jun 24 2011 08:01:16 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Aug 03 2011 09:10:07 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "7b9f49a1-483e-48e7-866d-7d3a67c81729");
Line Deleted : user_pref("CommunityToolbar.facebook.sessionKey", "2.7dKvRqBintse1Oa0ytOThw__.86400.1289844000-1599113244");
Line Deleted : user_pref("CommunityToolbar.facebook.sessionSecret", "LztfKHrbIuLko_IPpKE90w__");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Nov 29 2010 19:59:00 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CommunityToolbar.facebook.userId", "1599113244");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "9fd9c9bc-c004-4627-9887-073f5fafcfdb");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3101810");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Feb 05 2012 12:13:37 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Feb 05 2012 12:13:33 GMT-0800 (Pacific Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "f8c7d44c-7e3b-4eb8-aab5-3d8ab6e7b199");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://us.mg2.mail.yahoo.com/dc/launch?.gx=1&.rand=4rine8kpd5kds");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Jun 04 2011 08:59:01 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Mon Aug 01 2011 13:45:15 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "05/20/2011 16");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Fri May 20 2011 06:57:22 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Aug 03 2011 09:10:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Aug 03 2011 09:10:09 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Aug 03 2011 09:10:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN71696231825625626");
Line Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Aug 03 2011 09:10:09 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Aug 03 2011 09:10:11 GMT-0700 (Pacific Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?CUI=UN02694718892254033&ctid=CT3101810&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=UjnkLqpFvO8cG0aXMqkTUw&psa=&ind=2010071210&ptnrS=ZJfox000&si=&st=kwd&n=77cf40[...]
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3101810");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Somoto Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("extensions.mywebsearch.openSearchURL", "hxxp://search.mywebsearch.com/mywebsearch/opensearch.jhtml?id=ZJfox000&ptb=UjnkLqpFvO8cG0aXMqkTUw&ind=2010071210&ptnrS=ZJfox000&si=&n=77cf40aa&osp=mw[...]
Line Deleted : user_pref("extensions.mywebsearch.prevKwdEnabled", true);
Line Deleted : user_pref("extensions.mywebsearch.prevKwdURL", "hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=ZJfox000&ptb=UjnkLqpFvO8cG0aXMqkTUw&psa=&ind=2010071210&ptnrS=ZJfox000&si=&st=kwd&n=77cf40aa&s[...]
Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&CUI=UN02694718892254033&UM=&q=");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3101810");
Line Deleted : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3101810&SearchSource=13");
Line Deleted : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&q=,hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3101810&SearchSource=2&CU[...]
Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3101810");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3101810");
Line Deleted : user_pref("smartbar.machineId", "OZF/EWLVICSBDYQT0HURTBHYMPPKFC338CAO55DKDR8W+YKQSDR3/BQI8DLRQJ9ZXEL40BUQ9IYKX5HYPG++YQ");
Line Deleted : user_pref("valueApps.CT3101810.mam_gk_currentVersion", "312E31322E302E35");
Line Deleted : user_pref("valueApps.CT3101810.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT3101810.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT3101810.mam_gk_migrated_from_ls.storedInFile", false);

-\\ Google Chrome v31.0.1650.63

[ File : C:\Users\joani\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [38766 octets] - [21/12/2013 16:12:17]
AdwCleaner[S0].txt - [39514 octets] - [21/12/2013 16:16:34]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [39575 octets] ##########
 

 

 

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows Vista ™ Home Basic x86
Ran by joani on Sat 12/21/2013 at 16:27:42.03
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F84A279B-C380-4F2A-8E68-69153564A0AF}



~~~ Files



~~~ Folders



~~~ FireFox

Successfully deleted the following from C:\Users\joani\AppData\Roaming\mozilla\firefox\profiles\yy9e5cdj.default\prefs.js

user_pref("extensions.searchtoolbar@zugo.com.install-event-fired", true);
Emptied folder: C:\Users\joani\AppData\Roaming\mozilla\firefox\profiles\yy9e5cdj.default\minidumps [58 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/21/2013 at 16:31:24.54
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

 

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-12-2013 02
Ran by joani at 2013-12-21 16:38:10 Run:1
Running from C:\Users\joani\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
S1 iikrrzwt; \??\C:\Windows\system32\drivers\iikrrzwt.sys [x]
Task: {31B07158-457D-4163-AC52-8F480A2EC978} - System32\Tasks\task341142 => C:\Users\joani\AppData\Local\Temp\0.9425562308380074.exe
Task: {3E4336DB-5D9E-4677-938A-7A254A9C2B77} - System32\Tasks\task6933308 => C:\Users\joani\AppData\Local\Temp\0.6097297498472453.exe
Task: {DF78DCA1-980C-449D-AF06-75C0033155EB} - \task6972573 No Task File
C:\Windows\system32\drivers\iikrrzwt.sys
C:\Users\joani\AppData\Local\Temp\0.9425562308380074.exe
C:\Users\joani\AppData\Local\Temp\0.6097297498472453.exe
AlternateDataStreams: C:\ProgramData\Temp:3064D21D
AlternateDataStreams: C:\ProgramData\Temp:35759C73
AlternateDataStreams: C:\ProgramData\Temp:40E5AD89
AlternateDataStreams: C:\ProgramData\Temp:41099CE9
AlternateDataStreams: C:\ProgramData\Temp:4A9220C3
AlternateDataStreams: C:\ProgramData\Temp:4F636E25
AlternateDataStreams: C:\ProgramData\Temp:814B9485
AlternateDataStreams: C:\ProgramData\Temp:8750DCE4
AlternateDataStreams: C:\ProgramData\Temp:9E22BBE8
AlternateDataStreams: C:\ProgramData\Temp:ABE89FFE
AlternateDataStreams: C:\ProgramData\Temp:ADE16379
AlternateDataStreams: C:\ProgramData\Temp:B623B5B8
AlternateDataStreams: C:\ProgramData\Temp:CDFF58FE
AlternateDataStreams: C:\ProgramData\Temp:CE0A077E
AlternateDataStreams: C:\ProgramData\Temp:DDCA146A
AlternateDataStreams: C:\ProgramData\Temp:E1982A23
*****************

iikrrzwt => Service deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{31B07158-457D-4163-AC52-8F480A2EC978} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{31B07158-457D-4163-AC52-8F480A2EC978} => Key deleted successfully.
C:\Windows\System32\Tasks\task341142 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task341142 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3E4336DB-5D9E-4677-938A-7A254A9C2B77} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3E4336DB-5D9E-4677-938A-7A254A9C2B77} => Key deleted successfully.
C:\Windows\System32\Tasks\task6933308 => Moved successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task6933308 => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF78DCA1-980C-449D-AF06-75C0033155EB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF78DCA1-980C-449D-AF06-75C0033155EB} => Key deleted successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\task6972573 => Key deleted successfully.
"C:\Windows\system32\drivers\iikrrzwt.sys" => File/Directory not found.
"C:\Users\joani\AppData\Local\Temp\0.9425562308380074.exe" => File/Directory not found.
"C:\Users\joani\AppData\Local\Temp\0.6097297498472453.exe" => File/Directory not found.
C:\ProgramData\Temp => ":3064D21D" ADS removed successfully.
C:\ProgramData\Temp => ":35759C73" ADS removed successfully.
C:\ProgramData\Temp => ":40E5AD89" ADS removed successfully.
C:\ProgramData\Temp => ":41099CE9" ADS removed successfully.
C:\ProgramData\Temp => ":4A9220C3" ADS removed successfully.
C:\ProgramData\Temp => ":4F636E25" ADS removed successfully.
C:\ProgramData\Temp => ":814B9485" ADS removed successfully.
C:\ProgramData\Temp => ":8750DCE4" ADS removed successfully.
C:\ProgramData\Temp => ":9E22BBE8" ADS removed successfully.
C:\ProgramData\Temp => ":ABE89FFE" ADS removed successfully.
C:\ProgramData\Temp => ":ADE16379" ADS removed successfully.
C:\ProgramData\Temp => ":B623B5B8" ADS removed successfully.
C:\ProgramData\Temp => ":CDFF58FE" ADS removed successfully.
C:\ProgramData\Temp => ":CE0A077E" ADS removed successfully.
C:\ProgramData\Temp => ":DDCA146A" ADS removed successfully.
C:\ProgramData\Temp => ":E1982A23" ADS removed successfully.

==== End of Fixlog ====

 

 

 

Farbar Service Scanner Version: 05-12-2013
Ran by joani (administrator) on 21-12-2013 at 16:39:34
Running from "C:\Users\joani\Desktop"
Microsoft® Windows Vista™ Home Basic  Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****



#10 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 21 December 2013 - 07:48 PM

computer seems to be running fine. no problems. do you think it's safe to try windows updates, or was

that unrelated to infection issues?



#11 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 21 December 2013 - 08:39 PM

Let's wait just a bit before attempting Windows Update. We need to be sure all the malicious software is gone first. I think we are doing quite well now but I would like to run 2 scans to look for leftovers. Please do this.

===================================================

Rerun Malwarebytes (MBAM)

--------------------

Temporarily disable your antivirus program.
  • Please locate your Malwarebytes icon photo.jpg and launch the program
  • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
  • If an update is found, the program will automatically update itself. Press the OK button and continue.
  • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
  • Click on the Scan button.
  • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked and then click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab.
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.
Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

===================================================

ESET Online Scanner

--------------------

I'd like us to scan your machine with ESET OnlineScan This process may may take several hours, that is normal
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click Run ESET Online Scanner.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Copy and paste the information in your next reply. Note: If no malware was found you will not get a log.
  • Click the Back button.
  • Click the Finish button.
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste the information rather than send an attachment. :thumbsup2:
  • Malwarebytes results
  • ESET results (no log if nothing found)
  • How is your computer running now?

Edited by Oh My, 22 December 2013 - 09:32 AM.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#12 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 22 December 2013 - 12:30 AM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.22.01

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
joani :: JOANI-PC [administrator]

12/21/2013 5:57:49 PM
mbam-log-2013-12-21 (17-57-49).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 239138
Time elapsed: 9 minute(s), 45 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

ESET

 

 

C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch107.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch139.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch142.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch147.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch148.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch149.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch154.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch167.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch246.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch247.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch250.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch331.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch363.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch366.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch371.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch372.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch373.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch378.zip    Win32/Bagle.gen.zip worm    
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch391.zip    Win32/Bagle.gen.zip worm    
C:\$RECYCLE.BIN\S-1-5-21-274047616-4227299182-3803408882-1000\$RRC7UQR.exe    Win32/Bundled.Toolbar.Google.D application    cleaned by deleting - quarantined
C:\Program Files\Play Pickle\pptl.dll    Win32/Adware.Gamevance.BE application    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch107.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch139.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch142.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch147.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch148.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch149.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch154.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch167.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch20.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch22.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch246.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch247.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch25.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch250.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch331.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch363.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch366.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch371.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch372.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch373.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch378.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch391.zip    Win32/Bagle.gen.zip worm    cleaned by deleting - quarantined
C:\Users\joani\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf.dll    a variant of Win32/Adware.Gamevance.BH application    cleaned by deleting - quarantined
C:\Users\joani\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf2.dll    a variant of Win32/Adware.Gamevance.BH application    cleaned by deleting - quarantined
C:\Users\joani\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\textlinks@plpickle.com\components\pptlf3.dll    a variant of Win32/Adware.Gamevance.BH application    cleaned by deleting - quarantined
C:\Users\joani\Pictures\Random\Downloads\InstallFreeRARExtractFrog.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Users\joani\Pictures\Random\Downloads\mp3rocket (1).exe    a variant of Win32/Bundled.Toolbar.Ask.D application    cleaned by deleting - quarantined
C:\Users\joani\Pictures\Random\Downloads\mp3rocket.exe    multiple threats    cleaned by deleting - quarantined


computer i still running fine



#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 22 December 2013 - 09:33 AM

Very good.

Go ahead now and try to update Windows. Let me know what happens. Don't be surprised if we still have more work to do. It is not uncommon to have complications with Windows Update.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 Kananu Reeves

Kananu Reeves
  • Topic Starter

  • Members
  • 53 posts
  • OFFLINE
  •  
  • Local time:05:49 PM

Posted 22 December 2013 - 03:30 PM

tried windows updates. still doing the same thing. will not configure on reboot. gets stuck in a reboot cycle



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 36,420 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:06:49 PM

Posted 22 December 2013 - 04:31 PM

Greetings,

Please run this.

===================================================

System Readiness Tool for Windows Updates 7/Vista

--------------------
  • Download System Update Readiness Tool for your version of Windows and save it to your desktop.
  • Double click the icon and click Yes or OK on the Windows Update Standalone Installer window
  • Once completed click Close
  • Reboot your computer then attempt to download/install Windows Updates
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Results?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users