Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Sluggish Laptop


  • Please log in to reply
11 replies to this topic

#1 ace17

ace17

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 21 January 2014 - 06:15 PM

I've tried running malwarebytes already and it found 3 items. I've cleared them all, but my system still seems to be really slow and sluggish. Not really sure what to do at this point.



BC AdBot (Login to Remove)

 


m

#2 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 AM

Posted 21 January 2014 - 06:31 PM

Please post the complete results of your MBAM scan for review.

To retrieve the Malwarebytes Anti-Malware scan log information, launch MBAM.
  • Click the Logs Tab at the top.
  • The log will be named by the date of scan in the following format: mbam-log-yyyy-mm-dd
    -- If you have previously used MBAM, there may be several logs showing in the list.
  • Click on the log name to highlight it.
  • Go to the bottom and click on Open.
  • The log will automatically open in Notepad as a text file.
  • Go to Edit and choose Select all.
  • Go back to Edit and choose Copy or right-click on the highlighted text and choose Copy from there.
  • Come back to this thread, click Add Reply, then right-click and choose Paste.
  • Be sure to post the complete log to include the top portion which shows MBAM's database version and your operating system.
Logs are automatically saved to the following locations:
-- XP: C:\Documents and Settings\<Username>\Application Data\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd
-- Vista, Windows 7, 2008: C:\ProgramData\Malwarebytes\Malwarebytes Anti-Malware\Logs\mbam-log-yyyy-mm-dd

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#3 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 AM

Posted 21 January 2014 - 06:32 PM

After doing the above...continue as follows:

Please download and use the following tools (in the order listed) which will search for and remove many potentially unwanted programs (PUPs), adware, toolbars, browser hijackers, extensions, add-ons and other junkware as well as related registry entries (values, keys) and remnants.

RKill created by Grinler (aka Lawrence Abrams), the site owner of BleepingComputer.
AdwCleaner created by Xplode.
Junkware Removal Tool created by thisisu.

1. Double-click on RKill to launch the tool. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log file will be created and saved to the root directory, C:\RKill.log. Copy and paste the contents of RKill.log in your next reply.

Important: Do not reboot your computer until you complete the next step.

2. Double-click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • After reviewing the log, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  • After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.
-- Note: The contents of the AdwCleaner log file may be confusing. Unless you see a program name that you recognize and know should not be removed, don't worry about it. If you see an entry you want to keep, return to AdwCleaner before cleaning...all detected items will be listed (and checked) in each tab. Click on each one and uncheck any items you want to keep (except you cannot uncheck Chrome and Firefox preferences lines).


Close all open programs and shut down any protection/security software to avoid potential conflicts.

3. Double-click on JRT.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log file named JRT.txt will automatically open and be saved to your Desktop.
  • Copy and paste the contents of JRT.txt in your next reply.

.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#4 ace17

ace17
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 21 January 2014 - 09:28 PM

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org
 
Database version: v2014.01.21.08
 
Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 10.0.9200.16750
Alb :: ALBERT [administrator]
 
1/21/2014 5:30:43 PM
mbam-log-2014-01-21 (17-30-43).txt
 
Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 445060
Time elapsed: 1 hour(s), 34 minute(s), 35 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
(end)


#5 ace17

ace17
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 21 January 2014 - 09:37 PM

Rkill 2.6.5 by Lawrence Abrams (Grinler)
Copyright 2008-2014 BleepingComputer.com
More Information about Rkill can be found at this link:
 
Program started at: 01/21/2014 08:32:51 PM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
 
Checking for Windows services to stop:
 
 * No malware services found to stop.
 
Checking for processes to terminate:
 
 * No malware processes found to kill.
 
Checking Registry for malware related settings:
 
 * No issues found in the Registry.
 
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
 
Performing miscellaneous checks:
 
 * No issues found.
 
Checking Windows Service Integrity: 
 
 * No issues found.
 
Searching for Missing Digital Signatures: 
 
 * No issues found.
 
Checking HOSTS File: 
 
 * No issues found.
 
Program finished at: 01/21/2014 08:37:11 PM
Execution time: 0 hours(s), 4 minute(s), and 19 seconds(s)


#6 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 AM

Posted 21 January 2014 - 10:22 PM

Your Malwarebytes log shows no detections. In your first post you indicated Malwarebytes found 3 items. I would like to see that log.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#7 ace17

ace17
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 21 January 2014 - 10:29 PM

i tried to find the other log that had the three issues but all i could find was this 

 

2014/01/13 18:32:05 -0600 ALBERT Alb MESSAGE Protection stopped
2014/01/13 18:34:05 -0600 ALBERT Alb MESSAGE Starting database refresh
2014/01/13 18:34:31 -0600 ALBERT Alb MESSAGE Database refreshed successfully

# AdwCleaner v3.017 - Report created 21/01/2014 at 21:11:05
# Updated 12/01/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Alb - ALBERT
# Running from : C:\Users\Alb\Desktop\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ConduitEngine
Folder Deleted : C:\Program Files (x86)\vShare
Folder Deleted : C:\Program Files (x86)\uTorrentBar
Folder Deleted : C:\Users\Alb\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Alb\AppData\LocalLow\ConduitEngine
Folder Deleted : C:\Users\Alb\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Alb\AppData\LocalLow\vShare
Folder Deleted : C:\Users\Alb\AppData\LocalLow\uTorrentBar
Folder Deleted : C:\Users\Alb\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Alb\AppData\Roaming\Mozilla\Firefox\Profiles\tj0gsj5x.default\Conduit
Folder Deleted : C:\Users\Alb\AppData\Roaming\Mozilla\Firefox\Profiles\tj0gsj5x.default\Extensions\cacaoweb@cacaoweb.org
Folder Deleted : C:\Users\Alb\AppData\Roaming\Mozilla\Firefox\Profiles\tj0gsj5x.default\Extensions\vshare@toolbar
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Key Deleted : HKLM\SOFTWARE\Classes\Conduit.Engine
Key Deleted : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\vsharechrome
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol
Key Deleted : HKLM\SOFTWARE\Classes\vShare.IMedixProtocol.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj
Key Deleted : HKLM\SOFTWARE\Classes\vShare.PugiObj.1
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers
Key Deleted : HKLM\SOFTWARE\Classes\vShare.ScriptHelpers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ASUS_UL_Series_Screensaver
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D9816F3-C6EC-4468-B091-075CF0D30838}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{3E315C81-442B-431C-AEC8-ED189699EC24}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3B7599DF-3D5D-4EF5-BF51-9C2EDA788E83}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7D9816F3-C6EC-4468-B091-075CF0D30838}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{12231FF1-024E-476B-A31A-429EA9287B90}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EF689935-E2FF-4F1F-9DB9-7EBF98DE6BF3}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{043C5167-00BB-4324-AF7E-62013FAEDACF}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{20ED5AF7-D9C4-409E-9EB3-D2A44A77FB6D}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\vShare
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\conduitEngine
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\uTorrentBar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\conduitEngine
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\uTorrentBar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\vShare
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentBar Toolbar
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v10.0.9200.16750
 
 
-\\ Mozilla Firefox v20.0.1 (en-US)
 
[ File : C:\Users\Alb\AppData\Roaming\Mozilla\Firefox\Profiles\tj0gsj5x.default\prefs.js ]
 
Line Deleted : user_pref("CT2786678..clientLogIsEnabled", false);
Line Deleted : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT2786678.CTID", "CT2786678");
Line Deleted : user_pref("CT2786678.CurrentServerDate", "17-12-2010");
Line Deleted : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT2786678.EMailNotifierPollDate", "Fri Dec 17 2010 13:51:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedLastCount5690698542593514850", 183);
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443753", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375443759", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444699", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444705", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444711", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444717", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444723", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444729", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444735", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444741", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedPollDate129301619375444747", "Fri Dec 17 2010 13:51:04 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444699", 10);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444723", 15);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444735", 5);
Line Deleted : user_pref("CT2786678.FeedTTL129301619375444747", 5);
Line Deleted : user_pref("CT2786678.FirstServerDate", "17-12-2010");
Line Deleted : user_pref("CT2786678.FirstTime", true);
Line Deleted : user_pref("CT2786678.FirstTimeFF3", true);
Line Deleted : user_pref("CT2786678.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT2786678.Initialize", true);
Line Deleted : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT2786678.InstallationAndCookieDataSentCount", 1);
Line Deleted : user_pref("CT2786678.InstallationType", "UnknownIntegration");
Line Deleted : user_pref("CT2786678.InstalledDate", "Fri Dec 17 2010 13:51:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.IsGrouping", false);
Line Deleted : user_pref("CT2786678.IsMulticommunity", false);
Line Deleted : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT2786678.LanguagePackLastCheckTime", "Fri Dec 17 2010 13:51:06 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT2786678.LastLogin_3.2.5.2", "Fri Dec 17 2010 13:51:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.LatestVersion", "3.2.3.3");
Line Deleted : user_pref("CT2786678.Locale", "en");
Line Deleted : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&q=");
Line Deleted : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Fri Dec 17 2010 13:51:01 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Deleted : user_pref("CT2786678.ServiceMapLastCheckTime", "Fri Dec 17 2010 13:50:55 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastCheckTime", "Fri Dec 17 2010 13:50:58 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.SettingsLastUpdate", "1291825117");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Fri Dec 17 2010 13:50:55 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1246790578");
Line Deleted : user_pref("CT2786678.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=101&sealid=112");
Line Deleted : user_pref("CT2786678.Uninstall", true);
Line Deleted : user_pref("CT2786678.UserID", "UN06706572451870840");
Line Deleted : user_pref("CT2786678.WeatherNetwork", "");
Line Deleted : user_pref("CT2786678.WeatherPollDate", "Fri Dec 17 2010 13:51:12 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.WeatherUnit", "F");
Line Deleted : user_pref("CT2786678.alertChannelId", "1178763");
Line Deleted : user_pref("CT2786678.myStuffEnabled", true);
Line Deleted : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT2786678.testingCtid", "");
Line Deleted : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Fri Dec 17 2010 13:51:00 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Fri Dec 17 2010 13:51:06 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CT2786678.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1285982114\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "MUj9hNyEiPxkVQ8Q8IYZ6A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "ZF/VZo7UyQBp8ghNNzhnSQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "+RsYuZ9IN1smka6Zuggr5w==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "t6SQZ7j9WsBHhE8zC0kAEQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"634279343103930000\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "634248284990000000");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1291825117\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634279428192830000\"");
Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2786678");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Fri Dec 17 2010 13:51:03 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Fri Dec 17 2010 13:50:54 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "e06c0498-cb1b-488a-a29b-30a9a532382a");
Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Fri Dec 17 2010 13:51:09 GMT-0600 (Central Standard Time)");
Line Deleted : user_pref("extensions.enabledItems", "vshare@toolbar:1.0.0,cacaoweb@cacaoweb.org:1.0.11,{972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15");
Line Deleted : user_pref("vshare.install.date", "1300492800000");
Line Deleted : user_pref("vshare.install.finished", "1.0.0");
Line Deleted : user_pref("vshare.install.guid", "{ec05ce6c-0db5-4410-beca-ceae795d8ccb}");
Line Deleted : user_pref("vshare.install.isHidden", true);
Line Deleted : user_pref("vshare.install.laststatreq", "1303257600000");
Line Deleted : user_pref("vshare.install.newtab", false);
 
-\\ Google Chrome v
 
[ File : C:\Users\Alb\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
 
*************************
 
AdwCleaner[R0].txt - [20019 octets] - [21/01/2014 20:38:26]
AdwCleaner[S0].txt - [19361 octets] - [21/01/2014 21:11:05]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [19422 octets] ##########


#8 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 AM

Posted 21 January 2014 - 10:50 PM

Ok...now run JRT.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#9 ace17

ace17
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 21 January 2014 - 10:52 PM

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.0 (01.07.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alb on Tue 01/21/2014 at 21:30:37.89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
~~~ Services
 
 
 
~~~ Registry Values
 
 
 
~~~ Registry Keys
 
 
 
~~~ Files
 
 
 
~~~ Folders
 
 
 
~~~ FireFox
 
Emptied folder: C:\Users\Alb\AppData\Roaming\mozilla\firefox\profiles\tj0gsj5x.default\minidumps [61 files]
 
 
 
~~~ Event Viewer Logs were cleared
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 01/21/2014 at 21:51:27.32
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#10 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 AM

Posted 21 January 2014 - 11:18 PM


Try doing an online scan to see if it finds anything else that the other scans may have missed.

Please perform a scan with Eset Online Anti-virus Scanner.
If using Mozilla Firefox, you will be prompted to download and use the ESET Smart Installer. Just double-click on esetsmartinstaller_enu.exe to install.
Vista/Windows 7/8 users need to run Internet Explorer/Firefox as Administrator.
To do this, right-click on the IE icon in the Start Menu or Quick Launch Bar on the Taskbar and select Run As Administrator from the context menu.
  • Click the green esetOnline.png button.
  • Read the End User License Agreement and check the box:
  • Check esetAcceptTerms.png.
  • Click the esetStart.png button.
  • Accept any security warnings from your browser and allow the download/installation of any require files.
  • Under scan settings, check esetScanArchives.png and check Remove found threats
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • Click the Start button.
  • ESET will install itself, download virus signature database updates, and begin scanning your computer.
  • The scan can take some time to complete...close all programs and do NOT use the computer while the scan is running.
    If given the option (when threats are found), choose "Quarantine" instead of delete.
  • When the scan completes, push esetListThreats.png
  • Push esetExport.png, and save the file to your desktop as ESETScan.txt.
  • Push the esetBack.png button, then Finish.
  • Copy and paste the contents of ESETScan.txt in your next reply. If no threats are found, there is no option to create a log.
  • -- Note: If you recognize any of the detections as legitimate programs, it's possible they are "false positives" and you can ignore them or get a second opinion if you're not sure. Eset's detection rate is high and can include legitimate files which it considers suspicious, a Risk Tool, Hacking Tool, Potentially Unwanted Program, a possible threat or even Malware (virus/trojan) when that is not always the case. Be careful what you choose to remove. If in doubt, ask before taking action.


.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif

#11 ace17

ace17
  • Topic Starter

  • Members
  • 48 posts
  • OFFLINE
  •  
  • Local time:06:41 AM

Posted 24 January 2014 - 12:33 PM

C:\AdwCleaner\Quarantine\C\Program Files (x86)\ConduitEngine\ConduitEngine.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Program Files (x86)\uTorrentBar\tbuTor.dll.vir a variant of Win32/Toolbar.Conduit.B application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Alb\AppData\LocalLow\uTorrentBar\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.1.1\bin\PriceGongIE.dll.vir a variant of Win32/PriceGong.A application cleaned by deleting - quarantined
C:\AdwCleaner\Quarantine\C\Users\Alb\AppData\Roaming\Search Protection\Uninstall.exe.vir probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Program Files\Trend Micro\Internet Security\TmpxTmp\httE9C9.tmp a variant of Win32/Adware.Gamevance.BB application cleaned by deleting - quarantined
C:\Users\Alb\AppData\Local\Temp\AskSLib.dll a variant of Win32/Bundled.Toolbar.Ask application cleaned by deleting - quarantined
C:\Users\Alb\AppData\Local\Temp\~spB345.tmp probably a variant of Win32/Toolbar.Widgi application cleaned by deleting - quarantined
C:\Users\Alb\AppData\Local\Temp\AAWInstallerTemp\v9.0.7\Ad-Aware.msi multiple threats deleted - quarantined
D:\Media\Music\Albums\Nas - Untitled (Full Album 2008)\01-nas-queens_get_the_money.mp3 a variant of WMA/TrojanDownloader.GetCodec.gen trojan cleaned - quarantined
 
is it safe to delete all these?


#12 quietman7

quietman7

    Bleepin' Janitor


  • Global Moderator
  • 50,606 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Virginia, USA
  • Local time:07:41 AM

Posted 24 January 2014 - 12:37 PM

Yes.
.
.
Windows Insider MVP 2017-2018
Microsoft MVP Reconnect 2016
Microsoft MVP Consumer Security 2007-2015 kO7xOZh.gif
Member of UNITE, Unified Network of Instructors and Trusted Eliminators

If I have been helpful & you'd like to consider a donation, click 38WxTfO.gif




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users