Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

just a few steps away from system restore or system recovery...


  • This topic is locked This topic is locked
10 replies to this topic

#1 wingmaker

wingmaker

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 07 March 2014 - 04:39 PM

Hello...
 
I'm working with an HP touchsmart i3 64 bit PC and the OS is win 7
 
I'm in a bit of a pickle and very concerned that I'm but a few steps away from having to do a system restore at best or a system recovery at worst, so I'm here to ask for expert help.  
 
At this point the computer has become increasingly unstable, with startups hanging forever and looping into logging off and then shutting down.  Yesterday something new happened on start up... after hanging for a long time I got a black screen with a notification on the bottom right corner of the screen - *Windows 7 Build 7601 This copy of windows is not genuine*  I purchased the computer 3 years ago and although we no longer get a hard copy of the OS... it has to be a genuine copy of Windows 7 as it's an HP purchased at BestBuy!  I have the 3 recovery discs I made when I first bought the computer. 
 
In any case, I'm only able to run the computer in safe mode at the moment, and it runs pretty snappy in that mode I have to say so I'm hopeful that my issues can be resolved.  
 
How I got in this mess:  I noticed my computer was slowing down to the point of programs/browsers hanging to the point of becoming unresponsive or crashing; the computer itself had become less responsive; start ups and shutting down was becoming increasingly slower as well.  Someone suggested I download and run malwarebytes and the first time I ran the scan it found 134 objects, the majority were PUP.Optional files, one HackTool.agent file and 7 Adware.QuestBrwSearch malware files.  I quarantined all objects.  I ran MB another time and no more objects were found.
 
Next I used tweakin.com windows repair program and that seemed to help.  I set restore points for the computer and registry.
 
The following day I ran MB again because the computer was not running optimally and after several attempts to complete the process (program would stall and become unresponsive), I found 372 objects, in the space of a day!  I run AVG antivirus so this was a little bit shocking.  I reckon I need to change antivirus programs.  Someone recommended AVAST.
 
After I ran malwarebytes, I ran the tweaking.com windows repair tool again, set new restore points, following which, the computer did not seem to improve.  I have TuneUp Utilities and ran the program hoping to tweak the system further but my computer was just not responding.  Is it possible I over-tweaked it?
 
I ran a system diagnostics with F9 and ALL PASSED --->  Touch interface;  CPU;  memory;  drives;  boot path  ALL 100%
 
Today I ran a malwarebytes full scan (other times were quick scans) again and I found 4 more objects (1 PUP.Optioinal file; 1 TROJAN.MSIL file; and 2 HackTool.Agent files)   I also downloaded SparkTrust malware removal tool which I installed and ran in safe mode.   It found no malware but did report 2482 problems that require attention.  
 
Thing is before I opt to correct anything further, I want to know is this is the right course of action or if something else needs to be done.
 
Someone I know suggested I might have a rootkit issue.  Some of the system problems listed were in
HKEY_CLASSES_ROOT\CLSID\etc files.... Not sure what to think anymore.. that's why I'm here.  
 
So this is where I'm at.  I know I was infected but are the start up, operational, and shutting down issues I'm experiencing now from a residual infection or the subsequent tweaking process?  I'm wondering about the computer repair options, such as debugging.
 
Please advise
 
Lofty

 



BC AdBot (Login to Remove)

 


#2 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 07 March 2014 - 05:06 PM

SparkTrust malware removal tool is a Scam Registry cleaner and should be removed as soon as you can.

 

You do NOT have 2482 problems that require you to purchase this program (this is what they want).

Read the small print >>>

SparkTrust PC Cleaner Plus includes free tools and free PC diagnosis. Upgrading to the paid edition, unlocks the full suite of tools and features .

 

I would believe " I ran a system diagnostics with F9 and ALL PASSED" as correct.

 

 

Download Screen317 Security Check and save it to your Desktop.
* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt
* Please post the contents of that document.
Note:: If a security program requests permission to access the Internet, allow it to do so.

 

 

Next -

Please download MiniToolBox and run it.
Checkmark following boxes:

* List content of Hosts
* Flush DNS
* Report IE Proxy Settings
* Reset IE Proxy Settings
* Report FF Proxy Settings
* Reset FF Proxy Settings
* List last 10 Event Viewer log
* List Installed Programs
* List Devices (do NOT change any settings here)
* List Users, Partitions and Memory size
Note: When using "Reset FF Proxy Settings" option Firefox should be closed.
Click Go and Copy / Paste the result. (result.txt)

 

 

Please Update Malwarebytes program if it is installed -

OR

 

Download Malwarebytes' Anti-Malware Free (aka MBAM): to your desktop.
- Do not accept the Free Trial Version at this time -
Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.
* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* NOTE :Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

Be sure to restart the computer if requested.
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

 

 

Next

Run ESETOnlineScanner Please use Internet Explorer as the scanner uses ActiveX
If you will not use Internet Explorer, please see 3 - 1 & 3 - 2

1 .Hold down Control (Ctrl) key, and click on This link to open ESET OnlineScan in a new window.
2 .Click the eset online button.
3 .For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
3 - 1 .Click on Esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
3 - 2 .Double click on esetsmartinstaller_enu on your desktop.
4 .Check "YES, I accept the Terms of Use."
5 .Click the Start button.
6 .Accept any security warnings from your browser.
7 .Under scan settings, check "Scan Archives" and "Remove found threats"
8 .Click Advanced settings and select the following:
* Scan potentially unwanted applications
* Scan for potentially unsafe applications
* Enable Anti-Stealth technology

9 .ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this will take some time.
* My last scan on my XP 80% free space took 1.20 hours
10 .When the scan completes, click List Threats
11 .Click Export, and save the file to your desktop using a unique name, such as ESETScan.
- Include the contents of this report in your next reply.
12 .Click the Back button.
13 .Click the Finish button.
* NOTE: Sometimes if ESET finds no infections it will not create a log.

 

Edit for Spellcheck -


Edited by noknojon, 07 March 2014 - 05:25 PM.


#3 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 07 March 2014 - 11:46 PM

Roger that - I immediately uninstalled SparkTrust - thanks mate!
 
All these tests were done in safe mode, as windows doesn't load at last attempt.  Before that the programs would not respond.  Safe mode with networking works great though...

Checkup.txt     -------------

 Results of screen317's Security Check version 0.99.80 
 Windows 7 Service Pack 1 x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Security Center service is not running! This report may not be accurate!
 Windows Firewall Enabled! 
Immunet 3.0                      
AVG AntiVirus Free Edition 2014  
Microsoft Security Essentials    
Lavasoft Ad-Aware                
 Antivirus up to date!  (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
 Ad-Aware
 Malwarebytes Anti-Malware version 1.75.0.1300 
 TuneUp Utilities 2014  
 TuneUp Utilities 2014 (en-US) 
 TuneUp Utilities Language Pack (en-US)
 TuneUp Utilities 2014  
 Java™ 6 Update 26 
 Java version out of Date!
 Adobe Flash Player 12.0.0.70 
 Adobe Reader 10.1.9 Adobe Reader out of Date! 
 Mozilla Firefox (27.0.1)
 Google Chrome 33.0.1750.117 
 Google Chrome 33.0.1750.146 
````````Process Check: objlist.exe by Laurent```````` 
 Microsoft Security Essentials MSMpEng.exe
 Ad-Aware AAWService.exe is disabled!
 Ad-Aware AAWTray.exe is disabled!
 Ad-Aware Antivirus AdAwareService.exe  
 Ad-Aware Antivirus Engine SBAMSvc.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C: 
````````````````````End of Log``````````````````````

-----------------------------------------------------

result.txt  -----------
MiniToolBox by Farbar  Version: 23-01-2014
Ran by WingMaker (administrator) on 07-03-2014 at 19:16:36
Running from "C:\Users\WingMaker\Downloads"
Microsoft Windows 7 Home Premium  Service Pack 1 (X64)
Boot Mode: Network
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================


"Reset FF Proxy Settings": Firefox Proxy settings were reset.


========================= Event log errors: ===============================

Application errors:
==================
Error: (03/04/2014 02:44:41 PM) (Source: WinMgmt) (User: )
Description: 0x8004401eC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF

Error: (03/03/2014 11:42:17 AM) (Source: HP Health Check Service) (User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (03/02/2014 08:39:48 PM) (Source: Windows Search Service) (User: )
Description: Unable to initialize the filter host process. Terminating.


Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (03/02/2014 06:40:33 PM) (Source: WinMgmt) (User: )
Description: 0x8004401eC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF

Error: (03/02/2014 06:09:38 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 4194304
   Snapshot Context: 4194304
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{7c0b736a-e6f7-11df-bb4a-806e6f6e6963}\
   Execution Context: Coordinator

Error: (03/02/2014 06:09:38 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 4194304
   Snapshot Context: 4194304
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{7c0b736a-e6f7-11df-bb4a-806e6f6e6963}\
   Execution Context: Coordinator

Error: (03/02/2014 06:07:55 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Error creating the Shadow Copy Provider COM class with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
].


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 4194304
   Snapshot Context: 4194304
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{7c0b736a-e6f7-11df-bb4a-806e6f6e6963}\
   Execution Context: Coordinator

Error: (03/02/2014 06:07:55 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service information: The COM Server with CLSID {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a} and name SW_PROV cannot be started. [0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
]


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 4194304
   Snapshot Context: 4194304
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{7c0b736a-e6f7-11df-bb4a-806e6f6e6963}\
   Execution Context: Coordinator

Error: (03/02/2014 06:05:16 PM) (Source: System Restore) (User: )
Description: Failed to create restore point (Process = C:\Windows\system32\wbem\wmiprvse.exe; Description = Tweaking.com - Windows Repair; Error = 0x80042302).

Error: (03/02/2014 06:05:16 PM) (Source: VSS) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine GetProviderMgmtInterface.  hr = 0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation.
.


System errors:
=============
Error: (03/07/2014 07:08:53 PM) (Source: DCOM) (User: )
Description: 1084defragsvc{D20A3293-3341-4AE8-9AAF-8E397CB63C34}

Error: (03/07/2014 04:44:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/07/2014 04:44:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/07/2014 04:44:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/07/2014 04:44:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/07/2014 04:44:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/07/2014 04:44:13 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (03/07/2014 04:44:11 PM) (Source: Microsoft Antimalware) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.

    New Signature Version:

    Previous Signature Version: 1.167.1325.0

    Update Source: %NT AUTHORITY59

    Update Stage: 4.4.0304.00

    Source Path: 4.4.0304.01

    Signature Type: %NT AUTHORITY602

    Update Type: %NT AUTHORITY604

    User: NT AUTHORITY\SYSTEM

    Current Engine Version: %NT AUTHORITY605

    Previous Engine Version: %NT AUTHORITY606

    Error code: %NT AUTHORITY607

    Error description: %NT AUTHORITY608

Error: (03/07/2014 04:44:11 PM) (Source: DCOM) (User: )
Description: 1084wuauserv{E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error: (03/07/2014 04:42:23 PM) (Source: Service Control Manager) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068


Microsoft Office Sessions:
=========================
Error: (03/04/2014 02:44:41 PM) (Source: WinMgmt)(User: )
Description: 0x8004401eC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF

Error: (03/03/2014 11:42:17 AM) (Source: HP Health Check Service)(User: )
Description: Service cannot be started. The service process could not connect to the service controller

Error: (03/02/2014 08:39:48 PM) (Source: Windows Search Service)(User: )
Description:
Details:
    This operation returned because the timeout period expired.  (HRESULT : 0x800705b4) (0x800705b4)

Error: (03/02/2014 06:40:33 PM) (Source: WinMgmt)(User: )
Description: 0x8004401eC:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V1.1.4322\ASPNET.MOF

Error: (03/02/2014 06:09:38 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 4194304
   Snapshot Context: 4194304
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{7c0b736a-e6f7-11df-bb4a-806e6f6e6963}\
   Execution Context: Coordinator

Error: (03/02/2014 06:09:38 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 4194304
   Snapshot Context: 4194304
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{7c0b736a-e6f7-11df-bb4a-806e6f6e6963}\
   Execution Context: Coordinator

Error: (03/02/2014 06:07:55 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 4194304
   Snapshot Context: 4194304
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{7c0b736a-e6f7-11df-bb4a-806e6f6e6963}\
   Execution Context: Coordinator

Error: (03/02/2014 06:07:55 PM) (Source: VSS)(User: )
Description: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}SW_PROV0x80070422, The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


Operation:
   Obtain a callable interface for this provider
   List interfaces for all providers supporting this context
   Check If Volume Is Supported by Provider
   Add a Volume to a Shadow Copy Set

Context:
   Provider ID: {b5946137-7b9f-4925-af80-51abd60b20d5}
   Class ID: {65ee1dba-8ff4-4a58-ac1c-3470ee2f376a}
   Snapshot Context: 4194304
   Snapshot Context: 4194304
   Execution Context: Coordinator
   Provider ID: {00000000-0000-0000-0000-000000000000}
   Volume Name: \\?\Volume{7c0b736a-e6f7-11df-bb4a-806e6f6e6963}\
   Execution Context: Coordinator

Error: (03/02/2014 06:05:16 PM) (Source: System Restore)(User: )
Description: C:\Windows\system32\wbem\wmiprvse.exeTweaking.com - Windows Repair0x80042302

Error: (03/02/2014 06:05:16 PM) (Source: VSS)(User: )
Description: GetProviderMgmtInterface0x8004230f, The shadow copy provider had an unexpected error while trying to process the specified operation.


CodeIntegrity Errors:
===================================
  Date: 2012-12-23 17:11:11.751
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

  Date: 2012-12-23 17:11:11.593
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files\PeerGuardian2\pgfilter.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


=========================== Installed Programs ============================

µTorrent (Version: 3.1.0)
µTorrent (Version: 3.3.2.30303)
1ClickCashBotSniper (Version: 1.0.0)
1ClickCashBotXtreme (Version: 1.0.0)
Action Enforcer
ActiveCheck component for HP Active Support Library (Version: 3.0.0.3)
Ad-Aware Antivirus (Version: 10.0.185.3207)
Adobe AIR (Version: 3.9.0.1210)
Adobe Flash Player 12 ActiveX (Version: 12.0.0.70)
Adobe Flash Player 12 Plugin (Version: 12.0.0.70)
Adobe Reader X (10.1.9) (Version: 10.1.9)
Adobe Shockwave Player 11.5 (Version: 11.5.9.620)
Affiliate Pro Machine
Amazon Dominator version 1.0 (Version: 1.0)
Ant.com IE add-on (Version: 2.2.3.1074)
Apple Application Support (Version: 2.3.6)
Apple Mobile Device Support (Version: 7.0.0.117)
Apple Software Update (Version: 2.1.3.127)
Ask Toolbar (Version: 1.9.1.0)
AuthorityHub (Version: 1.06)
AVG 2014 (Version: 14.0.3705)
AVG 2014 (Version: 14.0.4335)
AVG 2014 (Version: 2014.0.4335)
Azon Keyword Generator (Version: 3.0.0.0)
Azon Top 100 Analyzer (Version: 3.0.0.3)
Backlink Machine version 1.0 (Version: 1.0)
Bing Bar (Version: 7.0.850.0)
BitTorrent (Version: 7.8.1.30016)
blinkx beat (Version: 1.5.0)
Blueprint Browser (Version: 1.06)
Bonjour (Version: 3.0.0.10)
Buttons & OSDs control application gen3 (Version: 1.0.3.0)
Canon Easy-WebPrint EX
Canon IJ Network Scan Utility
Canon IJ Network Tool
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon MP Navigator EX 3.1
Canon MX340 series MP Drivers
Canon Speed Dial Utility
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Citrix Online Launcher (Version: 1.0.122)
CleanMem (Version: v2.4.3)
CommissionMultiplier (Version: 1.1.0)
Compatibility Pack for the 2007 Office system (Version: 12.0.6612.1000)
ConvertHelper 2.2
Corel Paint it! touch - IPM (Version: 1.1)
Crazy Clickbank Cash (Version: 1.0.4)
Crazy Clickbank Cash Link Spy (Version: 1.0.0)
Crazy Clickbank Cash URL Spy (Version: 1.0.4)
CrazyClickbankCashSubmitter (Version: 1.0.0)
Crossrider Web Apps
Crowd Force (Version: 0.0.7)
CyberLink DVD Suite Deluxe (Version: 7.0.2115)
DirectX for Managed Code Update (Summer 2004) (Version: 9.02.2904)
DomaIQ
DVD Menu Pack for HP TouchSmart Video (Version: 3.1.3224)
DVD Shrink 3.2
Dynamic Auto-Painter x64 PRO version 3.1 (Version: 3.1)
Easy Click Commissions version 1.0.2 (Version: 1.0.2)
Ebook Niche Explorer (Version: 2.0.9)
fb ADMAKER (Version: 1.0)
File1 Package Manager (Version: 0.1.2.75)
FileZilla Client 3.5.1 (Version: 3.5.1)
GetFLV 9.5.2.9
GIMP 2.6.11 (Version: 2.6.11)
Google Chrome (Version: 33.0.1750.146)
Google Toolbar for Internet Explorer (Version: 1.0.0)
Google Toolbar for Internet Explorer (Version: 7.5.4805.320)
Google Update Helper (Version: 1.3.22.5)
GoToMeeting 5.9.0.1216 (Version: 5.9.0.1216)
Hardware Diagnostic Tools (Version: 6.0.5247.34)
HiDownloadPlatinum
HiJackThis (Version: 1.0.0)
HP Advisor (Version: 3.3.9512.3162)
HP Customer Experience Enhancements (Version: 6.0.1.3)
HP Desktop Keyboard (Version: 1.0.0.11)
HP Games (Version: 1.0.0.71)
HP MediaSmart DVD (Version: 3.1.3317)
HP Odometer (Version: 2.10.0000)
HP RC Mirror Driver (Version: 2.0.0.1)
HP Remote Solution (Version: 1.1.11.0)
HP Setup (Version: 1.2.3560.3170)
HP Support Assistant (Version: 5.1.10.7)
HP Support Information (Version: 10.1.0002)
HP TouchSmart (Version: 3.0.35.0)
HP TouchSmart Browser (Version: 3.0.0008)
HP TouchSmart Calendar (Version: 3.1.3532.29998)
HP TouchSmart Canvas (Version: 1.1.3611.25561)
HP TouchSmart Clock (Version: 3.0.3572.25998)
HP TouchSmart Live TV (Version: 3.1.2206)
HP TouchSmart Music/Photo/Video (Version: 3.1.3422)
HP TouchSmart Notes (Version: 3.1.3544.29053)
HP TouchSmart Paint it! by Corel - Content (Version: 1.0)
HP TouchSmart Paint it! by Corel - Core (Version: 1.0)
HP TouchSmart Paint it! by Corel - ICA (Version: 1.0)
HP TouchSmart Paint it! by Corel - Langauge (Version: 1.0)
HP TouchSmart Paint it! by Corel (Version: 1.5.0.96)
HP TouchSmart RecipeBox (Version: 2.5.3809.27769)
HP TouchSmart RSS (Version: 3.0.0006)
HP TouchSmart Tutorials (Version: 3.0.5.2)
HP TouchSmart Tutorials (Version: 3.2.0.0)
HP TouchSmart Webcam (Version: 3.1.2219)
HP Update (Version: 5.001.000.014)
HPAsset component for HP Active Support Library (Version: 3.0.0.3)
Image Easy (Version: 1.5.2)
Immunet 3.0 (Version: 3.0.13.9411)
Instant Article Suite v1.10
Intel® Graphics Media Accelerator Driver (Version: 8.15.10.2102)
iTunes (Version: 11.1.3.8)
Java Auto Updater (Version: 2.0.5.1)
Java™ 6 Update 26 (Version: 6.0.260)
Keyword Blaze (Version: 1.4.7)
Keyword Optimizer Pro 2 (Version: 2.0.1.6)
Keyword Suggest Bloodhound (Version: 0.0.91)
Keyword Tool (Version: 1.0.7)
KeywordAdvantage
Kindle Game Book Creator (Version: 2.0.2)
K-Lite Codec Pack 7.1.0 (Full) (Version: 7.1.0)
LabelPrint (Version: 2.5.2017)
LightScribe System Software (Version: 1.18.8.1)
LinkBox (Version: 1.1.107)
Low Hanging Traffic 2.0 (Version: 2.0.2)
Mage Monster (Version: 1.1.0)
Magic Article Rewriter (Version: 1.8.4)
Malwarebytes Anti-Malware version 1.75.0.1300 (Version: 1.75.0.1300)
Mass Review Cash version 1.0 (Version: 1.0)
Micro Niche Domain Finder version 0.31 (Version: 0.31)
Micro Niche Finder 5.0 (Version: 5.7.37.0)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938)
Microsoft Live Search Toolbar (Version: 3.0.566.0)
Microsoft Office Home and Student 60 day trial
Microsoft Office PowerPoint Viewer 2007 (English) (Version: 12.0.6612.1000)
Microsoft Security Client (Version: 4.4.0304.0)
Microsoft Security Essentials (Version: 4.4.304.0)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Touch Pack for Windows 7 (Version: 1.0.40517.00)
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 (Version: 8.0.50727.4053)
Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001)
Microsoft Visual C++ 2005 Redistributable (x64) - KB2467175 (Version: 8.0.51011)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.56336)
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (Version: 9.0.30729.5570)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022 (Version: 9.0.21022)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (Version: 10.0.40219)
Microsoft Works (Version: 9.7.0621)
Microsoft XNA Framework Redistributable 3.0 (Version: 3.0.11010.0)
Movie Theme Pack for HP TouchSmart Video (Version: 3.1.3310)
Mozilla Firefox 27.0.1 (x86 en-US) (Version: 27.0.1)
Mozilla Maintenance Service (Version: 27.0.1)
MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0)
MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0)
Niche Domain Finder (Version: 0.1.06)
OfferEvaluator (Version: 1.04)
OpenOffice.org 3.2 (Version: 3.2.9502)
Orbit Downloader
Package: Tony de Bree´s Tip Article Creator 1.0 (Version: 1.0)
PeerGuardian 2.0 (Version: 2.1.0.2)
PlayReady PC Runtime amd64 (Version: 1.3.0)
PLR Article Manager (Version: 1.0.0)
Portal Traffic Attractor (Version: 1.0.0.3)
Power2Go (Version: 6.0.3304)
PowerDirector (Version: 7.0.3503)
QuickTime (Version: 7.74.80.86)
Rapid Content Wizard (Version: 1.0.0.6)
Realtek High Definition Audio Driver (Version: 6.0.1.6053)
Recovery Manager (Version: 5.5.2216)
SAMSUNG Mobile Modem Driver Set
Samsung Mobile phone USB driver Drive Software
SAMSUNG Mobile USB Modem 1.0 Software
SAMSUNG Mobile USB Modem Software
Samsung PC Studio 3 USB Driver Installer (Version: 3.2.0.70701)
SERPy (Version: 1.03)
Simple Sites Big Profits 2011 1.22.00
Skype Click to Call (Version: 6.9.12585)
Skype™ 6.11 (Version: 6.11.102)
SmartCreator (Version: 1.6.13)
Sothink FLV Player (Version: 2.3)
Speedy Book Publisher 1.2.91 (Version: 1.2.91)
SUPERAntiSpyware (Version: 4.53.1000)
The Ultimate PLR Article Collection (Version: 1.0.23.0)
Traffic Evolution (Version: 1.8.0)
Traffic Travis 3.3.36
TuneUp Utilities 2014 (en-US) (Version: 14.0.1000.221)
TuneUp Utilities 2014 (Version: 14.0.1000.221)
TuneUp Utilities Language Pack (en-US) (Version: 12.0.3600.104)
Tweaking.com - Windows Repair (All in One) (Version: 2.5.1)
UltimateDomainFinder (Version: 0.07)
UltimateDomainFinder (Version: v0.07)
Update or Uninstall SENukeX (Version: 1.0.0.149)
Visual Studio 2008 x64 Redistributables (Version: 10.0.0.2)
Visual Studio 2010 x64 Redistributables (Version: 13.0.0.1)
Visual Studio 2012 x64 Redistributables (Version: 14.0.0.1)
Visual Studio 2012 x86 Redistributables (Version: 14.0.0.1)
VLC media player 1.1.11 (Version: 1.1.11)
VS10Runtimex64 (Version: 1.0.0)
WinRAR 4.00 (64-bit) (Version: 4.00.0)
Word Wizard (Version: 1.1.0)
XMind 2012 (v3.3.1) (Version: 3.3.1.201212250029)

========================= Devices: ================================

Name: Security Processor Loader Driver
Description: Security Processor Loader Driver
Class Guid: {8ECC055D-047F-11D1-A537-0000F8753ED1}
Manufacturer:
Service: spldr
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: Consumer IR Devices
Description: Consumer IR Devices
Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: circlass
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver


========================= Memory info: ===================================

Percentage of memory in use: 20%
Total physical RAM: 3831.11 MB
Available physical RAM: 3037.66 MB
Total Pagefile: 7660.41 MB
Available Pagefile: 6910.81 MB
Total Virtual: 4095.88 MB
Available Virtual: 3982.06 MB

========================= Partitions: =====================================

1 Drive c: (HP) (Fixed) (Total:918.46 GB) (Free:666.89 GB) NTFS
2 Drive d: (FACTORY_IMAGE) (Fixed) (Total:12.96 GB) (Free:1.76 GB) NTFS
5 Drive g: () (Removable) (Total:7.45 GB) (Free:2.25 GB) FAT32
6 Drive h: (LaCie) (Fixed) (Total:465.76 GB) (Free:42.24 GB) NTFS

========================= Users: ========================================

User accounts for \\PEGASUS

Administrator            ASPNET                   Guest                   
WingMaker               


**** End of log ****
------------------------

Updated MalwareBytes again and ran a full scan (had previously selected show in results list and check for removal so I have older logs I can show as well)

Scan results:

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.07.11

Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking)
Internet Explorer 11.0.9600.16518
WingMaker :: PEGASUS [administrator]

07/03/2014 7:21:38 PM
mbam-log-2014-03-07 (19-21-38).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 466794
Time elapsed: 3 hour(s), 8 minute(s), 59 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

----------

ESET Scanner results (found threats that malwarebytes did not)

It found 15 threats and counting.  It's been 4 hours of scanning and there is quite a ways to go.  I will post the results first thing in the morning.  Hope what I posted thus far helps for now.
 
 
 
 



 

Edited by wingmaker, 07 March 2014 - 11:56 PM.


#4 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 08 March 2014 - 12:58 AM

You have 4 Antivirus programs installed, only one is required or they will not work.

Please remove the others. and ask for help if required.

Immunet 3.0                     
 AVG AntiVirus Free Edition 2014 
 Microsoft Security Essentials   
 Lavasoft Ad-Aware 

 

Both of these  Ad-Aware programs are already disabled and can be removed as they are not working
Ad-Aware Antivirus AdAwareService.exe  Ad-Aware AAWService.exe is disabled!
Ad-Aware Antivirus Engine SBAMSvc.exe   Ad-Aware AAWTray.exe is disabled!

 

This program is not required as it is just Registry Cleaners / Optimisers that do not work.
TuneUp Utilities 2014 
 TuneUp Utilities 2014 (en-US)
 TuneUp Utilities Language Pack (en-US)
 TuneUp Utilities 2014

 

 

Java™ 6 Update 26  Java version out of Date!
Current version is Version7 Update51 Delete all old versions from Programs and Features
Do not accept any Add-ons or Extras with the download, as they are just advertising and not Java related

 

 

Do you use 1ClickCashBotXtreme (a direct online loan program) Remove it if you do not

HiJackThis (Version: 1.0.0) is useless on your Windows 7 64bit unit and is way out dated.



#5 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 08 March 2014 - 10:07 AM

Hi and thanks again...

 

Here are the ESET scan results - 22 objects found but I suspect this program is overly aggressive.... it targeted WordPress plugins that are from reliable sources and are for marketing purposes.

 

C:\Program Files\DomaIQ Uninstaller\DomaIQUninstall.exe    probably a variant of MSIL/DomaIQ.A potentially unwanted application    deleted - quarantined
C:\Program Files (x86)\Mozilla Firefox\browser\nsprotector.js    Win32/Conduit.SearchProtect.A potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Desktop\Marketing Progams\WPDirect\Themes\horseracingcommentary.com\wp-content\themes\cutline-mod-10\footer.php    PHP/Obfuscated.F potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Desktop\Marketing Progams\WPDirect\Themes\horseracingcommentary.com\wp-content\themes\dog-lover-10\footer.php    PHP/Obfuscated.F potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Desktop\Marketing Progams\WPDirect\Themes\horseracingcommentary.com\wp-content\themes\dog-lover-10\functions.php    PHP/Obfuscated.F potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Desktop\Marketing Progams\WPDirect\Themes\horseracingcommentary.com\wp-content\themes\horse-racing\functions.php    PHP/Obfuscated.F potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Desktop\Marketing Progams\WPDirect\Themes\horseracingcommentary.com\wp-content\themes\yoga-peace-10\footer.php    PHP/Obfuscated.D potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Desktop\Marketing Progams\WPDirect\Themes\themes\cutline-mod-10\footer.php    PHP/Obfuscated.F potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Desktop\Marketing Progams\WPDirect\Themes\themes\dog-lover-10\footer.php    PHP/Obfuscated.F potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Desktop\Marketing Progams\WPDirect\Themes\themes\dog-lover-10\functions.php    PHP/Obfuscated.F potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Desktop\Marketing Progams\WPDirect\Themes\themes\horse-racing\functions.php    PHP/Obfuscated.F potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Desktop\Marketing Progams\WPDirect\Themes\themes\yoga-peace-10\footer.php    PHP/Obfuscated.D potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Downloads\cbsidlm-cbsi127-Flash_Video_Downloader_for_Google_Chrome-ORG-75327988.exe    a variant of Win32/CNETInstaller.B potentially unwanted application    deleted - quarantined
C:\Users\WingMaker\Downloads\GraboidVideoSetup-3.05-Complete.exe    Win32/Graboid potentially unsafe application    deleted - quarantined
C:\Users\WingMaker\Downloads\Shockwave_Installer_Slim (1).exe    Win32/Bundled.Toolbar.Google.D potentially unsafe application    deleted - quarantined
H:\2LACIE (F)\Program Files\zlsSetup_70_462_000_en.exe    a variant of Win32/AdInstaller potentially unwanted application    deleted - quarantined
H:\2LACIE (F)\Program Files\Mozilla Firefox\plugins\NPZoneSB.dll    Win32/Toolbar.MyWebSearch potentially unwanted application    deleted - quarantined
H:\2LACIE (F)\Program Files\ZoneAlarmSB\bar\1.bin\NPZONESB.DLL    Win32/Toolbar.MyWebSearch potentially unwanted application    deleted - quarantined
H:\2LACIE (F)\Program Files\ZoneAlarmSB\bar\1.bin\Z4PLUGIN.DLL    a variant of Win32/Toolbar.MyWebSearch potentially unwanted application    deleted - quarantined
H:\desktop\backup-exemplary-living.com-12-21-2011.tar.gz    PHP/Obfuscated.F potentially unwanted application    deleted - quarantined
H:\desktop\NicheProfitEmpire\Software & Scripts\MonitorBuzz_MRR.zip    probably unknown NewHeur_PE virus    deleted - quarantined
H:\desktop\NicheProfitEmpire\Software & Scripts\Public_Domain_Survival_Kit_MRR.zip    a variant

-------

 

I didn't close down ESET yet as I am hoping not to have to delete the marketing files (unwanted applications) unless you absolutely recommend I do.  As for the ones deemed unsafe, no problem deleting these.  Standing by for further instructions.  I pretty much can't proceed with the rest until I hear back from you on this because then I will close down ESET and attempt to get out of safe mode and into regular mode. 

 

I understand about multiple antivirus programs running... overkill.   Normally I uninstall programs from the control panel options

and I've tried to uninstall lavasoft Ad-Aware before only there is no uninstall option given, only change/repair.  I don't want to just delete the program file.  Any suggestions?

 

As for the rest of the antivirus programs, which do you recommend I keep, if any?  Is there one that I should get other than those on the list?

 

Okay... but the TuneUp Utilities program also cleans ups broken shortcuts, temp files, frees up disk space and reduces load on system startup, runtime and shutdown as well.  It's published by the same people who created AVG so I can probably have access to the same tools via AVG.  Deleting TuneUp Utilities now will undo all the changes made to the computer to speed it up.  Having said that, it wasn't really operating well to the point where I'm at now.  Is there any program or thing to do in its place or is that unnecessary?  I fall for those programs simply because the computer inevitably slows down.

 

I will update my java when I can get the windows to work out of safe mode. I was under the impression there were automatic updates... Not quite certain how to delete old versions from Programs and Features?  I normally use uninstall from control panel.  Will google that. 

 

1clickcashbotextreme... is a video marketing program that I have yet to use but would like to keep.  Is it a problem?

 

I can't uninstall HijackThis from control panel, it won't permit me to. Again, I don't want to delete the program file, any suggestions?  Do you have any recommendations on a replacement?  Or is it at all unnecessary. 

 

I visit a lot of marketing sites... looking to learn online marketing.  So I realize I am getting bombarded by some spyware and/or malware.  Any suggestions would be most appreciated.  :)


Edited by wingmaker, 08 March 2014 - 02:32 PM.


#6 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 09 March 2014 - 10:01 AM

Hi... sorry but I'm stuck until I get answers to my questions in my last post.  

 

I'm still running in safe mode only and need advice about my last ESET scan results before I proceed further.  

 

Also at my wit's end with trying to remove lavasoft Ad-Aware and MicroTrends HijackThis... tougher to remove those programs than the malware!  :(

 

This is what I tried to remove Ad-Aware and I was unsuccessful with each attempt.

 

If you wish to remove our product, try these alternatives:

1. Click "uninstall Ad-Aware" in the lavasoft folder of your start menu  - FAIL (FILE MISSING)

2. If it does not work, open your control panel, click add/remove programs and locate Ad-Aware SE - FAIL (ERROR MESSAGE WINDOWS INSTALLER COULD NOT BE ACCECSSED)

3. If it still does not work, locate and run (double-click) the file "unwise.exe" (the .exe might not be shown). It should be found in C:\program files\lavasoft\Ad-Aware SE [Personal/Plus/Professional]\  FAIL (NO SUCH FILE EXISTES)



If that does not work, or if you get a message saying something like "Can't find Install.log," perform a manual uninstall, which is not a very difficult procedure. Do the following:

1. Click on "my computer" and navigate to your Lavasoft Ad-Aware folder (C:\program files\lavasoft\ad-aware \

2. Run the file unregaaw.exe

3. Delete the entire ad-aware folder

4. Delete your Lavasoft Ad-Aware link in your start menu (if present)

5. Delete the Ad-Aware icon(s) from your desktop(if present)

6. Navigate to C:\Documents and Settings\[User Name]\Application Data\Lavasoft and delete the entire Lavasoft folder.

7. Empty your trash bin

8. Reboot.

 

FAIL - NO SUCH FILE EXISTS

 

Next I tried running Microsoft FIX IT... it removed the program from control panel but not from program files.  FAIL

 

Finally I downloaded REVO Uninstaller PRO and it can't uninstall either program -same error message about windows installer.  I can attempt a forced uninstall but am hesistant to delete files without consulting someone here.  Please advise... I am stuck since yesterday.

 

Thanks!


Edited by wingmaker, 09 March 2014 - 04:20 PM.


#7 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 09 March 2014 - 11:04 PM

I just tried to get windows to run in normal mode... takes forever on startup and I get a black screen and nothing else but the cursor showing.  The computer is free of malware, ran ESET again today, nothing.  MalwareBytes show zero objects.  My computer is clean unless there are other programs for me to run.  In any case, windows 7 is not running normally at all.  Please advise... I need help.   


Edited by wingmaker, 09 March 2014 - 11:05 PM.


#8 noknojon

noknojon

  • Banned
  • 10,871 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:03:50 PM

Posted 10 March 2014 - 12:24 AM

Note from above - Ad-Aware Antivirus Engine SBAMSvc.exe   Ad-Aware AAWTray.exe is disabled!

The program was already disabled, but it may still have an entry in Programs and Features -

Just remove any old entry so it will not show up again -

Lavasoft Ad-Aware: Antivirus up to date!  (On Access scanning disabled!)

This confirms that it is Disabled - FAIL - NO SUCH FILE EXISTS

 

 

These are the 3 Antivirus programs to remove =>

Immunet 3.0                     
Microsoft Security Essentials   
Lavasoft Ad-Aware 

 

I can't uninstall HijackThis from control panel, it won't permit me to. Again, I don't want to delete the program file, any suggestions?  Do you have any recommendations on a replacement?  Or is it at all unnecessary. 

This is not required on any Windows 7 and a 64bit makes it almost useless - Leave or uninstall it will do nothing.

 

Okay... but the TuneUp Utilities program also cleans ups broken shortcuts, temp files, frees up disk space and reduces load on system startup, runtime and shutdown as well.  It's published by the same people who created AVG so I can probably have access to the same tools via AVG.  Deleting TuneUp Utilities now will undo all the changes made to the computer to speed it up.

I notice that your system is running very well with these programs installed ???????
I can only tell you what we see every day, and the problems these programs cause.......

In any case, windows 7 is not running normally at all.

Your computer is overloaded with scam programs that are dragging it down, and none of the programs you "like" are helping (you must agree with that)

 

I've tried to uninstall lavasoft Ad-Aware before only there is no uninstall option given, only change/repair.  I don't want to just delete the program file.  Any suggestions?

Delete all of it if you ever find it -

ESET Scanner can be a bit severe at times, and that is why we use it.

Please reinstall what you think is OK or I can check them for you.

 

You want to run AVG and all the involved Add-ons, then that is the only Antivirus that you keep, but ALL of the others must be removed.

 

AdwCleaner has done its job, so open it and hit the Uninstall Button to remove the program, and all of its quarantined items. This is a Single use program and can not be Updated like Antivirus or Antimalware programs. It is just a cleaner.

 

From the logs I can get, there are no major problems showing, so if it still has problems, please see below.

 

Please follow the instructions in THIS Prep Guide starting at Step #6.

NOTE - If you cannot complete a step, skip it and continue.

 

 Once the proper DDS logs are created, then make a NEW TOPIC and post it to =>
Virus, Trojan, Spyware, and Malware Removal Logs. area - Not back here.

 

They can use other tools to find the problems that I can not use in this area.

 

If HelpBot replies, please follow its Step #1 and the team will be notified.

 

Tell me when you post the new topic so we can close this one and only let the Experts fix your problem.



#9 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 11 March 2014 - 12:15 PM

Okay just to be clear about the lavasoft Ad-Aware antivirus program - it is already disabled, got it.  When you say "remove old entries from Programs and Features," do you mean remove the entire folder?  ie the Ad-Aware folder in the program files of my computer?  I'm not an expert so when you say things that are second nature to you... I may not understand what you mean for me to do, sorry...



And when you say "these are the 3 antivirus programs to remove" -  roger that however, I'm somewhat confused again... according to you lavasoft Ad-Aware is already disabled.  So I assume again, by this you mean simply remove the Ad-Aware folder in my program files, correct?  I was unable to uninstall Microsoft security Essentials in safe mode and cannot get into Windows regular mode so I'm stuck here.  The uninstall of Immunet3 stalled in mid process and won't complete, once again I'm limited by safe mode. 



Point taken about TuneUp facilities... I tried to uninstall in safe mode but cannot complete the process. 



I have a question for you.. why on earth do you assume the marketing software I have installed on my computer are "scams?"  They are keyword research tools, website building software, WordPress plugins, Search Engine optimization tools, video editing and submission software, Private Label Rights content, Kindle book formatting software, etc.  How can you say none of these programs are helping me when my computer was running fine with these software installations up until a week or so ago?  These are online business building tools that I am using for my livelihood, which incidentally is 100% legitimate.

You falsely named 1clickcashbot an online loan program, where did you come up with that?  Google it and you will find youtube videos on how this software works.  Please do not imply that my software programs are scam related, I take offense to that.  And most of the marketing tools and software is on my external HD in any case.  Funny how other marketers also use these tools and their Windows runs fine.

Now...  for the programs I have pinned to my task bar, are you saying that there are too many there and even when not running, they are interfering with the performance of my computer?  Moreover if I unpin them, will that improve the performance of my computer?  I also have a lot of shortcuts on my desktop, should those be placed into one folder on my desktop for easy access?


As for the ESET results...  the only two files I want to restore are both found in my external hard drive: 

H:\desktop\NicheProfitEmpire\Software & Scripts\Public_Domain_Survival_Kit_MRR.zip  (these are Private Label Rights materials)

H:\desktop\backup-exemplary-living.com-12-21-2011.tar.gz   (host gator backup of old website)

ESET is so aggressive it pegged old Zone Alarm applications and files... hard to believe they are harming my computer but in any case, I have deleted all the files in ESET scanner, including plugins for WordPress websites, just to be cautious.



I understand about AVG and running it as my sole antivirus program.  Should I opt for the paid version or is the free version good enough.  Also, I don't understand what you mean by AVG add-ons?



I never ran AdwCleaner, only MalwareBytes and ESET.  You never suggested I run this, should I?   So there is no reason to run any rootkit programs?


***In a nutshell, I cannot uninstall any of the programs you listed until my windows is operating in normal mode, nor can I update java in safe mode.  My computer is clean at the moment, having run MalwareBytes and ESET (not AdwCleaner) - with the exception of the two files I restored to my external HD listed above.
 
Having said that, do I continue to the next step you suggested, that being to follow the Prep Guide?

Please advise and thanks again!


 


#10 wingmaker

wingmaker
  • Topic Starter

  • Members
  • 67 posts
  • OFFLINE
  •  
  • Local time:01:50 AM

Posted 11 March 2014 - 09:32 PM

I found and ran AdwCleaner...  this is the log... seems like a lot.  Please advise...

 

# AdwCleaner v3.021 - Report created 11/03/2014 at 19:56:08
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : WingMaker - PEGASUS
# Running from : C:\Users\WingMaker\Downloads\AdwCleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\.autoreg
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\defaulttab.config
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\addon@defaulttab.com.xpi
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\searchplugins\search.xml
File Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\user.js
File Found : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar
Folder Found : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Folder Found : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Folder Found : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{317B5128-0B0B-49b2-B2DB-1E7560E16C74}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{84b24861-62f6-364b-eba5-2e5e2061d7e6}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\anttoolbar@ant.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\anttoolbar@ant.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\domainsonfirefox@domainsonfire.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\netvideohunter@netvideohunter.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\toolbar@ask.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\toolbar@ask.com
Folder Found : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Extensions\youtubeunblocker@unblocker.yt
Folder Found C:\Program Files (x86)\Ask.com
Folder Found C:\Program Files (x86)\Conduit
Folder Found C:\Program Files (x86)\orbitdownloader
Folder Found C:\Program Files (x86)\SearchProtect
Folder Found C:\Program Files (x86)\Toolbar Cleaner
Folder Found C:\Program Files\DomaIQ Uninstaller
Folder Found C:\ProgramData\AVG Secure Search
Folder Found C:\ProgramData\CodecCheck
Folder Found C:\ProgramData\Premium
Folder Found C:\SearchProtect
Folder Found C:\Users\WINGMA~1\AppData\Local\Temp\FoxTab
Folder Found C:\Users\WingMaker\AppData\Local\Conduit
Folder Found C:\Users\WingMaker\AppData\Local\SwvUpdater
Folder Found C:\Users\WingMaker\AppData\LocalLow\Conduit
Folder Found C:\Users\WingMaker\AppData\LocalLow\PriceGong
Folder Found C:\Users\WingMaker\AppData\Roaming\DefaultTab
Folder Found C:\Users\WingMaker\AppData\Roaming\DriverCure
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\ConduitCommon
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\CT2786678
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\FoxTab
Folder Found C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\Smartbar
Folder Found C:\Users\WingMaker\AppData\Roaming\SearchProtect
Folder Found C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Found : HKCU\Software\AppDataLow\AskToolbarInfo
Key Found : HKCU\Software\AppDataLow\Software\AskToolbar
Key Found : HKCU\Software\AppDataLow\Software\AVG Security Toolbar
Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Ask.com
Key Found : HKCU\Software\AVG Nation toolbar
Key Found : HKCU\Software\BI
Key Found : HKCU\Software\Default Tab
Key Found : HKCU\Software\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKCU\Software\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKCU\Software\IGearSettings
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\ImInstaller
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Download by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\&Grab video by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Do&wnload selected by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Down&load all by Orbit
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2974C985-8151-4DE5-B23C-B875F0A8522F}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Key Found : HKCU\Software\Orbit
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\Softonic
Key Found : HKCU\Software\YahooPartnerToolbar
Key Found : [x64] HKCU\Software\Ask.com
Key Found : [x64] HKCU\Software\AVG Nation toolbar
Key Found : [x64] HKCU\Software\BI
Key Found : [x64] HKCU\Software\Default Tab
Key Found : [x64] HKCU\Software\IGearSettings
Key Found : [x64] HKCU\Software\IM
Key Found : [x64] HKCU\Software\ImInstaller
Key Found : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Key Found : [x64] HKCU\Software\Orbit
Key Found : [x64] HKCU\Software\SearchProtect
Key Found : [x64] HKCU\Software\Softonic
Key Found : [x64] HKCU\Software\YahooPartnerToolbar
Key Found : HKLM\Software\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Found : HKLM\Software\AVG Nation toolbar
Key Found : HKLM\Software\AVG Security Toolbar
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{3F1D494B-0CEF-4468-96C9-386E2E4DEC90}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7854F00C-DC77-477E-A10E-603F48442D3B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{7CD74AFF-3433-4E34-92E2-D98DFDB30754}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Key Found : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Key Found : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Key Found : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{A0880527-DC28-4EBB-BA27-D22102F22A9F}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{BCDDE143-FAE3-4C57-B22B-C4E8678CFDC0}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\Software\DefaultTab
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\edfllcfghbogdahicgpcmnmkgpcmdjeo
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\jpnbdefcbnoefmmcpelplabbkfmfhlho
Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\kdidombaedgpfiiedeimiebkmbilgmlc
Key Found : HKLM\Software\ImInstaller
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasapi32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\adawarebp_rasmancs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\HPSF_Tasks_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{000123B4-9B42-4900-B3F7-F4B073EFC214}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Crossrider
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DomaIQ Uninstaller
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Orbit_is1
Key Found : HKLM\Software\Orbit
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\Software\Toolbar Cleaner
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{1F8EDE97-36D5-422A-B8F0-9406E2D87C60}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Found : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : [x64] HKLM\SOFTWARE\DomaIQ
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Found : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Value Found : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Found : HKLM\SOFTWARE\mozilla\Firefox\Extensions [crossriderapp435@crossrider.com]
Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files (x86)\Orbitdownloader\orbitdm.exe]

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Users\WingMaker\AppData\Roaming\Mozilla\Firefox\Profiles\e9k0lx8w.default\prefs.js ]

Line Found : user_pref("CT2786678..clientLogIsEnabled", true);
Line Found : user_pref("CT2786678..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT2786678..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT2786678.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT2786678.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT2786678.BrowserCompStateIsOpen_129579220236217502", true);
Line Found : user_pref("CT2786678.CTID", "CT2786678");
Line Found : user_pref("CT2786678.CurrentServerDate", "23-1-2012");
Line Found : user_pref("CT2786678.DSInstall", false);
Line Found : user_pref("CT2786678.DialogsAlignMode", "LTR");
Line Found : user_pref("CT2786678.DialogsGetterLastCheckTime", "Sun Jan 22 2012 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.DownloadReferralCookieData", "");
Line Found : user_pref("CT2786678.EMailNotifierPollDate", "Sun Jan 22 2012 17:07:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedLastCount5690698542593514850", 151);
Line Found : user_pref("CT2786678.FeedPollDate2429156812186649977", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813040823546", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813130095866", "Sun Jan 22 2012 17:02:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813224203613", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813230837251", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813454291735", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813729834876", "Sun Jan 22 2012 17:02:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156813860870021", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156814264681793", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156814863075366", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedPollDate2429156815257761081", "Sun Jan 22 2012 17:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.FeedTTL2429156813040823546", 15);
Line Found : user_pref("CT2786678.FeedTTL2429156813130095866", 10);
Line Found : user_pref("CT2786678.FeedTTL2429156813454291735", 5);
Line Found : user_pref("CT2786678.FeedTTL2429156814264681793", 5);
Line Found : user_pref("CT2786678.FirstServerDate", "23-1-2012");
Line Found : user_pref("CT2786678.FirstTime", true);
Line Found : user_pref("CT2786678.FirstTimeFF3", true);
Line Found : user_pref("CT2786678.FixPageNotFoundErrors", true);
Line Found : user_pref("CT2786678.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT2786678.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT2786678.HPInstall", false);
Line Found : user_pref("CT2786678.HasUserGlobalKeys", true);
Line Found : user_pref("CT2786678.Initialize", true);
Line Found : user_pref("CT2786678.InitializeCommonPrefs", true);
Line Found : user_pref("CT2786678.InstallationAndCookieDataSentCount", 1);
Line Found : user_pref("CT2786678.InstallationType", "Unknown");
Line Found : user_pref("CT2786678.InstalledDate", "Sun Jan 22 2012 16:02:47 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.IsAlertDBUpdated", true);
Line Found : user_pref("CT2786678.IsGrouping", false);
Line Found : user_pref("CT2786678.IsInitSetupIni", true);
Line Found : user_pref("CT2786678.IsMulticommunity", false);
Line Found : user_pref("CT2786678.IsOpenThankYouPage", true);
Line Found : user_pref("CT2786678.IsOpenUninstallPage", false);
Line Found : user_pref("CT2786678.LanguagePackLastCheckTime", "Sun Jan 22 2012 16:03:11 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT2786678.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT2786678.LastLogin_3.9.0.3", "Sun Jan 22 2012 16:02:51 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.LatestVersion", "3.9.0.3");
Line Found : user_pref("CT2786678.Locale", "en");
Line Found : user_pref("CT2786678.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT2786678.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT2786678.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT2786678.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT2786678.OriginalFirstVersion", "3.9.0.3");
Line Found : user_pref("CT2786678.SearchCaption", "uTorrentBar Customized Web Search");
Line Found : user_pref("CT2786678.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT2786678.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2786678&SearchSource=2&q=");
Line Found : user_pref("CT2786678.SearchInNewTabEnabled", true);
Line Found : user_pref("CT2786678.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT2786678.SearchInNewTabLastCheckTime", "Sun Jan 22 2012 16:02:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT2786678.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT2786678.ServiceMapLastCheckTime", "Sun Jan 22 2012 16:02:38 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastCheckTime", "Sun Jan 22 2012 16:02:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.SettingsLastUpdate", "1326994324");
Line Found : user_pref("CT2786678.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT2786678&SearchSource=13");
Line Found : user_pref("CT2786678.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastCheck", "Sun Jan 22 2012 16:02:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT2786678.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT2786678.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2786678");
Line Found : user_pref("CT2786678.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT2786678.UserID", "UN08605057496401425");
Line Found : user_pref("CT2786678.WeatherNetwork", "");
Line Found : user_pref("CT2786678.WeatherPollDate", "Sun Jan 22 2012 17:03:02 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.WeatherUnit", "C");
Line Found : user_pref("CT2786678.alertChannelId", "1178763");
Line Found : user_pref("CT2786678.autoDisableScopes", -1);
Line Found : user_pref("CT2786678.backendstorage.cbfirsttime", "53756E204A616E20323220323031322031363A30333A303020474D542D3035303020284561737465726E205374616E646172642054696D6529");
Line Found : user_pref("CT2786678.backendstorage.pairingkey", "33394241304344334443383433423843463743344244314635354342313943313936343637384333");
Line Found : user_pref("CT2786678.backendstorage.scriptsource", "687474703A2F2F3132372E302E302E313A31303030302F6775692F");
Line Found : user_pref("CT2786678.backendstorage.uttorrents", "7B226275696C64223A32363637312C226C6162656C223A5B5D2C22746F7272656E7473223A5B5D2C22746F7272656E7463223A2232313238333231333038222C227273736665656473223A[...]
Line Found : user_pref("CT2786678.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT2786678.globalFirstTimeInfoLastCheckTime", "Sun Jan 22 2012 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT2786678.initDone", true);
Line Found : user_pref("CT2786678.isAppTrackingManagerOn", true);
Line Found : user_pref("CT2786678.myStuffEnabled", true);
Line Found : user_pref("CT2786678.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT2786678.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT2786678.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT2786678.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT2786678.revertSettingsEnabled", false);
Line Found : user_pref("CT2786678.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT2786678.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT2786678.testingCtid", "");
Line Found : user_pref("CT2786678.toolbarAppMetaDataLastCheckTime", "Sun Jan 22 2012 16:02:43 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.toolbarContextMenuLastCheckTime", "Sun Jan 22 2012 16:02:52 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT2786678.usagesFlag", 1);
Line Found : user_pref("CT3074349..clientLogIsEnabled", true);
Line Found : user_pref("CT3074349..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT3074349..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3074349.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT3074349.CTID", "CT3074349");
Line Found : user_pref("CT3074349.CommunitiesChangesLastCheckTime", "0");
Line Found : user_pref("CT3074349.CurrentServerDate", "27-9-2011");
Line Found : user_pref("CT3074349.DialogsAlignMode", "LTR");
Line Found : user_pref("CT3074349.DialogsGetterLastCheckTime", "Mon Sep 26 2011 14:46:21 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.DownloadReferralCookieData", "");
Line Found : user_pref("CT3074349.EnableClickToSearchBox", false);
Line Found : user_pref("CT3074349.EnableSearchHistory", false);
Line Found : user_pref("CT3074349.EnableSearchSuggest", false);
Line Found : user_pref("CT3074349.FirstServerDate", "26-9-2011");
Line Found : user_pref("CT3074349.FirstTime", true);
Line Found : user_pref("CT3074349.FirstTimeFF3", true);
Line Found : user_pref("CT3074349.FixPageNotFoundErrors", true);
Line Found : user_pref("CT3074349.GroupingInvalidateCache", false);
Line Found : user_pref("CT3074349.GroupingLastCheckTime", "0");
Line Found : user_pref("CT3074349.GroupingLastServerUpdateTime", "0");
Line Found : user_pref("CT3074349.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT3074349.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT3074349.HasUserGlobalKeys", true);
Line Found : user_pref("CT3074349.Initialize", true);
Line Found : user_pref("CT3074349.InitializeCommonPrefs", true);
Line Found : user_pref("CT3074349.InstallationAndCookieDataSentCount", 2);
Line Found : user_pref("CT3074349.InstallationType", "UnknownIntegration");
Line Found : user_pref("CT3074349.InstalledDate", "Mon Sep 26 2011 14:46:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.InvalidateCache", false);
Line Found : user_pref("CT3074349.IsAlertDBUpdated", true);
Line Found : user_pref("CT3074349.IsGrouping", false);
Line Found : user_pref("CT3074349.IsInitSetupIni", true);
Line Found : user_pref("CT3074349.IsMulticommunity", false);
Line Found : user_pref("CT3074349.IsOpenThankYouPage", false);
Line Found : user_pref("CT3074349.IsOpenUninstallPage", true);
Line Found : user_pref("CT3074349.LanguagePackLastCheckTime", "Mon Sep 26 2011 14:46:23 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT3074349.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT3074349.LastLogin_3.6.0.10", "Tue Sep 27 2011 05:15:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.LatestVersion", "3.6.0.10");
Line Found : user_pref("CT3074349.Locale", "en");
Line Found : user_pref("CT3074349.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT3074349.MCDetectTooltipShow", false);
Line Found : user_pref("CT3074349.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT3074349.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT3074349.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT3074349.OriginalFirstVersion", "3.6.0.10");
Line Found : user_pref("CT3074349.RadioLastCheckTime", "0");
Line Found : user_pref("CT3074349.RadioLastUpdateIPServer", "0");
Line Found : user_pref("CT3074349.RadioLastUpdateServer", "0");
Line Found : user_pref("CT3074349.RadioShrinkedFromSetup", false);
Line Found : user_pref("CT3074349.SavedHomepage", "hxxp://by161w.bay161.mail.live.com/default.aspx");
Line Found : user_pref("CT3074349.SearchBackToDefaultEngine", false);
Line Found : user_pref("CT3074349.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT3074349.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3074349&SearchSource=2&q=");
Line Found : user_pref("CT3074349.SearchInNewTabEnabled", true);
Line Found : user_pref("CT3074349.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT3074349.SearchInNewTabLastCheckTime", "Mon Sep 26 2011 14:46:21 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3074349.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageService.asmx/UsersRequests?ctid=EB_TOOLBAR_ID");
Line Found : user_pref("CT3074349.SearchInNewTabUserEnabled", false);
Line Found : user_pref("CT3074349.ServiceMapLastCheckTime", "Mon Sep 26 2011 14:46:17 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.SettingsLastCheckTime", "Tue Sep 27 2011 10:26:44 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.SettingsLastUpdate", "1314715212");
Line Found : user_pref("CT3074349.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT3074349.ThirdPartyComponentsLastCheck", "Mon Sep 26 2011 14:46:17 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT3074349.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT3074349.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3074349");
Line Found : user_pref("CT3074349.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT3074349.UserID", "UN82030157816485186");
Line Found : user_pref("CT3074349.ValidationData_Toolbar", 2);
Line Found : user_pref("CT3074349.alertChannelId", "1465784");
Line Found : user_pref("CT3074349.approveUntrustedApps", false);
Line Found : user_pref("CT3074349.backendstorage.facebook_mode", "32");
Line Found : user_pref("CT3074349.backendstorage.facebook_user_locale", "656E");
Line Found : user_pref("CT3074349.components.1000082", false);
Line Found : user_pref("CT3074349.components.1000234", false);
Line Found : user_pref("CT3074349.components.129574421763479940", false);
Line Found : user_pref("CT3074349.components.129574421763997487", false);
Line Found : user_pref("CT3074349.components.129574421764495504", false);
Line Found : user_pref("CT3074349.components.129574421764505270", false);
Line Found : user_pref("CT3074349.components.129574421764515036", false);
Line Found : user_pref("CT3074349.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT3074349.globalFirstTimeInfoLastCheckTime", "Tue Sep 27 2011 05:15:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT3074349.initDone", true);
Line Found : user_pref("CT3074349.isAppTrackingManagerOn", true);
Line Found : user_pref("CT3074349.isFirstRadioInstallation", false);
Line Found : user_pref("CT3074349.myStuffEnabled", true);
Line Found : user_pref("CT3074349.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT3074349.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT3074349.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT3074349.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT3074349.oldAppsList", "129446538071425236,129574421762864744,111,129574421763479940,1000082,129574421763997487,1000234,129574421764495504,129574421764505270,129574421764515036,1000034,100[...]
Line Found : user_pref("CT3074349.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT3074349.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT3074349.testingCtid", "");
Line Found : user_pref("CT3074349.toolbarAppMetaDataLastCheckTime", "Mon Sep 26 2011 14:46:20 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.toolbarContextMenuLastCheckTime", "Mon Sep 26 2011 14:46:23 GMT-0400 (Atlantic Standard Time)");
Line Found : user_pref("CT3074349.usageEnabled", false);
Line Found : user_pref("CT3074349.usagesFlag", 2);
Line Found : user_pref("CT3282812.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.buckguru.com%2Fdownload%2F%3Fproduct%3D12%26email%3Dswan_jordan%40hotmail.com\",\"EB_MAIN_FRAME_TITLE\":\"Proble[...]
Line Found : user_pref("CT3282812_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1375464364481,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Line Found : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"Ontario -...\",\"description\":\"Ontario - CJRQ - Q92\",\"url\":\"hxxp://38.99.208.186/CJRQ\"}");
Line Found : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.FF19Solved", "true");
Line Found : user_pref("CT3289847.Facebook_Mode.enc", "Mg==");
Line Found : user_pref("CT3289847.Facebook_User_Locale.enc", "ZW4=");
Line Found : user_pref("CT3289847.Facebook_ctid_Connect_send_new.enc", "c2VuZGVk");
Line Found : user_pref("CT3289847.FirstTime", "true");
Line Found : user_pref("CT3289847.FirstTimeFF3", "true");
Line Found : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.UserID", "UN30781615464862199");
Line Found : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Line Found : user_pref("CT3289847.cbfirsttime.enc", "VHVlIE1heSAyMSAyMDEzIDEzOjM5OjA1IEdNVC0wNDAwIChFYXN0ZXJuIERheWxpZ2h0IFRpbWUp");
Line Found : user_pref("CT3289847.embeddedsData", "[{\"appId\":\"130068661007799818\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Found : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Line Found : user_pref("CT3289847.first_time_search.enc", "MQ==");
Line Found : user_pref("CT3289847.fixPageNotFoundErrorByUser", "TRUE");
Line Found : user_pref("CT3289847.fixUrls", true);
Line Found : user_pref("CT3289847.hxxp___api28_starwebnet_com.pid2.enc", "NmM4YjAyNWEtYTA1NS04NWIwLTZlZGItZDAyZGNlYWRjM2Mw");
Line Found : user_pref("CT3289847.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWd[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLCJhY3Rpb25zIjpbXX0=");
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlhdGUvaW5pdCIsInF1ZXJ5VXJsIjoiYXBpLmpvbGx5d2FsbGV0LmNvbS9hZmZpbGlh[...]
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "YTQ4MjkyMGEtYTMwNi0xNDdiLThjNmYtMDMxNzBmNjk3MjEy");
Line Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Line Found : user_pref("CT3289847.installDate", "20/4/2013 0:28:08");
Line Found : user_pref("CT3289847.installSessionId", "-1");
Line Found : user_pref("CT3289847.installSp", "TRUE");
Line Found : user_pref("CT3289847.installUsageEarly", "2013-05-21T20:38:36.0818634+03:00");
Line Found : user_pref("CT3289847.installerVersion", "1.4.1.3");
Line Found : user_pref("CT3289847.isCheckedStartAsHidden", true);
Line Found : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Line Found : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Found : user_pref("CT3289847.keyword", "true");
Line Found : user_pref("CT3289847.lastVersion", "10.16.2.509");
Line Found : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2OTI0NDQxNTAxMQ==");
Line Found : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Line Found : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsIm9wdGlvbnNEaWFsb2ciOnsiZGlzcGxheU5h[...]
Line Found : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkNvdXBvbkJ1ZGR5IiwiY3JpdGVyaWFzIjpbeyJjcml0ZXJpYUlkIjoiNWE2ZGI2ODktNWJiNi00YWVmLTkzMjUtNmQ4NzQ5ODYxOGQ0IiwiZG9tYWlucyI[...]
Line Found : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS42LjAuMQ==");
Line Found : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Line Found : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Found : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2OTI0NDQxNTU3Mw==");
Line Found : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Found : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjYwXzEiLCJpc1Rlc3QiOnRydWUsImlzV2VsY29tZUV4cGVyaWVuY2VFbmFibGVkQnlEZWZhdWx0I[...]
Line Found : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Found : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Found : user_pref("CT3289847.mam_gk_userId.enc", "MTAzNWE0YzItYjI4MC00NTZmLWE5ZTEtYmZiOWYxN2ZkMmRh");
Line Found : user_pref("CT3289847.migrateAppsAndComponents", true);
Line Found : user_pref("CT3289847.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fsessionmanager.mozdev.org%2Fhistory.html%3Foldversion%3D0.8.0.1%26newversion%3D0.8.0.6\",\"EB_MAIN_FRAME_TITLE\":\"m[...]
Line Found : user_pref("CT3289847.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.price-gong.isManagedApp", "true");
Line Found : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Line Found : user_pref("CT3289847.search.searchCount", "0");
Line Found : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Line Found : user_pref("CT3289847.searchRevert", "true");
Line Found : user_pref("CT3289847.searchUserMode", "2");
Line Found : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3289847\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://WhiteSmokeNew.OurToolbar.com//xpi\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"WhiteSmoke New\"}");
Line Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Found : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369157935856");
Line Found : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1369244410438");
Line Found : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369157935604");
Line Found : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369157923120");
Line Found : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1369167930316");
Line Found : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369157935703");
Line Found : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1369167930406");
Line Found : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1369167930008");
Line Found : user_pref("CT3289847.serviceLayer_services_setupAPI_lastUpdate", "1369167930506");
Line Found : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369157935480");
Line Found : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1369244414577");
Line Found : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1369244410607");
Line Found : user_pref("CT3289847.settingsINI", true);
Line Found : user_pref("CT3289847.showToolbarPermission", "false");
Line Found : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Line Found : user_pref("CT3289847.smartbar.Uninstall", "0");
Line Found : user_pref("CT3289847.smartbar.homepage", "true");
Line Found : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Line Found : user_pref("CT3289847.url_history0001.enc", "aHR0cHM6Ly9mYnNvY2lhbGNvdXBvbnMuY29tL2FwcC9hZG1pbjo6OmNsaWNraGFuZGxlcjo6OjEzNjkyMzkzOTA5MzMsLCxodHRwOi8vZmJzb2NpYWxjb3Vwb25zLmNvbS9kYXNoYm9hcmQvc3RhcnQvOjo6[...]
Line Found : user_pref("CT3289847.versionFromInstaller", "10.14.380.14");
Line Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1369157906867,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3074349&SearchSource=13");
Line Found : user_pref("CommunityToolbar.ConduitSearchList", "PhotoJoy US Customized Web Search");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2786678/CT2786678", "\"1326994325\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1178763/1174448/CA", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1465784/1461438/CA", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2786678", "\"1313448428\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3074349", "\"1312968577\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "wVmmvqqOMqrv5xct1cJIHg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "0uSPYx+Kl2jpu8sJZMeHjw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "Dclc8oo4TTv7+mAkSlUSWg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "K4Vqu91uAzWURlxJRdXJOg==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"d229fa25f6c9cc1:12ac\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.0.10", "\"0ee90707f77cc1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"023d3d3f2c9cc1:12ac\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2786678", "\"13a760730d9291f1df061003ecf304ce\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3074349", "\"634515122457000000\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3074349&octid=CT3074349", "\"1314715212\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/equalizer_dead.gif", "\"03e383867bc91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/minimize.gif", "\"0e685fa27bc91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/play.gif", "\"02faea337c7c91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/stop.gif", "\"03a54d7f47ac91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Midnight/vol.gif", "\"049b47644c7c91:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"634515953213470000\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\WingMaker\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\e9k0lx8w.default\\conduitCommon\\modules\\3.9.0.3");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Line Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://storage.conduit.com/MarketPlace/c4/d0/c43b31cd-f174-4062-8bc6-cc15a23691d0/BrowserFiles/8cfec7de-e8ec-4f1e-9b41-950b0f760652.html", "300x299");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT3074349,CT2786678");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3074349,CT2786678");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3074349,CT2786678");
Line Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jan 22 2012 16:05:18 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.globalUserId", "9e45b5c0-bfd9-400d-8853-cf4682811dd2");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2786678");
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jan 22 2012 16:02:42 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jan 22 2012 17:02:50 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jan 22 2012 16:02:39 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "7c859bb3-85e0-44cc-b419-3f59075735ec");
Line Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://by161w.bay161.mail.live.com/mail/?n=2067682555&fid=1&fav=1#n=1469595194&fid=1&fav=1");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "PhotoJoy US Customized Web Search");
Line Found : user_pref("Smartbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3282812&octid=CT3282812&SearchSource=61&CUI=UN36895330102909286&UM=2&UP=SP5490669D-8E51-4934-8DA5-442CB026E82C");
Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://isearch.avg.com/search?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d[...]
Line Found : user_pref("browser.newtab.url", "hxxp://www.mysearchresults.com/?nt=nt2&t=03&SearchSource=45&UM=2&c=3563&ctid=CT3300024");
Line Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&CUI=UN30781615464862199&UM=2&SearchSource=3&q={searchTerms}");
Line Found : user_pref("extensions.crossrider.bic", "132a70e98846b385fa31bd7bc4cfc45e");
Line Found : user_pref("extensions.crossriderapp435.435.active", true);
Line Found : user_pref("extensions.crossriderapp435.435.affid", "0");
Line Found : user_pref("extensions.crossriderapp435.435.backgroundjs", "\n//------------------ PLUGIN resources_background START ------------------ ------------------ \n(function(){appAPI.ready=function(a){appAPI.[...]
Line Found : user_pref("extensions.crossriderapp435.435.backgroundver", 9);
Line Found : user_pref("extensions.crossriderapp435.435.certdomaininstaller", "");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_aoi.value", "%221325268140%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_parent_zoneid.value", "%2214974%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie._GPL_zoneid.value", "%2214985%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_ID.value", "435");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_custom_zoneid.value", "14969");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.__GPL_pubid.value", "%222993%22");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.previous_page.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("extensions.crossriderapp435.435.cookie.previous_page.value", "%22hxxp%3A//www.the-profit-platform.com/webinar/replay%22");
Line Found : user_pref("extensions.crossriderapp435.435.description", "Premiumplay Codec check");
Line Found : user_pref("extensions.crossriderapp435.435.domain", "");
Line Found : user_pref("extensions.crossriderapp435.435.emailsig", "");
Line Found : user_pref("extensions.crossriderapp435.435.exposesites", "");
Line Found : user_pref("extensions.crossriderapp435.435.fbremoteurl", "");
Line Found : user_pref("extensions.crossriderapp435.435.group", 0);
Line Found : user_pref("extensions.crossriderapp435.435.homepage", "");
Line Found : user_pref("extensions.crossriderapp435.435.iframe", false);
Line Found : user_pref("extensions.crossriderapp435.435.js", "\n//------------------ PLUGIN app_435_specific START ------------------ ------------------ \nif(!appAPI.matchPages(\"search.babylon.com\",\"search.swee[...]
Line Found : user_pref("extensions.crossriderapp435.435.name", "Codec-V");
Line Found : user_pref("extensions.crossriderapp435.435.premium", true);
Line Found : user_pref("extensions.crossriderapp435.435.publisher", "Premiumplay");
Line Found : user_pref("extensions.crossriderapp435.435.settingsurl", "");
Line Found : user_pref("extensions.crossriderapp435.435.thankyou", "");
Line Found : user_pref("extensions.crossriderapp435.435.ver", 79);
Line Found : user_pref("extensions.crossriderapp435.apps", "435");
Line Found : user_pref("extensions.crossriderapp435.bic", "132a70e98846b385fa31bd7bc4cfc45e");
Line Found : user_pref("extensions.crossriderapp435.cid", 435);
Line Found : user_pref("extensions.crossriderapp435.firstrun", false);
Line Found : user_pref("extensions.crossriderapp435.hadappinstalled", true);
Line Found : user_pref("extensions.crossriderapp435.installationdate", 1317062744);
Line Found : user_pref("extensions.crossriderapp435.jsver", 3);
Line Found : user_pref("extensions.crossriderapp435.lastcheck", 23242553);
Line Found : user_pref("extensions.crossriderapp435.lastcheckitem", 23242608);
Line Found : user_pref("extensions.crossriderapp435.misc.lastBgWorkerTimer", "1394555648641");
Line Found : user_pref("extensions.crossriderapp435.misc.lastDomWorkerTimer", "1394555648624");
Line Found : user_pref("extensions.crossriderapp435@crossrider.com.install-event-fired", true);
Line Found : user_pref("extensions.defaulttab.config", "{\"set_default_search\":\"Search|Conduit\",\"features\":[{\"engine\":\"Related Search - NS1 - DDC\",\"additional_config\":\"c=1A3578,tlid=22406\",\"ai\":0,\"[...]
Line Found : user_pref("extensions.enabledAddons", "netvideohunter%40netvideohunter.com:1.15,%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.21,%7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.9,%7BFCAB6FDD-5585-425b[...]
Line Found : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN30781615464862199&UM=2&q=");
Line Found : user_pref("lightweightThemes.usedThemes", "[{\"id\":\"275687\",\"name\":\"Sunset Over Paradise Beach\",\"headerURL\":\"hxxps://addons.mozilla.org/_files/213659/SunsetonPalmTreeBeach2.jpg?1281173216\",[...]
Line Found : user_pref("smartbar.conduitHomepageList", "hxxp://search.conduit.com/?ctid=CT3289847&CUI=UN30781615464862199&UM=2&SearchSource=13,hxxp://search.conduit.com/?ctid=CT3289847&octid=CT3289847&SearchSource[...]
Line Found : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3289847&SearchSource=2&CUI=UN30781615464862199&UM=2&q=");
Line Found : user_pref("smartbar.machineId", "HVBR+ZYAHCROWWBDRLDVPDLV3IMCHDSERDIQ+QUZVTRY3KOMBXXB0UOWIZWTYLT0RZSIYTY2RD/4AQUXDDV6OG");
Line Found : user_pref("smartbar.originalHomepage", "hxxp://isearch.avg.com/?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d67&lang=en&ds=AVG&[...]
Line Found : user_pref("smartbar.originalSearchAddressUrl", "hxxp://isearch.avg.com/search?cid={60E315BF-5F2A-4B36-8EED-0BE426F28D62}&mid=c8e0bcb6d8ff47d695a5a138faa2baf0-57134336b38848b35b89a7f924b692290f7a4d67&l[...]
Line Found : user_pref("smartbar.originalSearchEngine", "Google");

-\\ Google Chrome v

[ File : C:\Users\WingMaker\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : icon_url
Found : search_url
Found : keyword

*************************

AdwCleaner[R0].txt - [56450 octets] - [11/03/2014 19:56:08]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [56511 octets] ##########
 



#11 hamluis

hamluis

    Moderator


  • Moderator
  • 56,131 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Killeen, TX
  • Local time:12:50 AM

Posted 12 March 2014 - 11:56 AM

MRL topic: http://www.bleepingcomputer.com/forums/t/527300/multiple-malware-infections-windows-unstable-operating-in-safe-mode-only/ .

 

Now that you have properly posted a malware log topic, you should NOT make further changes to your computer (install/uninstall programs, use special fix tools, delete files, edit the registry, etc) unless advised by a MRT Team member, nor should you ask for help elsewhere. Doing so can result in system changes which may not show in the log you already posted. Further, any modifications you make on your own may cause confusion for the helper assisting you and could complicate the malware removal process which would extend the time it takes to clean your computer.

From this point on, the MRT Team should be the only members that you take advice from, until they have verified your log as clean.

Please be patient. It may take a while to get a response because the MRT Team members are EXTREMELY busy working logs posted before yours. They are volunteers who will help you out as soon as possible. Once you have made your post and are waiting, please DO NOT make another reply until it has been responded to by a member of the MRT Team. Generally the staff checks the forum for postings that have 0 replies as this makes it easier for them to identify those who have not been helped. If you post another response there will be 1 reply. A team member, looking for a new log to work may assume another MRT Team member is already assisting you and not open the thread to respond.

It may take several days to get a response but your log will be reviewed and answered as soon as possible. I advise checking your topic once a day for responses as the e-mail notification system is unreliable.

If HelpBot replies to your topic, PLEASE follow Step One so it will report your topic to the team members.

To avoid confusion, I am closing this topic.

Louis






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users