Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

easylifesearchap redirection when open firefox


  • This topic is locked This topic is locked
7 replies to this topic

#1 straubes

straubes

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gold Coast Australia
  • Local time:12:56 AM

Posted 22 March 2014 - 01:38 AM

I have read enough to know I will need help to remove.

 

I have read the prep in forums and attached as directed.

 

THX in advance.

 

 

 

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by craig at 16:26:08 on 2014-03-22
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2045.851 [GMT 10:00]
.
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Documents and Settings\craig\Application Data\Dropbox\bin\Dropbox.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au
BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [ASRockIES] <no file>
mRun: [ANIWZCS2Service] c:\program files\ani\aniwzcs2 service\WZCSLDR2.exe
mRun: [D-Link D-Link Wireless G DWA-510] c:\program files\d-link\d-link wireless g dwa-510\AirGCFG.exe
mRun: [CanonMyPrinter] c:\program files\canon\myprinter\BJMyPrt.exe /logon
mRun: [CanonSolutionMenu] c:\program files\canon\solutionmenu\CNSLMAIN.exe /logon
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [StartCCC] "c:\program files\ati technologies\ati.ace\core-static\CLIStart.exe" MSRun
mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [WinPatrol] c:\program files\billp studios\winpatrol\winpatrol.exe -expressboot
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [AvastUI.exe] "c:\program files\avast software\avast\AvastUI.exe" /nogui
mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\docume~1\craig\startm~1\programs\startup\dropbox.lnk - c:\documents and settings\craig\application data\dropbox\bin\Dropbox.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - c:\program files\pokerstars\PokerStarsUpdate.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
TCP: NameServer = 61.9.211.33 61.9.211.1
TCP: Interfaces\{3C9D11B7-FFC6-4D56-B127-83DA60C90EBF} : DHCPNameServer = 61.9.211.33 61.9.211.1
Notify: AtiExtEvent - Ati2evxx.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\craig\application data\mozilla\firefox\profiles\zyluzktm.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - hxxp://search.easylifeapp.com/?zy=k
FF - plugin: c:\program files\adobe\reader 11.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\canon\easy-photoprint ex\NPEZFFPI.DLL
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_12_0_0_70.dll
FF - ExtSQL: !HIDDEN! 2012-12-23 05:35; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.homepage.dontask - true);user_pref(yahoo.ytff.general.dontshowhpoffer, true
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2013-3-27 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2013-3-27 180248]
R0 vididr;Acronis Virtual Disk;c:\windows\system32\drivers\vididr.sys [2014-1-24 125472]
R0 vidsflt53;Acronis Disk Storage Filter (53);c:\windows\system32\drivers\vsflt53.sys [2014-1-24 83392]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2012-11-4 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2012-11-4 410528]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-23 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-13 67664]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2013-3-27 67824]
R2 avast! Antivirus;avast! Antivirus;c:\program files\avast software\avast\AvastSvc.exe [2012-11-4 50344]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2012-11-4 1050112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2013-7-20 754856]
S4 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2013-10-11 120088]
S4 BrowserDefendert;BrowserDefendert;c:\documents and settings\all users\application data\browserdefender\2.6.1546.206\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\browserdefender.exe --> c:\documents and settings\all users\application data\browserdefender\2.6.1546.206\{c16c1ccb-1111-4e5c-a2f3-533ad2fec8e8}\BrowserDefender.exe [?]
S4 SgtSch2Svc;Seagate Scheduler2 Service;c:\program files\common files\seagate\schedule2\schedul2.exe [2011-6-30 845808]
.
=============== Created Last 30 ================
.
.
==================== Find3M  ====================
.
2014-03-01 06:37:19    71048    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-01 06:37:19    692616    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2014-02-15 06:59:01    21840    ----atw-    c:\windows\system32\SIntfNT.dll
2014-02-15 06:59:01    17212    ----atw-    c:\windows\system32\SIntf32.dll
2014-02-15 06:59:01    12067    ----atw-    c:\windows\system32\SIntf16.dll
2014-02-15 06:56:56    94208    ----a-w-    c:\windows\DIIUnin.exe
2014-02-15 06:56:56    2829    ----a-w-    c:\windows\DIIUnin.pif
2014-01-24 11:31:41    601408    ----a-w-    c:\windows\system32\drivers\timntr.sys
2014-01-24 11:31:32    125472    ----a-w-    c:\windows\system32\drivers\vididr.sys
2014-01-24 11:31:28    83392    ----a-w-    c:\windows\system32\drivers\vsflt53.sys
2014-01-24 11:31:14    169088    ----a-w-    c:\windows\system32\drivers\snapman.sys
2014-01-12 01:15:46    775952    ----a-w-    c:\windows\system32\drivers\aswSnx.sys
2014-01-12 01:15:46    180248    ----a-w-    c:\windows\system32\drivers\aswVmm.sys
2014-01-12 01:15:45    67824    ----a-w-    c:\windows\system32\drivers\aswMonFlt.sys
2014-01-12 01:15:45    49944    ----a-w-    c:\windows\system32\drivers\aswRvrt.sys
2014-01-12 01:15:45    43152    ----a-w-    c:\windows\avastSS.scr
.
============= FINISH: 16:26:37.04 ===============
 

 

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume1
Install Date: 3/11/2012 5:04:33 PM
System Uptime: 22/03/2014 5:12:28 AM (11 hours ago)
.
Motherboard: ASRock |  | G31M-S
Processor: Intel Pentium III Xeon processor | CPUSocket | 2659/267mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 466 GiB total, 330.023 GiB free.
D: is CDROM ()
G: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Video Controller (VGA Compatible)
Device ID: PCI\VEN_8086&DEV_29C2&SUBSYS_29C21849&REV_10\3&11583659&0&10
Manufacturer:
Name: Video Controller (VGA Compatible)
PNP Device ID: PCI\VEN_8086&DEV_29C2&SUBSYS_29C21849&REV_10\3&11583659&0&10
Service:
.
==== System Restore Points ===================
.
RP364: 25/01/2014 11:40:38 PM - Software Distribution Service 3.0
RP365: 27/01/2014 10:35:24 AM - System Checkpoint
RP366: 30/01/2014 2:54:06 PM - System Checkpoint
RP367: 31/01/2014 6:36:47 PM - System Checkpoint
RP368: 2/02/2014 1:30:52 AM - System Checkpoint
RP369: 3/02/2014 2:08:52 AM - System Checkpoint
RP370: 4/02/2014 7:23:22 AM - System Checkpoint
RP371: 5/02/2014 8:08:54 AM - System Checkpoint
RP372: 5/02/2014 6:09:50 PM - Installed DirectX
RP373: 5/02/2014 6:16:12 PM - Installed DirectX
RP374: 6/02/2014 8:58:29 PM - System Checkpoint
RP375: 7/02/2014 9:08:48 PM - System Checkpoint
RP376: 8/02/2014 10:03:08 PM - System Checkpoint
RP377: 9/02/2014 10:39:45 PM - System Checkpoint
RP378: 10/02/2014 1:35:29 PM - Installed The Sims Deluxe Edition
RP379: 11/02/2014 3:37:38 PM - System Checkpoint
RP380: 12/02/2014 5:04:10 PM - System Checkpoint
RP381: 13/02/2014 5:37:37 PM - System Checkpoint
RP382: 14/02/2014 6:37:36 PM - System Checkpoint
RP383: 15/02/2014 6:45:14 PM - System Checkpoint
RP384: 16/02/2014 10:28:07 PM - System Checkpoint
RP385: 18/02/2014 12:31:09 AM - System Checkpoint
RP386: 19/02/2014 12:32:01 AM - System Checkpoint
RP387: 20/02/2014 12:33:05 AM - System Checkpoint
RP388: 21/02/2014 4:46:35 AM - System Checkpoint
RP389: 22/02/2014 10:53:51 AM - System Checkpoint
RP390: 23/02/2014 11:34:34 AM - System Checkpoint
RP391: 24/02/2014 12:31:56 PM - System Checkpoint
RP392: 25/02/2014 12:55:56 PM - System Checkpoint
RP393: 26/02/2014 1:31:56 PM - System Checkpoint
RP394: 27/02/2014 2:21:01 PM - System Checkpoint
RP395: 28/02/2014 2:31:57 PM - System Checkpoint
RP396: 1/03/2014 3:31:59 PM - System Checkpoint
RP397: 7/03/2014 1:46:02 AM - System Checkpoint
RP398: 8/03/2014 5:56:21 AM - System Checkpoint
RP399: 9/03/2014 6:32:21 AM - System Checkpoint
RP400: 10/03/2014 7:32:22 AM - System Checkpoint
RP401: 11/03/2014 8:44:22 AM - System Checkpoint
RP402: 12/03/2014 10:33:51 AM - System Checkpoint
RP403: 13/03/2014 11:32:21 AM - System Checkpoint
RP404: 14/03/2014 12:37:06 PM - System Checkpoint
RP405: 15/03/2014 1:32:41 PM - System Checkpoint
RP406: 16/03/2014 2:05:04 PM - System Checkpoint
RP407: 17/03/2014 2:59:51 PM - System Checkpoint
RP408: 18/03/2014 3:43:40 PM - System Checkpoint
RP409: 20/03/2014 7:12:50 AM - System Checkpoint
RP410: 21/03/2014 7:14:59 AM - System Checkpoint
RP411: 22/03/2014 9:41:39 AM - System Checkpoint
.
==== Installed Programs ======================
.
µTorrent
Adobe Flash Player 12 Plugin
Adobe Reader XI (11.0.06)
ANIO Service
ANIWZCS2 Service
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASRock IES
ATI - Software Uninstall Utility
ATI AVIVO Codecs
ATI Catalyst Control Center
ATI Display Driver
ATI Parental Control & Encoder
avast! Free Antivirus
Bonjour
Call of Duty: Black Ops
Call of Duty: Black Ops - Multiplayer
Call of Duty: Modern Warfare 2
Call of Duty: Modern Warfare 2 - Multiplayer
Call of Duty: Modern Warfare 3
Canon MP Navigator EX 3.1
Canon MX350 series MP Drivers
Canon Utilities Easy-PhotoPrint EX
Canon Utilities My Printer
Canon Utilities Solution Menu
Catalyst Control Center - Branding
Catalyst Control Center Core Implementation
Catalyst Control Center Graphics Full Existing
Catalyst Control Center Graphics Full New
Catalyst Control Center Graphics Light
Catalyst Control Center Graphics Previews Common
Catalyst Control Center HydraVision Full
Catalyst Control Center Localization Chinese Standard
Catalyst Control Center Localization Chinese Traditional
Catalyst Control Center Localization Czech
Catalyst Control Center Localization Danish
Catalyst Control Center Localization Dutch
Catalyst Control Center Localization Finnish
Catalyst Control Center Localization French
Catalyst Control Center Localization German
Catalyst Control Center Localization Greek
Catalyst Control Center Localization Hungarian
Catalyst Control Center Localization Italian
Catalyst Control Center Localization Japanese
Catalyst Control Center Localization Korean
Catalyst Control Center Localization Norwegian
Catalyst Control Center Localization Polish
Catalyst Control Center Localization Portuguese
Catalyst Control Center Localization Russian
Catalyst Control Center Localization Spanish
Catalyst Control Center Localization Swedish
Catalyst Control Center Localization Thai
Catalyst Control Center Localization Turkish
ccc-core-preinstall
ccc-core-static
ccc-utility
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
Compatibility Pack for the 2007 Office system
D-Link Wireless G DWA-510
Diablo II
DriverTuner 3.1.0.0
Dropbox
EaseUS Data Recovery Wizard 7.0
File Shredder 2.5
FilesFrog Update Checker
Freemake Video Converter version 4.0.3
Gamer HUD Lite
High Definition Audio Driver Package - KB888111
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB2779562)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB954550-v5)
Hotfix for Windows XP (KB961118)
iTunes
Kernel for Windows Data Recovery ver 13.06.01
Malwarebytes Anti-Malware version 1.75.0.1300
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Works 6-9 Converter
MozBackup 1.5.1
Mozilla Firefox 27.0.1 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 24.3.0 (x86 en-US)
Platform
PokerStars
REALTEK GbE & FE Ethernet PCI-E NIC Driver
Repair My Backup
Seagate DiscWizard
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2736416)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2840629)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2861697)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2861188)
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2618444)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Internet Explorer 8 (KB2761465)
Security Update for Windows Internet Explorer 8 (KB2799329)
Security Update for Windows Internet Explorer 8 (KB2817183)
Security Update for Windows Internet Explorer 8 (KB2838727)
Security Update for Windows Internet Explorer 8 (KB2888505)
Security Update for Windows Internet Explorer 8 (KB2898785)
Security Update for Windows Internet Explorer 8 (KB982381)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB2803821-v2)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2727528)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB2753842-v2)
Security Update for Windows XP (KB2757638)
Security Update for Windows XP (KB2758857)
Security Update for Windows XP (KB2770660)
Security Update for Windows XP (KB2778344)
Security Update for Windows XP (KB2779030)
Security Update for Windows XP (KB2780091)
Security Update for Windows XP (KB2799494)
Security Update for Windows XP (KB2802968)
Security Update for Windows XP (KB2807986)
Security Update for Windows XP (KB2808735)
Security Update for Windows XP (KB2813170)
Security Update for Windows XP (KB2813345)
Security Update for Windows XP (KB2820197)
Security Update for Windows XP (KB2820917)
Security Update for Windows XP (KB2829361)
Security Update for Windows XP (KB2834886)
Security Update for Windows XP (KB2839229)
Security Update for Windows XP (KB2845187)
Security Update for Windows XP (KB2847311)
Security Update for Windows XP (KB2849470)
Security Update for Windows XP (KB2850869)
Security Update for Windows XP (KB2859537)
Security Update for Windows XP (KB2862152)
Security Update for Windows XP (KB2862330)
Security Update for Windows XP (KB2862335)
Security Update for Windows XP (KB2864063)
Security Update for Windows XP (KB2868038)
Security Update for Windows XP (KB2868626)
Security Update for Windows XP (KB2876217)
Security Update for Windows XP (KB2876331)
Security Update for Windows XP (KB2883150)
Security Update for Windows XP (KB2892075)
Security Update for Windows XP (KB2893294)
Security Update for Windows XP (KB2893984)
Security Update for Windows XP (KB2898715)
Security Update for Windows XP (KB2900986)
Security Update for Windows XP (KB2914368)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Skins
Spybot - Search & Destroy
ss Supporter 1.80
Steam
SUPERAntiSpyware
The Sims Deluxe Edition
Toolbar Cleaner 1.0
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Windows Internet Explorer 8 (KB2598845)
Update for Windows XP (KB2345886)
Update for Windows XP (KB2467659)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB2863058)
Update for Windows XP (KB2904266)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VIA Platform Device Manager
VLC media player 2.0.5
WebFldrs XP
Windows Backup Utility
Windows Internet Explorer 8
Windows XP Service Pack 3
WinPatrol
WinRAR 5.01 (32-bit)
Women's Murder Club - Death in Scarlet
YTD Video Downloader 4.3
.
==== Event Viewer Messages From Past Week ========
.
20/03/2014 5:19:44 PM, error: Service Control Manager [7031]  - The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
20/03/2014 5:19:05 PM, error: Service Control Manager [7034]  - The iPod Service service terminated unexpectedly.  It has done this 1 time(s).
18/03/2014 8:02:48 AM, error: Service Control Manager [7034]  - The ANIWZCSd Service service terminated unexpectedly.  It has done this 1 time(s).
16/03/2014 6:33:58 AM, error: DCOM [10005]  - DCOM got error "%1058" attempting to start the service McComponentHostService with arguments "" in order to run the server: {CC6F4D12-8575-4CFF-9455-CF5774AEB13B}
.
==== End Of File ===========================
 



BC AdBot (Login to Remove)

 


#2 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:56 AM

Posted 22 March 2014 - 10:55 AM

Hello straubes,
  • Welcome to Bleeping Computer.
  • My name is fireman4it and I will be helping you with your Malware problem.

    Please take note of some guidelines for this fix:
  • Refrain from making any changes to your computer including installing/uninstall programs, deleting files, modifying the registry, and running scanners or tools.
  • If you do not understand any step(s) provided, please do not hesitate to ask before continuing.
  • Even if things appear to be better, it might not mean we are finished. Please continue to follow my instructions and reply back until I give you the "all clean".
  • In the upper right hand corner of the topic you will see a button called Follow This Topic.I suggest you click it and select Immediate E-Mail notification and click on Follow This Topic. This way you will be advised when we respond to your topic and facilitate the cleaning of your machine.

  • Finally, please reply using the Post button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply, unless they do not fit into the post.
  • I will be analyzing your log. I will get back to you with instructions.
1.
Download AdwCleaner
  • Double click on AdwCleaner.exe to run the tool.
    ***Note: Windows Vista and Windows 7 users:
    Right click in the adwCleaner.exe and select
    "Run as administrator"
  • Click the Scan button.
  • Once the scan finishes click the Clean button.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile in your next reply.
  • Or you can find the logfile at C:\AdwCleaner[S1].txt.
2.
Download and run Junkware Removal Tool. ***Your Anti Virus may see this download as malicious, don't worry continue on.

Please download Junkware Removal Tool to your desktop.
  • shut down your protection software now to avoid potential conflicts.
  • run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator"
    the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • on completion, a log (JRT.txt) is saved to your desktop and will automatically open
  • post the contents of JRT.txt into your next Reply.
3.
Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
Things to include in your next reply::
AdwCleaner log
JRT.txt
FRST.txt
Addition.txt
How is the machine running now?

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#3 straubes

straubes
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gold Coast Australia
  • Local time:12:56 AM

Posted 22 March 2014 - 04:09 PM

Hey Fireman,

 

Thanks for your help.

 

The machine is running fine. At this time the redirection has ceased, straight to Mozilla/Google.

 

 

 

# AdwCleaner v3.022 - Report created 23/03/2014 at 06:30:25
# Updated 13/03/2014 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : craig - HOME-752E39F646
# Running from : C:\Documents and Settings\craig\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

[#] Service Deleted : BrowserDefendert

***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn
Folder Deleted : C:\Documents and Settings\All Users\Application Data\BrowserDefender
Folder Deleted : C:\Documents and Settings\All Users\Application Data\SoftWarehouse
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\FilesFrog Update Checker
Folder Deleted : C:\Program Files\GreenTree Applications
Folder Deleted : C:\Program Files\Toolbar Cleaner
Folder Deleted : C:\Documents and Settings\craig\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\craig\Local Settings\Application Data\torch
Folder Deleted : C:\DOCUME~1\craig\LOCALS~1\Temp\apn
Folder Deleted : C:\Documents and Settings\craig\Start Menu\Programs\Toolbar Cleaner
Folder Deleted : C:\Documents and Settings\zoe\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\zoe\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\zoe\Local Settings\Application Data\webplayer
Folder Deleted : C:\Documents and Settings\zoe\Application Data\Optimizer Pro
Folder Deleted : C:\Documents and Settings\zoe\Start Menu\Programs\BrowserDefender
Folder Deleted : C:\Documents and Settings\vicki\Local Settings\Application Data\torch
Folder Deleted : C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\Conduit
Folder Deleted : C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\Smartbar
Folder Deleted : C:\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\CT3220468
Folder Deleted : C:\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\Extensions\{33E0DAA6-3AF3-D8B5-6752-10E949C61516}
Folder Deleted : C:\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\Extensions\ffxtlbr@delta.com
Folder Deleted : C:\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\Extensions\{7473b6bd-4691-4744-a82b-7854eb3d70b6}
[!] Folder Deleted : C:\Documents and Settings\craig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\zoe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\craig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\zoe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\craig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\zoe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\craig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
[!] Folder Deleted : C:\Documents and Settings\zoe\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ejpbbhjlbipncjklfjjaedaieimbmdda
File Deleted : C:\Documents and Settings\zoe\Desktop\Check for Updates.lnk
File Deleted : C:\Documents and Settings\zoe\Desktop\Optimizer Pro.lnk
File Deleted : C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\bprotector_extensions.sqlite
File Deleted : C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\bprotector_prefs.js
File Deleted : C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\invalidprefs.js
File Deleted : C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\user.js
File Deleted : C:\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\user.js
File Deleted : C:\Documents and Settings\zoe\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage
File Deleted : C:\Documents and Settings\zoe\Local Settings\Application Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www1.delta-search.com_0.localstorage-journal

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKCU\Software\582d9ddb33be946
Key Deleted : HKLM\SOFTWARE\582d9ddb33be946
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3201318
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3220468
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0FB6A909-6086-458F-BD92-1F8EE10042A0}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{014DB5FA-EAFB-4592-A95B-F44D3EE87FA9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\VideoDownloadConverter_4z
Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\Software\{5F189DF5-2D05-472B-9091-84D9848AE48B}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\Toolbar Cleaner
Key Deleted : HKLM\Software\VideoDownloadConverter_4z
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4820778D-AB0D-6D18-C316-52A6A0E1D507}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{4FFBB818-B13C-11E0-931D-B2664824019B}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CA41BB14-E67B-1653-C57B-5CA99418A866}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Delta
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\FilesFrog Update Checker
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Optimizer Pro_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\Toolbar Cleaner

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702

Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]

-\\ Mozilla Firefox v27.0.1 (en-US)

[ File : C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\prefs.js ]

Line Deleted : user_pref("CommunityToolbar.EngineOwner", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "");
Line Deleted : user_pref("CommunityToolbar.alert.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sat Jan 08 2011 12:47:19 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Sat Jan 08 2011 12:09:29 GMT+1100 (AUS Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1291052234");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "c4f82de7-1f25-4808-8e4c-ffbe27b88c05");
Line Deleted : user_pref("browser.newtab.url", "hxxp://search.conduit.com/?ctid=CT3312375&octid=EB_ORIGINAL_CTID&SearchSource=69&CUI=&SSPV=EB_SSPV&Lay=1&UM=2&UP=SPF4E95741-1F4D-4ED3-8A3E-99A78D6F032D");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaultthis.engineName", "Elf 1.15 Customized Web Search");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2866295&SearchSource=3&q={searchTerms}");
Line Deleted : user_pref("browser.search.order.2", "Ask.com");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://search.easylifeapp.com/?zy=k");
Line Deleted : user_pref("extensions.IuZ.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf(\"sumorob[...]
Line Deleted : user_pref("extensions.rAuLKkX3R469.scode", "(function(){try{var url=(window.self.location.href + document.cookie);if(url.indexOf(\"acebook\")>-1||url.indexOf(\"txtlnkusaolp00000800\")>-1||url.indexOf([...]

[ File : C:\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\prefs.js ]

Line Deleted : user_pref("CT3220468.BT_Stats", "{\"last_log\":1354230812,\"uuid\":516890011309701,\"seq_id\":2,\"ssb\":1352286692}");
Line Deleted : user_pref("CT3220468.CBOpenMAMSettings", "0");
Line Deleted : user_pref("CT3220468.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.Facebook_Mode", "2");
Line Deleted : user_pref("CT3220468.Facebook_User_Locale", "en");
Line Deleted : user_pref("CT3220468.FirstTime", "true");
Line Deleted : user_pref("CT3220468.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3220468.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.PG_ENABLE.enc", "ZEhKMVpRPT0=");
Line Deleted : user_pref("CT3220468.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3220468.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3220468.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3220468.SF_USER_ID.enc", "Y2lkXzEyNDIwMTMxNDg1MjM5MTAxMjA=");
Line Deleted : user_pref("CT3220468.UserID", "UN63788171545028340");
Line Deleted : user_pref("CT3220468._key_cl_active", "%EA%BB%BF%EA%EB%BE%B6%E7%B3%B6%EA%EA%EB%B3%BA%E8%B9%BD%B3%E8%BE%B9%BD%B3%BE%E8%BD%E9%B9%B9%B7%B6%EB%BB%B6%BE");
Line Deleted : user_pref("CT3220468._key_cl_active.enc", "ZDU5ZGU4MGEtMGRkZS00YjM3LWI4MzctOGI3YzMzMTBlNTA4");
Line Deleted : user_pref("CT3220468.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.autoDisableScopes", -1);
Line Deleted : user_pref("CT3220468.cb_experience_000.enc", "OQ==");
Line Deleted : user_pref("CT3220468.cb_firstuse0100.enc", "MQ==");
Line Deleted : user_pref("CT3220468.cb_user_id_000.enc", "Q0I5MTE3MTg0MzYwNTVfMTM2NTczNzg4MTk5N19GaXJlZm94");
Line Deleted : user_pref("CT3220468.cbcountry_001", "AU");
Line Deleted : user_pref("CT3220468.cbfirsttime.enc", "V2VkIE5vdiAwNyAyMDEyIDIyOjExOjMyIEdNVCsxMTAwIChBVVMgRWFzdGVybiBTdGFuZGFyZCBUaW1lKQ==");
Line Deleted : user_pref("CT3220468.countryCode", "AU");
Line Deleted : user_pref("CT3220468.defaultSearch", "FALSE");
Line Deleted : user_pref("CT3220468.embeddedsData", "[{\"appId\":\"129813684258939747\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT3220468.enableAlerts", "always");
Line Deleted : user_pref("CT3220468.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3220468.enableSearchFromAddressBar", "FALSE");
Line Deleted : user_pref("CT3220468.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundError", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorByUser", "true");
Line Deleted : user_pref("CT3220468.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3220468.fixUrls", true);
Line Deleted : user_pref("CT3220468.fullUserID", "UN63788171545028340.UP.20130720073221");
Line Deleted : user_pref("CT3220468.hxxp___facebook_conduitapps_com.APP_WIN_FEATURES", "resizable=0,hscroll=0,vscroll=0,titlebar=1,closebutton=1,saveresizedsize=0,openposition=alignment:(B;L),savelocation=0,closeone[...]
Line Deleted : user_pref("CT3220468.installId", "fft86.tmp.exe");
Line Deleted : user_pref("CT3220468.installType", "XPE");
Line Deleted : user_pref("CT3220468.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3220468.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3220468.isNewTabEnabled", false);
Line Deleted : user_pref("CT3220468.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3220468.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3220468.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.conduit.com/?ctid=CT3220468&octid=CT3220468&SearchSource=15&CUI=UN63788171545028340&SSPV=&Lay=1&UM=\"}");
Line Deleted : user_pref("CT3220468.lastVersion", "10.22.3.518");
Line Deleted : user_pref("CT3220468.mam_gk_appStateReportTime", "%B7%B9%BF%BB%B9%BD%B9%B8%B6%BA%B9%BC%BF");
Line Deleted : user_pref("CT3220468.mam_gk_appStateReportTime.enc", "MTM5NTM3MzIwNDM2OQ==");
Line Deleted : user_pref("CT3220468.mam_gk_appState_Clarity_Active", "%F5%F4");
Line Deleted : user_pref("CT3220468.mam_gk_appState_Clarity_Active.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3220468.mam_gk_appsConfig.enc", "eyJBcHBzQ29uZmlndXJhdGlvbiI6W3siaWQiOiJDbGFyaXR5X0FjdGl2ZSIsInVybCI6Imh0dHA6Ly9zdG9yYWdlLmNvbmR1aXQuY29tL21hbS8zcmRwYXJ0eWFwcHMvY2xhcml0eVJheS9jcl9hY3Rpdm[...]
Line Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled", "%F4%FB%F2%F2");
Line Deleted : user_pref("CT3220468.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3220468.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3220468.mam_gk_currentVersion", "%B7%B4%B7%B9%B4%B6%B4%B7%BD");
Line Deleted : user_pref("CT3220468.mam_gk_currentVersion.enc", "MS4xMy4wLjE3");
Line Deleted : user_pref("CT3220468.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3220468.mam_gk_first_time", "%B7");
Line Deleted : user_pref("CT3220468.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3220468.mam_gk_globalKeysMigratedToLocalStorage", "%B7");
Line Deleted : user_pref("CT3220468.mam_gk_globalKeysMigratedToLocalStorage.enc", "MQ==");
Line Deleted : user_pref("CT3220468.mam_gk_lastLoginTime", "%B7%B9%BF%BB%B9%BD%B9%B8%B6%BB%BD%B6%BC");
Line Deleted : user_pref("CT3220468.mam_gk_lastLoginTime.enc", "MTM5NTM3MzIwNTcwNg==");
Line Deleted : user_pref("CT3220468.mam_gk_localization.enc", "eyJkaWFsb2dPSyI6eyJUZXh0IjoiT0sifSwiZG1ib3gxIjp7IlRleHQiOiJEZWFsXHJcbm9mIHRoZSBkYXkifSwiZG1ib3gyIjp7IlRleHQiOiJGcmVlXHJcblNoaXBtZW50In0sImRtYnVsbGV0MSI6[...]
Line Deleted : user_pref("CT3220468.mam_gk_mamEnabled.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3220468.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.mam_gk_settings1.10.2.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQVUiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzEwMjkiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg0XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.11.4.2", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.11.4.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxMzExMjQiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg0XzAiLCJpc1Rlc3QiOnRydWUsIlVzZXJDb3VudHJ5[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.12.0.5", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%B[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.12.0.5.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAxMzAiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg0XzAiLCJSVEsiOiJINHNJQUFBQUFBQUVBT3k5QjJB[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.13.0.17", "ā%A8%D9%FA%E7%FA%FB%F9%A8%C0%A8%F9%FB%E9%E9%EB%EB%EA%EB%EA%A8%B2%A8%CA%E7%FA%E7%A8%C0ā%A8%E9%FB%F8%F8%EB%F4%FA%CA%E7%FA%EB%A8%C0%A8%B8%B6%B7%[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.13.0.17.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImN1cnJlbnREYXRlIjoiMjAxNDAzMjEiLCJpbnRlcnZhbCI6MjQwLCJzdGFtcCI6Ijg0XzAiLCJSVEsiOiJINHNJQUFBQUFBQUVBT3k5QjJ[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.3.2.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNjFfLTEiLCJpc1Rlc3QiOmZhbHNlLCJpc1dlbGNvbWVFeHBlcmllbmNlRW5hYmxlZEJ5RGVmYXVsd[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.4.4.6.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMjE1Xy0xIiwiaXNUZXN0IjpmYWxzZSwiaXNXZWxjb21lRXhwZXJpZW5jZUVuYWJsZWRCeURlZmF1b[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.8.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiNDZfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQVUiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3220468.mam_gk_settings1.9.0.4.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiODRfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiQVUiLCJpc1dlbGNvbWVFeHBlc[...]
Line Deleted : user_pref("CT3220468.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget", "%EC%E7%F2%F9%EB");
Line Deleted : user_pref("CT3220468.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3220468.mam_gk_stamp", "%BE%BA%E5%B6");
Line Deleted : user_pref("CT3220468.mam_gk_stamp.enc", "ODRfMA==");
Line Deleted : user_pref("CT3220468.mam_gk_userBornDate", "%D4%B5%C7");
Line Deleted : user_pref("CT3220468.mam_gk_userBornDate.enc", "Ti9B");
Line Deleted : user_pref("CT3220468.mam_gk_userId", "%86");
Line Deleted : user_pref("CT3220468.mam_gk_userId.enc", "AA==");
Line Deleted : user_pref("CT3220468.mam_gk_user_approval_interacted", "%B7");
Line Deleted : user_pref("CT3220468.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3220468.mam_gk_user_apps_selection", "%86");
Line Deleted : user_pref("CT3220468.mam_gk_user_apps_selection.enc", "AA==");
Line Deleted : user_pref("CT3220468.mam_gk_welcomeDialogMode", "%B7");
Line Deleted : user_pref("CT3220468.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3220468.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3220468.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Flogin.live.com%2Flogout.srf%3Fct%3D1395376466%26rver%3D6.4.6456.0%26lc%3D3081%26id%3D64855%26ru%3Dhxxp%3A%252F%252F[...]
Line Deleted : user_pref("CT3220468.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.openThankYouPage", "true");
Line Deleted : user_pref("CT3220468.openUninstallPage", "FALSE");
Line Deleted : user_pref("CT3220468.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\\"03\\\\/15\\\\/2013 13\\\"}\"}");
Line Deleted : user_pref("CT3220468.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3220468.search.searchAppId", "129813684258939747");
Line Deleted : user_pref("CT3220468.search.searchCount", "2");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabled", "false");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT3220468.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3220468.searchProtector.notifyChanges", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT3220468.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3220468\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://uTorrentControlv2.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"uTorrentControl_v2 \"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3220468.serviceLayer_services_Configuration_lastUpdate", "1395373197752");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1395373195845");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appTracking_lastUpdate", "1363341834881");
Line Deleted : user_pref("CT3220468.serviceLayer_services_appsMetadata_lastUpdate", "1395373195845");
Line Deleted : user_pref("CT3220468.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1395373209055");
Line Deleted : user_pref("CT3220468.serviceLayer_services_location_lastUpdate", "1374226617289");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.10.27.6_lastUpdate", "1354230907831");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.13.40.15_lastUpdate", "1363341835299");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.14.370.524_lastUpdate", "1365737928719");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.15.0.562_lastUpdate", "1365739507069");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.2.509_lastUpdate", "1374226617394");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.4.519_lastUpdate", "1374912599667");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.16.70.505_lastUpdate", "1379231630135");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.20.0.513_lastUpdate", "1386633329474");
Line Deleted : user_pref("CT3220468.serviceLayer_services_login_10.22.3.518_lastUpdate", "1395373195788");
Line Deleted : user_pref("CT3220468.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1395373202043");
Line Deleted : user_pref("CT3220468.serviceLayer_services_searchAPI_lastUpdate", "1395373199464");
Line Deleted : user_pref("CT3220468.serviceLayer_services_serviceMap_lastUpdate", "1395373195755");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarContextMenu_lastUpdate", "1395373202095");
Line Deleted : user_pref("CT3220468.serviceLayer_services_toolbarSettings_lastUpdate", "1395373198879");
Line Deleted : user_pref("CT3220468.serviceLayer_services_translation_lastUpdate", "1395373195789");
Line Deleted : user_pref("CT3220468.serviceLayer_services_userApps_lastUpdate", "1365737821218");
Line Deleted : user_pref("CT3220468.settingsINI", true);
Line Deleted : user_pref("CT3220468.shouldFirstTimeDialog", "false");
Line Deleted : user_pref("CT3220468.showToolbarPermission", "false");
Line Deleted : user_pref("CT3220468.smartbar.CTID", "CT3220468");
Line Deleted : user_pref("CT3220468.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3220468.smartbar.toolbarName", "uTorrentControl_v2 ");
Line Deleted : user_pref("CT3220468.toolbarBornServerTime", "7-11-2012");
Line Deleted : user_pref("CT3220468.toolbarCurrentServerTime", "7-3-2014");
Line Deleted : user_pref("CT3220468.toolbarLoginClientTime", "Fri Apr 12 2013 13:36:46 GMT+1000 (AUS Eastern Standard Time)");
Line Deleted : user_pref("CT3220468.upgradeFromClearSBVersion", true);
Line Deleted : user_pref("CT3220468.url_history0001", "%EE%FA%FA%F6%C0%B5%B5%FD%FD%FD%B4%EB%E7%F9%FF%EC%F2%F5%FD%EB%F8%F9%B4%E9%F5%F3%B4%E7%FB%B5%C5%E9%C3%B7%AC%E9%F4%C3%CE%F5%F3%EB%C0%C0%C0%E9%F2%EF%E9%F1%EE%E7%F4%[...]
Line Deleted : user_pref("CT3220468.url_history0001.enc", "aHR0cDovL3d3dy5lYXN5Zmxvd2Vycy5jb20uYXUvP2M9MSZjbj1Ib21lOjo6Y2xpY2toYW5kbGVyOjo6MTM5NDE3MTgxOTYzMywsLGh0dHA6Ly93d3cuZWFzeWZsb3dlcnMuY29tLmF1Lz9jPTMmY249WW91[...]
Line Deleted : user_pref("CT3220468_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1395373177764,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=3474001966BAAED9&affID=119357&tt=150813_206&tsp=4976");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "34747757000000000000001966baaed9");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15933");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.rvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=34747757000000000000001966baaed9&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.24.5");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.24.517:44:18");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.24.5");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=123896&tsp=4976");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "34747757000000000000001966baaed9");
Line Deleted : user_pref("extensions.delta.instlDay", "15933");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.5");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.59:38:47");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.5");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=119357&tt=150813_206&tsp=4976");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("plugin.state.npconduitfirefoxplugin", 2);
Line Deleted : user_pref("smartbar.machineId", "JGOSFSBPZXAWWYDEVSUMRRWNFGORLSACHDIJPEIT+SOJBVNQMVFYTEOVT2TVZLQ2UKWAIVV1VLSTN8T2WMMY6Q");

[ File : C:\Documents and Settings\vicki\Application Data\Mozilla\Firefox\Profiles\0qlkg21f.default\prefs.js ]


[ File : C:\Documents and Settings\Michael\Application Data\Mozilla\Firefox\Profiles\rn5dvrc4.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Documents and Settings\LocalService\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


[ File : C:\Documents and Settings\craig\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : search_url
Deleted : keyword
Deleted : urls_to_restore_on_startup

[ File : C:\Documents and Settings\zoe\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]

Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [31465 octets] - [23/03/2014 06:29:06]
AdwCleaner[S0].txt - [31779 octets] - [23/03/2014 06:30:25]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [31840 octets] ##########
 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Microsoft Windows XP x86
Ran by craig on Sun 23/03/2014 at  6:43:36.98
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\DisplayName
Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\\URL



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\All Users\application data\ytd video downloader"
Successfully deleted: [Folder] "C:\Documents and Settings\All Users\start menu\programs\ytd video downloader"



~~~ FireFox

Successfully deleted the following from C:\Documents and Settings\craig\Application Data\mozilla\firefox\profiles\zyluzktm.default\prefs.js

user_pref("extensions.rAuLKkX3R469.url", "hxxp://toolkitjob.info/sync2/?q=hfZ9ofV9CShEAen0rjs6qGhTB6lKDzt4okxltNtVh7n0rjnErjwErjC9qjr4tMFHhd9FqdaHrjnGrjkGrdsMDMlGojUMAe4UojwFq
user_pref("extensions.toolbar@news.net.AdConfig", "{\"type\":\"page\",\"value\":100000}");
user_pref("extensions.toolbar@news.net.AdConfigLastUpdate", 1421144955);
user_pref("extensions.toolbar@news.net.id", "e309a847-06ef-c3f2-6e79-fefceeb6a0ef");
user_pref("extensions.toolbar@news.net.referid", "138");
user_pref("extensions.toolbar@news.net.uuid", "{3CB35B8E-D897-4FFE-969B-EA7C8ED8DFF0}");





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 23/03/2014 at  6:46:44.96
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-03-2014  01
Ran by craig (administrator) on HOME-752E39F646 on 23-03-2014 06:50:56
Running from C:\Documents and Settings\craig\Desktop
Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: English(US)
Internet Explorer Version 8
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/download/farbar-recovery-scan-tool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(ATI Technologies Inc.) C:\WINDOWS\system32\Ati2evxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Wireless Service) C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
(D-Link) C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe
(CANON INC.) C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
(VIA Technologies, Inc.) C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(BillP Studios) C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Safer-Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
(ATI Technologies Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
(Dropbox, Inc.) C:\Documents and Settings\craig\Application Data\Dropbox\bin\Dropbox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Thunderbird\thunderbird.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [ANIWZCS2Service] - C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe [49152 2007-01-19] (Wireless Service)
HKLM\...\Run: [D-Link D-Link Wireless G DWA-510] - C:\Program Files\D-Link\D-Link Wireless G DWA-510\AirGCFG.exe [1675264 2008-04-15] (D-Link)
HKLM\...\Run: [CanonMyPrinter] - C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2508104 2009-11-02] (CANON INC.)
HKLM\...\Run: [CanonSolutionMenu] - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [767312 2009-09-04] (CANON INC.)
HKLM\...\Run: [HDAudDeck] - C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe [33587200 2009-01-21] (VIA Technologies, Inc.)
HKLM\...\Run: [StartCCC] - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [61440 2008-08-29] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-22] (Adobe Systems Incorporated)
HKLM\...\Run: [WinPatrol] - C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe [363752 2012-12-10] (BillP Studios)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-11-02] (Apple Inc.)
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3764024 2014-01-12] (AVAST Software)
HKLM\...\Run: [MSConfig] - C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [169984 2008-04-14] (Microsoft Corporation)
Winlogon\Notify\AtiExtEvent: C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-21-790525478-1292428093-839522115-1004\...\Run: [ASRockIES] - [X]
HKU\S-1-5-21-790525478-1292428093-839522115-1004\...\Run: [SpybotSD TeaTimer] - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2260480 2009-03-05] (Safer-Networking Ltd.)
HKU\S-1-5-21-790525478-1292428093-839522115-1004\...\Run: [News.net] - C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
Startup: C:\Documents and Settings\craig\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Documents and Settings\craig\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = http://www.bing.com/search
BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKCU - &Address - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
Toolbar: HKCU - &Links - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\SHELL32.dll (Microsoft Corporation)
ShellExecuteHooks: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL [115440 2013-05-08] (SuperAdBlocker.com)
Winsock: Catalog5 04 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 61.9.211.33 61.9.211.1

FireFox:
========
FF ProfilePath: C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default
FF Plugin: @adobe.com/FlashPlayer - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @canon.com/EPPEX - C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF Plugin: @microsoft.com/WPF,version=3.5 - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.0.5 - C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Extension: Microsoft .NET Framework Assistant - C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\Extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012-11-04]
FF Extension: WOT - C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013-11-30]
FF Extension: DownloadHelper - C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\Extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013-09-01]
FF Extension: Download YouTube Videos as MP4 - C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\Extensions\{b9bfaf1c-a63f-47cd-8b9a-29526ced9060}.xpi [2013-07-29]
FF Extension: Greasemonkey - C:\Documents and Settings\craig\Application Data\Mozilla\Firefox\Profiles\zyluzktm.default\Extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013-07-27]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-11-04]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ []

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchProvider: Conduit Search
CHR DefaultSearchURL: http://www.google.com
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll No File
CHR Extension: (greAttsavEEr) - C:\Documents and Settings\craig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\bgmcgdpkngnfbehbdecdfnfmcnengjnn [2014-01-11]
CHR Extension: (YTBookMarik) - C:\Documents and Settings\craig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\dfhbmbhjgfkplgidgdbcnejahecklbgj [2014-01-11]
CHR Extension: (YoutubeAdblocker) - C:\Documents and Settings\craig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ffogdfomimpjhegklhbbejejfnddabfh [2014-01-11]
CHR Extension: (Yoono  Twitter  Facebook LinkedIn Youtube) - C:\Documents and Settings\craig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\jkkenjlnjfemconejajakbijbheoffli [2014-01-11]
CHR Extension: (Chrome In-App Payments service) - C:\Documents and Settings\craig\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-24]

========================== Services (Whitelisted) =================

S4 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [120088 2013-10-11] (SUPERAntiSpyware.com)
S2 ANIWZCSdService; C:\Program Files\ANI\ANIWZCS2 Service\ANIWZCSdS.exe [49152 2007-01-19] (Wireless Service)
S2 ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [593920 2008-12-01] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-01-12] (AVAST Software)
S4 SgtSch2Svc; C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe [845808 2011-06-30] (Seagate)

==================== Drivers (Whitelisted) ====================

R2 ANIO; C:\WINDOWS\system32\ANIO.SYS [28195 2005-12-11] (Alpha Networks Inc.)
R2 aswMonFlt; C:\WINDOWS\system32\drivers\aswMonFlt.sys [67824 2014-01-12] (AVAST Software)
R1 AswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [54832 2014-01-12] (AVAST Software)
R0 aswRvrt; C:\WINDOWS\system32\Drivers\aswRvrt.sys [49944 2014-01-12] ()
R1 aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [775952 2014-01-12] (AVAST Software)
R1 aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [410528 2014-01-12] (AVAST Software)
R1 aswTdi; C:\WINDOWS\system32\drivers\aswTdi.sys [57672 2014-01-12] (AVAST Software)
R0 aswVmm; C:\WINDOWS\system32\Drivers\aswVmm.sys [180248 2014-01-12] ()
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R3 monfilt; C:\WINDOWS\System32\drivers\monfilt.sys [1389056 2008-02-14] (Creative Technology Ltd.)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 RT61; C:\WINDOWS\System32\DRIVERS\RT61.sys [491648 2008-03-05] (Ralink Technology, Corp.)
R3 rtl8139; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [20992 2004-08-04] (Realtek Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [12880 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [67664 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1050112 2009-01-11] (VIA Technologies, Inc.)
R0 vididr; C:\WINDOWS\System32\DRIVERS\vididr.sys [125472 2014-01-24] (Acronis)
R0 vidsflt53; C:\WINDOWS\System32\DRIVERS\vsflt53.sys [83392 2014-01-24] (Acronis)
S3 ialm; system32\DRIVERS\igxpmp32.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
U1 WS2IFSL;

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-23 06:50 - 2014-03-23 06:51 - 00012187 _____ () C:\Documents and Settings\craig\Desktop\FRST.txt
2014-03-23 06:50 - 2014-03-23 06:50 - 00000000 ____D () C:\FRST
2014-03-23 06:48 - 2014-03-23 06:48 - 01145856 _____ (Farbar) C:\Documents and Settings\craig\Desktop\FRST.exe
2014-03-23 06:46 - 2014-03-23 06:47 - 00001867 _____ () C:\Documents and Settings\craig\Desktop\JRT.txt
2014-03-23 06:43 - 2014-03-23 06:43 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-23 06:37 - 2014-03-23 06:37 - 00031921 _____ () C:\Documents and Settings\craig\Desktop\AdwCleaner[S0].txt
2014-03-23 06:28 - 2014-03-23 06:31 - 00000000 ____D () C:\AdwCleaner
2014-03-23 06:27 - 2014-03-23 06:28 - 01950720 _____ () C:\Documents and Settings\craig\Desktop\adwcleaner.exe
2014-03-23 05:25 - 2014-03-23 06:39 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-22 16:26 - 2014-03-22 16:29 - 00017310 _____ () C:\Documents and Settings\craig\Desktop\attach.txt
2014-03-22 16:26 - 2014-03-22 16:29 - 00008701 _____ () C:\Documents and Settings\craig\Desktop\dds.txt
2014-03-22 16:24 - 2014-03-22 16:24 - 00688992 ____R (Swearware) C:\Documents and Settings\craig\Desktop\dds.com
2014-03-22 16:23 - 2014-03-22 16:23 - 00000000 _____ () C:\Documents and Settings\craig\defogger_reenable
2014-03-22 16:22 - 2014-03-22 16:22 - 00050477 _____ () C:\Documents and Settings\craig\Desktop\Defogger.exe
2014-03-22 15:28 - 2014-03-22 15:29 - 01037734 _____ (Thisisu) C:\Documents and Settings\craig\Desktop\JRT.exe
2014-03-22 15:21 - 2014-03-22 15:56 - 00003768 _____ () C:\Documents and Settings\craig\Desktop\Rkill.txt
2014-03-20 18:04 - 2014-03-20 18:04 - 00000000 ____D () C:\Documents and Settings\craig\Application Data\Seagate
2014-03-20 16:35 - 2014-03-20 16:37 - 00003680 _____ () C:\WINDOWS\KB2916036.log
2014-03-20 16:35 - 2014-03-20 16:37 - 00003676 _____ () C:\WINDOWS\KB2929961.log
2014-03-20 16:34 - 2014-03-20 16:37 - 00004209 _____ () C:\WINDOWS\KB2930275.log
2014-03-01 09:54 - 2014-03-01 09:55 - 00000000 ____D () C:\Documents and Settings\craig\My Documents\EXE. files

==================== One Month Modified Files and Folders =======

2014-03-23 06:51 - 2014-03-23 06:50 - 00012187 _____ () C:\Documents and Settings\craig\Desktop\FRST.txt
2014-03-23 06:50 - 2014-03-23 06:50 - 00000000 ____D () C:\FRST
2014-03-23 06:48 - 2014-03-23 06:48 - 01145856 _____ (Farbar) C:\Documents and Settings\craig\Desktop\FRST.exe
2014-03-23 06:47 - 2014-03-23 06:46 - 00001867 _____ () C:\Documents and Settings\craig\Desktop\JRT.txt
2014-03-23 06:43 - 2014-03-23 06:43 - 00000000 ____D () C:\WINDOWS\ERUNT
2014-03-23 06:39 - 2014-03-23 05:25 - 00000000 ____D () C:\Program Files\Mozilla Thunderbird
2014-03-23 06:39 - 2012-11-04 08:53 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-03-23 06:37 - 2014-03-23 06:37 - 00031921 _____ () C:\Documents and Settings\craig\Desktop\AdwCleaner[S0].txt
2014-03-23 06:37 - 2013-04-14 09:23 - 00000000 ___RD () C:\Documents and Settings\craig\My Documents\Dropbox
2014-03-23 06:37 - 2012-12-29 22:03 - 00000000 ____D () C:\Documents and Settings\craig\Application Data\Dropbox
2014-03-23 06:37 - 2012-11-04 05:17 - 00003284 _____ () C:\WINDOWS\system32\ANIWZCS{3C9D11B7-FFC6-4D56-B127-83DA60C90EBF}
2014-03-23 06:37 - 2012-11-04 05:15 - 00000006 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME{3C9D11B7-FFC6-4D56-B127-83DA60C90EBF}
2014-03-23 06:37 - 2012-11-04 03:40 - 00000239 ___SH () C:\boot.ini
2014-03-23 06:37 - 2012-11-03 17:02 - 01710291 _____ () C:\WINDOWS\WindowsUpdate.log
2014-03-23 06:37 - 2004-08-04 22:00 - 00000624 _____ () C:\WINDOWS\win.ini
2014-03-23 06:37 - 2004-08-04 22:00 - 00000227 _____ () C:\WINDOWS\system.ini
2014-03-23 06:36 - 2012-11-04 06:26 - 00000007 _____ () C:\WINDOWS\system32\ANIWZCSUSERNAME
2014-03-23 06:36 - 2012-11-04 06:18 - 00000364 ____H () C:\WINDOWS\Tasks\avast! Emergency Update.job
2014-03-23 06:33 - 2012-11-04 03:44 - 00000157 _____ () C:\WINDOWS\wiadebug.log
2014-03-23 06:33 - 2012-11-04 03:44 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2014-03-23 06:33 - 2012-11-03 17:32 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2014-03-23 06:33 - 2008-12-02 06:11 - 00069112 _____ () C:\WINDOWS\system32\ativvaxx.cap
2014-03-23 06:33 - 2004-08-04 22:00 - 00013646 _____ () C:\WINDOWS\system32\wpa.dbl
2014-03-23 06:32 - 2012-11-04 07:19 - 00458752 _____ () C:\WINDOWS\system32\config\ACEEvent.evt
2014-03-23 06:32 - 2012-11-03 17:36 - 00000178 ___SH () C:\Documents and Settings\craig\ntuser.ini
2014-03-23 06:32 - 2012-11-03 17:32 - 00032438 _____ () C:\WINDOWS\SchedLgU.Txt
2014-03-23 06:31 - 2014-03-23 06:28 - 00000000 ____D () C:\AdwCleaner
2014-03-23 06:28 - 2014-03-23 06:27 - 01950720 _____ () C:\Documents and Settings\craig\Desktop\adwcleaner.exe
2014-03-23 06:05 - 2013-07-27 08:05 - 00000830 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2014-03-22 16:29 - 2014-03-22 16:26 - 00017310 _____ () C:\Documents and Settings\craig\Desktop\attach.txt
2014-03-22 16:29 - 2014-03-22 16:26 - 00008701 _____ () C:\Documents and Settings\craig\Desktop\dds.txt
2014-03-22 16:24 - 2014-03-22 16:24 - 00688992 ____R (Swearware) C:\Documents and Settings\craig\Desktop\dds.com
2014-03-22 16:23 - 2014-03-22 16:23 - 00000000 _____ () C:\Documents and Settings\craig\defogger_reenable
2014-03-22 16:23 - 2012-11-03 17:36 - 00000000 ____D () C:\Documents and Settings\craig
2014-03-22 16:22 - 2014-03-22 16:22 - 00050477 _____ () C:\Documents and Settings\craig\Desktop\Defogger.exe
2014-03-22 15:56 - 2014-03-22 15:21 - 00003768 _____ () C:\Documents and Settings\craig\Desktop\Rkill.txt
2014-03-22 15:29 - 2014-03-22 15:28 - 01037734 _____ (Thisisu) C:\Documents and Settings\craig\Desktop\JRT.exe
2014-03-22 15:13 - 2014-01-11 03:56 - 00000000 ____D () C:\Program Files\ss Supporter
2014-03-22 05:10 - 2012-11-26 20:01 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2723135-v2$
2014-03-22 05:10 - 2012-11-07 16:39 - 00000178 ___SH () C:\Documents and Settings\zoe\ntuser.ini
2014-03-22 05:10 - 2012-11-07 16:39 - 00000000 ____D () C:\Documents and Settings\zoe
2014-03-20 18:04 - 2014-03-20 18:04 - 00000000 ____D () C:\Documents and Settings\craig\Application Data\Seagate
2014-03-20 16:37 - 2014-03-20 16:35 - 00003680 _____ () C:\WINDOWS\KB2916036.log
2014-03-20 16:37 - 2014-03-20 16:35 - 00003676 _____ () C:\WINDOWS\KB2929961.log
2014-03-20 16:37 - 2014-03-20 16:34 - 00004209 _____ () C:\WINDOWS\KB2930275.log
2014-03-20 16:17 - 2012-11-04 10:56 - 00222720 _____ () C:\Documents and Settings\craig\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-20 10:03 - 2012-11-18 09:08 - 00000284 _____ () C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
2014-03-18 17:35 - 2014-01-28 18:08 - 00000178 ___SH () C:\Documents and Settings\Michael\ntuser.ini
2014-03-18 15:21 - 2012-11-04 15:32 - 00703176 _____ () C:\WINDOWS\setupapi.log
2014-03-15 08:27 - 2012-11-04 06:26 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2014-03-07 01:31 - 2012-11-10 16:42 - 00000000 ____D () C:\Documents and Settings\craig\Application Data\uTorrent
2014-03-07 00:44 - 2012-11-04 03:41 - 00000513 _____ () C:\WINDOWS\setupact.log
2014-03-06 23:25 - 2012-11-07 21:08 - 00000000 ____D () C:\Documents and Settings\zoe\Application Data\uTorrent
2014-03-02 06:07 - 2012-11-04 08:34 - 00000000 ____D () C:\Documents and Settings\craig\Application Data\vlc
2014-03-01 16:37 - 2012-11-04 12:32 - 00692616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2014-03-01 16:37 - 2012-11-04 12:32 - 00071048 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2014-03-01 10:02 - 2013-08-10 16:20 - 00000000 ____D () C:\Documents and Settings\craig\My Documents\new
2014-03-01 09:55 - 2014-03-01 09:54 - 00000000 ____D () C:\Documents and Settings\craig\My Documents\EXE. files
2014-03-01 09:47 - 2012-11-08 07:26 - 00154624 _____ () C:\Documents and Settings\zoe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-03-01 09:11 - 2012-11-07 21:46 - 00000000 ____D () C:\Documents and Settings\zoe\Application Data\vlc
2014-02-27 15:49 - 2013-08-10 15:21 - 00000000 ____D () C:\Documents and Settings\craig\Application Data\dvdcss

Some content of TEMP:
====================
C:\Documents and Settings\craig\Local Settings\Temp\binkw32.dll
C:\Documents and Settings\craig\Local Settings\Temp\d2l_Install.exe
C:\Documents and Settings\craig\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\zoe\Local Settings\Temp\radDC477.tmp_update.exe
C:\Documents and Settings\zoe\Local Settings\Temp\SCC.dll
C:\Documents and Settings\zoe\Local Settings\Temp\tbedrs.dll
C:\Documents and Settings\zoe\Local Settings\Temp\uninst1.exe
C:\Documents and Settings\zoe\Local Settings\Temp\utt218.tmp.exe
C:\Documents and Settings\zoe\Local Settings\Temp\utt2A1.tmp.exe
C:\Documents and Settings\zoe\Local Settings\Temp\utt81.tmp.exe


==================== Bamital & volsnap Check =================

C:\WINDOWS\explorer.exe => MD5 is legit
C:\WINDOWS\system32\winlogon.exe => MD5 is legit
C:\WINDOWS\system32\svchost.exe => MD5 is legit
C:\WINDOWS\system32\services.exe => MD5 is legit
C:\WINDOWS\system32\User32.dll => MD5 is legit
C:\WINDOWS\system32\userinit.exe => MD5 is legit
C:\WINDOWS\system32\rpcss.dll => MD5 is legit
C:\WINDOWS\system32\Drivers\volsnap.sys => MD5 is legit

==================== End Of Log ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 13-03-2014  01
Ran by craig at 2014-03-23 06:51:18
Running from C:\Documents and Settings\craig\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: avast! Antivirus (Disabled - Up to date) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus (Disabled) {7591DB91-41F0-48A3-B128-1A293FD8233D}

==================== Installed Programs ======================

µTorrent (HKCU\...\uTorrent) (Version: 3.3.1.30017 - BitTorrent Inc.)
Adobe Flash Player 12 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) (HKLM\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
ANIO Service (HKLM\...\{7B5CE976-C7A9-4E38-A7F3-6C8EF025DD8E}) (Version:  - )
ANIWZCS2 Service (HKLM\...\{4C590030-7469-453E-8589-D15DA9D03F52}) (Version:  - )
Apple Application Support (HKLM\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{0592EF96-69D8-4E4B-9CC9-88F58EA86F01}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASRock IES (HKLM\...\ASRock IES_is1) (Version:  - )
ATI - Software Uninstall Utility (HKLM\...\All ATI Software) (Version: 6.14.10.1022 - )
ATI AVIVO Codecs (HKLM\...\{89DE67AD-08B8-4699-A55D-CA5C0AF82BF3}) (Version: 10.0.0.31121 - ATI Technologies Inc.)
ATI Catalyst Control Center (HKLM\...\{055EE59D-217B-43A7-ABFF-507B966405D8}) (Version: 2.008.1201.1503 - )
ATI Display Driver (HKLM\...\ATI Display Driver) (Version: 8.561-081201a1-072274C-ATI - )
ATI Parental Control & Encoder (Version: 3.0 - ATI Technologies Inc.) Hidden
avast! Free Antivirus (HKLM\...\avast) (Version: 9.0.2011 - Avast Software)
Bonjour (HKLM\...\{79155F2B-9895-49D7-8612-D92580E0DE5B}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Black Ops - Multiplayer (HKLM\...\Steam App 42710) (Version:  - Treyarch)
Call of Duty: Black Ops (HKLM\...\Steam App 42700) (Version:  - Treyarch)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM\...\Steam App 10190) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 2 (HKLM\...\Steam App 10180) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 (HKLM\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Canon MP Navigator EX 3.1 (HKLM\...\MP Navigator EX 3.1) (Version:  - )
Canon MX350 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX350_series) (Version:  - )
Canon Utilities Easy-PhotoPrint EX (HKLM\...\Easy-PhotoPrint EX) (Version:  - )
Canon Utilities My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM\...\CanonSolutionMenu) (Version:  - )
Catalyst Control Center - Branding (Version: 1.00.0000 - ATI) Hidden
Catalyst Control Center Core Implementation (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Graphics Full Existing (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Graphics Full New (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Graphics Light (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Graphics Previews Common (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center HydraVision Full (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Chinese Standard (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Chinese Traditional (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Czech (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Danish (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Dutch (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Finnish (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization French (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization German (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Greek (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Hungarian (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Italian (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Japanese (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Korean (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Norwegian (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Polish (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Portuguese (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Russian (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Spanish (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Swedish (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Thai (Version: 2008.1201.1504.27008 - ATI) Hidden
Catalyst Control Center Localization Turkish (Version: 2008.1201.1504.27008 - ATI) Hidden
CCC Help Chinese Standard (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Chinese Traditional (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Czech (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Danish (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Dutch (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help English (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Finnish (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help French (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help German (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Greek (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Hungarian (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Italian (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Japanese (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Korean (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Norwegian (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Polish (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Portuguese (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Russian (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Spanish (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Swedish (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Thai (Version: 2008.1201.1503.27008 - ATI) Hidden
CCC Help Turkish (Version: 2008.1201.1503.27008 - ATI) Hidden
ccc-core-preinstall (Version: 2008.1201.1504.27008 - ATI) Hidden
ccc-core-static (Version: 2008.1201.1504.27008 - ATI) Hidden
ccc-utility (Version: 2008.1201.1504.27008 - ATI) Hidden
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6514.5001 - Microsoft Corporation)
Diablo II (HKCU\...\Diablo II) (Version:  - )
Diablo II (HKLM\...\Diablo II) (Version:  - )
D-Link Wireless G DWA-510 (HKLM\...\{BADEDF59-389D-49CA-AD06-7EF12C5C13CD}) (Version:  - D-Link)
DriverTuner 3.1.0.0 (HKLM\...\{520C1D80-935C-42B9-9340-E883849D804F}_is1) (Version: 3.1.0.0 - LionSea SoftWare)
Dropbox (HKCU\...\Dropbox) (Version: 2.4.11 - Dropbox, Inc.)
EaseUS Data Recovery Wizard 7.0 (HKLM\...\EaseUS Data Recovery Wizard 7.0_is1) (Version:  - EaseUS)
File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version:  - Pow Tools)
Freemake Video Converter version 4.0.3 (HKLM\...\Freemake Video Converter_is1) (Version: 4.0.3 - Ellora Assets Corporation)
Gamer HUD Lite (HKLM\...\{8FE4D086-63BD-44EB-882C-C7EA5A1EF016}) (Version: 1.00.0000 B0800311 - GIGABYTE)
High Definition Audio Driver Package - KB888111 (HKLM\...\KB888111WXPSP2) (Version: 20040219.000000 - Microsoft Corporation)
iTunes (HKLM\...\{C197BC08-3D82-4651-8886-E68C21578A38}) (Version: 11.1.3.8 - Apple Inc.)
Kernel for Windows Data Recovery ver 13.06.01 (HKLM\...\Kernel for Windows Data Recovery_is1) (Version:  - Lepide Software Pvt.Ltd.)
Malwarebytes Anti-Malware version 1.75.0.1300 (HKLM\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 2.0 Service Pack 2 (HKLM\...\{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}) (Version: 2.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.0 Service Pack 2 (HKLM\...\{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}) (Version: 3.2.30729 - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319 - Microsoft Corporation) Hidden
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.7969.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM\...\{95140000-0137-0409-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
MozBackup 1.5.1 (HKLM\...\MozBackup) (Version:  - Pavel Cvrcek)
Mozilla Firefox 27.0.1 (x86 en-US) (HKLM\...\Mozilla Firefox 27.0.1 (x86 en-US)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 24.4.0 - Mozilla)
Mozilla Thunderbird 24.4.0 (x86 en-US) (HKLM\...\Mozilla Thunderbird 24.4.0 (x86 en-US)) (Version: 24.4.0 - Mozilla)
Platform (Version: 1.27 - VIA Technologies, Inc.) Hidden
PokerStars (HKLM\...\PokerStars) (Version:  - PokerStars)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (HKLM\...\{C9BED750-1211-4480-B1A5-718A3BE15525}) (Version: 1.23.0000 - Realtek)
Repair My Backup (HKLM\...\Repair My Backup_is1) (Version: 4.2.0.821 - GetData Pty Ltd)
Seagate DiscWizard (HKLM\...\{8FB2A014-A0B0-42D8-8E18-9AFC6A6E2814}) (Version: 13.0.14387 - Seagate)
Skins (Version: 2008.1201.1504.27008 - ATI) Hidden
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
ss Supporter 1.80 (HKLM\...\{5F189DF5-2D05-472B-9091-84D9848AE48B}{43c1b835}) (Version:  - Verified Publisher)
Steam (HKLM\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 5.7.1018 - SUPERAntiSpyware.com)
The Sims Deluxe Edition (HKLM\...\{10798AE3-DCBB-43C3-9C93-C23512427E25}) (Version:  - )
Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (HKLM\...\{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}.KB963707) (Version: 1 - Microsoft Corporation)
Update for Windows Internet Explorer 8 (KB2598845) (HKLM\...\KB2598845-IE8) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2345886) (HKLM\...\KB2345886) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2467659) (HKLM\...\KB2467659) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2661254-v2) (HKLM\...\KB2661254-v2) (Version: 2 - Microsoft Corporation)
Update for Windows XP (KB2736233) (HKLM\...\KB2736233) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2749655) (HKLM\...\KB2749655) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2863058) (HKLM\...\KB2863058) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB2904266) (HKLM\...\KB2904266) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB898461) (HKLM\...\KB898461) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB951978) (Version: 1 - Microsoft Corporation) Hidden
Update for Windows XP (KB955759) (HKLM\...\KB955759) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB968389) (HKLM\...\KB968389) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB971029) (HKLM\...\KB971029) (Version: 1 - Microsoft Corporation)
Update for Windows XP (KB973815) (HKLM\...\KB973815) (Version: 1 - Microsoft Corporation)
VIA Platform Device Manager (HKLM\...\InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}) (Version: 1.27 - VIA Technologies, Inc.)
VLC media player 2.0.5 (HKLM\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WebFldrs XP (Version: 9.50.7523 - Microsoft Corporation) Hidden
Windows Backup Utility (HKLM\...\{76EFFC7C-17A6-479D-9E47-8E658C1695AE}) (Version: 5.1 - Microsoft Corporation)
Windows Internet Explorer 8 (HKLM\...\ie8) (Version: 20090308.140743 - Microsoft Corporation)
Windows XP Service Pack 3 (HKLM\...\Windows XP Service Pack) (Version: 20080414.031525 - Microsoft Corporation)
WinPatrol (HKLM\...\{A62F9CD0-B2E0-4F2A-88F2-79254A3C8539}) (Version: 26.0.2013.0 - BillP Studios)
WinRAR 5.01 (32-bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)
Women's Murder Club - Death in Scarlet (HKLM\...\{3B9D5CC6-0990-4C1A-BC1D-E70D2847A412}) (Version: 1.00 - GSP)
YTD Video Downloader 4.3 (HKLM\...\{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}) (Version: 4.3 - GreenTree Applications SRL)

==================== Restore Points  =========================

25-01-2014 13:40:38 Software Distribution Service 3.0
27-01-2014 00:35:24 System Checkpoint
30-01-2014 04:54:06 System Checkpoint
31-01-2014 08:36:47 System Checkpoint
01-02-2014 15:30:52 System Checkpoint
02-02-2014 16:08:52 System Checkpoint
03-02-2014 21:23:22 System Checkpoint
04-02-2014 22:08:54 System Checkpoint
05-02-2014 08:09:50 Installed DirectX
05-02-2014 08:16:12 Installed DirectX
06-02-2014 10:58:29 System Checkpoint
07-02-2014 11:08:48 System Checkpoint
08-02-2014 12:03:08 System Checkpoint
09-02-2014 12:39:45 System Checkpoint
10-02-2014 03:35:29 Installed The Sims Deluxe Edition
11-02-2014 05:37:38 System Checkpoint
12-02-2014 07:04:10 System Checkpoint
13-02-2014 07:37:37 System Checkpoint
14-02-2014 08:37:36 System Checkpoint
15-02-2014 08:45:14 System Checkpoint
16-02-2014 12:28:07 System Checkpoint
17-02-2014 14:31:09 System Checkpoint
18-02-2014 14:32:01 System Checkpoint
19-02-2014 14:33:05 System Checkpoint
20-02-2014 18:46:35 System Checkpoint
22-02-2014 00:53:51 System Checkpoint
23-02-2014 01:34:34 System Checkpoint
24-02-2014 02:31:56 System Checkpoint
25-02-2014 02:55:56 System Checkpoint
26-02-2014 03:31:56 System Checkpoint
27-02-2014 04:21:01 System Checkpoint
28-02-2014 04:31:57 System Checkpoint
01-03-2014 05:31:59 System Checkpoint
06-03-2014 15:46:02 System Checkpoint
07-03-2014 19:56:21 System Checkpoint
08-03-2014 20:32:21 System Checkpoint
09-03-2014 21:32:22 System Checkpoint
10-03-2014 22:44:22 System Checkpoint
12-03-2014 00:33:51 System Checkpoint
13-03-2014 01:32:21 System Checkpoint
14-03-2014 02:37:06 System Checkpoint
15-03-2014 03:32:41 System Checkpoint
16-03-2014 04:05:04 System Checkpoint
17-03-2014 04:59:51 System Checkpoint
18-03-2014 05:43:40 System Checkpoint
19-03-2014 21:12:50 System Checkpoint
20-03-2014 21:14:59 System Checkpoint
21-03-2014 23:41:39 System Checkpoint

==================== Hosts content: ==========================

2004-08-04 22:00 - 2004-08-04 22:00 - 00000734 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\AppleSoftwareUpdate.job => C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Task: C:\WINDOWS\Tasks\avast! Emergency Update.job => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-03-23 04:27 - 2014-03-23 03:35 - 02189312 _____ () C:\Program Files\AVAST Software\Avast\defs\14032201\algo.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 00087912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2012-08-27 20:33 - 2012-08-27 20:33 - 01242512 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2012-11-04 05:15 - 2007-12-11 14:36 - 00245760 _____ () C:\WINDOWS\system32\WlanApp.dll
2012-12-29 13:08 - 2012-12-10 11:46 - 00600868 ____N () C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
2014-01-12 11:15 - 2014-01-12 11:15 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2012-11-04 07:07 - 2012-11-04 07:07 - 00014848 _____ () C:\WINDOWS\assembly\GAC_MSIL\AxInterop.WBOCXLib\1.0.0.0__90ba9c70f846762e\AxInterop.WBOCXLib.dll
2008-10-30 13:39 - 2008-10-30 13:39 - 00016384 ____R () C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll
2013-10-19 09:55 - 2013-10-19 09:55 - 25100288 _____ () C:\Documents and Settings\craig\Application Data\Dropbox\bin\libcef.dll
2014-03-23 05:25 - 2014-03-23 05:25 - 03018864 _____ () C:\Program Files\Mozilla Thunderbird\mozjs.dll
2014-03-23 05:25 - 2014-03-23 05:25 - 00158832 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAP32V60.dll
2014-03-23 05:25 - 2014-03-23 05:25 - 00023152 _____ () C:\Program Files\Mozilla Thunderbird\NSLDAPPR32V60.dll
2014-01-25 17:25 - 2012-11-09 05:02 - 01752576 _____ () C:\Program Files\File Shredder\fsshell.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:03271074
AlternateDataStreams: C:\Documents and Settings\All Users\Application Data\TEMP:373E1720
AlternateDataStreams: C:\Documents and Settings\craig\Desktop\07 Hanging On The Telephone.m4r:SummaryInformation
AlternateDataStreams: C:\Documents and Settings\craig\Desktop\07 Hanging On The Telephone.m4r:{4c8cc155-6c1e-11d1-8e41-00c04fb9386d}

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupfolder: C:^Documents and Settings^craig^Start Menu^Programs^Startup^GIGABYTE Gamer HUD Lite.lnk => C:\WINDOWS\pss\GIGABYTE Gamer HUD Lite.lnkStartup
MSCONFIG\startupreg: Steam => "C:\Program Files\Steam\Steam.exe" -silent

==================== Faulty Device Manager Devices =============

Name: Video Controller (VGA Compatible)
Description: Video Controller (VGA Compatible)
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2014 03:20:35 PM) (Source: Application Error) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.10.7034, faulting module msvcrt.dll, version 7.0.2600.5512, fault address 0x00036edf.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (03/18/2014 08:02:41 AM) (Source: Application Error) (User: )
Description: Faulting application ANIWZCSdS.exe, version 1.0.3.7034, faulting module user32.dll, version 5.1.2600.5512, fault address 0x00014acd.
Processing media-specific event for [ANIWZCSdS.exe!ws!]

Error: (02/28/2014 07:27:13 PM) (Source: Application Hang) (User: )
Description: Hanging application winpatrol.exe, version 26.0.2013.0, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/27/2014 03:59:07 PM) (Source: crypt32) (User: )
Description: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.

Error: (02/20/2014 04:07:04 PM) (Source: Application Error) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.10.7034, faulting module anioapi.dll, version 2.0.3.51006, fault address 0x000031a8.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (02/16/2014 11:10:22 PM) (Source: Application Error) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.10.7034, faulting module anioapi.dll, version 2.0.3.51006, fault address 0x000031a8.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (02/16/2014 06:26:01 AM) (Source: Application Hang) (User: )
Description: Hanging application explorer.exe, version 6.0.2900.5512, hang module hungapp, version 0.0.0.0, hang address 0x00000000.

Error: (02/15/2014 04:27:20 PM) (Source: Application Error) (User: )
Description: Faulting application , version 0.0.0.0, faulting module unknown, version 0.0.0.0, fault address 0x00000000.
Processing media-specific event for [!ws!]

Error: (02/15/2014 04:23:39 PM) (Source: Application Error) (User: )
Description: Faulting application wzcsldr2.exe, version 1.0.10.7034, faulting module mfc42.dll, version 6.2.8081.0, fault address 0x00001968.
Processing media-specific event for [wzcsldr2.exe!ws!]

Error: (02/15/2014 01:52:11 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7937


System errors:
=============
Error: (03/23/2014 06:30:27 AM) (Source: Service Control Manager) (User: )
Description: The Application Layer Gateway Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/23/2014 06:30:27 AM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/23/2014 06:30:26 AM) (Source: Service Control Manager) (User: )
Description: The Print Spooler service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/23/2014 06:30:26 AM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/23/2014 06:30:26 AM) (Source: Service Control Manager) (User: )
Description: The Bonjour Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/23/2014 06:30:26 AM) (Source: Service Control Manager) (User: )
Description: The Ati HotKey Poller service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/20/2014 05:19:44 PM) (Source: Service Control Manager) (User: )
Description: The Apple Mobile Device service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.

Error: (03/20/2014 05:19:05 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/18/2014 08:02:48 AM) (Source: Service Control Manager) (User: )
Description: The ANIWZCSd Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (03/16/2014 06:33:58 AM) (Source: DCOM) (User: HOME-752E39F646)
Description: DCOM got error "%%1058" attempting to start the service McComponentHostService with arguments ""
in order to run the server:
{CC6F4D12-8575-4CFF-9455-CF5774AEB13B}


Microsoft Office Sessions:
=========================
Error: (03/18/2014 03:20:35 PM) (Source: Application Error)(User: )
Description: wzcsldr2.exe1.0.10.7034msvcrt.dll7.0.2600.551200036edf

Error: (03/18/2014 08:02:41 AM) (Source: Application Error)(User: )
Description: ANIWZCSdS.exe1.0.3.7034user32.dll5.1.2600.551200014acd

Error: (02/28/2014 07:27:13 PM) (Source: Application Hang)(User: )
Description: winpatrol.exe26.0.2013.0hungapp0.0.0.000000000

Error: (02/27/2014 03:59:07 PM) (Source: crypt32)(User: )
Description: http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txtThis operation returned because the timeout period expired.

Error: (02/20/2014 04:07:04 PM) (Source: Application Error)(User: )
Description: wzcsldr2.exe1.0.10.7034anioapi.dll2.0.3.51006000031a8

Error: (02/16/2014 11:10:22 PM) (Source: Application Error)(User: )
Description: wzcsldr2.exe1.0.10.7034anioapi.dll2.0.3.51006000031a8

Error: (02/16/2014 06:26:01 AM) (Source: Application Hang)(User: )
Description: explorer.exe6.0.2900.5512hungapp0.0.0.000000000

Error: (02/15/2014 04:27:20 PM) (Source: Application Error)(User: )
Description: 0.0.0.0unknown0.0.0.000000000

Error: (02/15/2014 04:23:39 PM) (Source: Application Error)(User: )
Description: wzcsldr2.exe1.0.10.7034mfc42.dll6.2.8081.000001968

Error: (02/15/2014 01:52:11 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 7937


==================== Memory info ===========================

Percentage of memory in use: 36%
Total physical RAM: 2045.23 MB
Available physical RAM: 1292.17 MB
Total Pagefile: 3940.94 MB
Available Pagefile: 3166.48 MB
Total Virtual: 2047.88 MB
Available Virtual: 1953.2 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.75 GB) (Free:329.8 GB) NTFS ==>[Drive with boot components (Windows XP)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows XP) (Size: 466 GB) (Disk ID: DB6FDB6F)

Partition: GPT Partition Type.

==================== End Of Log ============================



#4 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:56 AM

Posted 23 March 2014 - 10:46 AM

1.

Download attached fixlist.txt file and save it to the Desktop.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

Attached File  fixlist.txt   961bytes   2 downloads

 

 

2.

Please download Malwarebytes Anti-Malware mbamicontw5.gif and save it to your desktop.

  • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.
  • Double-click on the renamed file to install, then follow these instructions for doing a Quick Scan in normal mode.
  • Don't forget to check for database definition updates through the program's interface (preferable method) before scanning.
  • If you cannot update Malwarebytes or use the Internet to download any files to the infected computer, manually update the database by following the instructions in FAQ Section A: 4. Issues.


Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

  • After completing the scan, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab .
  • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
  • Exit Malwarebytes when done.


Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.

-- Some types of malware will target Malwarebytes and other security tools to keep them from running properly. If that's the case, use Malwarebytes Chameleon and follow the onscreen instructions. The Chameleon folder can be accessed by opening the program folder for Malwarebytes Anti-Malware (normally C:\Program Files\Malwarebytes' Anti-Malware or C:\Program Files (x86)\Malwarebytes' Anti-Malware).

 

 

3.

 ESET Online Scanner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan. You will however need to disable your current installed Anti-Virus, how to do so can be read here.

  • Please go >>HERE<< then click on: ESET1st.jpg

    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on the ESETexe.jpg icon to install.

    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.
  • Select the option YES, I accept the Terms of Use then click on: ESETsave.jpg
  • When prompted allow the Add-On/Active X to install.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
  • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology
  • Now click on: EOLS3.gif
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed make sure you first copy the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt
  • Copy and paste that log as a reply to this topic.
  • Now click on: EOLS4.gif
    (Selecting Uninstall application on close if you so wish)

 

 

Things to include in your next reply::

Fixlist.txt

MBAM log

Eset log

How is the machine running now?


" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#5 straubes

straubes
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gold Coast Australia
  • Local time:12:56 AM

Posted 26 March 2014 - 06:30 PM

Hey Fireman,

 

Not sure what happened but thought i had replied.  oh well

 

Machine running well speed is ok and no redirection going straight to mozilla/google.

 

 

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 13-03-2014  01
Ran by craig at 2014-03-27 06:15:24 Run:2
Running from C:\Documents and Settings\craig\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
HKU\S-1-5-21-790525478-1292428093-839522115-1004\...\Run: [ASRockIES] - [X]
HKU\S-1-5-21-790525478-1292428093-839522115-1004\...\Run: [News.net] - C:\Program Files\News.net\BreakingNews\DesktopContainer.exe
SearchScopes: HKLM - DefaultScope value is missing.
CHR DefaultSearchProvider: Conduit Search
C:\Documents and Settings\craig\Local Settings\Temp\binkw32.dll
C:\Documents and Settings\craig\Local Settings\Temp\d2l_Install.exe
C:\Documents and Settings\craig\Local Settings\Temp\Quarantine.exe
C:\Documents and Settings\zoe\Local Settings\Temp\radDC477.tmp_update.exe
C:\Documents and Settings\zoe\Local Settings\Temp\SCC.dll
C:\Documents and Settings\zoe\Local Settings\Temp\tbedrs.dll
C:\Documents and Settings\zoe\Local Settings\Temp\uninst1.exe
C:\Documents and Settings\zoe\Local Settings\Temp\utt218.tmp.exe
C:\Documents and Settings\zoe\Local Settings\Temp\utt2A1.tmp.exe
C:\Documents and Settings\zoe\Local Settings\Temp\utt81.tmp.exe
*****************

HKU\S-1-5-21-790525478-1292428093-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockIES => Value not found.
HKU\S-1-5-21-790525478-1292428093-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\News.net => Value not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
CHR DefaultSearchProvider: Conduit Search ==> The Chrome "Settings" can be used to fix the entry.
C:\Documents and Settings\craig\Local Settings\Temp\binkw32.dll => Moved successfully.
"C:\Documents and Settings\craig\Local Settings\Temp\d2l_Install.exe" => File/Directory not found.
"C:\Documents and Settings\craig\Local Settings\Temp\Quarantine.exe" => File/Directory not found.
"C:\Documents and Settings\zoe\Local Settings\Temp\radDC477.tmp_update.exe" => File/Directory not found.
"C:\Documents and Settings\zoe\Local Settings\Temp\SCC.dll" => File/Directory not found.
"C:\Documents and Settings\zoe\Local Settings\Temp\tbedrs.dll" => File/Directory not found.
"C:\Documents and Settings\zoe\Local Settings\Temp\uninst1.exe" => File/Directory not found.
"C:\Documents and Settings\zoe\Local Settings\Temp\utt218.tmp.exe" => File/Directory not found.
"C:\Documents and Settings\zoe\Local Settings\Temp\utt2A1.tmp.exe" => File/Directory not found.
"C:\Documents and Settings\zoe\Local Settings\Temp\utt81.tmp.exe" => File/Directory not found.

==== End of Fixlog ====

 

 

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2014.03.26.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
craig :: HOME-752E39F646 [administrator]

27/03/2014 6:20:08 AM
mbam-log-2014-03-27 (06-20-08).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 417783
Time elapsed: 48 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser\{7473B6BD-4691-4744-A82B-7854EB3D70B6} (PUP.Optional.UTorrentControl.A) -> Data:  -> Quarantined and deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\ShellBrowser|{7473B6BD-4691-4744-A82B-7854EB3D70B6} (PUP.Optional.UTorrentControl.A) -> Data: ½¶st‘FDG¨+xTë=p¶ -> Quarantined and deleted successfully.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
 

 

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ac0beb90ec39904e81e7438ba01eaa40
# engine=17570
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-23 09:50:36
# local_time=2014-03-24 07:50:36 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 77 5286113 8152840 0 0
# scanned=94793
# found=15
# cleaned=0
# scan_time=3623
sh=874041934D3F38F4DC84C05A21455C4D6234BCF3 ft=1 fh=dd02e02001e296e8 vn="Win32/Toolbar.Montiera.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\Extensions\ffxtlbr@delta.com\uninstall.exe.vir"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Documents and Settings\All Users\Application Data\InstallMate\{1E1140A0-01E4-4F35-ADDE-49C6C5F26256}\Custom.dll"
sh=17EAAC805004F50029F32A5E5BA5BA0D9C251FB7 ft=1 fh=9673574e3762d059 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Documents and Settings\craig\My Documents\ApnStub1.exe"
sh=E419D6E26B04E51F482D532C2AD31824CA23249B ft=1 fh=20406d1d69c66566 vn="a variant of Win32/Complitly.A potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\70.tmp"
sh=1C32DE0B70FA16C936FDB283E9C59F52F2AA26AD ft=1 fh=c71c0011cc4fdd54 vn="a variant of Win32/Toolbar.Babylon.W potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\5AD8C724-BAB0-7891-9854-6569726F8D7C\Latest\enhancedNT.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\5AD8C724-BAB0-7891-9854-6569726F8D7C\Latest\IEHelper.dll"
sh=2D0000C9A100CA66A01090D2B306AB0A5DA5DF75 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Babylon.Q potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\C77A76EA-BAB0-7891-8054-86649DA10669\Latest\BabylonChrome1.crx"
sh=44EC4F5732CBB9B1CE737F4DB758177281C18525 ft=1 fh=2e168bc2daf70d29 vn="a variant of Win32/Toolbar.Babylon.W potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\C77A76EA-BAB0-7891-8054-86649DA10669\Latest\enhancedNT.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\C77A76EA-BAB0-7891-8054-86649DA10669\Latest\IEHelper.dll"
sh=B7BCAF66B2BB0CA2EE89D16A94A4D4C4BB1CE025 ft=1 fh=9dabbe262182f2d2 vn="a variant of Win32/Toolbar.Babylon.V potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\C77A76EA-BAB0-7891-8054-86649DA10669\Latest\MntrDLLInstall.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Documents and Settings\zoe\Local Settings\Temp\tbedrs.dll.xBAD"
sh=546E8A982A56E3BCE62FF261E009EB1D155F6595 ft=1 fh=34e04396e1b1fa5c vn="a variant of Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Documents and Settings\zoe\Local Settings\Temp\utt81.tmp.exe.xBAD"
sh=BB5BC11F0B4F80EC2AB39F55DAC03124F1DD5972 ft=1 fh=10088254fe506fec vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\WINDOWS\Installer\MSI255.tmp"
sh=BB5BC11F0B4F80EC2AB39F55DAC03124F1DD5972 ft=1 fh=10088254fe506fec vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\WINDOWS\Installer\MSI5.tmp"
sh=BB5BC11F0B4F80EC2AB39F55DAC03124F1DD5972 ft=1 fh=10088254fe506fec vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\WINDOWS\Installer\MSIA.tmp"
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=ac0beb90ec39904e81e7438ba01eaa40
# engine=17636
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2014-03-26 11:02:50
# local_time=2014-03-27 09:02:50 (+1000, E. Australia Standard Time)
# country="Australia"
# lang=1033
# osver=5.1.2600 NT Service Pack 3
# compatibility_mode=774 16777213 85 77 5549647 8416374 0 0
# scanned=95096
# found=15
# cleaned=0
# scan_time=3652
sh=874041934D3F38F4DC84C05A21455C4D6234BCF3 ft=1 fh=dd02e02001e296e8 vn="Win32/Toolbar.Montiera.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Documents and Settings\zoe\Application Data\Mozilla\Firefox\Profiles\wiusdmjd.default\Extensions\ffxtlbr@delta.com\uninstall.exe.vir"
sh=B84DA289FA8BEC345109AC49E4EC6754179EFC49 ft=1 fh=c71c001198f425ea vn="Win32/InstalleRex.M potentially unwanted application" ac=I fn="C:\Documents and Settings\All Users\Application Data\InstallMate\{1E1140A0-01E4-4F35-ADDE-49C6C5F26256}\Custom.dll"
sh=17EAAC805004F50029F32A5E5BA5BA0D9C251FB7 ft=1 fh=9673574e3762d059 vn="a variant of Win32/Bundled.Toolbar.Ask.E potentially unsafe application" ac=I fn="C:\Documents and Settings\craig\My Documents\ApnStub1.exe"
sh=E419D6E26B04E51F482D532C2AD31824CA23249B ft=1 fh=20406d1d69c66566 vn="a variant of Win32/Complitly.A potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\70.tmp"
sh=1C32DE0B70FA16C936FDB283E9C59F52F2AA26AD ft=1 fh=c71c0011cc4fdd54 vn="a variant of Win32/Toolbar.Babylon.W potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\5AD8C724-BAB0-7891-9854-6569726F8D7C\Latest\enhancedNT.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\5AD8C724-BAB0-7891-9854-6569726F8D7C\Latest\IEHelper.dll"
sh=2D0000C9A100CA66A01090D2B306AB0A5DA5DF75 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Babylon.Q potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\C77A76EA-BAB0-7891-8054-86649DA10669\Latest\BabylonChrome1.crx"
sh=44EC4F5732CBB9B1CE737F4DB758177281C18525 ft=1 fh=2e168bc2daf70d29 vn="a variant of Win32/Toolbar.Babylon.W potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\C77A76EA-BAB0-7891-8054-86649DA10669\Latest\enhancedNT.dll"
sh=7759A3318DE2ABC3755EBB7F50322C6D586B5286 ft=1 fh=e3d39714b3bfb2a0 vn="Win32/Toolbar.Babylon.E potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\C77A76EA-BAB0-7891-8054-86649DA10669\Latest\IEHelper.dll"
sh=B7BCAF66B2BB0CA2EE89D16A94A4D4C4BB1CE025 ft=1 fh=9dabbe262182f2d2 vn="a variant of Win32/Toolbar.Babylon.V potentially unwanted application" ac=I fn="C:\Documents and Settings\zoe\Local Settings\Temp\C77A76EA-BAB0-7891-8054-86649DA10669\Latest\MntrDLLInstall.dll"
sh=92E84D2216A7763D580E42FA2493CCF67D0D0560 ft=1 fh=e8efc42494afd9f6 vn="a variant of Win32/Toolbar.Conduit.B potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Documents and Settings\zoe\Local Settings\Temp\tbedrs.dll.xBAD"
sh=546E8A982A56E3BCE62FF261E009EB1D155F6595 ft=1 fh=34e04396e1b1fa5c vn="a variant of Win32/Toolbar.Conduit potentially unwanted application" ac=I fn="C:\FRST\Quarantine\C\Documents and Settings\zoe\Local Settings\Temp\utt81.tmp.exe.xBAD"
sh=BB5BC11F0B4F80EC2AB39F55DAC03124F1DD5972 ft=1 fh=10088254fe506fec vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\WINDOWS\Installer\MSI255.tmp"
sh=BB5BC11F0B4F80EC2AB39F55DAC03124F1DD5972 ft=1 fh=10088254fe506fec vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\WINDOWS\Installer\MSI5.tmp"
sh=BB5BC11F0B4F80EC2AB39F55DAC03124F1DD5972 ft=1 fh=10088254fe506fec vn="a variant of Win32/Bundled.Toolbar.Ask.F potentially unsafe application" ac=I fn="C:\WINDOWS\Installer\MSIA.tmp"
 



#6 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:56 AM

Posted 26 March 2014 - 07:06 PM

Hello, straubes.
Congratulations! You now appear clean! :cool:

Are things running okay? Do you have any more questions?

System Still Slow?
You may wish to try StartupLite. Simply download this tool to your desktop and run it. It will explain any optional auto-start programs on your system, and offer the option to stop these programs from starting at startup. This will result in fewer programs running when you boot your system, and should improve preformance.
If that does not work, you can try the steps mentioned in Slow Computer/browser? Check Here First; It May Not Be Malware.

We Need to Clean Up Our Mess
  • Double click on adwcleaner.exe to run the tool.
  • Click on Uninstall.
  • Confirm with yes.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click OTC_Icon.jpg icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big CleanUp.jpg button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
Now you should Create a New Restore Point to prevent possible reinfection from an old one. Some of the malware you picked up could have been backed up, renamed and saved in System Restore. Since this is a protected directory your tools cannot access to delete these files, they sometimes can reinfect your system if you accidentally use an old restore point. Setting a new restore point AFTER cleaning your system will help prevent this and enable your computer to "roll-back" to a clean working state.

The easiest and safest way to do this is:
  • Go to Start > Programs > Accessories > System Tools and click "System Restore".
  • Choose the radio button marked "Create a Restore Point" on the first screen then click "Next". Give the R.P. a name, then click "Create". The new point will be stamped with the current date and time. Keep a log of this so you can find it easily should you need to use System Restore.
to remove all but the most recently created Restore Point.
  • Go to Start > Run and type: Cleanmgr
  • Click "Ok". Disk Cleanup will scan your files for several minutes, then open.
  • Click the "More Options" tab, then click the "Clean up" button under System Restore.
  • Click Ok. You will be prompted with "Are you sure you want to delete all but the most recent restore point?"
  • Click Yes, then click Ok.
  • Click Yes again when prompted with "Are you sure you want to perform these actions?"
  • Disk Cleanup will remove the files and close automatically. Vista and Windows 7 users can refer to these links: Create a New Restore Point in Vista or Windows 7 and Disk Cleanup in Vista.


    One of the most common questions found when cleaning malware is "how did my machine get infected?"

    There are a variety of reasons, but the most common ones are that you are not practicing Safe Internet, you are not running the proper security software or that your computer's security settings are set too low.

    Below I have outlined a series of categories that outline how you can increase the security of your computer to help reduce the chance of being infected again in the future.

    Do not use P2P programs
    Peer-to-peer or file-sharing programs (such as uTorrent, Limewire and Bitorrent) are probably the primary route of infection nowadays. These programs allow file sharing between users as the name(s) suggest. It is almost impossible to know whether the file you’re downloading through P2P programs is safe.

    It is therefore possible to be infected by downloading infected files via peer-to-peer programs and so I recommend that you do not use these programs. Should you wish to use them, they must be used with extreme care. Some further reading on this subject, along with included links, are as follows: "File-Sharing, otherwise known as Peer To Peer" and "Risks of File-Sharing Technology."

    In addition, P2P programs facilitate cyber crime and help distribute pirated software, movies and other illegal material.

    Practice Safe Internet
    Another one of the main reasons people get infected in the first place is that they are not practicing Safe Internet. You practice Safe Internet when you educate yourself on how to properly use the Internet through the use of security tools and good practice. Knowing how you can get infected and what types of files and sites to avoid will be the most crucial step in keeping your computer malware free. The reality is that the majority of people who are infected with malware are ones who click on things they shouldn't be clicking on. Whether these things are files or sites it doesn't really matter. If something is out to get you, and you click on it, it most likely will.

    Below are a list of simple precautions to take to keep your computer clean and running securely:
    • If you receive an attachment from someone you do not know, DO NOT OPEN IT! Simple as that. Opening attachments from people you do not know is a very common method for viruses or worms to infect your computer.
    • If you receive an attachment and it ends with a .exe, .com, .bat, or .pif do not open the attachment unless you know for a fact that it is clean. For the casual computer user, you will almost never receive a valid attachment of this type.
    • If you receive an attachment from someone you know, and it looks suspicious, then it probably is. The email could be from someone you know who is themselves infected with malware which is trying to infect everyone in their address book. A key thing to look out for here is: does the email sound as though it’s from the person you know? Often, the email may simply have a web link or a “Run this file to make your PC run fast” message in it.
    • If you are browsing the Internet and a popup appears saying that you are infected, ignore it!. These are, as far as I am concerned, scams that are being used to scare you into purchasing a piece of software. For an example of these types of pop-ups, or Foistware, you should read this article: Foistware, And how to avoid it.
      There are also programs that disguise themselves as Anti-Spyware or security products but are instead scams. Removal instructions for a lot of these "rogues" can be found here.
    • Another tactic to fool you on the web is when a site displays a popup that looks like a normal Windows message or alert. When you click on them, though, they instead bring you to another site that is trying to push a product on you, or will download a file to your PC without your knowledge. You can check to see if it's a real alert by right-clicking on the window. If there is a menu that comes up saying Add to Favorites... you know it's a fake. DO NOT click on these windows, instead close them by finding the open window on your Taskbar, right click and chose close.
    • Do not visit pornographic websites. I know this may bother some of you, but the fact is that a large amount of malware is pushed through these types of sites. I am not saying all adult sites do this, but a lot do, as this can often form part of their funding.
    • When using an Instant Messaging program be cautious about clicking on links people send to you. It is not uncommon for infections to send a message to everyone in the infected person's contact list that contains a link to an infection. Instead when you receive a message that contains a link you should message back to the person asking if it is legit.
    • Stay away from Warez and Crack sites! As with Peer-2-Peer programs, in addition to the obvious copyright issues, the downloads from these sites are typically overrun with infections.
    • Be careful of what you download off of web sites and Peer-2-Peer networks. Some sites disguise malware as legitimate software to trick you into installing them and Peer-2-Peer networks are crawling with it. If you want to download files from a site, and are not sure if they are legitimate, you can use tools such as BitDefender Traffic Light, Norton Safe Web, or McAfee SiteAdvisor to look up info on the site and stay protected against malicious sites. Please be sure to only choose and install one of those tool bars.
    • DO NOT INSTALL any software without first reading the End User License Agreement, otherwise known as the EULA. A tactic that some developers use is to offer their software for free, but have spyware and other programs you do not want bundled with it. This is where they make their money. By reading the agreement there is a good chance you can spot this and not install the software.
      Sometimes even legitimate programs will try to bundle extra, unwanted, software with the program you want - this is done to raise money for the program. Be sure to untick any boxes which may indicate that other programs will be downloaded.
    Keep Windows up-to-date
    Microsoft continually releases security and stability updates for its supported operating systems and you should always apply these to help keep your PC secure.
    • Windows XP users
      You should visit Windows Update to check for the latest updates to your system. The latest service pack (SP3) can be obtained directly from Microsoft here.
    • Windows Vista users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP2) can be obtained directly from Microsoft here.
    • Windows 7 users
      You should run the Windows Update program from your start menu to access the latest updates to your operating system (information can be found here). The latest service pack (SP1) can be obtained directly from Microsoft here
    Keep your browser secure
    Most modern browsers have come on in leaps and bounds with their inbuilt, default security. The best way to keep your browser secure nowadays is simply to keep it up-to-date.

    The latest versions of the three common browsers can be found below:Use an AntiVirus Software
    It is very important that your computer has an up-to-date anti-virus software on it which has a real-time agent running. This alone can save you a lot of trouble with malware in the future.
    See this link for a listing of some online & their stand-alone antivirus programs: Virus, Spyware, and Malware Protection and Removal Resources, a couple of free Anti-Virus programs you may be interested in are Microsoft Security Essentials and Avast.

    It is imperative that you update your Antivirus software at least once a week (even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.

    Use a Firewall
    I can not stress how important it is that you use a Firewall on your computer. Without a firewall your computer is susceptible to being hacked and taken over. Simply using a Firewall in its default configuration can lower your risk greatly.

    All versions of Windows starting from XP have an in-built firewall. With Windows XP this firewall will protect you from incoming traffic (i.e. hackers). Starting with Windows Vista, the firewall was beefed up to also protect you against outgoing traffic (i.e. malicious programs installed on your machine should be blocked from sending data, such as your bank details and passwords, out).

    In addition, if you connect to the internet via a router, this will normally have a firewall in-built.

    Some people will recommend installing a different firewall (instead of the Windows’ built one), this is personal choice, but the message is to definitely have one! For a tutorial on Firewalls and a listing of some available ones see this link: Understanding and Using Firewalls

    Install an Anti-Malware program
    Recommended, and free, Anti-Malware programs are Malwarebytes Anti-Malware and SuperAntiSpyware.

    You should regularly (perhaps once a week) scan your computer with an Anti-Malware program just as you would with an antivirus software.

    Make sure your applications have all of their updates
    It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is very important to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities (such as Adobe Reader and Java). You can check these by visiting Secunia Software Inspector.

    Follow this list and your potential for being infected again will reduce dramatically.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif


#7 straubes

straubes
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Gold Coast Australia
  • Local time:12:56 AM

Posted 26 March 2014 - 07:54 PM

Hey Fireman,

 

Have completed clean up tasks and would just like to say thanks once again.



#8 fireman4it

fireman4it

    Bleepin' Fireman


  • Malware Response Team
  • 13,505 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Greenup, Ill USA
  • Local time:09:56 AM

Posted 27 March 2014 - 09:42 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

" Extinguishing Malware from the world"

The Virus, Trojan, Spyware, and Malware Removal forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.

ALL OTHER HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
Thanks-


  userbar_eis_500.gif

If I have helped you, consider making a donation to help me continue the fight against Malware! Just click btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users