Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Dad's laptop has some malwares, may includes Search Protect


  • Please log in to reply
10 replies to this topic

#1 loveleeyoungae

loveleeyoungae

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 10 September 2014 - 07:37 AM

Hi,

 

My dad complained about his slow lap yesterday, so I took a quick check and uninstalled a bunch of apps which may not be malwares but unwanted programs. I also noticed a tray icon showed "Search Protect" and it is not listed in "Programs & Features".

 

So, today, because I forgot to notice him, he managed to manually delete any folders that have "search protect"!  Of course, I don't think it's the right way, so I'm posting here to ask for your help. Thanks in advance :)

 

FYI: HTKK is a tax program. I've uninstalled Avira before running DDS.com (as I think it's useless).

Below is the DDS log. The ATTACH log is attached.

-------------------------------------------------------------------

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16447
Run by Inspiron at 19:17:24 on 2014-09-10
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.1.1033.18.4003.2822 [GMT 7:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe
C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\System32\svchost.exe -k HPZ12
c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SWIService.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe
C:\Program Files\DellTPad\Apoint.exe
D:\WAREZ\Unikey\UniKeyNT.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\DellTPad\HidFind.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Windows\system32\msiexec.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.istartsurf.com/?type=hp&ts=1410266768&from=epom&uid=WDCXWD6400BPVT-75HXZT3_WD-WXH1A615377253772
uWindow Title = Windows Internet Explorer provided by Yahoo!
uSearch Page = hxxp://www.toggle.com/en/index.php?rvs=google
uDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=1410266768&from=epom&uid=WDCXWD6400BPVT-75HXZT3_WD-WXH1A615377253772
mStart Page = about:blank
mSearch Page = about:blank
mDefault_Page_URL = about:blank
mDefault_Search_URL = about:blank
uURLSearchHooks: {038cb5c7-48ea-4af9-94e0-a1646542e62b} - <orphaned>
uURLSearchHooks: {37483b40-c254-4a72-bda4-22ee90182c1e} - <orphaned>
uURLSearchHooks: {f999a48b-1950-4d81-9971-79018f807b4b} - <orphaned>
mWinlogon: Userinit = userinit.exe
BHO: AutorunsDisabled - <orphaned>
BHO: {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - <orphaned>
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: CIESpeechBHO Class: {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
uRun: [UniKey] D:\WAREZ\Unikey\UniKeyNT.exe
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [Facebook Update] "C:\Users\Inspiron\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [APISupport] "C:\Windows\SysWOW64\Rundll32.exe" "C:\Users\Inspiron\AppData\Local\Conduit\APISupport\APISupport.dll",DLLRunAPISupport
uRun: [NextLive] C:\Windows\SysWOW64\rundll32.exe "C:\Users\Inspiron\AppData\Roaming\newnext.me\nengine.dll",EntryPoint -m l
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
mRun: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
StartupFolder: C:\Users\Inspiron\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Download all links with IDM - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
IE: Download with IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {7815BE26-237D-41A8-A98F-F7BD75F71086} - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} - hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
TCP: NameServer = 192.168.3.1
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C} : NameServer = 8.8.8.8
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C} : DHCPNameServer = 192.168.3.1
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\14E64627F696461405 : NameServer = 8.8.8.8
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\14E64627F696461405 : DHCPNameServer = 192.168.43.1
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\34660284F69602E476F60223 : NameServer = 8.8.8.8
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\34660284F69602E476F60223 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\4527F6E67602C416D6 : NameServer = 8.8.8.8
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\4527F6E67602C416D6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\6525A4F57457563747 : NameServer = 8.8.8.8
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\6525A4F57457563747 : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\7457563747 : NameServer = 8.8.8.8
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\7457563747 : DHCPNameServer = 192.168.4.26 192.168.3.23
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\849616C6F6 : NameServer = 8.8.8.8
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\849616C6F6 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\E48616348696C496E686 : NameServer = 8.8.8.8
TCP: Interfaces\{065C5A87-59B7-4C52-B459-471B1FA3255C}\E48616348696C496E686 : DHCPNameServer = 192.168.2.1
TCP: Interfaces\{47417831-BBCF-42DC-9984-21674FA70338} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{5D8CCDF8-CCA1-436A-BF02-07DC002028AA} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{D91F4DBF-2366-4113-965D-B4B2DBA47721} : DHCPNameServer = 10.0.0.1
TCP: Interfaces\{F6915F51-6E81-4FF8-A2B0-957525FEA59E} : DHCPNameServer = 192.168.1.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\37.0.2062.103\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-mStart Page = about:blank
x64-mSearch Page = about:blank
x64-mDefault_Page_URL = about:blank
x64-mDefault_Search_URL = about:blank
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - LocalServer32 - <no file>
x64-Run: [IgfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [NVHotkey] rundll32.exe C:\Windows\System32\nvHotkey.dll,Start
x64-Run: [QuickSet] C:\Program Files\Dell\QuickSet\QuickSet.exe
x64-Run: [AtherosBtStack] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe"
x64-Run: [AthBtTray] "C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AthBtTray.exe"
x64-Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - <orphaned>
x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab
x64-DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-mASetup: {A509B1FF-37FF-4bFF-8CFF-4F3A747040FF} - C:\Windows\System32\rundll32.exe C:\Windows\System32\advpack.dll,LaunchINFSectionEx C:\Program Files\Internet Explorer\clrtour.inf,DefaultInstall.ResetTour,,12
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\
FF - prefs.js: browser.search.selectedEngine - istartsurf
FF - prefs.js: browser.startup.homepage - hxxp://www.istartsurf.com/?type=hp&ts=1410266768&from=epom&uid=WDCXWD6400BPVT-75HXZT3_WD-WXH1A615377253772
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=UP97DF&PC=UP97&q=
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\4.0.60310.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npdf.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitroie.dll
FF - plugin: C:\Program Files (x86)\Nitro\Reader 3\npnitromozilla.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll
FF - plugin: C:\Users\Inspiron\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll
FF - plugin: C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}\plugins\npFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_145.dll
FF - ExtSQL: 2014-07-24 14:45; firefox-hotfix@mozilla.org; C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\firefox-hotfix@mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 nvpciflt;nvpciflt;C:\Windows\System32\drivers\nvpciflt.sys [2011-9-26 25960]
R2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Ath_CoexAgent.exe [2011-5-20 146592]
R2 AtherosSvc;AtherosSvc;C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe [2011-5-20 80032]
R2 IDMWFP;IDMWFP;C:\Windows\System32\drivers\idmwfp.sys [2014-2-21 175480]
R2 NitroReaderDriverReadSpool3;NitroPDFReaderDriverCreatorReadSpool3;C:\Program Files\Common Files\Nitro\Reader\3.0\NitroPDFReaderDriverService3x64.exe [2013-3-26 230416]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2011-9-24 68928]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-4-21 378472]
R2 SwiService;Sierra Wireless Service;C:\Program Files (x86)\Sierra Wireless Inc\QMIPackage\Utils\SwiService.exe [2012-1-13 152944]
R2 TeamViewer6;TeamViewer 6;C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2012-7-16 2416040]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2011-9-26 2655768]
R3 BTATH_BUS;Atheros Bluetooth Bus;C:\Windows\System32\drivers\btath_bus.sys [2011-5-20 29344]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-12-10 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-12-10 181248]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-9-26 406632]
R3 teamviewervpn;TeamViewer VPN Adapter;C:\Windows\System32\drivers\teamviewervpn.sys [2011-9-26 35112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 globalUpdate;globalUpdate Update Service (globalUpdate);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-9-9 68608]
S2 mglupdate;Maxiget Update Service (mglupdate);C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe [2014-9-9 131480]
S3 AthBTPort;Atheros Virtual Bluetooth Class;C:\Windows\System32\drivers\btath_flt.sys [2011-5-20 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;C:\Windows\System32\drivers\btath_a2dp.sys [2011-5-20 298656]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;C:\Windows\System32\drivers\btath_hcrp.sys [2011-5-20 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;C:\Windows\System32\drivers\btath_lwflt.sys [2011-5-20 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;C:\Windows\System32\drivers\btath_rcp.sys [2011-5-20 154272]
S3 BtFilter;BtFilter;C:\Windows\System32\drivers\btfilter.sys [2011-5-20 282272]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2011-4-12 71168]
S3 globalUpdatem;globalUpdate Update Service (globalUpdatem);C:\Program Files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-9-9 68608]
S3 mglupdatem;Maxiget Update Service (mglupdatem);C:\Program Files (x86)\Maxiget\Updater\MaxigetUpdater.exe [2014-9-9 131480]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-26 250984]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2011-4-12 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2011-4-12 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2011-4-12 117248]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-11-16 1255736]
.
=============== File Associations ===============
.
FileExt: .txt: UltraEdit.txt - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
FileExt: .ini: UltraEdit.ini - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
FileExt: .js: UltraEdit.js - HKCR\Unknown\Shell=C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,OpenAs_RunDLL %1 [UserChoice] [default=openas]
.
=============== Created Last 30 ================
.
2014-09-09 12:46:36    --------    d-----w-    C:\Users\Inspiron\AppData\Local\MaxiGet Download Manager
2014-09-09 12:45:40    --------    d-----w-    C:\Users\Inspiron\AppData\Local\globalUpdate
2014-09-09 12:45:40    --------    d-----w-    C:\Program Files (x86)\globalUpdate
2014-09-09 12:45:33    --------    d-----w-    C:\Program Files (x86)\SmartSaver+ 15
2014-09-09 12:45:08    --------    d-----w-    C:\ProgramData\WindowsMangerProtect
2014-09-09 12:43:49    --------    d-----w-    C:\Program Files (x86)\Maxiget
2014-09-07 21:00:18    --------    d-----w-    C:\Users\Inspiron\AppData\Local\Adobe
2014-08-24 23:51:16    --------    d-----w-    C:\Users\Inspiron\AppData\Local\WMTools Downloaded Files
2014-08-24 23:39:18    --------    d-----w-    C:\Program Files (x86)\PhotoFilmStrip
2014-08-24 07:37:00    --------    d-----w-    C:\ProgramData\374311380
2014-08-24 07:29:45    --------    d-----w-    C:\Users\Inspiron\AppData\Roaming\GiliSoft
2014-08-24 06:59:20    --------    d-----w-    C:\Program Files (x86)\Common Files\Windows Live
2014-08-24 05:23:36    --------    d-----w-    C:\Users\Inspiron\AppData\Roaming\AVG
2014-08-24 05:23:36    --------    d-----w-    C:\Users\Inspiron\AppData\Local\AVG
2014-08-24 05:22:27    --------    d-----w-    C:\ProgramData\AVG
2014-08-24 05:22:20    --------    d-sh--w-    C:\ProgramData\{01BD4FC9-2F86-4706-A62E-774BB7E9D308}
2014-08-24 05:22:06    --------    d-----w-    C:\Users\Inspiron\AppData\Local\4kdownload.com
2014-08-24 01:23:56    --------    d-----w-    C:\Program Files (x86)\Photodex
2014-08-23 10:10:23    --------    d-----w-    C:\Program Files (x86)\Photodex Presenter
2014-08-23 10:05:40    --------    d-----w-    C:\Users\Inspiron\AppData\Roaming\Photodex
2014-08-23 10:05:39    --------    d-----w-    C:\ProgramData\Photodex
2014-08-23 10:04:59    --------    d-----w-    C:\Program Files (x86)\laban
2014-08-23 10:04:58    --------    d-----w-    C:\Users\Inspiron\AppData\Local\laban
2014-08-23 10:04:52    --------    d-----w-    C:\tempz
.
==================== Find3M  ====================
.
2014-09-10 00:48:11    701104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2014-09-10 00:48:10    71344    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-09 17:03:00    2828    --sha-w-    C:\ProgramData\KGyGaAvL.sys
.
============= FINISH: 19:18:13.06 ===============
 

Attached Files


Edited by loveleeyoungae, 10 September 2014 - 07:52 AM.


BC AdBot (Login to Remove)

 


#2 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:25 PM

Posted 12 September 2014 - 04:53 PM

hi,

 

Your log is afew days old. If you still need help, simply reply back.


How Can I Reduce My Risk to Malware?


#3 loveleeyoungae

loveleeyoungae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 14 September 2014 - 11:15 AM

hi,

 

Your log is afew days old. If you still need help, simply reply back.

Hi, I'm patiently waiting as stated in your guideline (or actually, because the laptop seems not to be terribly slow anymore, so we don't hush :). So, yes I still need help, since I still see some issues here and there.

 

I feel there aren't many threats left. Hope we can get a quick solution soon. Thanks :)



#4 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:25 PM

Posted 14 September 2014 - 02:19 PM

HI,

 

Ok. Do you have a resident antivirus app installed on the machine? Windows Defender is a antispyware,  not a AV solution. I see AVG but that looks like just some leftovers from a uninstall. There are several free AV available if you need one.

 

Run adaware for the search protect:

 

Please download AdwCleaner to your desktop.
Double click on AdwCleaner.exe, accept the discalimer
Click on Scan, once the scan is done click on Clean

Machine may reboot to finish the removal process

Upon reboot it will display a log that you can copy/paste in your reply
  
http://www.bleepingcomputer.com/download/adwcleaner/

 

Also suggest you install the free version of Malwarebytes and use it as another antimalware app.

Very easy to use, just remember the free version must be updated manually and a scan started manually. It dosnt run in the

background.https://www.bleepingcomputer.com/download/malwarebytes-anti-malware/

 

 


How Can I Reduce My Risk to Malware?


#5 loveleeyoungae

loveleeyoungae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 14 September 2014 - 08:08 PM

HI,

 

Ok. Do you have a resident antivirus app installed on the machine? Windows Defender is a antispyware,  not a AV solution. I see AVG but that looks like just some leftovers from a uninstall. There are several free AV available if you need one.

 

Yes, as I said in the 1st post, I think AVG is quite slow and not so useful. But if you recommend it, I'll reinstall it. Here are the logs for the 2 programs you told me to run (Malwarebytes crashed when I exported the log, so I browsed to its log folder)

 

ADWCleaner Log:

# AdwCleaner v3.310 - Report created 15/09/2014 at 06:29:24
# Updated 12/09/2014 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (64 bits)
# Username : Inspiron - INSPIRON-PC
# Running from : C:\Users\Inspiron\Desktop\adwcleaner_3.310.exe
# Option : Clean
 
***** [ Services ] *****
 
[#] Service Deleted : globalUpdate
[#] Service Deleted : globalUpdatem
 
***** [ Files / Folders ] *****
 
Folder Deleted : C:\ProgramData\374311380 
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\baidu
[#] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\DSearchLink
Folder Deleted : C:\ProgramData\NCH Software
Folder Deleted : C:\ProgramData\WindowsMangerProtect
Folder Deleted : C:\Program Files (x86)\globalUpdate
Folder Deleted : C:\Program Files (x86)\Mobogenie
Folder Deleted : C:\Program Files (x86)\NCH Software
Folder Deleted : C:\Program Files (x86)\registry mechanic
Folder Deleted : C:\Program Files (x86)\Smartdl
Folder Deleted : C:\Program Files (x86)\SmartSaver+ 15
Folder Deleted : C:\Users\Inspiron\AppData\Local\Bundled software uninstaller
Folder Deleted : C:\Users\Inspiron\AppData\Local\Conduit
Folder Deleted : C:\Users\Inspiron\AppData\Local\genienext
Folder Deleted : C:\Users\Inspiron\AppData\Local\globalUpdate
Folder Deleted : C:\Users\Inspiron\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Inspiron\AppData\Local\PackageAware
Folder Deleted : C:\Users\Inspiron\AppData\Local\torch
Folder Deleted : C:\Users\Inspiron\AppData\LocalLow\baidu
Folder Deleted : C:\Users\Inspiron\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Inspiron\AppData\LocalLow\DataMngr
Folder Deleted : C:\Users\Inspiron\AppData\LocalLow\Delta
Folder Deleted : C:\Users\Inspiron\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\baidu
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\dvdvideosoftiehelpers
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\NCH Software
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\OpenCandy
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\Inspiron\Documents\Mobogenie
Folder Deleted : C:\Users\Inspiron\Documents\Optimizer Pro
Folder Deleted : C:\Users\Inspiron\Documents\PC Speed Maximizer
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\ConduitCommon
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\Smartbar
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\ValueApps
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\WinampToolbarData
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\CT2801948
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\CT1561552
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\CT2737658
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\Extensions\{0B38152B-1B20-484D-A11F-5E04A9B0661F}
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\Extensions\engine@conduit.com
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\Extensions\faststartff@gmail.com
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\Extensions\{038cb5c7-48ea-4af9-94e0-a1646542e62b}
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\Extensions\{37483b40-c254-4a72-bda4-22ee90182c1e}
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\Extensions\{c95a4e8e-816d-4655-8c79-d736da1adb6d}
Folder Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\Extensions\{f999a48b-1950-4d81-9971-79018f807b4b}
Folder Deleted : C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Folder Deleted : C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma
Folder Deleted : C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\ikloigadafpfgepigfclhbfehilnljkg
Folder Deleted : C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe
File Deleted : C:\Users\Inspiron\AppData\Local\CRE\ikloigadafpfgepigfclhbfehilnljkg.crx
File Deleted : C:\Users\Inspiron\AppData\Local\CRE\pmcmflmkceipgecmhoddphflfndnfbbe.crx
File Deleted : C:\END
File Deleted : C:\Users\Inspiron\daemonprocess.txt
File Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\invalidprefs.js
File Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\searchplugins\bingp.xml
File Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\searchplugins\delta.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\istartsurf.xml
File Deleted : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Search_Results.xml
 
***** [ Scheduled Tasks ] *****
 
Task Deleted : globalUpdateUpdateTaskMachineCore
Task Deleted : globalUpdateUpdateTaskMachineUA
Task Deleted : b557ee0b-37c3-4b40-a391-17a705dcb958-1
Task Deleted : b557ee0b-37c3-4b40-a391-17a705dcb958-11
Task Deleted : b557ee0b-37c3-4b40-a391-17a705dcb958-3
Task Deleted : b557ee0b-37c3-4b40-a391-17a705dcb958-4
Task Deleted : b557ee0b-37c3-4b40-a391-17a705dcb958-5
Task Deleted : b557ee0b-37c3-4b40-a391-17a705dcb958-5_user
Task Deleted : b557ee0b-37c3-4b40-a391-17a705dcb958-6
Task Deleted : b557ee0b-37c3-4b40-a391-17a705dcb958-7
 
***** [ Shortcuts ] *****
 
 
***** [ Registry ] *****
 
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{ACAA314B-EEBA-48E4-AD47-84E31C44796C}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [faststartff@gmail.com]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\aaaaabfjnbeinlpljodiajipidiompfl
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\bpegkgagfojjbcpkihigfmkojdmmimdf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ehgldbbpchgpcfagfpfjgoomddhccfgh
Key Deleted : HKCU\Software\Google\Chrome\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp
Key Deleted : HKCU\Software\Google\Chrome\Extensions\ikloigadafpfgepigfclhbfehilnljkg
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ikloigadafpfgepigfclhbfehilnljkg
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe
Key Deleted : HKCU\Software\Classes\iLivid.torrent
Key Deleted : HKCU\Software\Classes\pokki
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [APISupport]
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [NextLive]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMesh_V11_en_Setup.exe
Key Deleted : HKLM\SOFTWARE\Classes\Applications\iMeshV11.exe
Key Deleted : HKLM\SOFTWARE\Classes\driverscanner
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickCtrl.10
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.Update3WebControl.4
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc
Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0
Key Deleted : HKLM\SOFTWARE\Classes\iLivid.torrent
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\appshat-distribution_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabMaint_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\bi_client_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\biclient_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\LatestDLMgr_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Mobogenie_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyDeltaTB_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optimizerpro_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\optprostart_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_v5_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SupTab_v5_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancerService_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wpm_v20_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4
Key Deleted : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WindowsMangerProtect
Key Deleted : HKCU\Software\e57ded0b16abf46
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ultraedit-32_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_ultraedit-32_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CFC47BB5-5FB5-4AD0-8427-6AA04334A3FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E0ADB535-D7B5-4D8B-B15D-578BDD20D76A}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E69D4A59-73DE-4E38-9FB3-740EC4D9060D}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{377E5D4D-77E5-476A-8716-7E70A9272DA0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5645E0E7-FC12-43BF-A6E4-F9751942B298}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{C99FDC39-A1AE-4B24-8D71-E5274F8D7C54}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3408AC0D-510E-4808-8F7B-6B70B1F88534}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command
Data Restored : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\FIREFOX.EXE\shell\open\command
Key Deleted : HKCU\Software\BABSOLUTION
Key Deleted : HKCU\Software\BI
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\GlobalUpdate
Key Deleted : HKCU\Software\ilivid
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\InstalledBrowserExtensions
Key Deleted : HKCU\Software\Optimizer Pro
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\SupHpUISoft
Key Deleted : HKCU\Software\torch
Key Deleted : HKCU\Software\WEDLMNGR
Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}
Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}
Key Deleted : HKLM\SOFTWARE\Babylon
Key Deleted : HKLM\SOFTWARE\Conduit
Key Deleted : HKLM\SOFTWARE\DataMngr
Key Deleted : HKLM\SOFTWARE\GlobalUpdate
Key Deleted : HKLM\SOFTWARE\iLividSRTB
Key Deleted : HKLM\SOFTWARE\InstalledBrowserExtensions
Key Deleted : HKLM\SOFTWARE\istartsurfSoftware
Key Deleted : HKLM\SOFTWARE\supWindowsMangerProtect
Key Deleted : HKLM\SOFTWARE\torch
Key Deleted : HKLM\SOFTWARE\Uniblue
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\FLV Player
Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
 
***** [ Browsers ] *****
 
-\\ Internet Explorer v9.0.8112.16447
 
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
 
-\\ Mozilla Firefox v12.0 (en-GB)
 
[ File : C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\prefs.js ]
 
Line Deleted : user_pref("CT2801948.1000082.isPlayDisplay", "true");
Line Deleted : user_pref("CT2801948.1000082.state", "{\"state\":\"stopped\",\"text\":\"Virgin Ra...\",\"description\":\"Virgin Radio Classic Rock\",\"url\":\"hxxp://www.smgradio.com/core/audio/wmp/live.asx?service=v[...]
Line Deleted : user_pref("CT2801948.1000234.TWC_TMP_city", "HA NOI");
Line Deleted : user_pref("CT2801948.1000234.TWC_TMP_country", "VN");
Line Deleted : user_pref("CT2801948.1000234.TWC_country", "VIET NAM");
Line Deleted : user_pref("CT2801948.1000234.TWC_locId", "VMND0144");
Line Deleted : user_pref("CT2801948.1000234.TWC_location", "Nhan Hau Noi, 67, Vietnam");
Line Deleted : user_pref("CT2801948.1000234.TWC_region", "OT");
Line Deleted : user_pref("CT2801948.1000234.TWC_temp_dis", "c");
Line Deleted : user_pref("CT2801948.1000234.TWC_wind_dis", "kmh");
Line Deleted : user_pref("CT2801948.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.Facebook_Mode.enc", "Mg==");
Line Deleted : user_pref("CT2801948.Facebook_User_Locale.enc", "ZW4=");
Line Deleted : user_pref("CT2801948.Facebook_ctid_Connect_send_new.enc", "c2VuZGVk");
Line Deleted : user_pref("CT2801948.FirstTime", "true");
Line Deleted : user_pref("CT2801948.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2801948.RestartDialogFirstTime", "false");
Line Deleted : user_pref("CT2801948.RestartDialogShouldDisplay", "false");
Line Deleted : user_pref("CT2801948.SearchAppState.enc", "Mw==");
Line Deleted : user_pref("CT2801948.SearchAppTracking.enc", "MQ==");
Line Deleted : user_pref("CT2801948.UserID", "UN22894108560337112");
Line Deleted : user_pref("CT2801948.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2801948.appOptions", "{\"1000515\":{\"render\":true}}");
Line Deleted : user_pref("CT2801948.countryCode", "VN");
Line Deleted : user_pref("CT2801948.dum", "2");
Line Deleted : user_pref("CT2801948.embeddedsData", "[{\"appId\":\"129306881621438061\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2801948.enableAlerts", "always");
Line Deleted : user_pref("CT2801948.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2801948.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT2801948.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2801948.fullUserID", "UN22894108560337112.XP.20140531160749");
Line Deleted : user_pref("CT2801948.hxxps___facebook_conduitapps_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaW[...]
Line Deleted : user_pref("CT2801948.hxxps___facebook_tbccint_com.APP_WIN_FEATURES.enc", "cmVzaXphYmxlPTAsaHNjcm9sbD0wLHZzY3JvbGw9MCx0aXRsZWJhcj0xLGNsb3NlYnV0dG9uPTEsc2F2ZXJlc2l6ZWRzaXplPTAsb3BlbnBvc2l0aW9uPWFsaWdubW[...]
Line Deleted : user_pref("CT2801948.installType", "DirectDownload");
Line Deleted : user_pref("CT2801948.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2801948.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2801948.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://www.trovi.com/?gd=&ctid=CT2801948&octid=CT2801948&ISID=ISID_ID&SearchSource=15&CUI=UN22894108560337112&Lay=1&UM=1[...]
Line Deleted : user_pref("CT2801948.lastVersion", "10.33.0.517");
Line Deleted : user_pref("CT2801948.mam_gk_installer_preapproved.enc", "RkFMU0U=");
Line Deleted : user_pref("CT2801948.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2F%3Fstype%3Dlo%26jlou%3DAfelrGivmwf6No-_8MvfuvGGkdAqYd0OjDlMNGQqzpwfNLS6p[...]
Line Deleted : user_pref("CT2801948.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.performedDomainChangesMigration", "true");
Line Deleted : user_pref("CT2801948.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"BROWSER_COMPONENT\\\"]\"}");
Line Deleted : user_pref("CT2801948.revertSettingsEnabled", "true");
Line Deleted : user_pref("CT2801948.search.searchAppId", "129306881621438061");
Line Deleted : user_pref("CT2801948.search.searchCount", "0");
Line Deleted : user_pref("CT2801948.searchFromAddressBarEnabledByUser", "false");
Line Deleted : user_pref("CT2801948.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT2801948.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2801948.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT2801948.searchUninstallUserMode", "1");
Line Deleted : user_pref("CT2801948.searchUserMode", "1");
Line Deleted : user_pref("CT2801948.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2801948\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"string\",\"data\":\"hxxp://NCHEN.OurToolbar.com//xpi\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"NCH EN \"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2801948.serviceLayer_services_Configuration_lastUpdate", "1410618039701");
Line Deleted : user_pref("CT2801948.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1410618038188");
Line Deleted : user_pref("CT2801948.serviceLayer_services_appsMetadata_lastUpdate", "1410618038540");
Line Deleted : user_pref("CT2801948.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1409864673465");
Line Deleted : user_pref("CT2801948.serviceLayer_services_login_10.31.2.501_lastUpdate", "1404377574667");
Line Deleted : user_pref("CT2801948.serviceLayer_services_login_10.33.0.505_lastUpdate", "1408617533161");
Line Deleted : user_pref("CT2801948.serviceLayer_services_login_10.33.0.517_lastUpdate", "1410618038113");
Line Deleted : user_pref("CT2801948.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1409864673438");
Line Deleted : user_pref("CT2801948.serviceLayer_services_searchAPI_lastUpdate", "1410618038301");
Line Deleted : user_pref("CT2801948.serviceLayer_services_serviceMap_lastUpdate", "1410618038003");
Line Deleted : user_pref("CT2801948.serviceLayer_services_setupAPI_lastUpdate", "1401527272435");
Line Deleted : user_pref("CT2801948.serviceLayer_services_toolbarContextMenu_lastUpdate", "1410618038052");
Line Deleted : user_pref("CT2801948.serviceLayer_services_toolbarSettings_lastUpdate", "1410618047331");
Line Deleted : user_pref("CT2801948.serviceLayer_services_translation_lastUpdate", "1410618037681");
Line Deleted : user_pref("CT2801948.settingsINI", true);
Line Deleted : user_pref("CT2801948.showToolbarPermission", "false");
Line Deleted : user_pref("CT2801948.smartbar.CTID", "CT2801948");
Line Deleted : user_pref("CT2801948.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2801948.smartbar.toolbarName", "NCH EN ");
Line Deleted : user_pref("CT2801948.toolbarBornServerTime", "8-4-2013");
Line Deleted : user_pref("CT2801948.toolbarCurrentServerTime", "13-9-2014");
Line Deleted : user_pref("CT2801948.toolbarInstallDate", "31-05-2014 16:07:52");
Line Deleted : user_pref("CT2801948.toolbarLoginClientTime", "Sat May 31 2014 16:07:51 GMT+0700 (SE Asia Standard Time)");
Line Deleted : user_pref("CT2801948.userIdGenerationCounter", "1");
Line Deleted : user_pref("CT2801948_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1410618034294,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("browser.newtab.url", "hxxp://www.istartsurf.com/newtab/?type=nt&ts=1410266768&from=epom&uid=WDCXWD6400BPVT-75HXZT3_WD-WXH1A615377253772");
Line Deleted : user_pref("browser.search.defaultenginename", "istartsurf");
Line Deleted : user_pref("browser.search.selectedEngine", "istartsurf");
Line Deleted : user_pref("browser.startup.homepage", "hxxp://www.istartsurf.com/?type=hp&ts=1410266768&from=epom&uid=WDCXWD6400BPVT-75HXZT3_WD-WXH1A615377253772");
Line Deleted : user_pref("extensions.atylerkeith11aolcom61796.61796.internaldb.monetization_plugin_bundledUrls.value", "%7B%22dealply_s%22%3A%7B%22urls%22%3A%5B%22ssfiles.com%22%5D%7D%2C%22dealply_p%22%3A%7B%22urls%[...]
Line Deleted : user_pref("extensions.crossrider.bic", "1486f63024014128efba8aa137cdaa79");
Line Deleted : user_pref("extensions.delta.admin", false);
Line Deleted : user_pref("extensions.delta.aflt", "babsst");
Line Deleted : user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
Line Deleted : user_pref("extensions.delta.autoRvrt", "false");
Line Deleted : user_pref("extensions.delta.dfltLng", "en");
Line Deleted : user_pref("extensions.delta.excTlbr", false);
Line Deleted : user_pref("extensions.delta.ffxUnstlRst", true);
Line Deleted : user_pref("extensions.delta.id", "ea095fc70000000000005a59f9649d7b");
Line Deleted : user_pref("extensions.delta.instlDay", "15973");
Line Deleted : user_pref("extensions.delta.instlRef", "sst");
Line Deleted : user_pref("extensions.delta.newTab", false);
Line Deleted : user_pref("extensions.delta.prdct", "delta");
Line Deleted : user_pref("extensions.delta.prtnrId", "delta");
Line Deleted : user_pref("extensions.delta.rvrt", "false");
Line Deleted : user_pref("extensions.delta.smplGrp", "none");
Line Deleted : user_pref("extensions.delta.tlbrId", "base");
Line Deleted : user_pref("extensions.delta.tlbrSrchUrl", "");
Line Deleted : user_pref("extensions.delta.vrsn", "1.8.24.6");
Line Deleted : user_pref("extensions.delta.vrsnTs", "1.8.24.614:50:31");
Line Deleted : user_pref("extensions.delta.vrsni", "1.8.24.6");
Line Deleted : user_pref("extensions.delta_i.babExt", "");
Line Deleted : user_pref("extensions.delta_i.babTrack", "affID=121564&tsp=5016");
Line Deleted : user_pref("extensions.delta_i.srcExt", "ss");
Line Deleted : user_pref("smartbar.machineId", "G8JSEMHRVWCTO0GKAENZDHMPZLGX0CDHSLJGTKQW/XSZV+9UGTV4EEU3WKZD5MI435JLUJCH09YCLGNO5TDDGA");
Line Deleted : user_pref("valueApps.CT2801948.mam_gk_currentVersion", "312E31332E302E3137");
Line Deleted : user_pref("valueApps.CT2801948.mam_gk_currentVersion.storedInFile", false);
Line Deleted : user_pref("valueApps.CT2801948.mam_gk_migrated_from_ls", "31");
Line Deleted : user_pref("valueApps.CT2801948.mam_gk_migrated_from_ls.storedInFile", false);
Line Deleted : user_pref("valueApps.CT2801948.mam_gk_userBornDate", "4E2F41");
Line Deleted : user_pref("valueApps.CT2801948.mam_gk_userBornDate.storedInFile", false);
 
-\\ Google Chrome v37.0.2062.120
 
[ File : C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\preferences ]
 
Deleted [Search Provider] : hxxp://search.aol.com/aol/search?q={searchTerms}
Deleted [Startup_urls] : hxxp://www.istartsurf.com/?type=hp&ts=1410266768&from=epom&uid=WDCXWD6400BPVT-75HXZT3_WD-WXH1A615377253772
Deleted [Extension] : aaaaabfjnbeinlpljodiajipidiompfl
Deleted [Extension] : bopakagnckmlgajfccecajhnimjiiedh
Deleted [Extension] : ikloigadafpfgepigfclhbfehilnljkg
Deleted [Extension] : pelmeidfhdlhlbjimpabfcbnnojbboma
Deleted [Extension] : pmcmflmkceipgecmhoddphflfndnfbbe
 
*************************
 
AdwCleaner[R0].txt - [35039 octets] - [15/09/2014 06:25:59]
AdwCleaner[S0].txt - [33666 octets] - [15/09/2014 06:29:24]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [33727 octets] ##########
 
 
 
 
 
 
 
 
 
 
 
 
 
 
Malwarebytes Log:
<?xml version="1.0" encoding="UTF-16" ?>
<mbam-log>
<header>
<date>2014/09/15 06:57:16 +0700</date>
<logfile>mbam-log-2014-09-15 (06-57-15).xml</logfile>
<isadmin>yes</isadmin>
</header>
<engine>
<version>2.00.2.1012</version>
<malware-database>v2014.09.14.10</malware-database>
<rootkit-database>v2014.09.13.01</rootkit-database>
<license>free</license>
<file-protection>disabled</file-protection>
<web-protection>disabled</web-protection>
<self-protection>disabled</self-protection>
</engine>
<system>
<osversion>Windows 7 Service Pack 1</osversion>
<arch>x64</arch>
<username>Inspiron</username>
<filesys>NTFS</filesys>
</system>
<summary>
<type>threat</type>
<result>completed</result>
<objects>344720</objects>
<time>375</time>
<processes>0</processes>
<modules>0</modules>
<keys>5</keys>
<values>5</values>
<datas>0</datas>
<folders>17</folders>
<files>129</files>
<sectors>0</sectors>
</summary>
<options>
<memory>enabled</memory>
<startup>enabled</startup>
<filesystem>enabled</filesystem>
<archives>enabled</archives>
<rootkits>disabled</rootkits>
<deeprootkit>disabled</deeprootkit>
<heuristics>enabled</heuristics>
<pup>enabled</pup>
<pum>enabled</pum>
</options>
<items>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SmartSaver+ 15</path><vendor>PUP.Optional.SmartSaver.A</vendor><action>success</action><hash>22708e5fbbc095a136a13eed51b2916f</hash></key>
<key><path>HKLM\SOFTWARE\WOW6432NODE\SmartSaver+ 15-nv</path><vendor>PUP.Optional.SmartSaver.A</vendor><action>success</action><hash>8a08bd30cab1b97d6f68101bf50eb44c</hash></key>
<key><path>HKU\S-1-5-21-2207936844-1560937980-1430495894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\SmartSaver+ 15</path><vendor>PUP.Optional.SmartSaver.A</vendor><action>success</action><hash>7e14f8f564173bfba52f7ead48bbb34d</hash></key>
<key><path>HKU\S-1-5-21-2207936844-1560937980-1430495894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS</path><vendor>PUP.Optional.FastStart.A</vendor><action>success</action><hash>a2f027c6e2994beb7e5a3cc28c7624dc</hash></key>
<key><path>HKU\S-1-5-21-2207936844-1560937980-1430495894-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\APPDATALOW\SOFTWARE\PriceGong</path><vendor>PUP.Optional.PriceGong.A</vendor><action>success</action><hash>5b37a94447343cfaa4908aa209fad32d</hash></key>
<value><path>HKU\S-1-5-21-2207936844-1560937980-1430495894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER\{F999A48B-1950-4D81-9971-79018F807B4B}</path><valuename></valuename><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><valuedata></valuedata><hash>b3df0be258236dc940c5b110976b56aa</hash></value>
<value><path>HKU\S-1-5-21-2207936844-1560937980-1430495894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\TOOLBAR\WEBBROWSER</path><valuename>{F999A48B-1950-4D81-9971-79018F807B4B}</valuename><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><valuedata>‹¤™ùPM™qy€{K</valuedata><hash>b3df0be258236dc940c5b110976b56aa</hash></value>
<value><path>HKU\S-1-5-21-2207936844-1560937980-1430495894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS</path><valuename>{F999A48B-1950-4D81-9971-79018F807B4B}</valuename><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><valuedata></valuedata><hash>b3df0be258236dc940c5b110976b56aa</hash></value>
<value><path>HKU\S-1-5-21-2207936844-1560937980-1430495894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{f999a48b-1950-4d81-9971-79018f807b4b}</path><valuename></valuename><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><valuedata></valuedata><hash>1b77af3e522948ee38cd7d4428dacb35</hash></value>
<value><path>HKU\S-1-5-21-2207936844-1560937980-1430495894-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MOZILLA\EXTENDS</path><valuename>appid</valuename><vendor>PUP.Optional.FastStart.A</vendor><action>success</action><valuedata>faststartff@gmail.com</valuedata><hash>a2f027c6e2994beb7e5a3cc28c7624dc</hash></value>
<folder><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pelmeidfhdlhlbjimpabfcbnnojbboma</path><vendor>PUP.Optional.QuickStart.A</vendor><action>success</action><hash>355d08e58dee64d24fdd34a3f9092fd1</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmcmflmkceipgecmhoddphflfndnfbbe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>731f717c2f4c8caaec64b23958aafa06</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmcmflmkceipgecmhoddphflfndnfbbe</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a5ed7578fa814aec133e747722e0fd03</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pmcmflmkceipgecmhoddphflfndnfbbe_0</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>385abb32007b82b4aba75695639fb64a</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\defaults</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\defaults\preferences</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\userCode</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\locale</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\locale\en-US</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<folder><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></folder>
<file><path>C:\Users\Inspiron\Downloads\Product2324_Distribution2399_Partner3440.exe</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>642ee20b116a78be0f1e3ae4da26a55b</hash></file>
<file><path>C:\Users\Inspiron\Downloads\Unconfirmed 173309.crdownload</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>157dbe2f92e967cfee175c4848b9e719</hash></file>
<file><path>C:\Users\Inspiron\Downloads\Unconfirmed 464983.crdownload</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>d6bc1fce63186ec8ee17ffa520e1fe02</hash></file>
<file><path>C:\Users\Inspiron\Downloads\Unconfirmed 590012.crdownload</path><vendor>PUP.Optional.OutBrowse</vendor><action>success</action><hash>8c0600ed087359ddd82d8123d13017e9</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\searchplugins\freeonlineradioplayerrecorder-customized-web-search.xml</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>e5ad618ce89358de252b878a877cc53b</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Extensions\{1FD91A9C-410C-4090-BBCC-55D3450EF433}</path><vendor>PUP.Optional.Searchqu.A</vendor><action>success</action><hash>0b878964e794e155ea9be0686d97b54b</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage</path><vendor>PUP.Optional.QuickStart.A</vendor><action>success</action><hash>573b5b92f4877abcf6fb3432e42045bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pelmeidfhdlhlbjimpabfcbnnojbboma_0.localstorage-journal</path><vendor>PUP.Optional.QuickStart.A</vendor><action>success</action><hash>6c26c5285f1c86b07180e97d47bd8c74</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmcmflmkceipgecmhoddphflfndnfbbe_0.localstorage</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>5042816cd6a5f442b24ba3c505ffd62a</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pmcmflmkceipgecmhoddphflfndnfbbe_0.localstorage-journal</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>038f7479c3b8ac8a1be2c7a1c63ece32</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmcmflmkceipgecmhoddphflfndnfbbe\000113.ldb</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a5ed7578fa814aec133e747722e0fd03</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmcmflmkceipgecmhoddphflfndnfbbe\000115.ldb</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a5ed7578fa814aec133e747722e0fd03</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmcmflmkceipgecmhoddphflfndnfbbe\000116.log</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a5ed7578fa814aec133e747722e0fd03</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmcmflmkceipgecmhoddphflfndnfbbe\CURRENT</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a5ed7578fa814aec133e747722e0fd03</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmcmflmkceipgecmhoddphflfndnfbbe\LOCK</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a5ed7578fa814aec133e747722e0fd03</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmcmflmkceipgecmhoddphflfndnfbbe\LOG</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a5ed7578fa814aec133e747722e0fd03</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmcmflmkceipgecmhoddphflfndnfbbe\LOG.old</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a5ed7578fa814aec133e747722e0fd03</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\pmcmflmkceipgecmhoddphflfndnfbbe\MANIFEST-000114</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>a5ed7578fa814aec133e747722e0fd03</hash></file>
<file><path>C:\Users\Inspiron\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_pmcmflmkceipgecmhoddphflfndnfbbe_0\26</path><vendor>PUP.Optional.Conduit.A</vendor><action>success</action><hash>385abb32007b82b4aba75695639fb64a</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome.manifest</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\install.rdf</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\08273fd365d94da1889bac7f256eebb3.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\6e7f253c00cc8d8f6bd67dfcaa9aa120.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\7c05a8daf978779988495b989d7c78a5.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\b218262d559f168709a9470f0178dd61.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\b303cb0b52f5ddabb3ac22f7388cae4e.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\b75d6f0d0dd4ba2f571fa24192d5e875.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\background.html</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\browser.xul</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\dialog.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\ffCoreFilesIndex.txt</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\options.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\options.xul</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\search_dialog.xul</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\8a7dd2b57814e4313a79c878e6276845.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\2388d705d308af0ce0fe7e78f43c41b8.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\242d9d6bb047f524a25a2e95624b8f5b.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\2dabb0be2c7244b27bd6c9cadfd54b35.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\4e75bb76f75acc5017ef18a76c14105f.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\6ad425fb24e89690c25c522cabdef628.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\6f8f0ee1774bfc6477dccb27d5d7c0ea.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\7eab4c16b8babae38ca0a1cca5a9cedf.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\8588d312a31d6a552bb43ff603352bc0.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\95069db749c43b6d01134f8b86f5ad74.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\9a3816a2a5496d398b6071326f180239.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\b174ef05d0b9731726c8245311acbd5c.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\e5f8083aab3df528e1443fd349ff3286.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\e6473ac1fc765342b3c571eedff5d77c.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\f1733d4122043e5a7cf77df0f297eb06.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\api\f5026775bd3d5f66eb2bb9819022b457.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\6a5f3d9ad97098bc275a94a422bf3c17.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\045d1723c9df8052889d07fd6f8dfc2f.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\0aca0996c6fe5d60009da8570cbc349d.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\0ce29ef8c63a86268806644cce51bf90.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\146d5b4015189cf0abcfd017f94dae6d.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\162d10f0def9374da1a9fad2f38de991.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\28a27f03d45cf1dc2abc800abeb44329.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\2eeed4ee676c99dcef5a803188a24e0a.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\4a11046d44e043b2e89f657c034540c7.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\60027b6d4e54af0cf53514ec4c1109ba.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\653fb023769f61fb8eca5154e2597a01.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\7277163398801e3ba7d7a9dc8d4197b7.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\77fa4826036c55d27b7b706e56c7491a.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\7f9773f6a0ba8cc92e93c12442344393.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\8a1a211d88c5dbeb694062c03c33b1d2.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\8a987d191677144763fc653345c6e6f2.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\9f1f2022be579682c1dc335667603a35.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\a4929bf4e7df276ef99710cb62724cec.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\cff83eeab180970667ed96132051cffc.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\d5c2e68c7c413ed24733ac093a021f7c.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\chrome\content\core\installer.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\defaults\preferences\prefs.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\manifest.xml</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins.json</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\102.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\103.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\104.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\123.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\13.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\14.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\16.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\17.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\180.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\184.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\192.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\193.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\195.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\220.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\221.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\223.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\242.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\244.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\246.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\260.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\262.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\263.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\266.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\268.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\273.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\275.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\281.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\284.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\289.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\300.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\4.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\47.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\64.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\7.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\78.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\9.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\91.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\plugins\93.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\userCode\background.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\extensionData\userCode\extension.js</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\locale\en-US\translations.dtd</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\button1.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\button2.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\button3.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\button4.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\button5.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\crossrider_statusbar.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\icon128.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\icon16.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\icon24.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\icon48.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\panelarrow-up.png</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\popup.html</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\skin.css</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
<file><path>C:\Users\Inspiron\AppData\Roaming\Mozilla\Firefox\Profiles\4cjz56h2.default\extensions\tylerkeith11@aol.com\skin\update.css</path><vendor>PUP.Optional.CrossRider.A</vendor><action>success</action><hash>9ef4ca23403b85b1e3749d564db545bb</hash></file>
</items>
</mbam-log>
 


#6 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:25 PM

Posted 15 September 2014 - 03:47 PM

That was quite a load of adware stuff installed. Do you see the AVG icon by the clock? It dosnt look like its running to me as far as the log goes, theres no service associated with it and its not in your add/remove programs panel.

 

  Lets run one more tool for adware and see if it can drag up anything. Its called JRT.exe:

 

Please download Junkware Removal Tool to your desktop.
 
http://thisisudax.org/downloads/JRT.exe
 
    Double click the icon or Right click for Vista/W7,8 and select Run as administrator
    The tool will open and start scanning.
    Please be patient as this can take a while to complete.
    On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    Post the contents of JRT.txt into your next message

 

Panda Cloud is free AV and supposed to be light on system resources:

http://www.cloudantivirus.com/en/

and there are others also

Avast, Comodo, BitDefender all have free versions.

 

Before you install one check your add/remove programs panel and uninstall AVG if present. Install one, update it and do a system scan with it.

 

 


How Can I Reduce My Risk to Malware?


#7 loveleeyoungae

loveleeyoungae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 16 September 2014 - 08:42 PM

That was quite a load of adware stuff installed. Do you see the AVG icon by the clock? It dosnt look like its running to me as far as the log goes, theres no service associated with it and its not in your add/remove programs panel.

 

Sorry, I mistyped the name, it's not AVG, but Avira which I had uninstalled before asking for help. And well, I meant/thought that I will only have to install an AV after we finish the cleaning process. So alright, I've just installed Avast.

 

And here is the log file for JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.5 (09.16.2014:1)
OS: Windows 7 Ultimate x64
Ran by Inspiron on Tue 16/09/2014 at 22:43:34.29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\baidu
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2207936844-1560937980-1430495894-1000\Software\sweetim
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasapi32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\torchsetupfull_rasmancs
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r362-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Tracing\iLividSetup-r362-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r362-n-bc_RASAPI32
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Tracing\iLividSetup-r362-n-bc_RASMANCS
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{3336B9BD-46CC-4885-A4CE-75E809BE8ABB}



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\bigfishcache"



~~~ FireFox

Emptied folder: C:\Users\Inspiron\AppData\Roaming\mozilla\firefox\profiles\4cjz56h2.default\minidumps [10 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Tue 16/09/2014 at 22:47:05.88
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 



#8 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:25 PM

Posted 17 September 2014 - 05:26 PM

Between Adwcleaner, JRT and MBAM- looks like quite a bit of adware was removed. And you have installed Avira. So hows it looking on your end now?


How Can I Reduce My Risk to Malware?


#9 loveleeyoungae

loveleeyoungae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 17 September 2014 - 08:45 PM

Hi, I think it's fine. We haven't noticed any major issues or slowdown, just have a slight feeling that things are not perfect but obviously that's gotta be the result of having malwares ;)

Do we need to do any other checks?



#10 shelf life

shelf life

  • Malware Response Team
  • 2,688 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:@localhost
  • Local time:05:25 PM

Posted 18 September 2014 - 04:16 PM

You look good to go. You can remove Adwcleaner by starting it and clicking on the Uninstall button. Or you can keep it. You can delete the JRT.exe icon and its associated folder in drive C;

Remember the free version of Malwarebytes must be updated manually and a scan started manually.  Avoid software that wants to install other software or toolbars.

Some prevention tips in my link below. Happy safe surfing.


How Can I Reduce My Risk to Malware?


#11 loveleeyoungae

loveleeyoungae
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:05:25 AM

Posted 18 September 2014 - 06:07 PM

Yes, I notified my dad about prevention method. Hope he will not get into trouble again.

Thank you very much for your help :)






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users