Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

AD Pop Ups and New Tab Ads [Closed]


  • This topic is locked This topic is locked

#1
ohmytodd

ohmytodd

    Member

  • Member
  • PipPip
  • 34 posts
My computer has started having ads pop up non stop. I have a pop up blocker and it's getting ridiculous. Any time I click any new page an AD page starts in a new tab. Here is my OTL report.

OTL logfile created on: 12/4/2013 9:55:03 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\User\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.99 Gb Total Physical Memory | 0.90 Gb Available Physical Memory | 45.20% Memory free
3.84 Gb Paging File | 2.70 Gb Available in Paging File | 70.31% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 3.90 Gb Free Space | 5.23% Space Free | Partition Type: NTFS

Computer Name: USER-245A6B6CB5 | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013/12/04 21:46:51 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\User\My Documents\Downloads\OTL.exe
PRC - [2013/11/14 06:29:33 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\chrome.exe
PRC - [2013/10/15 18:06:12 | 001,016,712 | ---- | M] (Flux Software LLC) -- C:\Documents and Settings\User\Local Settings\Application Data\FluxSoftware\Flux\flux.exe
PRC - [2013/10/10 07:35:17 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/10/08 17:06:06 | 000,237,960 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Update\1.3.21.165\GoogleCrashHandler.exe
PRC - [2013/09/03 16:17:22 | 000,832,360 | ---- | M] (Spigot, Inc.) -- C:\Documents and Settings\User\Application Data\Search Protection\SearchProtection.exe
PRC - [2013/06/05 00:01:52 | 004,489,472 | ---- | M] (Akamai Technologies, Inc.) -- C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe
PRC - [2013/03/09 20:25:27 | 000,170,912 | ---- | M] (Oracle Corporation) -- C:\Program Files\Java\jre7\bin\jqs.exe
PRC - [2012/11/01 14:45:21 | 004,763,008 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2012/07/03 09:04:58 | 000,507,312 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2011/04/04 09:57:28 | 002,072,592 | ---- | M] (Agnitum Ltd.) -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe
PRC - [2008/04/13 18:00:00 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2013/11/14 06:29:31 | 000,399,312 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\ppgooglenaclpluginchrome.dll
MOD - [2013/11/14 06:29:29 | 004,055,504 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\pdf.dll
MOD - [2013/11/14 06:28:34 | 001,619,408 | ---- | M] () -- C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\ffmpegsumo.dll
MOD - [2011/11/01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/11/01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/07/28 18:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011/07/28 18:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
MOD - [2010/01/09 07:59:12 | 000,206,848 | ---- | M] () -- C:\Program Files\Agnitum\Outpost Security Suite Free\zlib.dll
MOD - [2009/12/03 07:28:16 | 000,210,432 | ---- | M] () -- C:\Program Files\Agnitum\Outpost Security Suite Free\unrar.dll


========== Services (SafeList) ==========

SRV - [2013/08/14 12:55:29 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/03/09 20:25:27 | 000,170,912 | ---- | M] (Oracle Corporation) [Auto | Running] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2013/01/27 10:11:46 | 000,020,456 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/07/11 13:54:49 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCore.exe -- (!SASCORE)
SRV - [2011/04/04 09:57:28 | 002,072,592 | ---- | M] (Agnitum Ltd.) [Auto | Running] -- C:\Program Files\Agnitum\Outpost Security Suite Free\acs.exe -- (acssrv)
SRV - [2010/02/19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | Boot | Stopped] -- -- (cerc6)
DRV - [2011/07/22 11:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 16:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/03/21 15:27:58 | 000,708,760 | ---- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\SandBox.sys -- (SandBox)
DRV - [2011/03/21 15:27:20 | 000,034,096 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\VBFilt.dll -- (VBFilt)
DRV - [2011/03/21 15:27:16 | 000,070,160 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\Filt\ASWFilt.dll -- (ASWFilt)
DRV - [2011/02/02 16:04:22 | 000,242,040 | ---- | M] (VirusBuster Kft.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VBEngNT.sys -- (VBEngNT)
DRV - [2010/09/27 14:40:28 | 000,267,624 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afwcore.sys -- (afwcore)
DRV - [2010/04/20 15:05:16 | 000,034,280 | ---- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afw.sys -- (afw)
DRV - [2009/11/06 08:26:36 | 000,642,432 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcmwlhigh5.sys -- (BCMH43XX)
DRV - [2008/12/10 13:56:18 | 000,187,392 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2006/08/15 03:48:00 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/04/28 04:15:38 | 000,140,544 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\Fasttx2k.sys -- (fasttx2k)
DRV - [2001/08/17 11:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...ferrer:source?}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo....r=spigot-yhp-ie
IE - HKCU\..\URLSearchHook: {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {C6B32C8D-E007-4ACB-ACC8-AF06D92F5071}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...Box&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.condui...&ctid=CT3072253
IE - HKCU\..\SearchScopes\{C6B32C8D-E007-4ACB-ACC8-AF06D92F5071}: "URL" = http://search.yahoo....p={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: crossriderapp3491%40crossrider.com:0.81.20
FF - prefs.js..extensions.enabledAddons: %7B687578b9-7132-4a7a-80e4-30ee31099e03%7D:3.19.0.3
FF - prefs.js..extensions.enabledAddons: YoutubeDownloader%40PeterOlayev.com:2.1.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {687578b9-7132-4a7a-80e4-30ee31099e03}:3.9.0.3
FF - prefs.js..extensions.enabledItems: [email protected]:0.81.20
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "http://search.yahoo....type=714647&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=714647"
FF - prefs.js..browser.startup.homepage: "http://search.yahoo....=spigot-yhp-ff"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Documents and Settings\User\Application Data\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/05/18 18:04:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/29 17:55:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/29 17:55:43 | 000,000,000 | ---D | M]

[2012/04/03 23:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions
[2012/04/03 23:03:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Extensions\[email protected]
[2013/11/22 20:45:14 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\extensions
[2013/08/29 17:58:27 | 000,000,000 | ---D | M] (uTorrentControl2 Community Toolbar) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[2012/06/05 16:21:26 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\extensions\[email protected]
[2013/11/22 20:46:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\extensions\staged
[2013/09/07 08:19:38 | 000,068,293 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\extensions\[email protected]
[2013/08/29 17:58:24 | 000,020,591 | ---- | M] () (No name found) -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi
[2013/11/11 23:03:40 | 000,000,915 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\searchplugins\yahoo.xml
[2013/08/29 17:56:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/29 17:56:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://search.yahoo....r=spigot-yhp-ch
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\Application\31.0.1650.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Documents and Settings\User\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java™ Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YoutubeAdblocker = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ajelbfmjnhfhfakhfiglkjggfhplbnfo\1.0\
CHR - Extension: Songza = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\alodolpedihmeapcekfjhpgomaadaabg\0.5.3_0\
CHR - Extension: Google Drive = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Chrome YouTube Downloader = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\cbdjiinahkdjdcdlgfimlcolkjpbooja\2.6.19_0\
CHR - Extension: Google Search = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Pandora = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl\1.0_0\
CHR - Extension: HD Video Player = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fbmimoidopbghbcmdmpkjaffffmcbmbg\1.5_0\
CHR - Extension: YouTube Download = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\fioaghaidenekphomflocmcnmnlnmicf\1.0_0\
CHR - Extension: AdBlock = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.16_0\
CHR - Extension: Lone Tree = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\hfmkllfplegemejikoabfpjdaoncphip\1.2_0\
CHR - Extension: WeatherBug (Legacy App) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak\2.0.7_0\
CHR - Extension: Reddit Enhancement Suite = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\kbmfpngjjgdllneeigpgjifpgocmfgmb\4.3.1.2_0\
CHR - Extension: FVD Video Downloader = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.0_0\
CHR - Extension: FVD Video Downloader = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\lfmhcpmkbdkbgbmkjoiopeeegenkdikp\5.6.0_0\modules\clickberry\_
CHR - Extension: Google Wallet = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: DivX Plus Web Player HTML5 \u003Cvideo\u003E = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
CHR - Extension: uTorrentControl2 = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc\10.20.101.5_0\
CHR - Extension: Vid-Saver = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.23.102_0\crossrider
CHR - Extension: Vid-Saver = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc\1.23.102_0\
CHR - Extension: Send from Gmail (by Google) = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgphcomnlaojlmmcjmiddhdapjpbgeoc\1.16_0\
CHR - Extension: Gmail = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
CHR - Extension: surf and keep = C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\plcgpmjdmpkbgcpgogeebiiigjnodgbe\2.19\

O1 HOSTS File: ([2008/04/13 18:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (YoutubeAdblocker) - {D838D3EA-310D-4E7F-B2F6-B71F1EE47101} - C:\Program Files\YoutubeAdblocker\cg.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (suRf and keep) - {EAF9684F-2914-9911-B326-F88F257284C0} - C:\Program Files\suRf and keep\OxKbjn.dll ()
O3 - HKLM\..\Toolbar: (uTorrentControl2 Toolbar) - {687578b9-7132-4a7a-80e4-30ee31099e03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentControl2 Toolbar) - {687578B9-7132-4A7A-80E4-30EE31099E03} - C:\Program Files\uTorrentControl2\prxtbuTo0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe ()
O4 - HKLM..\Run: [OutpostFeedBack] C:\Program Files\Agnitum\Outpost Security Suite Free\feedback.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [OutpostMonitor] C:\Program Files\Agnitum\Outpost Security Suite Free\op_mon.exe (Agnitum Ltd.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Documents and Settings\User\Local Settings\Application Data\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Documents and Settings\User\Local Settings\Application Data\FluxSoftware\Flux\flux.exe (Flux Software LLC)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [MusicManager] C:\Documents and Settings\User\Local Settings\Application Data\Programs\Google\MusicManager\MusicManager.exe (Google Inc.)
O4 - HKCU..\Run: [SearchProtection] C:\Documents and Settings\User\Application Data\Search Protection\SearchProtection.EXE (Spigot, Inc.)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\User\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O4 - Startup: C:\Documents and Settings\User\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1273247487897 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3C5C7088-51A0-495B-84CE-0EE0A078A0DE}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A35AAD5-3163-4B13-B170-067E58FF461B}: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (c:\progra~1\agnitum\outpos~1\wl_hook.dll) - c:\Program Files\Agnitum\Outpost Security Suite Free\wl_hook.dll (Agnitum Ltd.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/05 15:33:36 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013/12/02 18:19:06 | 000,000,000 | ---D | C] -- C:\_OTM
[2013/12/02 18:11:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2013/12/02 18:10:47 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2013/12/02 18:10:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ERUNT
[2013/11/22 20:46:28 | 000,000,000 | ---D | C] -- C:\Program Files\Jnes
[2013/11/22 20:46:02 | 000,000,000 | ---D | C] -- C:\Program Files\YoutubeAdblocker
[2013/11/22 20:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker
[2013/11/22 20:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\suRf and keep
[2013/11/22 20:45:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\AppData
[2013/11/22 20:45:37 | 000,000,000 | ---D | C] -- C:\Program Files\suRf and keep
[2013/11/22 20:45:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\5086cfb2bbc8623f
[2013/11/22 20:44:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/11/11 23:13:00 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\User\Recent
[2013/11/11 23:03:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Application Data\Search Protection
[2013/11/09 03:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\User\Local Settings\Application Data\PCHealth
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/12/04 22:14:36 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/04 21:40:32 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1767777339-1177238915-1003UA.job
[2013/12/04 21:33:21 | 000,472,866 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/12/04 21:33:21 | 000,075,960 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/12/04 21:30:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/12/04 21:29:28 | 000,000,878 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/04 21:28:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/12/02 18:51:45 | 000,001,919 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2013/12/02 18:29:49 | 003,573,072 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/12/02 18:10:56 | 000,000,777 | ---- | M] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/02 18:10:48 | 000,000,602 | ---- | M] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2013/12/02 17:45:38 | 000,000,366 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2013/12/01 21:38:51 | 000,089,531 | ---- | M] () -- C:\Documents and Settings\User\Desktop\v2-Walter+white.jpg
[2013/11/28 21:27:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/11/26 22:35:38 | 000,000,835 | ---- | M] () -- C:\Documents and Settings\User\Desktop\礣orrent.lnk
[2013/11/26 22:35:38 | 000,000,813 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\礣orrent.lnk
[2013/11/23 18:40:27 | 000,003,945 | ---- | M] () -- C:\Documents and Settings\User\My Documents\Mother [bleep]in.pdf
[2013/11/23 08:40:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1960408961-1767777339-1177238915-1003Core.job
[2013/11/23 02:00:00 | 000,000,340 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-USER-245A6B6CB5-User.job
[2013/11/22 20:46:28 | 000,000,636 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Jnes.lnk
[2013/11/16 19:35:42 | 000,058,068 | ---- | M] () -- C:\Documents and Settings\User\Desktop\THE MISSES.jpg
[2013/11/16 19:26:44 | 000,138,760 | ---- | M] () -- C:\Documents and Settings\User\Desktop\baby food.jpg
[2013/11/16 18:44:44 | 000,002,305 | ---- | M] () -- C:\Documents and Settings\User\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/11/16 18:44:44 | 000,002,287 | ---- | M] () -- C:\Documents and Settings\User\Desktop\Google Chrome.lnk
[2013/11/14 03:09:40 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/11/10 02:22:01 | 000,000,384 | -H-- | M] () -- C:\WINDOWS\tasks\Microsoft Antimalware Scheduled Scan.job
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/12/02 18:10:56 | 000,000,777 | ---- | C] () -- C:\Documents and Settings\User\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2013/12/02 18:10:48 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\User\Desktop\ERUNT.lnk
[2013/12/01 21:38:49 | 000,089,531 | ---- | C] () -- C:\Documents and Settings\User\Desktop\v2-Walter+white.jpg
[2013/11/23 18:40:26 | 000,003,945 | ---- | C] () -- C:\Documents and Settings\User\My Documents\Mother [bleep]in.pdf
[2013/11/22 20:46:28 | 000,000,636 | ---- | C] () -- C:\Documents and Settings\User\Desktop\Jnes.lnk
[2013/11/16 19:35:42 | 000,058,068 | ---- | C] () -- C:\Documents and Settings\User\Desktop\THE MISSES.jpg
[2013/11/16 19:26:40 | 000,138,760 | ---- | C] () -- C:\Documents and Settings\User\Desktop\baby food.jpg
[2013/11/14 03:05:38 | 000,001,393 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/11/11 23:03:14 | 000,000,835 | ---- | C] () -- C:\Documents and Settings\User\Desktop\礣orrent.lnk
[2013/07/22 18:11:42 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\User\񀿉
[2013/07/17 16:20:59 | 000,157,285 | ---- | C] () -- C:\WINDOWS\hphins26.dat
[2013/07/17 16:20:59 | 000,000,787 | ---- | C] () -- C:\WINDOWS\hphmdl26.dat
[2013/05/09 21:37:40 | 000,000,026 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\.811261211181235583101118113995
[2013/03/16 19:26:06 | 000,001,456 | ---- | C] () -- C:\Documents and Settings\User\Local Settings\Application Data\Adobe Save for Web 13.0 Prefs
[2012/09/07 01:15:12 | 000,044,972 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2012/02/27 11:08:18 | 000,000,218 | ---- | C] () -- C:\Documents and Settings\User\.recently-used.xbel
[2012/02/26 22:46:34 | 000,000,824 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2012/02/14 18:05:00 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/30 03:28:41 | 000,126,254 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1960408961-1767777339-1177238915-1003-0.dat
[2012/01/30 03:28:37 | 000,126,254 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/24 23:44:47 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

========== ZeroAccess Check ==========

[2012/04/29 12:52:42 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010/03/09 23:33:41 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009/02/09 07:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008/04/13 18:00:00 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013/10/16 16:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013/11/22 20:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\5086cfb2bbc8623f
[2013/04/22 11:59:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Agnitum
[2012/08/26 16:28:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Final Draft
[2013/11/22 20:46:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2013/03/16 18:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2013/11/22 20:45:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\suRf and keep
[2013/11/22 20:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker
[2012/01/25 09:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2013/04/22 11:59:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Agnitum
[2013/08/24 18:57:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CoffeeCup Software
[2013/03/16 18:24:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012/01/29 12:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\CX
[2012/05/18 18:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\DDMSettings
[2012/02/27 11:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\deluge
[2013/12/04 21:33:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Dropbox
[2012/08/26 16:29:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Final Draft
[2012/04/03 23:03:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Greyfirst
[2012/01/24 11:09:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\OpenOffice.org
[2013/03/16 18:58:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\PDAppFlex
[2013/11/11 23:03:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Search Protection
[2013/11/28 09:02:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\uTorrent

========== Purity Check ==========



========== Hard Links - Junction Points - Mount Points - Symbolic Links ==========
[C:\WINDOWS\$NtUninstallKB7909$] -> -> Unknown point type

< End of report >


Thank you!
  • 0

Advertisements


#2
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hello ohmytodd and welcome to my office here at G2G! :)

My nick is maliprog and I'll be your technical support on this issue. Before we start please read my notes carefully:

NOTES:
  • Malware removal is NOT instantaneous, most infections require several courses of action to completely eradicate.
  • Absence of symptoms does not always mean the computer is clean
  • Kindly follow my instructions in the order posted. Order is crucial in cleaning process.
  • Please DO NOT run any scans or fix on your own without my direction.
  • Please read all of my response through at least once before attempting to follow the procedures described.
  • If there's anything you don't understand or isn't totally clear, please come back to me for clarification.
  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste it to include the log in your reply.
  • You must reply within 3 days or your topic will be closed

Step 1

Download ADWCleaner to your desktop.

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on the warning and allow the download to complete.

Close all programs, pause your anti-virus and right click on the AdwCleaner icon and Run As Admin.

Posted Image

Click on Scan and follow the prompts. Let it run unhindered. When done, click on the Clean button, and follow the prompts. Allow the system to reboot. You will then be presented with the report. Copy & Paste this report on your next reply.

The report will be saved in the C:\AdwCleaner folder.


Step 2

Please download Junkware Removal Tool to your desktop.
  • Pause your anti-virus. Close all browsers.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

Step 3

Please download Malwarebytes' Anti-Malware

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.

Step 4


Please don't forget to include these items in your reply:

  • adwCleaner log
  • JRT log
  • Malwarebytes log
It would be helpful if you could post each log in separate post using "Add Reply" button
  • 0

#3
ohmytodd

ohmytodd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
MALIPROG!! Thank you so much! My computer seems to be going even slower now though! Chrome is using so much! Anyways.. ADWCLEANER LOG

# AdwCleaner v3.014 - Report created 06/12/2013 at 23:40:08
# Updated 01/12/2013 by Xplode
# Operating System : Microsoft Windows XP Service Pack 3 (32 bits)
# Username : User - USER-245A6B6CB5
# Running from : C:\Documents and Settings\User\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Documents and Settings\All Users\Application Data\YoutubeAdblocker
[!] Folder Deleted : C:\Documents and Settings\All Users\Application Data\suRf and keep
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\Vid-Saver
Folder Deleted : C:\Program Files\YoutubeAdblocker
Folder Deleted : C:\Program Files\suRf and keep
Folder Deleted : C:\Program Files\uTorrentControl2
Folder Deleted : C:\Documents and Settings\NetworkService\Local Settings\Application Data\uTorrentControl2
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Conduit
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Vid-Saver
Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\uTorrentControl2
Folder Deleted : C:\Documents and Settings\User\Application Data\Search Protection
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\ConduitCommon
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\CT3072253
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\Extensions\[email protected]
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\Extensions\staged
Folder Deleted : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\Extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}
[!] Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
[!] Folder Deleted : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pgmfkblbflahhponhjmkcnpjinenhlnc
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pacgpkgadgmibnhpdidcnfafllnmeomc
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKCU\Toolbar
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.BHO.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.FBApi.1
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox
Key Deleted : HKLM\SOFTWARE\Classes\CrossriderApp0003491.Sandbox.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3072253
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{11111111-1111-1111-1111-110011341191}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{22222222-2222-2222-2222-220022342291}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{33333333-3333-3333-3333-330033343391}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{55555555-5555-5555-5555-550055345591}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066346691}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077347791}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{44444444-4444-4444-4444-440044344491}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011341191}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011341191}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{687578B9-7132-4A7A-80E4-30EE31099E03}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011341191}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D4AAF2A6-F6D1-49A5-BA1A-B20735DF1955}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011341191}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{97EE49E5-1549-406A-8923-188EDB06DFFF}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{1DAEFD82-289E-48C8-B181-8B1206BCE26E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011341191}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{687578B9-7132-4A7A-80E4-30EE31099E03}]
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Cr_Installer
Key Deleted : HKCU\Software\Crossrider
Key Deleted : HKCU\Software\installedbrowserextensions
Key Deleted : HKCU\Software\SmartBar
Key Deleted : HKCU\Software\Vid-Saver
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\uTorrentControl2
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\uTorrentControl2
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Vid-Saver
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\uTorrentControl2 Toolbar

***** [ Browsers ] *****

-\\ Internet Explorer v8.0.6001.18702


-\\ Mozilla Firefox v23.0.1 (en-US)

[ File : C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\eac7wpez.default\prefs.js ]

Line Deleted : user_pref("CT3072253..clientLogIsEnabled", false);
Line Deleted : user_pref("CT3072253..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3072253..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3072253.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3072253.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT3072253.AppTrackingLastCheckTime", "Wed Apr 04 2012 00:30:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129573915102477663", true);
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445530228833", true);
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129749445881800338", true);
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_129805375651312503", true);
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_130067979083742856", true);
Line Deleted : user_pref("CT3072253.BrowserCompStateIsOpen_1359634299000", true);
Line Deleted : user_pref("CT3072253.CTID", "CT3072253");
Line Deleted : user_pref("CT3072253.CurrentServerDate", "8-9-2013");
Line Deleted : user_pref("CT3072253.DSInstall", false);
Line Deleted : user_pref("CT3072253.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3072253.DialogsGetterLastCheckTime", "Sat Sep 07 2013 09:16:45 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3072253.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3072253.FirstServerDate", "24-3-2012");
Line Deleted : user_pref("CT3072253.FirstTime", true);
Line Deleted : user_pref("CT3072253.FirstTimeFF3", true);
Line Deleted : user_pref("CT3072253.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT3072253.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3072253.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3072253.HPInstall", false);
Line Deleted : user_pref("CT3072253.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3072253.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT3072253.HomepageBeforeUnload", "resource:/browserconfig.properties");
Line Deleted : user_pref("CT3072253.Initialize", true);
Line Deleted : user_pref("CT3072253.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3072253.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT3072253.InstallationId", "ConduitXPEIntegration");
Line Deleted : user_pref("CT3072253.InstallationType", "ConduitXPEIntegration");
Line Deleted : user_pref("CT3072253.InstalledDate", "Fri Mar 23 2012 20:10:51 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3072253.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT3072253.IsGrouping", false);
Line Deleted : user_pref("CT3072253.IsInitSetupIni", true);
Line Deleted : user_pref("CT3072253.IsMulticommunity", false);
Line Deleted : user_pref("CT3072253.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT3072253.IsOpenUninstallPage", false);
Line Deleted : user_pref("CT3072253.LanguagePackLastCheckTime", "Sat Sep 07 2013 09:16:45 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3072253.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3072253.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3072253.LastLogin_3.12.0.8", "Thu Aug 29 2013 18:53:17 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3072253.LastLogin_3.19.0.3", "Sat Sep 07 2013 21:16:46 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3072253.LastLogin_3.9.0.3", "Fri May 11 2012 23:36:53 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3072253.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT3072253.Locale", "en");
Line Deleted : user_pref("CT3072253.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3072253.MCDetectTooltipUrl", "hxxp://@[email protected]/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3072253.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3072253.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3072253.OriginalFirstVersion", "3.9.0.3");
Line Deleted : user_pref("CT3072253.SearchCaption", "uTorrentControl2 Customized Web Search");
Line Deleted : user_pref("CT3072253.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT3072253.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3072253.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=");
Line Deleted : user_pref("CT3072253.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3072253.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3072253.SearchInNewTabLastCheckTime", "Sat Sep 07 2013 09:16:44 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3072253.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT3072253.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT3072253.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3072253.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT3072253.ServiceMapLastCheckTime", "Sat Sep 07 2013 09:16:45 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3072253.SettingsLastCheckTime", "Sat Sep 07 2013 09:16:44 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3072253.SettingsLastUpdate", "1378541585");
Line Deleted : user_pref("CT3072253.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3072253&SearchSource=13");
Line Deleted : user_pref("CT3072253.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3072253.ThirdPartyComponentsLastCheck", "Thu Aug 29 2013 18:53:15 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3072253.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT3072253.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT3072253.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3072253");
Line Deleted : user_pref("CT3072253.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3072253.UserID", "UN60169401465313549");
Line Deleted : user_pref("CT3072253.alertChannelId", "1463702");
Line Deleted : user_pref("CT3072253.autoDisableScopes", 0);
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B474953462D584D503D263F2D2E3135443B464E4F5B565E695B426D6265523B544243464959505B637D737B6E55217578654E675[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C4748402C574C4F3C253E2C2E2B2F433A454E59505B57676A66426D62455E69543D56444643465B525D66716C216E6B587D73675[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e-x305", "247E29327641363937333545397E3F493B2F77317E202520362D3842474A58515A5C585D505F593964595C49324B393A3F395047525C4173686B6965677B796F6D7B6E552175785926766[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e.:2z527", "247E70716B71773C37276F2979757475772F26312323234F484B4C552E53493D263F302B30352F453C4739383C3D64605C5B5F716571704974696C4D7A675C455E4F4A4F4E4D645B665[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F564654524C474A595A4851505E51523964595C49324B393C3B3E5047525D6C6A6B6F786D68506A6F7171742256227679664F6[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C4343534E2D585B3C253E2C302E34433A45515862695E675A416C6164513A5341454348584F5A666D7B7C7174726E702174745B2[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e06cg5el8:", "6E6D6A6A6E6F6C6E7573");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A74737070747572747B79242F4B49474F42357D5D5C3D");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E41295547484D515A4E5A59325D5255422B443237303749404B585E685E706E6E6674626E696B4D786D705D465F4D524B51645B66732[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473E454745482F5A4F523F2841302D2F33463D48566265685C6B675F6D70604873686B58415A4946484B5F56616F7C217D74747[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D3229344356554E472E594E51325E4F412A4335373231483F4A59655F5F626C5B717369756975744D786D70517E6B60496252505451675[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444D327A344F4849524E562F5A4F523F364124504C56624730493B4B424D306C626F74716669676C7466767D7979732068614A6[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352C37474B59574B4A4858584E5E3762573A535E49324B3A3D3F3B504752626C625D75786D766A7C517C7174614A63525557526[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A522B55553A233C2B2F282941384354515E5D56615F56685C426D6265523B544346494A59505B6C697A7E21702370765925797[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D49564A50592E594E314A55402942322E332F473E495B5D595A6A5E58707262674974696C59425B4B474B51605762747C2473737[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B364953545259585A5A50524E36615659462F4838353D3C4D444F626C6D6B72716A77614D786D705D465F4F4C5451645B66797[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347513F445559424C5A315C5154412A4333323037483F4A5E68565B5970606E6C666164734C776C6F5C455E4E4D4B51635A6579247[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E782332293449565540472E594E513E274030323533453C475C5558636A656E625E6C616B7068734B766B6E5B445D4D4F524F6259647927767[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4F44504C4754585C5048345F5457442D46373135344B424D636B5D5F5F73696B4A756A6D5A435C4D474B4961586379226F742[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A30273249485545442C574C4F3C253E2F2A2D2D433A455C67555B5E3F6A5F624F3851423D403F564D586F7A68786C717154207477644D66575[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354D462C574C4F3C253E2F2B2B31433A455D6356575C5C5A416C6164513A5344404045584F5A7273717A786D2256227679664F6[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352C37504C4757514B4F47345F5457442D4637343A3A4B424D665E705B646571634A756A6D5A435C4D4A504F6158637C7179207[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B36505459574C554F515B345F5457442D46373637384B424D676B706E606F61666B63664D786D705D465F504F5050645B66212[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A35504F5346482F5A4F523F28413233342F463D48635C5D66626A436E6366533C55464748425A515C77707773202371215925797[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3652504C5249555256525C35605558452E47383B38364C434E6A706F5F65635D736F677578684C65706B54207477644D66575[...]
Line Deleted : user_pref("CT3072253.backendstorage./[email protected]", "247E3C40422B7743383B28702A7B767E782F26314E52543D2A554A2D46513C253E302B332C433A45626756516259655F5F436E63465F6A553E5749444C445C535E7B21747C7821745A267[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4B524B4445494B49485450585952535F513863585B48314A3C3B363D4F46516F6B6E6D63776D687666507B707360496254534E54675[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B265146492965504656496571734D334B57");
Line Deleted : user_pref("CT3072253.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352C37565949484E4F51525C4E4C55535B54605A5A3E695E614E37503B3D41544B567575656D7367796D6D7C55217578654E675[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E3128335351565551575A4F584C5E335E5356432C4534383649404B6B59566C686B46716669563F58474B485C535E7E6C6956227679664F6[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C484A2C574C2F48533E27403233433A45665B68505C5E406B6E4F38514343544B56776C79616D6F517C71547873634C6557566[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C32293423524C5457474A4E50565D4A61515F5D575255643D685D604D364F3D3E3E3D544B5645486A736D696F527D7275624B645253535[...]
Line Deleted : user_pref("CT3072253.backendstorage./9b-0?3g>d", "67696870717474417A45467977204B797A4F257E4E21232A5256265756262B5D5A2E5B2F");
Line Deleted : user_pref("CT3072253.backendstorage./[email protected]:5;", "");
Line Deleted : user_pref("CT3072253.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Line Deleted : user_pref("CT3072253.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332A354448584C3A232E333E58604F6456604F6852645858635E604E376B7167617059");
Line Deleted : user_pref("CT3072253.backendstorage./9b/>01=9a6k6<im;[email protected]", "6A696B7273747576");
Line Deleted : user_pref("CT3072253.backendstorage./9b3=>@44i48?", "372C2D3269757633423633414847203E3D474E4D4C45474F2A554A4D2D5858585E4B554E366352564F");
Line Deleted : user_pref("CT3072253.backendstorage./9b5ba==9cjag", "3B6E3F6C6E4242737A42767148467B79497A792021");
Line Deleted : user_pref("CT3072253.backendstorage./9b6b11g4c56b>f;p;[email protected]", "6E6D6A6A6E6F6C6E7671757477");
Line Deleted : user_pref("CT3072253.backendstorage./9b9643g3/9e", "6A");
Line Deleted : user_pref("CT3072253.backendstorage./9b;45>:bi9i7ie", "2B2E2C3D");
Line Deleted : user_pref("CT3072253.backendstorage./9b<:222h64<", "393F352F3E");
Line Deleted : user_pref("CT3072253.backendstorage./9b<:222h64<l8daj", "6D70706F76746D79756F2A7879727876757C7A");
Line Deleted : user_pref("CT3072253.backendstorage./9b=+03eh8h8j?:", "4443");
Line Deleted : user_pref("CT3072253.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B2651464929655046566470727951555E5E52");
Line Deleted : user_pref("CT3072253.backendstorage./9b?b0d:8aj62<h", "6D");
Line Deleted : user_pref("CT3072253.backendstorage./[email protected]<0bi6a7gn:[email protected]?", "6C");
Line Deleted : user_pref("CT3072253.backendstorage.acp_personal.appstate", "656E61626C65");
Line Deleted : user_pref("CT3072253.backendstorage.bt_stats", "7B226C6173745F6C6F67223A313337383535393830392C2275756964223A3433303832353830383332343331392C227365715F6964223A322C22737362223A313337373831363830377D");
Line Deleted : user_pref("CT3072253.backendstorage.cbfirsttime", "467269204D617220323320323031322032303A31303A353320474D542D3034303020284561737465726E204461796C696768742054696D6529");
Line Deleted : user_pref("CT3072253.backendstorage.discover-experiments-photopop", "7B226E616D65223A2270686F746F706F7031222C2276657273696F6E223A31307D");
Line Deleted : user_pref("CT3072253.backendstorage.discover-periodic-reports", "7B2270696E675F30223A5B313337383535393834343232302C31343430303030305D7D");
Line Deleted : user_pref("CT3072253.backendstorage.discover-user-id", "2261656663356335302D333234652D346638362D386366382D66623134313666366334343422");
Line Deleted : user_pref("CT3072253.backendstorage.ground-country-code", "22555322");
Line Deleted : user_pref("CT3072253.backendstorage.hover_counter", "31");
Line Deleted : user_pref("CT3072253.backendstorage.impression_counter", "31");
Line Deleted : user_pref("CT3072253.backendstorage.impression_session_counter", "30");
Line Deleted : user_pref("CT3072253.backendstorage.impression_session_id", "2237313130353764632D343761362D343636332D396463392D37363632393838613730613022");
Line Deleted : user_pref("CT3072253.backendstorage.impression_session_last_active", "31333738353539383435333031");
Line Deleted : user_pref("CT3072253.backendstorage.last_client_stats_submit_2", "31333737383137313137");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_last_submit_6", "31333738353539383538");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_site_irrelevant", "31");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_site_new", "30");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_site_not_supported", "30");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_site_supported", "30");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_use_history", "30");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_use_pop", "30");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_use_related", "30");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_stats_stats_use_typed", "30");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_irrelevant", "31333738353630303034");
Line Deleted : user_pref("CT3072253.backendstorage.local_cookie_throttle_baseadd_stats|0|local_cookie_stats_stats_site_supported", "31333737383137313232");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appsdata", "7B2261707073223A5B7B226964223A225072696365476F6E67222C2275726C223A22687474703A2F2F7072696365676F6E672E636F6E64756974617070732E636F6D2F4D414D2F763[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appsdefaultenabled", "6E756C6C");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_acplus", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_couponbuddy", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_discover", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_easytobook", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_easytobook_targeted", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_find-a-pro", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_piclickv2-websearch", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_pricegong", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstate_windowshopper", "6F6E");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_appstatereporttime", "31333738363033313838353936");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_calledsetupservice", "31");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_configuration", "7B22636F6E66696775726174696F6E223A5B7B226964223A225069636C69636B56322D576562536561726368222C22637269746572696173223A5B7B22637269746572696149[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_currentversion", "312E31302E342E30");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_existingusersrecoverydone", "31");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_first_time", "31");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_lastlogintime", "31333738363033313837363137");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_localization", "7B22676164676574436F6E74656E74506F6C696379223A7B2254657874223A22436F6E74656E7420506F6C696379227D2C226761646765744465736372697074696F6E5072696[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_new_welcome_experience", "31");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_settings1.10.4.0", "7B22537461747573223A22737563636565646564222C2244617461223A7B22696E74657276616C223A3234302C227374616D70223A223135375F31222C226973546573742[...]
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_showwelcomegadget", "66616C7365");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_user_approval_interacted", "31");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_userid", "34333337366364662D393563662D343432362D623136332D636630636466663234306664");
Line Deleted : user_pref("CT3072253.backendstorage.mam_gk_welcomedialogmode", "31");
Line Deleted : user_pref("CT3072253.backendstorage.pg_enable", "74727565");
Line Deleted : user_pref("CT3072253.backendstorage.searchappstate", "32");
Line Deleted : user_pref("CT3072253.backendstorage.searchapptracking", "73656E74");
Line Deleted : user_pref("CT3072253.backendstorage.sf_just_installed", "46414C5345");
Line Deleted : user_pref("CT3072253.backendstorage.sf_status", "454E41424C4544");
Line Deleted : user_pref("CT3072253.backendstorage.sf_user_id", "6369645F3239383230313331383538333635333032353433");
Line Deleted : user_pref("CT3072253.backendstorage.url_history0001", "68747470733A2F2F7777772E676F6F676C652E636F6D3A3A3A636C69636B68616E646C65723A3A3A313337383535393831353539382C2C2C68747470733A2F2F7777772E676F6F676[...]
Line Deleted : user_pref("CT3072253.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT3072253.globalFirstTimeInfoLastCheckTime", "Thu Aug 29 2013 18:53:18 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3072253.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3072253.initDone", true);
Line Deleted : user_pref("CT3072253.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT3072253.myStuffEnabled", true);
Line Deleted : user_pref("CT3072253.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3072253.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3072253.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3072253.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3072253.revertSettingsEnabled", false);
Line Deleted : user_pref("CT3072253.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3072253.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3072253.testingCtid", "");
Line Deleted : user_pref("CT3072253.toolbarAppMetaDataLastCheckTime", "Sat Sep 07 2013 09:16:45 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3072253.toolbarContextMenuLastCheckTime", "Thu Aug 29 2013 18:53:17 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3072253.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3072253/CT3072253", "\"c9ad62496f2a005465f1ad5f7aec6eb53\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1463702/1459356/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3072253", "\"1362324308\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "uG7mdamLoNmpmgC2c0JctQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en&ctid=CT3072253", "GNmdGrr6syWWiO5HPrW6Kg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "jf4tQQjNr2TQ31uHimzTMg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en&ctid=CT3072253", "inm6N6Ad2DrQKGUsOGzkLg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "0BEXfBAJ1PdxmWK9VOejOg==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en&ctid=CT3072253", "6nU8AIjBECdJeC23UVuipQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "ZU6zjERHpZr7lBpInn+HyA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en&ctid=CT3072253", "Y3Dtc1pIAMMkuUpvgoTeaw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"0ea11bd291bce1:16c0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.8", "\"23c5489aa686ce1:16c0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:16c0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3072253", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"401d32483340a129bdc6ddc544721839\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\User\\Application Data\\Mozilla\\Firefox\\Profiles\\eac7wpez.default\\conduitCommon\\modules\\3.19.0.3");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.19.0.3");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3072253");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3072253");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3072253");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "2f18d83a-a584-486c-8f0e-18778a5d5bb0");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3072253");
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 07 2013 09:16:47 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sat Sep 07 2013 09:16:55 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sat Sep 07 2013 09:16:47 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "d79ca0c4-2538-4ba0-9e99-c3390ad907d9");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("extensions.crossrider.bic", "13993b4204edfd76c0ff0143b8c522d1");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationThankYouPage", true);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationTime", 1338931282);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.searchUserConifrmation", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setHomepage", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setNewTab", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.InstallationUserSettings.setSearch", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.active", true);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.addressbar", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.affid", "0");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.backgroundjs", "\n\n\"undefined\"!=typeof _GPL_BG_NEW&&appAPI.webRequest&&appAPI.webRequest.onBeforeNavigate?_GPL_BG_NEW.preinit():\"undefined\"!=typeof _G[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.backgroundver", 11);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.can_run_bg_code", true);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.certdomaininstaller", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.changeprevious", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallationTime.value", "1338931282");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.InstallerParams.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_aoi.value", "1338931282");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_country_code.expiration", "Sat Sep 14 2013 09:16:43 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_country_code.value", "%22US%22");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_crr.value", "1378559981");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_hotfix20111102645.value", "%221%22");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_installer_params.value", "%7B%22source_id%22%3A%22BVS%22%2C%22sub_id%22%3A%22default%22%2C%22uzid%22%3A%2224540%26subid%3D%26pid%3D1147%22%7D")[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_parent_zoneid.value", "%2224540%22");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_pc_20120828.value", "1360191253638");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_product_id.value", "%221147%22");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie._GPL_zoneid.value", "%2242699%22");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.cookie.dbtest.value", "1347921457249");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.description", "Vid-Saver allows you to download your favorite streaming videos!");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.domain", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.emailsig", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.enablesearch", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.exposesites", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.fbremoteurl", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.group", 0);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.homepage", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.iframe", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.InstallerIdentifiers.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.InstallerIdentifiers.value", "%7B%22installer_bic%22%3A%2258E90072867F4CC9B6C7A8308FC97A1DIE%22%2C%22installer_verifier%22%3A%2288bf037a8b720519[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_appVer.value", "48");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_lastVersion.value", "0");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_meta.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_nextCheck.expiration", "Sat Sep 07 2013 15:16:43 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_nextCheck.value", "true");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.expiration", "Fri Feb 01 2030 00:00:00 GMT-0500 (Eastern Daylight Time)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.internaldb.Resources_queue.value", "%7B%7D");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.js", "\n\nif(\"undefined\"!=typeof _GPL_PLUGIN){var _GPL_=function(){_GPL_PLUGIN.started||_GPL_PLUGIN.prepare({pid:1140,baseCDN:\"vidsaver-a.akamaihd.net\"[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.manifesturl", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.name", "Vid-Saver");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.newtab", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.opensearch", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.code", "Array.prototype.indexOf||(Array.prototype.indexOf=function(a){if(void 0===this||null===this)throw new TypeError;var b=Object[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.name", "GPL Plugin (Loader)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000014.ver", 5);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.code", "var _GPL_BG={vars:{},rules:{},started:!1,log:function(d){console.log(d)},factor:1,preinit:function(){null!=appAPI.db.get(\"_[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.name", "GPL Background (BG)");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_1000015.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.code", "(function(a){a.selectedText=function(e,c){function d(){if(window.getSelection){return window.getSelection()}else{if(document.getS[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.name", "CrossriderAppUtils");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_13.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.code", "if(typeof(appAPI)===\"undefined\"){appAPI={}}appAPI.JSON={};(function(){function f(n){return n<10?\"0\"+n:n}if(typeof Date.protot[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.name", "CrossriderUtils");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_14.ver", 2);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.code", "(function(f){var u={};var e=Math.floor(Math.random()*99999);var g=Math.floor(Math.random()*99999999999999)+\"Z\"+(new Date()).get[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.name", "FacebookFFIE");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_15.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.code", "(function(f,b){if(typeof(b)==\"undefined\"){b={}}var d=f.appID+\".\";b.appID=f.appID;b.version=f.version;b.platform=f.platform;b.[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.name", "FFAppAPIWrapper");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_16.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.code", "if(typeof window!==\"undefined\"){\n/*!\n * jQuery JavaScript Library v1.4.2\n * hxxp://jquery.com/\n *\n * Copyright 2010, John [...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.name", "jQuery");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_17.ver", 3);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.code", "(function(){appAPI.ready=function(a){appAPI.resources.isReady(a)}}());var CrossRiderResourcesManager=(function(){var A={appId:(fu[...]
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.name", "resources_background");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins.plugin_47.ver", 1);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_0", "17,14,16,47,1000015");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.plugins_lists.plugins_1", "17,14,13,16,15,1000014");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.pluginsurl", "hxxp://app-static.crossrider.com/plugin/apps/3491/plugins/081/ff/plugins.json");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.pluginsversion", 13);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.premium", true);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.publisher", "215 Apps");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.searchstatus", 0);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.setnewtab", false);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.settingsurl", "");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.thankyou", "hxxp://vid-saver.com/thankyou.html");
Line Deleted : user_pref("extensions.crossriderapp3491.3491.updateinterval", 360);
Line Deleted : user_pref("extensions.crossriderapp3491.3491.ver", 48);
Line Deleted : user_pref("extensions.crossriderapp3491.adsOldValue", -1);
Line Deleted : user_pref("extensions.crossriderapp3491.apps", "3491");
Line Deleted : user_pref("extensions.crossriderapp3491.bic", "13993b4204edfd76c0ff0143b8c522d1");
Line Deleted : user_pref("extensions.crossriderapp3491.cid", 3491);
Line Deleted : user_pref("extensions.crossriderapp3491.firstrun", false);
Line Deleted : user_pref("extensions.crossriderapp3491.hadappinstalled", true);
Line Deleted : user_pref("extensions.crossriderapp3491.installationdate", 1346802819);
Line Deleted : user_pref("extensions.crossriderapp3491.lastcheck", 22976000);
Line Deleted : user_pref("extensions.crossriderapp3491.lastcheckitem", 22976000);
Line Deleted : user_pref("extensions.crossriderapp3491.misc.lastBgWorkerTimer", "1378615603342");
Line Deleted : user_pref("extensions.crossriderapp3491.misc.lastDomWorkerTimer", "1378615603340");
Line Deleted : user_pref("extensions.crossriderapp3491.updating", true);
Line Deleted : user_pref("[email protected]", true);
Line Deleted : user_pref("extensions.enabledAddons", "crossriderapp3491%40crossrider.com:0.81.20,%7B687578b9-7132-4a7a-80e4-30ee31099e03%7D:3.19.0.3,YoutubeDownloader%40PeterOlayev.com:2.1.3,%7B972ce4c6-7e08-4474-a2[...]
Line Deleted : user_pref("extensions.enabledItems", "{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20,{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21,{687578b9-7132-4a7a-80e4-30ee31099e03}:3.9.0.3,{20a82645-c095-46ed-80e[...]

-\\ Google Chrome v

[ File : C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [48744 octets] - [06/12/2013 23:01:52]
AdwCleaner[S0].txt - [49396 octets] - [06/12/2013 23:40:08]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [49457 octets] ##########
  • 0

#4
ohmytodd

ohmytodd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
THE JRT text file.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Microsoft Windows XP x86
Ran by User on Fri 12/06/2013 at 23:59:21.32
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values




~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Documents and Settings\User\Local Settings\Application Data\cre"



~~~ Chrome

Successfully deleted: [Folder] C:\Documents and Settings\User\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ihdkejbciahopmbagpnjmmkkdpfpaaak





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 12/07/2013 at 0:13:02.19
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#5
ohmytodd

ohmytodd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
THE MALWARE text file. (This one is popping up every five seconds telling me that it is blocking an outgoing site).

Malwarebytes Anti-Malware (Trial) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.12.07.02

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
User :: USER-245A6B6CB5 [administrator]

Protection: Enabled

12/7/2013 1:08:39 AM
MBAM-log-2013-12-07 (01-27-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 209660
Time elapsed: 10 minute(s), 49 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Documents and Settings\User\My Documents\Downloads\CR_Downloader_for_jnes.exe (PUP.Optional.InstalleRex) -> No action taken.
C:\Documents and Settings\User\My Documents\Downloads\Final_Draft_key_generator_by_cat.zip (Rootkit.0Access) -> No action taken.

(end)
  • 0

#6
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ohmytodd,

Step 1

Please download ResetDMS from the link bellow. You must right click on the link and choose Save as.... Save it as resetdma.zip on your desktop

Attached File  resetdma.zip   1.21KB   50 downloads

Extract resetdma.vbs to desktop and double click it to run script.

Restart your system after this and let me know how is it now.
  • 0

#7
ohmytodd

ohmytodd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hey Maliprog! It seems to be working a lot better! Thank you so much! The only other issue is that the Malwarebytes program you told me to download keeps telling me that an outgoing signal is being sent to a malware site, every time I go to a new page. Suggestions?

Thank you again!

Todd
  • 0

#8
ohmytodd

ohmytodd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Soooo.. Actually, since then, I turned off my computer and tried to restart it and it is frozen at "windows is starting up"! The mouse works but it won't go much further than that. Is it dead? :(
  • 0

#9
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ohmytodd,

OK. Let's try to start it in Safe Mode first.

Step 1

Please restart in Safe mode with networking:
  • If the computer is running, shut down Windows, and then turn off the power
  • Start tapping the F8 key. The Windows Advanced Options Menu appears. If you begin tapping the F8 key too soon, some computers display a "keyboard error" message. To resolve this, restart the computer and try again.
  • Ensure that the Safe mode with networking option is selected.
  • Press Enter. The computer then begins to start in Safe mode.

If you get into safe mode then we need to check your hard disk. Continue to Step 2.

Step 2

  • Go to Start -> My Computer
  • Right click on C: disk and clik on Properties
  • Click on tab Tools and click on Check now... button
  • Check Automatically fix system errors and Scan for and attempt recovery of bad sectors
  • Click Start button
  • Confirm schedule disk check next time computer starts with Yes button
  • Restart your system and wait while system checks your disk for errors

Restart your system now and let me know if it starts now.
  • 0

#10
ohmytodd

ohmytodd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
I got it to start! Thank you! The outgoing malware alert is still present sadly.
  • 0

Advertisements


#11
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ohmytodd,

Good job. Let's see if there is anything is hiding.

Download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
  • Check the boxes beside:

    • Loaded modules

  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Make sure to check:

    • Services and drivers
    • Boot sectors
    • Loaded modules
    • Verify Driver Digital Signature
    • Detect TDLFS file system

  • then click OK.
  • Click the Start Scan button to start the scan.
  • If a suspicious object is detected, the default action will be Skip
  • If malicious objects are found, they will show in the Scan results and offer three (3) options.
  • Ensure Cure is selected for malicious objects

    Posted Image
  • Click Continue then Reboot now to finish the cleaning process.
  • Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
A report will be created in your root directory, (usually C:\\ folder) in the form of \"TDSSKiller.[Version]_[Date]_[Time]_log.txt\". Please copy and paste its contents on your next reply.
  • 0

#12
ohmytodd

ohmytodd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Maliprog! Thanks again for getting me through all of this!

It did not have a CURE option so here is the log. It found 4 things questionable.

18:12:01.0801 2740 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
18:12:03.0804 2740 ============================================================
18:12:03.0804 2740 Current date / time: 2013/12/14 18:12:03.0804
18:12:03.0804 2740 SystemInfo:
18:12:03.0804 2740
18:12:03.0804 2740 OS Version: 5.1.2600 ServicePack: 3.0
18:12:03.0804 2740 Product type: Workstation
18:12:03.0804 2740 ComputerName: USER-245A6B6CB5
18:12:03.0804 2740 UserName: User
18:12:03.0804 2740 Windows directory: C:\WINDOWS
18:12:03.0804 2740 System windows directory: C:\WINDOWS
18:12:03.0804 2740 Processor architecture: Intel x86
18:12:03.0804 2740 Number of processors: 1
18:12:03.0804 2740 Page size: 0x1000
18:12:03.0804 2740 Boot type: Normal boot
18:12:03.0804 2740 ============================================================
18:12:04.0956 2740 Drive \Device\Harddisk0\DR0 - Size: 0x12A05F2000 (74.51 Gb), SectorSize: 0x200, Cylinders: 0x25FE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000054
18:12:04.0986 2740 ============================================================
18:12:04.0986 2740 \Device\Harddisk0\DR0:
18:12:04.0986 2740 MBR partitions:
18:12:04.0986 2740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x94FE97E
18:12:04.0986 2740 ============================================================
18:12:05.0006 2740 C: <-> \Device\Harddisk0\DR0\Partition1
18:12:05.0016 2740 ============================================================
18:12:05.0016 2740 Initialize success
18:12:05.0016 2740 ============================================================
18:12:45.0765 1576 Deinitialize success
  • 0

#13
maliprog

maliprog

    Trusted Helper

  • Malware Removal
  • 6,172 posts
Hi ohmytodd,

Do you still have Malwarebytes blocking websites or is it gone now? What IP address does it block or website?
  • 0

#14
ohmytodd

ohmytodd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
Hey Maliprog.. The IP address that it says that it is blocking is 162.210.192.14
  • 0

#15
ohmytodd

ohmytodd

    Member

  • Topic Starter
  • Member
  • PipPip
  • 34 posts
the last digit changes here and there it appears.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP