Jump to content

Search engine results redirect virus


Sarith
 Share

Recommended Posts

Welcome to the forum.

Please uninstall > Yontoo 1.10.02

Then........

Please remove any usb or external drives from the computer before you run this scan!

Please download and run RogueKiller to your desktop.

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

MrC

Link to post
Share on other sites

Thanks. I have uninstalled Yontoo and ran the RogueKiller. Please find the report below.

RogueKiller V8.0.5 [09/23/2012] by Tigzy

mail: tigzyRK<at>gmail<dot>com

Feedback: http://www.geekstogo.com/forum/files/file/413-roguekiller/

Blog: http://tigzyrk.blogspot.com

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version

Started in : Normal mode

User : sarith [Admin rights]

Mode : Scan -- Date : 09/24/2012 17:08:18

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 4 ¤¤¤

[RUN][bLACKLIST DLL] HKLM\[...]\Run : AdslTaskBar (rundll32.exe stmctrl.dll,TaskBar) -> FOUND

[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (proxy7.au.ibm.com:8080) -> FOUND

[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> FOUND

[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

SSDT[12] : NtAlertResumeThread @ 0x80637C36 -> HOOKED (Unknown @ 0x861BA7A8)

SSDT[13] : NtAlertThread @ 0x80592EFA -> HOOKED (Unknown @ 0x861E39D0)

SSDT[17] : NtAllocateVirtualMemory @ 0x80570BC5 -> HOOKED (Unknown @ 0x861C92C8)

SSDT[31] : NtConnectPort @ 0x80590C5B -> HOOKED (Unknown @ 0x86E759A0)

SSDT[43] : NtCreateMutant @ 0x80580B62 -> HOOKED (Unknown @ 0x861BD520)

SSDT[53] : NtCreateThread @ 0x805860C0 -> HOOKED (Unknown @ 0x873608A0)

SSDT[83] : NtFreeVirtualMemory @ 0x805710BF -> HOOKED (Unknown @ 0x86EA3A50)

SSDT[89] : NtImpersonateAnonymousToken @ 0x8059BB5D -> HOOKED (Unknown @ 0x861BE5D8)

SSDT[91] : NtImpersonateThread @ 0x805874C1 -> HOOKED (Unknown @ 0x861BE698)

SSDT[108] : NtMapViewOfSection @ 0x8057AA19 -> HOOKED (Unknown @ 0x8630D7A8)

SSDT[114] : NtOpenEvent @ 0x80589B69 -> HOOKED (Unknown @ 0x861BD460)

SSDT[123] : NtOpenProcessToken @ 0x805784F6 -> HOOKED (Unknown @ 0x861E0D78)

SSDT[129] : NtOpenThreadToken @ 0x805746D2 -> HOOKED (Unknown @ 0x86E16788)

SSDT[143] : NtQueryDefaultLocale @ 0x8056F0D0 -> HOOKED (\SystemRoot\SYSTEM32\Drivers\SysPlant.sys @ 0xA8664280)

SSDT[206] : NtResumeThread @ 0x80586737 -> HOOKED (Unknown @ 0x86EC65E8)

SSDT[213] : NtSetContextThread @ 0x8063629D -> HOOKED (Unknown @ 0x86E11448)

SSDT[228] : NtSetInformationProcess @ 0x80574B1F -> HOOKED (Unknown @ 0x86E45958)

SSDT[229] : NtSetInformationThread @ 0x80576ABD -> HOOKED (Unknown @ 0x86E0FAF0)

SSDT[253] : NtSuspendProcess @ 0x80637B7B -> HOOKED (Unknown @ 0x86301638)

SSDT[254] : NtSuspendThread @ 0x80637A97 -> HOOKED (Unknown @ 0x863052A8)

SSDT[257] : NtTerminateProcess @ 0x8058E6B9 -> HOOKED (Unknown @ 0x861CF258)

SSDT[258] : NtTerminateThread @ 0x80582DD9 -> HOOKED (Unknown @ 0x863072A8)

SSDT[267] : NtUnmapViewOfSection @ 0x8057A5A1 -> HOOKED (Unknown @ 0x86E74E08)

SSDT[277] : NtWriteVirtualMemory @ 0x805873F6 -> HOOKED (Unknown @ 0x861BA5A8)

S_SSDT[383] : Unknown -> HOOKED (Unknown @ 0x8527C870)

¤¤¤ Extern Hives: ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤

--> C:\WINDOWS\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: ST9320423AS +++++

--- User ---

[MBR] 6ef1986258f13a7888f4882ee11d1531

[bSP] 262d882bbd56478772a4954539ceaa59 : MBR Code unknown

Partition table:

0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 305243 Mo

User = LL1 ... OK!

User = LL2 ... OK!

Finished : << RKreport[1].txt >>

RKreport[1].txt

Sarith

Link to post
Share on other sites

Not much showing, what browsers are effected?

Are you on a wireless network or network??

~~~~~~~~~~~~~~~~~~

Please do this...............

Please read the directions carefully so you don't end up deleting something that is good!!

Please download the latest version of TDSSKiller from here and save it to your Desktop.

  • Doubleclick on TDSSKiller.exe to run the application, then click on Change parameters.
    image000q.png
  • Put a checkmark beside loaded modules.
    2012081514h0118.png
  • A reboot will be needed to apply the changes. Do it.
  • TDSSKiller will launch automatically after the reboot. Also your computer may seem very slow and unusable. This is normal. Give it enough time to load your background programs.
  • Then click on Change parameters in TDSSKiller.
  • Check all boxes then click OK.
    2012081517h0349.png
  • Click the Start Scan button.
    19695967.jpg
  • The scan should take no longer than 2 minutes.
  • If a suspicious object is detected, the default action will be Skip, click on Continue.
    67776163.jpg
    Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.
  • If malicious objects are found, they will show in the Scan results - Select action for found objects and offer three options.
    Ensure Cure (default) is selected, then click Continue > Reboot now to finish the cleaning process.
    62117367.jpg
    Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.
  • A report will be created in your root directory, (usually C:\ folder) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt". Please copy and paste the contents of that file here. There may be 3 logs > so post or attach all of them.
  • Sometimes these logs can be very large, in that case please attach it or zip it up and attach it.

Here's a summary of what to do if you would like to print it out:

If a suspicious object is detected, the default action will be Skip, click on Continue

If you get the warning about a file UnsignedFile.Multi.Generic or LockedFile.Multi.Generic please choose

Skip and click on Continue

Any entries like this: \Device\Harddisk0\DR0 ( TDSS File System ) - please choose Skip.

If malicious objects are found, they will show in the Scan results and offer three (3) options.

Ensure Cure is selected, then click Continue => Reboot now to finish the cleaning process.

Note: If Cure is not available, please choose Skip instead, do not choose Delete unless instructed.

MrC

Link to post
Share on other sites

Please download AdwCleaner from here and save it on your Desktop.

  1. Right-click on adwcleaner.exe and select Run As Administrator to launch the application.
  2. Now click on the Search tab.
  3. Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

MrC

Link to post
Share on other sites

Thanks MrC. Please find the log file

# AdwCleaner v2.003 - Logfile created 09/25/2012 at 21:46:33

# Updated 23/09/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Sarith - Sarith

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe

# Option [search]

***** [services] *****

***** [Files / Folders] *****

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\searchplugins\Askcom.xml

File Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\searchplugins\Conduit.xml

Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}

Folder Found : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AskSearch

Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\ConduitCommon

Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\CT3080215

Folder Found : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit

Folder Found : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\figdphohhlffelolcabcjpikobidapnk

Folder Found : C:\Documents and Settings\All Users\Application Data\blekko toolbars

Folder Found : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Found : C:\Program Files\Conduit

***** [Registry] *****

Key Found : HKCU\Software\Conduit

Key Found : HKCU\Software\ConduitSearchScopes

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Found : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}

Key Found : HKLM\SOFTWARE\Classes\S

Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3080215

Key Found : HKLM\Software\Conduit

Key Found : HKLM\SOFTWARE\Google\Chrome\Extensions\figdphohhlffelolcabcjpikobidapnk

Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Found : HKLM\Software\Tarma Installer

Key Found : HKU\S-1-5-21-2894953097-1353061633-2067263066-500\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Found : HKU\S-1-5-21-2894953097-1353061633-2067263066-500\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Value Found : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

[OK] Registry is clean.

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\prefs.js

Found : user_pref("CT3080215..clientLogIsEnabled", false);

Found : user_pref("CT3080215..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Found : user_pref("CT3080215..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Found : user_pref("CT3080215.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Found : user_pref("CT3080215.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Found : user_pref("CT3080215.AppTrackingLastCheckTime", "Tue Jun 19 2012 11:07:10 GMT+1000 (AUS Eastern Stan[...]

Found : user_pref("CT3080215.BrowserCompStateIsOpen_129593625122250400", true);

Found : user_pref("CT3080215.BrowserCompStateIsOpen_129593625633170487", true);

Found : user_pref("CT3080215.BrowserCompStateIsOpen_129602826443090033", true);

Found : user_pref("CT3080215.BrowserCompStateIsOpen_129651293692945774", true);

Found : user_pref("CT3080215.BrowserCompStateIsOpen_129683385239384536", true);

Found : user_pref("CT3080215.CTID", "CT3080215");

Found : user_pref("CT3080215.CurrentServerDate", "25-9-2012");

Found : user_pref("CT3080215.DSChangedManually", false);

Found : user_pref("CT3080215.DSInstall", true);

Found : user_pref("CT3080215.DSProtectChoice", true);

Found : user_pref("CT3080215.DSProtectCount", 1);

Found : user_pref("CT3080215.DialogsAlignMode", "LTR");

Found : user_pref("CT3080215.DialogsGetterLastCheckTime", "Tue Sep 25 2012 10:24:50 GMT+1000 (AUS Eastern St[...]

Found : user_pref("CT3080215.DownloadReferralCookieData", "");

Found : user_pref("CT3080215.EMailNotifierPollDate", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern Standar[...]

Found : user_pref("CT3080215.FirstServerDate", "29-10-2011");

Found : user_pref("CT3080215.FirstTime", true);

Found : user_pref("CT3080215.FirstTimeFF3", true);

Found : user_pref("CT3080215.FixPageNotFoundErrors", true);

Found : user_pref("CT3080215.GroupingServerCheckInterval", 1440);

Found : user_pref("CT3080215.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Found : user_pref("CT3080215.HPChangedManually", true);

Found : user_pref("CT3080215.HPInstall", false);

Found : user_pref("CT3080215.HPProtectChoice", true);

Found : user_pref("CT3080215.HPProtectCount", 1);

Found : user_pref("CT3080215.HasUserGlobalKeys", true);

Found : user_pref("CT3080215.HomePageProtectorEnabled", false);

Found : user_pref("CT3080215.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=[...]

Found : user_pref("CT3080215.Initialize", true);

Found : user_pref("CT3080215.InitializeCommonPrefs", true);

Found : user_pref("CT3080215.InstallationAndCookieDataSentCount", 3);

Found : user_pref("CT3080215.InstallationId", "CT3080215_ChatVibes.exe");

Found : user_pref("CT3080215.InstallationType", "ConduitIntegration");

Found : user_pref("CT3080215.InstalledDate", "Sat Oct 29 2011 15:36:37 GMT+1100 (AUS Eastern Daylight Time)"[...]

Found : user_pref("CT3080215.InvalidateCache", false);

Found : user_pref("CT3080215.IsAlertDBUpdated", true);

Found : user_pref("CT3080215.IsGrouping", false);

Found : user_pref("CT3080215.IsInitSetupIni", true);

Found : user_pref("CT3080215.IsMulticommunity", false);

Found : user_pref("CT3080215.IsOpenThankYouPage", false);

Found : user_pref("CT3080215.IsOpenUninstallPage", true);

Found : user_pref("CT3080215.IsProtectorsInit", true);

Found : user_pref("CT3080215.LanguagePackLastCheckTime", "Tue Sep 25 2012 21:18:19 GMT+1000 (AUS Eastern Sta[...]

Found : user_pref("CT3080215.LanguagePackReloadIntervalMM", 1440);

Found : user_pref("CT3080215.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Found : user_pref("CT3080215.LastLogin_3.13.0.6", "Fri Aug 10 2012 08:59:37 GMT+1000 (AUS Eastern Standard T[...]

Found : user_pref("CT3080215.LastLogin_3.14.1.0", "Tue Sep 18 2012 04:48:41 GMT+1000 (AUS Eastern Standard T[...]

Found : user_pref("CT3080215.LastLogin_3.15.1.0", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Standard T[...]

Found : user_pref("CT3080215.LastLogin_3.7.0.6", "Fri Dec 09 2011 12:29:49 GMT+1100 (AUS Eastern Daylight Ti[...]

Found : user_pref("CT3080215.LastLogin_3.8.1.0", "Tue Feb 14 2012 14:44:25 GMT+1100 (AUS Eastern Daylight Ti[...]

Found : user_pref("CT3080215.LastLogin_3.9.0.3", "Tue Jun 05 2012 15:01:59 GMT+1000 (AUS Eastern Standard Ti[...]

Found : user_pref("CT3080215.LatestVersion", "3.14.1.0");

Found : user_pref("CT3080215.Locale", "en");

Found : user_pref("CT3080215.MAX_NUMBER_OF_ALERTS_129651293692945774", "1_1325053429000");

Found : user_pref("CT3080215.MCDetectTooltipHeight", "83");

Found : user_pref("CT3080215.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Found : user_pref("CT3080215.MCDetectTooltipWidth", "295");

Found : user_pref("CT3080215.MyStuffEnabledAtInstallation", true);

Found : user_pref("CT3080215.OriginalFirstVersion", "3.7.0.6");

Found : user_pref("CT3080215.RadioIsPodcast", false);

Found : user_pref("CT3080215.RadioLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Standard T[...]

Found : user_pref("CT3080215.RadioLastUpdateIPServer", "3");

Found : user_pref("CT3080215.RadioLastUpdateServer", "129581572163170000");

Found : user_pref("CT3080215.RadioMediaID", "21938416");

Found : user_pref("CT3080215.RadioMediaType", "Media Player");

Found : user_pref("CT3080215.RadioMenuSelectedID", "EBRadioMenu_CT308021521938416");

Found : user_pref("CT3080215.RadioShrinked", "shrinked");

Found : user_pref("CT3080215.RadioShrinkedFromSetup", true);

Found : user_pref("CT3080215.RadioStationName", "California%20Rock%20-%20Rock");

Found : user_pref("CT3080215.RadioStationURL", "hxxp://www.feedlive.net/california.asx");

Found : user_pref("CT3080215.SavedHomepage", "hxxp://www.ask.com/?l=dis&o=15087");

Found : user_pref("CT3080215.SearchCaption", "ChatVibes.com Customized Web Search");

Found : user_pref("CT3080215.SearchEngineBeforeUnload", "ChatVibes.com Customized Web Search");

Found : user_pref("CT3080215.SearchFromAddressBarIsInit", true);

Found : user_pref("CT3080215.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT308[...]

Found : user_pref("CT3080215.SearchInNewTabEnabled", true);

Found : user_pref("CT3080215.SearchInNewTabIntervalMM", 1440);

Found : user_pref("CT3080215.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern S[...]

Found : user_pref("CT3080215.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Found : user_pref("CT3080215.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Found : user_pref("CT3080215.SearchProtectorEnabled", true);

Found : user_pref("CT3080215.SearchProtectorToolbarDisabled", false);

Found : user_pref("CT3080215.SendProtectorDataViaLogin", true);

Found : user_pref("CT3080215.ServiceMapLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Stand[...]

Found : user_pref("CT3080215.SettingsLastCheckTime", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern Standar[...]

Found : user_pref("CT3080215.SettingsLastUpdate", "1348502541");

Found : user_pref("CT3080215.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=13");

Found : user_pref("CT3080215.ThirdPartyComponentsInterval", 504);

Found : user_pref("CT3080215.ThirdPartyComponentsLastCheck", "Wed Sep 05 2012 19:04:49 GMT+1000 (AUS Eastern[...]

Found : user_pref("CT3080215.ThirdPartyComponentsLastUpdate", "1331805997");

Found : user_pref("CT3080215.ToolbarShrinkedFromSetup", false);

Found : user_pref("CT3080215.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3080215");

Found : user_pref("CT3080215.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Found : user_pref("CT3080215.UserID", "UN89741234525382128");

Found : user_pref("CT3080215.ValidationData_Search", 1);

Found : user_pref("CT3080215.ValidationData_Toolbar", 2);

Found : user_pref("CT3080215.alertChannelId", "1471614");

Found : user_pref("CT3080215.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Found : user_pref("CT3080215.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Found : user_pref("CT3080215.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Found : user_pref("CT3080215.backendstorage./9b+7e.:2z527", "2423");

Found : user_pref("CT3080215.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Found : user_pref("CT3080215.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Found : user_pref("CT3080215.backendstorage./9b+7e06cg5el8:", "6E6D6F72706E726E6E75");

Found : user_pref("CT3080215.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757876747874747B242F4B4947[...]

Found : user_pref("CT3080215.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Found : user_pref("CT3080215.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Found : user_pref("CT3080215.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Found : user_pref("CT3080215.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444[...]

Found : user_pref("CT3080215.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]

Found : user_pref("CT3080215.backendstorage./9b+7e31;cj=<8ei=mp@n'rgj", "247E61393F236B25747376722A212C6E414[...]

Found : user_pref("CT3080215.backendstorage./9b+7e31;cj=hkgij#ncf", "247E61393F236B256F6F73772A212C6E414F444[...]

Found : user_pref("CT3080215.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]

Found : user_pref("CT3080215.backendstorage./9b+7e31;cjc<=fbj#ncf'ta", "247E61393F236B25726F76722A212C6E414F[...]

Found : user_pref("CT3080215.backendstorage./9b+7e31;cji>g;elocm;dcqde,wlo", "247E61393F236B25717171772A212C[...]

Found : user_pref("CT3080215.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Found : user_pref("CT3080215.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Found : user_pref("CT3080215.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Found : user_pref("CT3080215.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Found : user_pref("CT3080215.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Found : user_pref("CT3080215.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Found : user_pref("CT3080215.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Found : user_pref("CT3080215.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Found : user_pref("CT3080215.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Found : user_pref("CT3080215.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Found : user_pref("CT3080215.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Found : user_pref("CT3080215.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Found : user_pref("CT3080215.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Found : user_pref("CT3080215.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Found : user_pref("CT3080215.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Found : user_pref("CT3080215.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Found : user_pref("CT3080215.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Found : user_pref("CT3080215.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Found : user_pref("CT3080215.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Found : user_pref("CT3080215.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Found : user_pref("CT3080215.backendstorage./9b-0?3g>d", "6B3E3B72726D6E6D7A7879727A207D75767D254F2053262A22[...]

Found : user_pref("CT3080215.backendstorage./9b-0?3g@6:5;", "");

Found : user_pref("CT3080215.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");

Found : user_pref("CT3080215.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]

Found : user_pref("CT3080215.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");

Found : user_pref("CT3080215.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]

Found : user_pref("CT3080215.backendstorage./9b5ba==9cjag", "68686C6F6A6D73447A77477676764B7E7C7B4D7C22");

Found : user_pref("CT3080215.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F706F6E74727570727778");

Found : user_pref("CT3080215.backendstorage./9b9643g3/9e", "6A");

Found : user_pref("CT3080215.backendstorage./9b<:222h64<", "393F352F3E");

Found : user_pref("CT3080215.backendstorage./9b=+03eh8h8j?:", "4443");

Found : user_pref("CT3080215.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Found : user_pref("CT3080215.backendstorage./9b?b0d:8aj62<h", "6D");

Found : user_pref("CT3080215.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Found : user_pref("CT3080215.backendstorage.3080215a129594582538461993000000paramsgk0", "7B22757064617465526[...]

Found : user_pref("CT3080215.backendstorage.activationstep", "35");

Found : user_pref("CT3080215.backendstorage.cb_firstuse0100", "31");

Found : user_pref("CT3080215.backendstorage.cbfirsttime", "536174204F637420323920323031312031353A33363A34342[...]

Found : user_pref("CT3080215.backendstorage.ct3080215ads1", "25374225323261647325323225334125354225374225323[...]

Found : user_pref("CT3080215.backendstorage.ct3080215current_term", "");

Found : user_pref("CT3080215.backendstorage.ct3080215sdate", "31");

Found : user_pref("CT3080215.backendstorage.d_date_ginyas1", "31333438333739393832343030");

Found : user_pref("CT3080215.backendstorage.d_ginyas1", "30");

Found : user_pref("CT3080215.backendstorage.dealplyhardid", "333431383232353333323336363236323837");

Found : user_pref("CT3080215.backendstorage.dealplyheartbitdate", "3131325F325F3330");

Found : user_pref("CT3080215.backendstorage.dealplywasshownctsettingswidget", "31");

Found : user_pref("CT3080215.backendstorage.firstrun", "31333231353731363231393538");

Found : user_pref("CT3080215.backendstorage.ginyasstest", "676F6F64");

Found : user_pref("CT3080215.backendstorage.hxxp://conduit_anybodyoutthere_com.guid", "313333343830303634323[...]

Found : user_pref("CT3080215.backendstorage.hxxp://conduit_anybodyoutthere_com.instts", "3133333238393738383[...]

Found : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_affid", "63765F636F6E64756[...]

Found : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_bguid", "63765F636F6E64756[...]

Found : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_lba", "3232343735383238");

Found : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_lba1", "323031322D392D3235[...]

Found : user_pref("CT3080215.backendstorage.loadtimes", "3537");

Found : user_pref("CT3080215.backendstorage.shoppingapp.gk.exipres", "53756E2041707220303120323031322031323A[...]

Found : user_pref("CT3080215.backendstorage.shoppingapp.gk.geolocation", "6175737472616C6961");

Found : user_pref("CT3080215.backendstorage.uniqueid", "35424543454442363845323945323834");

Found : user_pref("CT3080215.backendstorage.url_history", "6A6176617363726970743A7375626D697446726F6D4461746[...]

Found : user_pref("CT3080215.backendstorage.url_history_time", "31333237353733313032363030");

Found : user_pref("CT3080215.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Found : user_pref("CT3080215.globalFirstTimeInfoLastCheckTime", "Sun Sep 16 2012 10:24:48 GMT+1000 (AUS East[...]

Found : user_pref("CT3080215.homepageProtectorEnableByLogin", true);

Found : user_pref("CT3080215.initDone", true);

Found : user_pref("CT3080215.isAppTrackingManagerOn", false);

Found : user_pref("CT3080215.isFirstRadioInstallation", false);

Found : user_pref("CT3080215.myStuffEnabled", true);

Found : user_pref("CT3080215.myStuffPublihserMinWidth", 400);

Found : user_pref("CT3080215.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Found : user_pref("CT3080215.myStuffServiceIntervalMM", 1440);

Found : user_pref("CT3080215.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Found : user_pref("CT3080215.oldAppsList", "10000001,10000002,111,129581470654806571,129581471989984800,1295[...]

Found : user_pref("CT3080215.revertSettingsEnabled", true);

Found : user_pref("CT3080215.searchProtectorDialogDelayInSec", 10);

Found : user_pref("CT3080215.searchProtectorEnableByLogin", true);

Found : user_pref("CT3080215.testingCtid", "");

Found : user_pref("CT3080215.toolbarAppMetaDataLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Easte[...]

Found : user_pref("CT3080215.toolbarContextMenuLastCheckTime", "Wed Sep 19 2012 19:29:55 GMT+1000 (AUS Easte[...]

Found : user_pref("CT3080215.usagesFlag", 2);

Found : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3080215&Search[...]

Found : user_pref("CommunityToolbar.ConduitSearchList", "ChatVibes.com Customized Web Search");

Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3080215/CT3080215[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1471614/1467267/AU", "\"0\"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3080215", [...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3080215",[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3080215&octid=[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]

Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4e9[...]

Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]

Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");

Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://conduit.anybodyoutthere.com/index.php?toolbar[...]

Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]

Found : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://rv.ginyas.com/app/conduit/disclaimer_ginyas.h[...]

Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe[...]

Found : user_pref("CommunityToolbar.ToolbarsList", "CT3080215");

Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3080215");

Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3080215");

Found : user_pref("CommunityToolbar.globalUserId", "af9b5267-b454-4ce1-b06e-ae19ccb04c67");

Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3080215");

Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Sep 23 2012 13:16:2[...]

Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Sep 25 2012 21:18:25 GMT+100[...]

Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Found : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);

Found : user_pref("CommunityToolbar.notifications.locale", "en");

Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (A[...]

Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Found : user_pref("CommunityToolbar.notifications.userId", "fcea96d6-2dfb-4107-b84d-cd7afc1f4cc2");

Found : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.ask.com/?l=dis&o=15087");

Found : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");

Found : user_pref("browser.search.defaultengine", "Ask.com");

Found : user_pref("browser.search.defaultenginename", "Blekko");

Found : user_pref("browser.search.defaultthis.engineName", "ChatVibes.com Customized Web Search");

Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3080215&Sea[...]

Found : user_pref("browser.search.order.1", "Blekko");

Found : user_pref("browser.search.selectedEngine", "ChatVibes.com Customized Web Search");

Found : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=13");

Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3080215&SearchSource=2&q=[...]

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [27725 octets] - [25/09/2012 21:46:33]

########## EOF - C:\AdwCleaner[R1].txt - [27786 octets] ##########

Link to post
Share on other sites

Lots of garbage found....lets clear it out:

  1. Please re-run AdwCleaner
  2. Click on Delete button.
  3. Confirm each time with OK.
  4. Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.

Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

MrC

Link to post
Share on other sites

Hi Mr C,

I ran the AdwCleaner as per your instructions.

Please find the contents of the log file.

# AdwCleaner v2.003 - Logfile created 09/26/2012 at 17:21:24

# Updated 23/09/2012 by Xplode

# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)

# User : Sarith - Sarith

# Boot Mode : Normal

# Running from : C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe

# Option [Delete]

***** [services] *****

***** [Files / Folders] *****

Deleted on reboot : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\figdphohhlffelolcabcjpikobidapnk

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\searchplugins\Askcom.xml

File Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\searchplugins\Conduit.xml

Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}

Folder Deleted : C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\AskSearch

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\ConduitCommon

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\CT3080215

Folder Deleted : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\extensions\{c34bfb11-eff0-4123-a7a5-79051ef24cf5}

Folder Deleted : C:\Documents and Settings\Administrator\Local Settings\Application Data\Conduit

Folder Deleted : C:\Documents and Settings\All Users\Application Data\blekko toolbars

Folder Deleted : C:\Documents and Settings\All Users\Application Data\Tarma Installer

Folder Deleted : C:\Program Files\Conduit

***** [Registry] *****

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\ConduitSearchScopes

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{3BD44F0E-0596-4008-AEE0-45D47E3A8F0E}

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}

Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6E4C89CF-3061-4EE4-B22A-B7A8AAEA5CB3}

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3080215

Key Deleted : HKLM\Software\Conduit

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\figdphohhlffelolcabcjpikobidapnk

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}

Key Deleted : HKLM\Software\Tarma Installer

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]

***** [internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]

-\\ Mozilla Firefox v15.0.1 (en-US)

Profile name : default

File : C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\prefs.js

C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\p9mdzysh.default\user.js ... Deleted !

Deleted : user_pref("CT3080215..clientLogIsEnabled", false);

Deleted : user_pref("CT3080215..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]

Deleted : user_pref("CT3080215..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]

Deleted : user_pref("CT3080215.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Deleted : user_pref("CT3080215.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");

Deleted : user_pref("CT3080215.AppTrackingLastCheckTime", "Tue Jun 19 2012 11:07:10 GMT+1000 (AUS Eastern Stan[...]

Deleted : user_pref("CT3080215.BrowserCompStateIsOpen_129593625122250400", true);

Deleted : user_pref("CT3080215.BrowserCompStateIsOpen_129593625633170487", true);

Deleted : user_pref("CT3080215.BrowserCompStateIsOpen_129602826443090033", true);

Deleted : user_pref("CT3080215.BrowserCompStateIsOpen_129651293692945774", true);

Deleted : user_pref("CT3080215.BrowserCompStateIsOpen_129683385239384536", true);

Deleted : user_pref("CT3080215.CTID", "CT3080215");

Deleted : user_pref("CT3080215.CurrentServerDate", "25-9-2012");

Deleted : user_pref("CT3080215.DSChangedManually", false);

Deleted : user_pref("CT3080215.DSInstall", true);

Deleted : user_pref("CT3080215.DSProtectChoice", true);

Deleted : user_pref("CT3080215.DSProtectCount", 1);

Deleted : user_pref("CT3080215.DialogsAlignMode", "LTR");

Deleted : user_pref("CT3080215.DialogsGetterLastCheckTime", "Tue Sep 25 2012 10:24:50 GMT+1000 (AUS Eastern St[...]

Deleted : user_pref("CT3080215.DownloadReferralCookieData", "");

Deleted : user_pref("CT3080215.EMailNotifierPollDate", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern Standar[...]

Deleted : user_pref("CT3080215.FirstServerDate", "29-10-2011");

Deleted : user_pref("CT3080215.FirstTime", true);

Deleted : user_pref("CT3080215.FirstTimeFF3", true);

Deleted : user_pref("CT3080215.FixPageNotFoundErrors", true);

Deleted : user_pref("CT3080215.GroupingServerCheckInterval", 1440);

Deleted : user_pref("CT3080215.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");

Deleted : user_pref("CT3080215.HPChangedManually", true);

Deleted : user_pref("CT3080215.HPInstall", false);

Deleted : user_pref("CT3080215.HPProtectChoice", true);

Deleted : user_pref("CT3080215.HPProtectCount", 1);

Deleted : user_pref("CT3080215.HasUserGlobalKeys", true);

Deleted : user_pref("CT3080215.HomePageProtectorEnabled", false);

Deleted : user_pref("CT3080215.HomepageBeforeUnload", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=[...]

Deleted : user_pref("CT3080215.Initialize", true);

Deleted : user_pref("CT3080215.InitializeCommonPrefs", true);

Deleted : user_pref("CT3080215.InstallationAndCookieDataSentCount", 3);

Deleted : user_pref("CT3080215.InstallationId", "CT3080215_ChatVibes.exe");

Deleted : user_pref("CT3080215.InstallationType", "ConduitIntegration");

Deleted : user_pref("CT3080215.InstalledDate", "Sat Oct 29 2011 15:36:37 GMT+1100 (AUS Eastern Daylight Time)"[...]

Deleted : user_pref("CT3080215.InvalidateCache", false);

Deleted : user_pref("CT3080215.IsAlertDBUpdated", true);

Deleted : user_pref("CT3080215.IsGrouping", false);

Deleted : user_pref("CT3080215.IsInitSetupIni", true);

Deleted : user_pref("CT3080215.IsMulticommunity", false);

Deleted : user_pref("CT3080215.IsOpenThankYouPage", false);

Deleted : user_pref("CT3080215.IsOpenUninstallPage", true);

Deleted : user_pref("CT3080215.IsProtectorsInit", true);

Deleted : user_pref("CT3080215.LanguagePackLastCheckTime", "Tue Sep 25 2012 21:18:19 GMT+1000 (AUS Eastern Sta[...]

Deleted : user_pref("CT3080215.LanguagePackReloadIntervalMM", 1440);

Deleted : user_pref("CT3080215.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]

Deleted : user_pref("CT3080215.LastLogin_3.13.0.6", "Fri Aug 10 2012 08:59:37 GMT+1000 (AUS Eastern Standard T[...]

Deleted : user_pref("CT3080215.LastLogin_3.14.1.0", "Tue Sep 18 2012 04:48:41 GMT+1000 (AUS Eastern Standard T[...]

Deleted : user_pref("CT3080215.LastLogin_3.15.1.0", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Standard T[...]

Deleted : user_pref("CT3080215.LastLogin_3.7.0.6", "Fri Dec 09 2011 12:29:49 GMT+1100 (AUS Eastern Daylight Ti[...]

Deleted : user_pref("CT3080215.LastLogin_3.8.1.0", "Tue Feb 14 2012 14:44:25 GMT+1100 (AUS Eastern Daylight Ti[...]

Deleted : user_pref("CT3080215.LastLogin_3.9.0.3", "Tue Jun 05 2012 15:01:59 GMT+1000 (AUS Eastern Standard Ti[...]

Deleted : user_pref("CT3080215.LatestVersion", "3.14.1.0");

Deleted : user_pref("CT3080215.Locale", "en");

Deleted : user_pref("CT3080215.MAX_NUMBER_OF_ALERTS_129651293692945774", "1_1325053429000");

Deleted : user_pref("CT3080215.MCDetectTooltipHeight", "83");

Deleted : user_pref("CT3080215.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");

Deleted : user_pref("CT3080215.MCDetectTooltipWidth", "295");

Deleted : user_pref("CT3080215.MyStuffEnabledAtInstallation", true);

Deleted : user_pref("CT3080215.OriginalFirstVersion", "3.7.0.6");

Deleted : user_pref("CT3080215.RadioIsPodcast", false);

Deleted : user_pref("CT3080215.RadioLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Standard T[...]

Deleted : user_pref("CT3080215.RadioLastUpdateIPServer", "3");

Deleted : user_pref("CT3080215.RadioLastUpdateServer", "129581572163170000");

Deleted : user_pref("CT3080215.RadioMediaID", "21938416");

Deleted : user_pref("CT3080215.RadioMediaType", "Media Player");

Deleted : user_pref("CT3080215.RadioMenuSelectedID", "EBRadioMenu_CT308021521938416");

Deleted : user_pref("CT3080215.RadioShrinked", "shrinked");

Deleted : user_pref("CT3080215.RadioShrinkedFromSetup", true);

Deleted : user_pref("CT3080215.RadioStationName", "California%20Rock%20-%20Rock");

Deleted : user_pref("CT3080215.RadioStationURL", "hxxp://www.feedlive.net/california.asx");

Deleted : user_pref("CT3080215.SavedHomepage", "hxxp://www.ask.com/?l=dis&o=15087");

Deleted : user_pref("CT3080215.SearchCaption", "ChatVibes.com Customized Web Search");

Deleted : user_pref("CT3080215.SearchEngineBeforeUnload", "ChatVibes.com Customized Web Search");

Deleted : user_pref("CT3080215.SearchFromAddressBarIsInit", true);

Deleted : user_pref("CT3080215.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT308[...]

Deleted : user_pref("CT3080215.SearchInNewTabEnabled", true);

Deleted : user_pref("CT3080215.SearchInNewTabIntervalMM", 1440);

Deleted : user_pref("CT3080215.SearchInNewTabLastCheckTime", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern S[...]

Deleted : user_pref("CT3080215.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]

Deleted : user_pref("CT3080215.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]

Deleted : user_pref("CT3080215.SearchProtectorEnabled", true);

Deleted : user_pref("CT3080215.SearchProtectorToolbarDisabled", false);

Deleted : user_pref("CT3080215.SendProtectorDataViaLogin", true);

Deleted : user_pref("CT3080215.ServiceMapLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Eastern Stand[...]

Deleted : user_pref("CT3080215.SettingsLastCheckTime", "Tue Sep 25 2012 21:18:16 GMT+1000 (AUS Eastern Standar[...]

Deleted : user_pref("CT3080215.SettingsLastUpdate", "1348502541");

Deleted : user_pref("CT3080215.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=13");

Deleted : user_pref("CT3080215.ThirdPartyComponentsInterval", 504);

Deleted : user_pref("CT3080215.ThirdPartyComponentsLastCheck", "Wed Sep 05 2012 19:04:49 GMT+1000 (AUS Eastern[...]

Deleted : user_pref("CT3080215.ThirdPartyComponentsLastUpdate", "1331805997");

Deleted : user_pref("CT3080215.ToolbarShrinkedFromSetup", false);

Deleted : user_pref("CT3080215.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3080215");

Deleted : user_pref("CT3080215.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]

Deleted : user_pref("CT3080215.UserID", "UN89741234525382128");

Deleted : user_pref("CT3080215.ValidationData_Search", 1);

Deleted : user_pref("CT3080215.ValidationData_Toolbar", 2);

Deleted : user_pref("CT3080215.alertChannelId", "1471614");

Deleted : user_pref("CT3080215.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e.:2z527", "2423");

Deleted : user_pref("CT3080215.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e06cg5el8:", "6E6D6F72706E726E6E75");

Deleted : user_pref("CT3080215.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757876747874747B242F4B4947[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cj7@3=i\"mbe", "247E61393F236B25707876792A212C6E414F444[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cj7fk;kg#ncep@mc+vkn", "247E61393F236B25737471712A212C6[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cj=<8ei=mp@n'rgj", "247E61393F236B25747376722A212C6E414[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cj=hkgij#ncf", "247E61393F236B256F6F73772A212C6E414F444[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cjc<=fbj#ncf'ta", "247E61393F236B25726F76722A212C6E414F[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e31;cji>g;elocm;dcqde,wlo", "247E61393F236B25717171772A212C[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]

Deleted : user_pref("CT3080215.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]

Deleted : user_pref("CT3080215.backendstorage./9b-0?3g>d", "6B3E3B72726D6E6D7A7879727A207D75767D254F2053262A22[...]

Deleted : user_pref("CT3080215.backendstorage./9b-0?3g@6:5;", "");

Deleted : user_pref("CT3080215.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");

Deleted : user_pref("CT3080215.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]

Deleted : user_pref("CT3080215.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6E6A68707374757677");

Deleted : user_pref("CT3080215.backendstorage./9b3=>@44i48?", "372C2D32697576334236334148477B213F3E484F4E4D464[...]

Deleted : user_pref("CT3080215.backendstorage./9b5ba==9cjag", "68686C6F6A6D73447A77477676764B7E7C7B4D7C22");

Deleted : user_pref("CT3080215.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F706F6E74727570727778");

Deleted : user_pref("CT3080215.backendstorage./9b9643g3/9e", "6A");

Deleted : user_pref("CT3080215.backendstorage./9b<:222h64<", "393F352F3E");

Deleted : user_pref("CT3080215.backendstorage./9b=+03eh8h8j?:", "4443");

Deleted : user_pref("CT3080215.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]

Deleted : user_pref("CT3080215.backendstorage./9b?b0d:8aj62<h", "6D");

Deleted : user_pref("CT3080215.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");

Deleted : user_pref("CT3080215.backendstorage.3080215a129594582538461993000000paramsgk0", "7B22757064617465526[...]

Deleted : user_pref("CT3080215.backendstorage.activationstep", "35");

Deleted : user_pref("CT3080215.backendstorage.cb_firstuse0100", "31");

Deleted : user_pref("CT3080215.backendstorage.cbfirsttime", "536174204F637420323920323031312031353A33363A34342[...]

Deleted : user_pref("CT3080215.backendstorage.ct3080215ads1", "25374225323261647325323225334125354225374225323[...]

Deleted : user_pref("CT3080215.backendstorage.ct3080215current_term", "");

Deleted : user_pref("CT3080215.backendstorage.ct3080215sdate", "31");

Deleted : user_pref("CT3080215.backendstorage.d_date_ginyas1", "31333438333739393832343030");

Deleted : user_pref("CT3080215.backendstorage.d_ginyas1", "30");

Deleted : user_pref("CT3080215.backendstorage.dealplyhardid", "333431383232353333323336363236323837");

Deleted : user_pref("CT3080215.backendstorage.dealplyheartbitdate", "3131325F325F3330");

Deleted : user_pref("CT3080215.backendstorage.dealplywasshownctsettingswidget", "31");

Deleted : user_pref("CT3080215.backendstorage.firstrun", "31333231353731363231393538");

Deleted : user_pref("CT3080215.backendstorage.ginyasstest", "676F6F64");

Deleted : user_pref("CT3080215.backendstorage.hxxp://conduit_anybodyoutthere_com.guid", "313333343830303634323[...]

Deleted : user_pref("CT3080215.backendstorage.hxxp://conduit_anybodyoutthere_com.instts", "3133333238393738383[...]

Deleted : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_affid", "63765F636F6E64756[...]

Deleted : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_bguid", "63765F636F6E64756[...]

Deleted : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_lba", "3232343735383238");

Deleted : user_pref("CT3080215.backendstorage.hxxp://rv_ginyas_com/app/conduit.bbrs_lba1", "323031322D392D3235[...]

Deleted : user_pref("CT3080215.backendstorage.loadtimes", "3537");

Deleted : user_pref("CT3080215.backendstorage.shoppingapp.gk.exipres", "53756E2041707220303120323031322031323A[...]

Deleted : user_pref("CT3080215.backendstorage.shoppingapp.gk.geolocation", "6175737472616C6961");

Deleted : user_pref("CT3080215.backendstorage.uniqueid", "35424543454442363845323945323834");

Deleted : user_pref("CT3080215.backendstorage.url_history", "6A6176617363726970743A7375626D697446726F6D4461746[...]

Deleted : user_pref("CT3080215.backendstorage.url_history_time", "31333237353733313032363030");

Deleted : user_pref("CT3080215.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]

Deleted : user_pref("CT3080215.globalFirstTimeInfoLastCheckTime", "Sun Sep 16 2012 10:24:48 GMT+1000 (AUS East[...]

Deleted : user_pref("CT3080215.homepageProtectorEnableByLogin", true);

Deleted : user_pref("CT3080215.initDone", true);

Deleted : user_pref("CT3080215.isAppTrackingManagerOn", false);

Deleted : user_pref("CT3080215.isFirstRadioInstallation", false);

Deleted : user_pref("CT3080215.myStuffEnabled", true);

Deleted : user_pref("CT3080215.myStuffPublihserMinWidth", 400);

Deleted : user_pref("CT3080215.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]

Deleted : user_pref("CT3080215.myStuffServiceIntervalMM", 1440);

Deleted : user_pref("CT3080215.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]

Deleted : user_pref("CT3080215.oldAppsList", "10000001,10000002,111,129581470654806571,129581471989984800,1295[...]

Deleted : user_pref("CT3080215.revertSettingsEnabled", true);

Deleted : user_pref("CT3080215.searchProtectorDialogDelayInSec", 10);

Deleted : user_pref("CT3080215.searchProtectorEnableByLogin", true);

Deleted : user_pref("CT3080215.testingCtid", "");

Deleted : user_pref("CT3080215.toolbarAppMetaDataLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (AUS Easte[...]

Deleted : user_pref("CT3080215.toolbarContextMenuLastCheckTime", "Wed Sep 19 2012 19:29:55 GMT+1000 (AUS Easte[...]

Deleted : user_pref("CT3080215.usagesFlag", 2);

Deleted : user_pref("CommunityToolbar.ConduitHomepagesList", "hxxp://search.conduit.com/?ctid=CT3080215&Search[...]

Deleted : user_pref("CommunityToolbar.ConduitSearchList", "ChatVibes.com Customized Web Search");

Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3080215/CT3080215[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1471614/1467267/AU", "\"0\"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3080215", [...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.8.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3080215",[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT3080215&octid=[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalize[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif"[...]

Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"4e9[...]

Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\Administrator\\App[...]

Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.15.1.0");

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://conduit.anybodyoutthere.com/index.php?toolbar[...]

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]

Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://rv.ginyas.com/app/conduit/disclaimer_ginyas.h[...]

Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://www.google.com/search?ie=UTF-8&oe[...]

Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3080215");

Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3080215");

Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3080215");

Deleted : user_pref("CommunityToolbar.globalUserId", "af9b5267-b454-4ce1-b06e-ae19ccb04c67");

Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);

Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT3080215");

Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Sep 23 2012 13:16:2[...]

Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);

Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Sep 25 2012 21:18:25 GMT+100[...]

Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.firstTimeAlertShown", true);

Deleted : user_pref("CommunityToolbar.notifications.locale", "en");

Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);

Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Sep 25 2012 21:18:17 GMT+1000 (A[...]

Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");

Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");

Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);

Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);

Deleted : user_pref("CommunityToolbar.notifications.userId", "fcea96d6-2dfb-4107-b84d-cd7afc1f4cc2");

Deleted : user_pref("CommunityToolbar.originalHomepage", "hxxp://www.ask.com/?l=dis&o=15087");

Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Ask.com");

Deleted : user_pref("browser.search.defaultengine", "Ask.com");

Deleted : user_pref("browser.search.defaultenginename", "Blekko");

Deleted : user_pref("browser.search.defaultthis.engineName", "ChatVibes.com Customized Web Search");

Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3080215&Sea[...]

Deleted : user_pref("browser.search.order.1", "Blekko");

Deleted : user_pref("browser.search.selectedEngine", "ChatVibes.com Customized Web Search");

Deleted : user_pref("browser.startup.homepage", "hxxp://search.conduit.com/?ctid=CT3080215&SearchSource=13");

Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3080215&SearchSource=2&q=[...]

-\\ Google Chrome v21.0.1180.89

File : C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [27856 octets] - [25/09/2012 21:46:33]

AdwCleaner[s1].txt - [28526 octets] - [26/09/2012 17:21:24]

########## EOF - C:\AdwCleaner[s1].txt - [28587 octets] ##########

Link to post
Share on other sites

Try this..............

Reset Internet Explorer:

http://windows.micro...orer-8-settings

Reset Firefox:

http://support.mozil...x-most-problems

Check Chrome settings:

First please make sure you have the latest version of Chrome:

Click the wrench in the upper right hand corner

Click on "About Google Chrome"

If an update is available it will be downloaded and installed

Next:

Carefully check for any odd extensions or plugins: (it's a good idea to disable them all and see if you're still redirected and then add each one back until you find the culprit)

Type the following into the address box and hit Enter:

chrome:plugins

Do the same for:

chrome:extensions

Next:

Go to Settings > Show advanced settings........ (at the bottom)

Put a check next to all of these:

  1. Clear browsing history
  2. Clear download history
  3. Empty the cache

Click "Clear Browsing Data"

Next:

Look through the rest of Tools, Settings and View Backround Pages and make sure there's nothing suspicious.

---------------------------

Then look at this link (it's for a different infection but the way to change Chromes settings is the same)

http://deletemalware...tall-guide.html

Let me know, MrC

Link to post
Share on other sites

I tried all the steps you mentioned for browsers and re started the machine before testing. Issue is still exists.

For an example, I searched google maps in IE and it worked. Then searched Kevin Pieterson and it was re directed. Then, when I search the google maps again, it also got re directed.

It is very un predictable behaviour.

Link to post
Share on other sites

Please run a free online scan with the ESET Online Scanner

Note: You will need to use Internet Explorer for this scan.

http://www.eset.eu/online-scanner

Tick the box next to YES, I accept the Terms of Use.

Click Start

When asked, allow the ActiveX control to install

Click Start

Make sure that the options Remove found threats and the option Scan unwanted applications is checked

Click Advanced settings and select the following:

  • Scan potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth technology

Click Start

Wait for the scan to finish

Use Notepad to open the logfile located at C:\Program Files\EsetOnlineScanner\log.txt

Copy and paste that log as a reply to this topic

MrC

Link to post
Share on other sites

Hi Mr C,

Please find the contents of the log.txt

ESETSmartInstaller@High as CAB hook log:

OnlineScanner.ocx - registred OK

# version=7

# iexplore.exe=8.00.6001.18702 (longhorn_ie8_rtm(wmbla).090308-0339)

# OnlineScanner.ocx=1.0.0.6583

# api_version=3.0.2

# EOSSerial=38339371aa53d04dad3d57c399323bd5

# end=finished

# remove_checked=true

# archives_checked=false

# unwanted_checked=true

# unsafe_checked=true

# antistealth_checked=true

# utc_time=2012-10-01 11:13:03

# local_time=2012-10-01 09:13:03 (+1000, AUS Eastern Standard Time)

# country="Australia"

# lang=1033

# osver=5.1.2600 NT Service Pack 3

# compatibility_mode=8192 67108863 100 0 0 0 0 0

# scanned=246941

# found=4

# cleaned=3

# scan_time=5585

C:\Documents and Settings\Administrator\Local Settings\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrator\My Documents\Downloads\winscp429setup.exe Win32/OpenCandy application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

C:\Documents and Settings\Administrator\My Documents\Downloads\YontooSetup.exe multiple threats (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

${Memory} probably a variant of Win32/Ponmocup.AA trojan 00000000000000000000000000000000 I

Link to post
Share on other sites

I want you to run ComboFix but before you do.......

Please back up the registry:

http://www.geekstogo...ry-using-erunt/

Please create a new system restore point also.

If after running ComboFix you can't connect to the internet, please navigate to

the C:\WINDOWS\ERDNT folder and run ERDNT.exe > this will restore the registry > reboot and see how it is.

If that doesn't work....use that system restore point and that will correct the problem.

~~~~~~~~~~~~~~~~~~~~~~~

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingc...to-use-combofix

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.