Jump to content

annoying ads


Recommended Posts

HI

 I am having the same problem below

 

during the last month these annoying square-ads keep popping up in the bottom left or right corner of my browser (doesn't matter if I use Chrome or Firefox, it's basicaly the same). I did full scans with my anti-virus program as well as yours but still no luck

 

thanks

bob

Link to post
Share on other sites

Welcome to the forum, please start HERE

Post back the 2 logs here.....DDS.txt and Attach.txt

(please don't put logs in code or quotes)

P2P/Piracy Warning:

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

Failure to remove or disable such software will result in your topic being closed and no further assistance being provided.

2. If you have illegal/cracked software, cracks, keygens etc. on the system, please remove or uninstall them now and read the policy on Piracy.

<====><====><====><====><====><====><====><====>

Next................

Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.

When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!!!!!!!

Post back the report which should be located on your desktop.

(please don't put logs in code or quotes)

MrC

Note:

Please read all of my instructions completely including these.

Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly

Removing malware can be unpredictable...things can go very wrong! Backup any files that cannot be replaced. You can copy them to a CD/DVD, external drive or a pen drive

<+>Please don't run any other scans, download, install or uninstall any programs while I'm working with you.

<+>The removal of malware isn't instantaneous, please be patient.

<+>Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that.

------->Your topic will be closed if you haven't replied within 3 days!<--------

(If I don't respond within 24 hours, please send me a PM)

Link to post
Share on other sites

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume1
Install Date: 4/22/2012 5:26:02 PM
System Uptime: 6/28/2013 3:23:53 PM (1 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: Intel® Core i7 CPU       Q 720  @ 1.60GHz | CPU | 1056/1066mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 454 GiB total, 183.055 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description:
Device ID: ACPI\TOS1901\2&DABA3FF&1
Manufacturer:
Name:
PNP Device ID: ACPI\TOS1901\2&DABA3FF&1
Service:
.
==== System Restore Points ===================
.
RP100: 6/9/2013 11:43:23 AM - Installed Samsung Kies
RP101: 6/11/2013 4:08:19 PM - Windows Update
RP103: 6/12/2013 2:57:46 PM - Windows Modules Installer
RP105: 6/15/2013 8:13:40 AM - Windows Modules Installer
RP106: 6/18/2013 3:05:42 PM - Windows Update
RP107: 6/21/2013 3:23:19 PM - Windows Update
RP108: 6/25/2013 7:01:06 AM - Windows Update
RP109: 6/28/2013 2:25:36 PM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 9.22beta
Adobe AIR
Adobe Community Help
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS5
Adobe Premiere Pro CS5.5
Adobe Reader 9.5.0
Adobe Story
Akamai NetSession Interface
Apple Application Support
Apple Mobile Device Support
Apple Software Update
ASPCA Reminder by We-Care.com v4.1.22.1
AutoCAD 2014 - English
AutoCAD 2014 Language Pack - English
Autodesk 360
Autodesk App Manager
Autodesk AutoCAD 2014 - English
Autodesk Content Service
Autodesk Content Service Language Pack
Autodesk Featured Apps
Autodesk Material Library 2014
Autodesk Material Library Base Resolution Image Library 2014
Autodesk ReCap
Autodesk ReCap Language Pack-English
BitTorrent
Bonjour
DMUninstaller
DownloadTerms
Driver Detective
Dropbox
FARO LS 1.1.501.0 (64bit)
Google Chrome
Hotfix for Microsoft .NET Framework 4 Client Profile (KB2461678)
iTunes
Magic ISO Maker v5.5 (build 0281)
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Mozilla Firefox 21.0 (x86 en-US)
Mozilla Maintenance Service
MyFreeCodec
NVIDIA Drivers
NVIDIA PhysX
PDF Settings CS5
PxMergeModule
QuickTime
RICOH R5U230 Media Driver ver.2.06.03.02
Samsung Kies
SAMSUNG USB Driver for Mobile Phones
Search Protect by conduit
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
SketchUp Import for AutoCAD 2014
Spybot - Search & Destroy
SUPERAntiSpyware
TopArcadeHits
TOSHIBA Media Controller
TOSHIBA Service Station
TOSHIBA Supervisor Password
TOSHIBA Web Camera Application
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
VLC media player 2.0.6
WinRAR 4.20 (64-bit)
WinZip 17.0
.
==== Event Viewer Messages From Past Week ========
.
6/28/2013 3:25:20 PM, Error: Microsoft-Windows-DistributedCOM [10016]  - The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID  {C97FCC79-E628-407D-AE68-A06AD6D8B4D1}  and APPID  {344ED43D-D086-4961-86A6-1106F4ACAD9B}  to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC). This security permission can be modified using the Component Services administrative tool.
6/28/2013 3:24:43 PM, Error: Service Control Manager [7000]  - The Search Protect by Conduit Updater service failed to start due to the following error:  The system cannot find the file specified.
6/28/2013 3:13:23 PM, Error: Service Control Manager [7001]  - The PnP-X IP Bus Enumerator service depends on the Function Discovery Provider Host service which failed to start because of the following error:  The dependency service or group failed to start.
6/28/2013 3:11:43 PM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
6/28/2013 3:11:43 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
6/28/2013 3:11:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
6/28/2013 3:11:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
6/28/2013 3:11:42 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
6/28/2013 3:11:39 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
6/28/2013 3:11:32 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
6/28/2013 3:11:23 PM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache NetBIOS NetBT nsiproxy Psched rdbss SASDIFSV SASKUTIL spldr tdx vwififlt Wanarpv6 WfpLwf
6/28/2013 3:11:23 PM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/28/2013 3:11:23 PM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
6/28/2013 3:11:23 PM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
6/28/2013 3:11:23 PM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
6/28/2013 3:11:23 PM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
6/28/2013 3:11:23 PM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
6/28/2013 3:11:23 PM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/28/2013 3:11:23 PM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
6/28/2013 3:11:23 PM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
6/28/2013 3:11:23 PM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
6/26/2013 2:47:16 PM, Error: Service Control Manager [7031]  - The Superfetch service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 60000 milliseconds: Restart the service.
.
==== End Of File ===========================

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16611
Run by Stuart at 16:57:53 on 2013-06-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4031.2056 [GMT -8:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Users\Stuart\AppData\Local\Akamai\netsession_win.exe
C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
C:\Program Files (x86)\Samsung\Kies\Kies.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
C:\Users\Stuart\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Users\Stuart\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wuauclt.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_224.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = about:blank
uURLSearchHooks: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: DownloadTerms: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} - C:\Users\Stuart\AppData\Local\DownloadTerms\temp.dat
BHO: TopArcadeHits Games: {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\Stuart\AppData\Local\TopArcadeHits\Toparcadehits.dll
BHO: WeCareReminder Class: {D824F0DE-3D60-4F57-9EB1-66033ECD8ABB} - C:\ProgramData\WeCareReminder\IEHelperv2.5.0.dll
uRun: [Google Update] "C:\Users\Stuart\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [Akamai NetSession Interface] "C:\Users\Stuart\AppData\Local\Akamai\netsession_win.exe"
uRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
uRun: [sUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
uRun: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
uRun: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload
uRun: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
uRun: [sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [ToshibaServiceStation] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" /hide:60
mRun: [TWebCamera] "C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" autorun
mRun: [switchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
mRun: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
dRun: [Autodesk Sync] C:\Program Files\Autodesk\Autodesk Sync\AdSync.exe
dRunOnce: [sPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"http://go.microsoft.com/fwlink/?LinkID=122915" /build:7601
StartupFolder: C:\Users\Stuart\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\Stuart\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0

TCP: NameServer = 209.165.131.12 209.165.131.13
TCP: Interfaces\{8B331894-A250-4F59-94CB-245B32BCDEA0} : DHCPNameServer = 209.165.131.12 209.165.131.13
TCP: Interfaces\{D2031D99-F319-4260-AF7A-2CA58D92CED3} : DHCPNameServer = 209.165.131.12 209.165.131.13
SSODL: WebCheck - <orphaned>
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\System32\NvCpl.dll,NvStartup
x64-Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - WhiteSmoke New Customized Web Search


FF - plugin: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Users\Stuart\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\np-mswmp.dll
FF - plugin: C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}\plugins\npConduitFirefoxPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-05-24 20:00; eoppnrqmocgit@fmwplidnapyokntwh.net; C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\eoppnrqmocgit@fmwplidnapyokntwh.net
FF - ExtSQL: 2013-05-25 12:38; {739df940-c5ee-4bab-9d7e-270894ae687a}; C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
FF - ExtSQL: 2013-05-26 18:22; {EEE6C361-6118-11DC-9C72-001320C79847}; C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF - ExtSQL: 2013-05-26 20:36; wecarereminder@bryan; C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\wecarereminder@bryan
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.autoDisableScopes - 0
FF - user.js: extensions.shownSelectionUI - true
.
============= SERVICES / DRIVERS ===============
.
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2012-12-25 55280]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;C:\Windows\System32\drivers\Thpevm.sys [2009-6-29 14784]
R1 SASDIFSV;SASDIFSV;C:\Program Files\SUPERAntiSpyware\sasdifsv64.sys [2011-7-22 14928]
R1 SASKUTIL;SASKUTIL;C:\Program Files\SUPERAntiSpyware\saskutil64.sys [2011-7-12 12368]
R2 !SASCORE;SAS Core Service;C:\Program Files\SUPERAntiSpyware\SASCore64.exe [2012-7-11 140672]
R2 Autodesk Content Service;Autodesk Content Service;C:\Program Files (x86)\Autodesk\Content Service\Connect.Service.ContentService.exe [2012-12-13 12288]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-6-6 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-6-6 701512]
R2 rimspci;rimspci;C:\Windows\System32\drivers\rimspe64.sys [2013-6-8 60416]
R2 risdpcie;risdpcie;C:\Windows\System32\drivers\risdpe64.sys [2013-6-8 81408]
R2 rixdpcie;rixdpcie;C:\Windows\System32\drivers\rixdpe64.sys [2013-6-8 55808]
R3 HECIx64;Intel® Management Engine Interface;C:\Windows\System32\drivers\HECIx64.sys [2009-9-17 56344]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-5-30 25928]
R3 PGEffect;Pangu effect driver;C:\Windows\System32\drivers\PGEffect.sys [2012-4-22 35008]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;C:\Windows\System32\drivers\rtl8192se.sys [2010-4-26 1103904]
R3 TMachInfo;TMachInfo;C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2012-4-22 54136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 CltMngSvc;Search Protect by Conduit Updater;C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe --> C:\Program Files (x86)\SearchProtect\bin\CltMngSvc.exe [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-6-4 103448]
S3 FlexNet Licensing Service 64;FlexNet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2013-3-30 1471352]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-6-4 203672]
S3 SwitchBoard;Adobe SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2012-4-23 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-9-28 53760]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-4-23 1255736]
.
=============== File Associations ===============
.
FileExt: .scr: AutoCADScriptFile=C:\Windows\System32\notepad.exe "%1"
.
=============== Created Last 30 ================
.
2013-06-28 22:26:05    9552976    ----a-w-    C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{11144733-9C25-4D70-93F2-8AE03577D562}\mpengine.dll
2013-06-12 22:59:26    701952    ----a-w-    C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-12 00:14:25    1910632    ----a-w-    C:\Windows\System32\drivers\tcpip.sys
2013-06-09 19:44:12    821824    ----a-w-    C:\Windows\SysWow64\dgderapi.dll
2013-06-09 16:52:29    9728    ----a-w-    C:\Windows\SysWow64\TCMSVR.dll
2013-06-09 16:52:29    1081616    ----a-w-    C:\Windows\SysWow64\mscomctl.ocx
2013-06-09 16:51:40    729088    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-06-09 16:51:40    69715    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-06-09 16:51:40    5632    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-06-09 16:51:40    32768    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\Objectps.dll
2013-06-09 16:51:40    266240    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-06-09 16:51:40    192512    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-06-09 16:51:40    188548    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-06-09 16:51:39    311428    ----a-w-    C:\Program Files (x86)\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-06-09 04:27:17    90112    ----a-w-    C:\Windows\System32\snymsico.dll
2013-06-09 04:27:17    81408    ----a-w-    C:\Windows\System32\drivers\risdpe64.sys
2013-06-09 04:27:17    60416    ----a-w-    C:\Windows\System32\drivers\rimspe64.sys
2013-06-09 04:27:17    55808    ----a-w-    C:\Windows\System32\drivers\rixdpe64.sys
2013-06-09 04:27:17    196608    ----a-w-    C:\Windows\System32\RiSDIcon.dll
2013-06-09 04:27:17    188416    ----a-w-    C:\Windows\System32\RiMMCIcon.dll
2013-06-09 04:27:17    172032    ----a-w-    C:\Windows\System32\rixdicon.dll
2013-06-09 04:27:17    --------    d-----w-    C:\Windows\SysWow64\sda
2013-06-09 04:07:31    --------    d-----w-    C:\Users\Stuart\AppData\Local\Samsung
2013-06-09 04:07:29    --------    d-----w-    C:\Users\Stuart\AppData\Roaming\Samsung
2013-06-09 04:04:59    --------    d-----w-    C:\Program Files (x86)\MyFree Codec
2013-06-09 04:01:57    4659712    ----a-w-    C:\Windows\SysWow64\Redemption.dll
2013-06-09 04:01:17    --------    d-----w-    C:\ProgramData\Samsung
2013-06-09 04:01:17    --------    d-----w-    C:\Program Files (x86)\Samsung
2013-06-09 03:51:42    --------    d-----w-    C:\Users\Stuart\AppData\Local\Downloaded Installations
2013-06-06 23:08:13    --------    d-----w-    C:\Windows\System32\drivers\etc
2013-06-06 03:42:27    --------    d-----w-    C:\Users\Stuart\AppData\Roaming\SearchProtect
2013-06-06 02:43:49    --------    d-----w-    C:\Users\Stuart\AppData\Roaming\SUPERAntiSpyware.com
2013-06-06 02:43:41    --------    d-----w-    C:\ProgramData\SUPERAntiSpyware.com
2013-06-06 02:43:41    --------    d-----w-    C:\Program Files\SUPERAntiSpyware
2013-06-06 01:54:23    --------    d-----w-    C:\ProgramData\Spybot - Search & Destroy
2013-06-06 01:54:23    --------    d-----w-    C:\Program Files (x86)\Spybot - Search & Destroy
2013-06-04 17:15:04    708168    ----a-w-    C:\Windows\System32\WinUSBCoInstaller.dll
2013-06-04 17:15:02    103448    ----a-w-    C:\Windows\System32\drivers\ssudbus.sys
2013-06-04 17:15:00    203672    ----a-w-    C:\Windows\System32\drivers\ssudmdm.sys
2013-06-04 17:15:00    1490656    ----a-w-    C:\Windows\System32\WdfCoInstaller01007.dll
2013-06-03 02:16:38    --------    d-----w-    C:\Program Files (x86)\VideoLAN
2013-05-31 01:33:57    --------    d-----w-    C:\Users\Stuart\AppData\Roaming\Malwarebytes
2013-05-31 01:33:48    --------    d-----w-    C:\ProgramData\Malwarebytes
2013-05-31 01:33:47    25928    ----a-w-    C:\Windows\System32\drivers\mbam.sys
2013-05-31 01:33:47    --------    d-----w-    C:\Program Files (x86)\Malwarebytes' Anti-Malware
.
==================== Find3M  ====================
.
2013-06-13 23:59:13    71048    ----a-w-    C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-13 23:59:13    692104    ----a-w-    C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-08 12:28:46    2706432    ----a-w-    C:\Windows\System32\mshtml.tlb
2013-06-08 11:13:19    2706432    ----a-w-    C:\Windows\SysWow64\mshtml.tlb
2013-05-29 21:19:29    9728    ---ha-w-    C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-05-27 02:23:29    33958    ----a-w-    C:\ProgramData\uninstaller.exe
2013-05-22 15:21:06    4325376    ----a-w-    C:\ProgramData\ReadOnlyInstaller.msi
2013-05-17 01:25:57    1767936    ----a-w-    C:\Windows\SysWow64\wininet.dll
2013-05-17 01:25:27    2877440    ----a-w-    C:\Windows\SysWow64\jscript9.dll
2013-05-17 01:25:26    61440    ----a-w-    C:\Windows\SysWow64\iesetup.dll
2013-05-17 01:25:26    109056    ----a-w-    C:\Windows\SysWow64\iesysprep.dll
2013-05-17 00:59:03    2241024    ----a-w-    C:\Windows\System32\wininet.dll
2013-05-17 00:58:10    3958784    ----a-w-    C:\Windows\System32\jscript9.dll
2013-05-17 00:58:08    67072    ----a-w-    C:\Windows\System32\iesetup.dll
2013-05-17 00:58:08    136704    ----a-w-    C:\Windows\System32\iesysprep.dll
2013-05-14 12:23:25    89600    ----a-w-    C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-14 08:40:13    71680    ----a-w-    C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-05-13 05:51:01    184320    ----a-w-    C:\Windows\System32\cryptsvc.dll
2013-05-13 05:51:00    1464320    ----a-w-    C:\Windows\System32\crypt32.dll
2013-05-13 05:51:00    139776    ----a-w-    C:\Windows\System32\cryptnet.dll
2013-05-13 05:50:40    52224    ----a-w-    C:\Windows\System32\certenc.dll
2013-05-13 04:45:55    140288    ----a-w-    C:\Windows\SysWow64\cryptsvc.dll
2013-05-13 04:45:55    1160192    ----a-w-    C:\Windows\SysWow64\crypt32.dll
2013-05-13 04:45:55    103936    ----a-w-    C:\Windows\SysWow64\cryptnet.dll
2013-05-13 03:43:55    1192448    ----a-w-    C:\Windows\System32\certutil.exe
2013-05-13 03:08:10    903168    ----a-w-    C:\Windows\SysWow64\certutil.exe
2013-05-13 03:08:06    43008    ----a-w-    C:\Windows\SysWow64\certenc.dll
2013-05-10 05:49:27    30720    ----a-w-    C:\Windows\System32\cryptdlg.dll
2013-05-10 03:20:54    24576    ----a-w-    C:\Windows\SysWow64\cryptdlg.dll
2013-05-08 06:10:12    770384    ----a-w-    C:\Windows\SysWow64\msvcr100.dll
2013-05-08 06:10:12    421200    ----a-w-    C:\Windows\SysWow64\msvcp100.dll
2013-05-02 10:06:08    278800    ------w-    C:\Windows\System32\MpSigStub.exe
2013-04-26 05:51:36    751104    ----a-w-    C:\Windows\System32\win32spl.dll
2013-04-26 04:55:21    492544    ----a-w-    C:\Windows\SysWow64\win32spl.dll
2013-04-25 23:30:32    1505280    ----a-w-    C:\Windows\SysWow64\d3d11.dll
2013-04-19 03:07:00    90112    ----a-w-    C:\Windows\MAMCityDownload.ocx
2013-04-19 03:07:00    330240    ----a-w-    C:\Windows\MASetupCaller.dll
2013-04-19 03:07:00    30568    ----a-w-    C:\Windows\MusiccityDownload.exe
2013-04-17 07:02:06    1230336    ----a-w-    C:\Windows\SysWow64\WindowsCodecs.dll
2013-04-17 06:24:46    1424384    ----a-w-    C:\Windows\System32\WindowsCodecs.dll
2013-04-13 05:49:23    135168    ----a-w-    C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19    350208    ----a-w-    C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19    308736    ----a-w-    C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19    111104    ----a-w-    C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16    474624    ----a-w-    C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15    2176512    ----a-w-    C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08    1656680    ----a-w-    C:\Windows\System32\drivers\ntfs.sys
2013-04-10 06:01:54    265064    ----a-w-    C:\Windows\System32\drivers\dxgmms1.sys
2013-04-10 06:01:53    983400    ----a-w-    C:\Windows\System32\drivers\dxgkrnl.sys
2013-04-10 03:30:50    3153920    ----a-w-    C:\Windows\System32\win32k.sys
2013-03-31 22:52:16    1887232    ----a-w-    C:\Windows\System32\d3d11.dll
.
============= FINISH: 16:58:25.46 ===============
 

Link to post
Share on other sites

I need to see the log from RogueKiller and....

Please uninstall these from your add/remove programs:

Search Protect by conduit
DownloadTerms
TopArcadeHits


Then.....


Please download AdwCleaner from here and save it on your Desktop.
 

AdwCleaner is a reliable removal tool for Adware, Foistware, toolbars and potentially unwanted programs.

AdwCleaner is a tool that deletes :
· Adwares (software ads)
· PUP/LPI (Potentially Undesirable Program)
· Toolbars
· Hijacker (Hijack of the browser's homepage)

It works with a Search and Deletion method. It can be easily uninstalled using the "Uninstall" mode.

  • Right-click on adwcleaner.exe and select Run As Administrator (for XP just double click) to launch the application.
  • Now click on the Search tab.
  • Please post the contents of the log-file created in your next post.

Note: The log can also be located at C:\ >> AdwCleaner[XX].txt >> XX <-- Denotes the number of times the application has been ran, so in this should be something like R1.

Note:
Please look over what was found......especially any folders, we're going to permanently delete it all in the next step....if there's something you may want to keep...please let me know and I'll explain to why it shouldn't be on your system.
If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.




Please note that Antivir Webguard uses ASK Toolbar as part of its web security. If you remove ASK by using Adwcleaner, Antivir Webguard will no longer work properly. Therefore, if you use this program please use the instructions below to access the options screen where you should enable /DisableAskDetections before using AdwCleaner.

You can click on the question mark (?) in the upper left corner of the program and then click on Options. You will then be presented with a dialog where you can disable various detections. These options are described below:

/DisableAskDetection - This option disables Ask Toolbar detection.


MrC

Link to post
Share on other sites

# AdwCleaner v2.303 - Logfile created 06/28/2013 at 18:00:32
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stuart - SPC
# Boot Mode : Normal
# Running from : C:\Users\Stuart\Desktop\adwcleaner.exe
# Option [search]


***** [services] *****

Found : CltMngSvc

***** [Files / Folders] *****

File Found : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Found : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Found : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Folder Found : C:\Program Files (x86)\Conduit
Folder Found : C:\Program Files (x86)\SearchProtect
Folder Found : C:\ProgramData\boost_interprocess
Folder Found : C:\ProgramData\PC Optimizer Pro
Folder Found : C:\ProgramData\WeCareReminder
Folder Found : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Found : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Folder Found : C:\Users\Stuart\AppData\Local\SwvUpdater
Folder Found : C:\Users\Stuart\AppData\Local\Temp\CT3289847
Folder Found : C:\Users\Stuart\AppData\LocalLow\Conduit
Folder Found : C:\Users\Stuart\AppData\LocalLow\PriceGong
Folder Found : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\CT3289847
Folder Found : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Found : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\wecarereminder@bryan
Folder Found : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\Smartbar
Folder Found : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\SweetPacksToolbarData
Folder Found : C:\Users\Stuart\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\AppDataLow\Software\PriceGong
Key Found : HKCU\Software\AppDataLow\Software\SmartBar
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKCU\Software\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Found : HKCU\Software\IM
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKCU\Software\SearchProtect
Key Found : HKCU\Software\wecarereminder
Key Found : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Found : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Found : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Found : HKLM\Software\Conduit
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Found : HKLM\Software\SearchProtect
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\prefs.js

Found : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Found : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Found : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Found : user_pref("CT3289847.FF19Solved", "true");
Found : user_pref("CT3289847.FirstTime", "true");
Found : user_pref("CT3289847.FirstTimeFF3", "true");
Found : user_pref("CT3289847.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM2OTc4NTY3NA==");
Found : user_pref("CT3289847.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM2OTk2NTEzMA==");
Found : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MQ==");
Found : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Found : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Found : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MQ==");
Found : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Found : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Found : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Found : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Found : user_pref("CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.[...]
Found : user_pref("CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.e[...]
Found : user_pref("CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "M[...]


Found : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Found : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.SEARCH_BOX_CNT.enc", "Mg==");
Found : user_pref("CT3289847.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Found : user_pref("CT3289847.SF_STATUS.enc", "RU5BQkxFRA==");
Found : user_pref("CT3289847.SF_USER_ID.enc", "Y2lkXzI4NTIwMTMxNjExNDU4OTQxNDI=");

Found : user_pref("CT3289847.UserID", "UN82118379012588136");
Found : user_pref("CT3289847.acp_personal.appstate.enc", "ZW5hYmxl");
Found : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Found : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Found : user_pref("CT3289847.cb_experience_000.enc", "MQ==");
Found : user_pref("CT3289847.cb_firstuse0100.enc", "MQ==");
Found : user_pref("CT3289847.cb_user_id_000.enc", "Q0IzNTcwODc3MzM2MzFfMTM2OTcwMzUyNDk1MV9GaXJlZm94");
Found : user_pref("CT3289847.cbfirsttime.enc", "U2F0IE1heSAyNSAyMDEzIDEyOjQwOjAwIEdNVC0wODAwIChBbGFza2FuIFN0[...]
Found : user_pref("CT3289847.countryCode", "US");
Found : user_pref("CT3289847.defaultSearch", "true");
Found : user_pref("CT3289847.enableAlerts", "true");
Found : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Found : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Found : user_pref("CT3289847.firstTimeDialogOpened", "true");
Found : user_pref("CT3289847.first_time_search.enc", "MQ==");
Found : user_pref("CT3289847.fixPageNotFoundError", "true");
Found : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Found : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Found : user_pref("CT3289847.fixUrls", true);
Found : user_pref("CT3289847.fullUserID", "UN82118379012588136.UP.20130628154612");
Found : user_pref("CT3289847.homepageuserchanged", true);
Found : user_pref("CT3289847.hxxp___api28_starwebnet_com.pid2.enc", "YTA2MDBiZWUtNmM1OS0xZjM3LWJlNWYtMzI5MmE[...]
Found : user_pref("CT3289847.hxxp___api29_starwebnet_com.pid2.enc", "NjE5YTVlZDUtZjA0MS02MWE2LTBhZjAtYWJiNzl[...]
Found : user_pref("CT3289847.hxxp___api30_starwebnet_com.pid2.enc", "MjYxMjcxN2UtYjM2OC1jNzM5LWZhMDgtM2JiMDA[...]
Found : user_pref("CT3289847.hxxp___api31_starwebnet_com.pid2.enc", "ZWI2MmEzMmQtY2RmNi0xNDgzLWE5YjgtZTAzZGN[...]
Found : user_pref("CT3289847.hxxp___api32_starwebnet_com.pid2.enc", "MjFiNDZmZWEtODdiZS1hODFiLWJmZmUtMTQxNWY[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLC[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoi[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "ZmZmNTVkZmMtM2NiOC1hMWFhLT[...]
Found : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Found : user_pref("CT3289847.installDate", "25/5/2013 12:38:05");
Found : user_pref("CT3289847.installId", "9818");
Found : user_pref("CT3289847.installSessionId", "-1");
Found : user_pref("CT3289847.installSp", "TRUE");
Found : user_pref("CT3289847.installType", "conduitnsisintegration");
Found : user_pref("CT3289847.installUsage", "2013-05-25T23:39:34.6118796+03:00");
Found : user_pref("CT3289847.installUsageEarly", "2013-05-25T23:39:33.5649845+03:00");
Found : user_pref("CT3289847.installerVersion", "1.4.2.3");
Found : user_pref("CT3289847.isCheckedStartAsHidden", true);
Found : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Found : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Found : user_pref("CT3289847.keyword", "true");

Found : user_pref("CT3289847.lastVersion", "10.16.4.519");
Found : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2OTk3NDU0OTM5Mg==");
Found : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appState_Find-a-Pro.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Found : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Found : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Found : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkFDcGx1cyIsImNyaXR[...]
Found : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS42LjAuMQ==");
Found : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyJhMDU0ZWNiMS1jMTk3LTQ2NzUtOTY1MC00YzNkYzNmNzZmYTUiO[...]
Found : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Found : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Found : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Found : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2OTk3NDU0NTg5Mw==");
Found : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Found : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Found : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Found : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Found : user_pref("CT3289847.mam_gk_userId.enc", "ZDRhZDg1NzMtNjU0OS00MzdjLWIyYjEtZDNmMWU2YWZkMGI1");
Found : user_pref("CT3289847.migrateAppsAndComponents", true);
Found : user_pref("CT3289847.missingMachineIdSent", "true");
Found : user_pref("CT3289847.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Found : user_pref("CT3289847.openThankYouPage", "false");
Found : user_pref("CT3289847.openUninstallPage", "true");
Found : user_pref("CT3289847.originalHomepage", "about:home");
Found : user_pref("CT3289847.originalSearchAddressUrl", "");
Found : user_pref("CT3289847.originalSearchEngine", "");
Found : user_pref("CT3289847.revertSettingsEnabled", "true");
Found : user_pref("CT3289847.sac-country-code.enc", "IlVTIg==");
Found : user_pref("CT3289847.sac-experiments-animation.enc", "eyJuYW1lIjoiMC43NSIsInZlcnNpb24iOjN9");
Found : user_pref("CT3289847.sac-experiments-hover_effect.enc", "eyJuYW1lIjoic2hvcnQiLCJ2ZXJzaW9uIjoyfQ==");
Found : user_pref("CT3289847.sac-experiments-image_analysis.enc", "eyJuYW1lIjoid2l0aG91dFN1YnRpdGxlIiwidmVyc[...]
Found : user_pref("CT3289847.sac-experiments-peoplebar_call_to_action.enc", "eyJuYW1lIjoiMyIsInZlcnNpb24iOjR[...]
Found : user_pref("CT3289847.sac-experiments-placement.enc", "eyJuYW1lIjoid3JlY2std2lkZSIsInZlcnNpb24iOjEyfQ[...]
Found : user_pref("CT3289847.sac-experiments-play_icon.enc", "eyJuYW1lIjoibm8iLCJ2ZXJzaW9uIjoyfQ==");
Found : user_pref("CT3289847.sac-experiments-taboola_config.enc", "eyJuYW1lIjoiYWxsVHlwZXMiLCJ2ZXJzaW9uIjozf[...]
Found : user_pref("CT3289847.sac-periodic-reports.enc", "eyJ5dHRfcGluZ18wIjpbMTM2OTk3MTQ4MDYzMCwxNDQwMDAwMF1[...]
Found : user_pref("CT3289847.sac-user-id.enc", "ImUyNjg3YjYyLTM0ZGMtNGIzMy04M2I1LTUyNzI2N2U1OTEyNyI=");
Found : user_pref("CT3289847.sac-yt-first-ping.enc", "MTM2OTc4NTU4ODE3Nw==");
Found : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Found : user_pref("CT3289847.search.searchCount", "0");
Found : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Found : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Found : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Found : user_pref("CT3289847.searchRevert", "true");
Found : user_pref("CT3289847.searchSuggestEnabledByUser", "true");
Found : user_pref("CT3289847.searchUserMode", "2");
Found : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Found : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Found : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Found : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Found : user_pref("CT3289847.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Found : user_pref("CT3289847.serviceLayer_services_Configuration_lastUpdate", "1372464588150");
Found : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369514381810");
Found : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1369974542400");
Found : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369514381707");
Found : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369514381[...]
Found : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1369514382802")[...]
Found : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1372378187954");
Found : user_pref("CT3289847.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372132958861");
Found : user_pref("CT3289847.serviceLayer_services_login_10.16.2.9_lastUpdate", "1369514382810");
Found : user_pref("CT3289847.serviceLayer_services_login_10.16.4.519_lastUpdate", "1372463294732");
Found : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369514381665");
Found : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1372464587970");
Found : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1372464587828");
Found : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369514381618");
Found : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1372463294232");
Found : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1372070598254");
Found : user_pref("CT3289847.settingsINI", true);
Found : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Found : user_pref("CT3289847.showToolbarPermission", "false");
Found : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Found : user_pref("CT3289847.smartbar.Uninstall", "0");
Found : user_pref("CT3289847.smartbar.homepage", "true");
Found : user_pref("CT3289847.smartbar.isHidden", true);
Found : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Found : user_pref("CT3289847.startPage", "true");
Found : user_pref("CT3289847.toolbarBornServerTime", "25-5-2013");
Found : user_pref("CT3289847.toolbarCurrentServerTime", "29-6-2013");
Found : user_pref("CT3289847.toolbarLoginClientTime", "Sat May 25 2013 12:39:42 GMT-0800 (Alaskan Standard T[...]
Found : user_pref("CT3289847.url_history0001.enc", "aHR0cDovL3d3dy5rYmIuY29tL3RveW90YS80cnVubmVyLzIwMDEtdG95[...]
Found : user_pref("CT3289847.versionFromInstaller", "10.16.2.9");
Found : user_pref("CT3289847.whitelist.enc", "W3sibmFtZSI6IlRpbWUiLCJkb21haW5fcmVneCI6IiguKlxcLik/dGltZS5jb2[...]
Found : user_pref("CT3289847.whitelist_ts.enc", "MTM2OTk1NjI4Mjc4Ng==");
Found : user_pref("CT3289847.wreck-country-code.enc", "IlVTIg==");
Found : user_pref("CT3289847.wreck-experiments-design.enc", "eyJuYW1lIjoiYWN0dWFsbHlMaWdodCIsInZlcnNpb24iOjN[...]
Found : user_pref("CT3289847.wreck-experiments-feed.enc", "eyJuYW1lIjoid3JlY2tBbmRUYWJvb2xhIiwidmVyc2lvbiI6M[...]
Found : user_pref("CT3289847.wreck-experiments-hover_effect.enc", "eyJuYW1lIjoiaGFsZiIsInZlcnNpb24iOjF9");
Found : user_pref("CT3289847.wreck-experiments-trigger.enc", "eyJuYW1lIjoieDAuNSIsInZlcnNpb24iOjF9");
Found : user_pref("CT3289847.wreck-periodic-reports.enc", "eyJ3cmVja19waW5nXzAiOlsxMzY5OTcxNDgwNTQ2LDE0NDAwM[...]
Found : user_pref("CT3289847.wreck-user-id.enc", "ImYwZmFiZjRjLWVlMTUtNGU3MC1iY2IxLWQ3MTkwZTA4NmY4NSI=");
Found : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Found : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");

Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");

Found : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Found : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Found : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

Found : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");


Found : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
Found : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
Found : user_pref("smartbar.machineId", "QLTCF8W/ZUT6PZSKJVODY+VPOR3O/SFUB3NV/+QGG3GJVXDT2ZPQ8XGOUWKPJO7RE1D[...]

Found : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Found : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Found : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Found : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Found : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Found : user_pref("sweetim.toolbar.Visibility.enable", "true");
Found : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Found : user_pref("sweetim.toolbar.cargo", "3.5000006.10045");
Found : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
Found : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
Found : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
Found : user_pref("sweetim.toolbar.defaultProvider", "bng");
Found : user_pref("sweetim.toolbar.dialogs.0.enable", "true");

Found : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Found : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Found : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

Found : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Found : user_pref("sweetim.toolbar.dialogs.1.enable", "true");

Found : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Found : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Found : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

Found : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Found : user_pref("sweetim.toolbar.dialogs.2.enable", "true");

Found : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Found : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Found : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

Found : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Found : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Found : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Found : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Found : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Found : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Found : user_pref("sweetim.toolbar.mode.debug", "false");
Found : user_pref("sweetim.toolbar.newtab.created", "false");
Found : user_pref("sweetim.toolbar.newtab.enable", "false");


Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WhiteSmoke New Customized Web S[...]

Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Found : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Found : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Found : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

Found : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Found : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

Found : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Found : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Found : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Found : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");

Found : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Found : user_pref("sweetim.toolbar.scripts.2.callback", "");
Found : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Found : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Found : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Found : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Found : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

Found : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Found : user_pref("sweetim.toolbar.search.history", "censored,kelly%20blue%20book");
Found : user_pref("sweetim.toolbar.search.history.capacity", "10");
Found : user_pref("sweetim.toolbar.searchguard.enable", "false");
Found : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Found : user_pref("sweetim.toolbar.simapp_id", "{17DF9A5C-C674-11E2-8DC6-00266C6D8FB1}");






Found : user_pref("sweetim.toolbar.version", "1.13.0.1");
Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]


Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Found : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks")[...]

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Preferences


Found [l.25] : keyword = "start.sweetim.com",


*************************

AdwCleaner[R1].txt - [29964 octets] - [28/06/2013 18:00:32]

########## EOF - C:\AdwCleaner[R1].txt - [30025 octets] ##########
 

Link to post
Share on other sites

Lots of adware found....lets clear it out.....

  • Please re-run AdwCleaner
  • Click on Delete button.
  • Confirm each time with OK if asked.
  • Your computer will be rebooted automatically. A text file will open after the restart. Please post the content of that logfile in your reply.
Note: You can find the logfile at C:\AdwCleaner[sn].txt as well - n is the order number.

------------------------------------

 

Can you please run RogueKiller and post the log......MrC

Link to post
Share on other sites

# AdwCleaner v2.303 - Logfile created 06/28/2013 at 18:43:37
# Updated 08/06/2013 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Stuart - SPC
# Boot Mode : Normal
# Running from : C:\Users\Stuart\Desktop\adwcleaner.exe
# Option [Delete]


***** [services] *****

Stopped & Deleted : CltMngSvc

***** [Files / Folders] *****

Deleted on reboot : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
File Deleted : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage
File Deleted : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_search.conduit.com_0.localstorage-journal
File Deleted : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\SearchProtect
Folder Deleted : C:\ProgramData\boost_interprocess
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\ProgramData\WeCareReminder
Folder Deleted : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Folder Deleted : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Folder Deleted : C:\Users\Stuart\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\Stuart\AppData\Local\Temp\CT3289847
Folder Deleted : C:\Users\Stuart\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Stuart\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\CT3289847
Folder Deleted : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\{739df940-c5ee-4bab-9d7e-270894ae687a}
Folder Deleted : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\extensions\wecarereminder@bryan
Folder Deleted : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\Smartbar
Folder Deleted : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Stuart\AppData\Roaming\SearchProtect

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKCU\Software\SearchProtect
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4FBBF769-ECEB-420A-B536-133B1D505C36}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\IEHelperv2.5.0.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder
Key Deleted : HKLM\SOFTWARE\Classes\IEHelperv250.WeCareReminder.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2790392
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3289847
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B12920CF-BE13-4C09-890D-1B6EFFFE2FBE}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\Software\SearchProtect
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F773BB94-6C19-4643-A570-0E429103D1C3}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\klibnahbojhkanfgaglnlalfkgpcppfi
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhfdcmehmjcclgopdodkjdicohagipid
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{AC5B6CDA-8F90-4740-9A8C-28AC5D3C73FE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D824F0DE-3D60-4F57-9EB1-66033ECD8ABB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

***** [internet Browsers] *****

-\\ Internet Explorer v10.0.9200.16611

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (en-US)

File : C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\prefs.js

C:\Users\Stuart\AppData\Roaming\Mozilla\Firefox\Profiles\kuutxp80.default\user.js ... Deleted !

Deleted : user_pref("CT3289847.1000082.isPlayDisplay", "true");
Deleted : user_pref("CT3289847.1000082.state", "{\"state\":\"stopped\",\"text\":\"1.FM (Cou...\",\"description[...]
Deleted : user_pref("CT3289847.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Deleted : user_pref("CT3289847.FF19Solved", "true");
Deleted : user_pref("CT3289847.FirstTime", "true");
Deleted : user_pref("CT3289847.FirstTimeFF3", "true");
Deleted : user_pref("CT3289847.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM2OTc4NTY3NA==");
Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM2OTk2NTEzMA==");
Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MQ==");
Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MQ==");
Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Deleted : user_pref("CT3289847.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Deleted : user_pref("CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.[...]
Deleted : user_pref("CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.e[...]
Deleted : user_pref("CT3289847.LOCAL_COOKIE_THROTTLE_BASEadd_stats|LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "M[...]


Deleted : user_pref("CT3289847.PG_ENABLE", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.PG_ENABLE.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.SEARCH_BOX_CNT.enc", "Mg==");
Deleted : user_pref("CT3289847.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Deleted : user_pref("CT3289847.SF_STATUS.enc", "RU5BQkxFRA==");
Deleted : user_pref("CT3289847.SF_USER_ID.enc", "Y2lkXzI4NTIwMTMxNjExNDU4OTQxNDI=");

Deleted : user_pref("CT3289847.UserID", "UN82118379012588136");
Deleted : user_pref("CT3289847.acp_personal.appstate.enc", "ZW5hYmxl");
Deleted : user_pref("CT3289847.addressBarTakeOverEnabledInHidden", "true");
Deleted : user_pref("CT3289847.browser.search.defaultthis.engineName", "true");
Deleted : user_pref("CT3289847.cb_experience_000.enc", "MQ==");
Deleted : user_pref("CT3289847.cb_firstuse0100.enc", "MQ==");
Deleted : user_pref("CT3289847.cb_user_id_000.enc", "Q0IzNTcwODc3MzM2MzFfMTM2OTcwMzUyNDk1MV9GaXJlZm94");
Deleted : user_pref("CT3289847.cbfirsttime.enc", "U2F0IE1heSAyNSAyMDEzIDEyOjQwOjAwIEdNVC0wODAwIChBbGFza2FuIFN0[...]
Deleted : user_pref("CT3289847.countryCode", "US");
Deleted : user_pref("CT3289847.defaultSearch", "true");
Deleted : user_pref("CT3289847.enableAlerts", "true");
Deleted : user_pref("CT3289847.enableFix404ByUser", "TRUE");
Deleted : user_pref("CT3289847.enableSearchFromAddressBar", "true");
Deleted : user_pref("CT3289847.firstTimeDialogOpened", "true");
Deleted : user_pref("CT3289847.first_time_search.enc", "MQ==");
Deleted : user_pref("CT3289847.fixPageNotFoundError", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundErrorByUser", "true");
Deleted : user_pref("CT3289847.fixPageNotFoundErrorInHidden", "true");
Deleted : user_pref("CT3289847.fixUrls", true);
Deleted : user_pref("CT3289847.fullUserID", "UN82118379012588136.UP.20130628154612");
Deleted : user_pref("CT3289847.homepageuserchanged", true);
Deleted : user_pref("CT3289847.hxxp___api28_starwebnet_com.pid2.enc", "YTA2MDBiZWUtNmM1OS0xZjM3LWJlNWYtMzI5MmE[...]
Deleted : user_pref("CT3289847.hxxp___api29_starwebnet_com.pid2.enc", "NjE5YTVlZDUtZjA0MS02MWE2LTBhZjAtYWJiNzl[...]
Deleted : user_pref("CT3289847.hxxp___api30_starwebnet_com.pid2.enc", "MjYxMjcxN2UtYjM2OC1jNzM5LWZhMDgtM2JiMDA[...]
Deleted : user_pref("CT3289847.hxxp___api31_starwebnet_com.pid2.enc", "ZWI2MmEzMmQtY2RmNi0xNDgzLWE5YjgtZTAzZGN[...]
Deleted : user_pref("CT3289847.hxxp___api32_starwebnet_com.pid2.enc", "MjFiNDZmZWEtODdiZS1hODFiLWJmZmUtMTQxNWY[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_defaultGui.enc", "eyJndWkiOltdLC[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.Affiliate_settings.enc", "eyJpbml0VXJsIjoi[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.jw_token.enc", "ZmZmNTVkZmMtM2NiOC1hMWFhLT[...]
Deleted : user_pref("CT3289847.hxxp___toolbar_jollywallet_com_tlb_2.key_list_id.enc", "MjAxMjA4MDItMDAw");
Deleted : user_pref("CT3289847.installDate", "25/5/2013 12:38:05");
Deleted : user_pref("CT3289847.installId", "9818");
Deleted : user_pref("CT3289847.installSessionId", "-1");
Deleted : user_pref("CT3289847.installSp", "TRUE");
Deleted : user_pref("CT3289847.installType", "conduitnsisintegration");
Deleted : user_pref("CT3289847.installUsage", "2013-05-25T23:39:34.6118796+03:00");
Deleted : user_pref("CT3289847.installUsageEarly", "2013-05-25T23:39:33.5649845+03:00");
Deleted : user_pref("CT3289847.installerVersion", "1.4.2.3");
Deleted : user_pref("CT3289847.isCheckedStartAsHidden", true);
Deleted : user_pref("CT3289847.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.isFirstTimeToolbarLoading", "false");
Deleted : user_pref("CT3289847.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Deleted : user_pref("CT3289847.keyword", "true");

Deleted : user_pref("CT3289847.lastVersion", "10.16.4.519");
Deleted : user_pref("CT3289847.mam_gk_appStateReportTime.enc", "MTM2OTk3NDU0OTM5Mg==");
Deleted : user_pref("CT3289847.mam_gk_appState_CouponBuddy.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appState_Find-a-Pro.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appState_PriceGong.enc", "b24=");
Deleted : user_pref("CT3289847.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9w[...]
Deleted : user_pref("CT3289847.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Deleted : user_pref("CT3289847.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IkFDcGx1cyIsImNyaXR[...]
Deleted : user_pref("CT3289847.mam_gk_currentVersion.enc", "MS42LjAuMQ==");
Deleted : user_pref("CT3289847.mam_gk_eventsCache.enc", "eyJhMDU0ZWNiMS1jMTk3LTQ2NzUtOTY1MC00YzNkYzNmNzZmYTUiO[...]
Deleted : user_pref("CT3289847.mam_gk_first_time.enc", "MQ==");
Deleted : user_pref("CT3289847.mam_gk_gadgetOpen.enc", "d2VsY29tZQ==");
Deleted : user_pref("CT3289847.mam_gk_installer_preapproved.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289847.mam_gk_lastLoginTime.enc", "MTM2OTk3NDU0NTg5Mw==");
Deleted : user_pref("CT3289847.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50[...]
Deleted : user_pref("CT3289847.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_settings1.6.0.1.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVyd[...]
Deleted : user_pref("CT3289847.mam_gk_showCloseButton.enc", "dHJ1ZQ==");
Deleted : user_pref("CT3289847.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Deleted : user_pref("CT3289847.mam_gk_userId.enc", "ZDRhZDg1NzMtNjU0OS00MzdjLWIyYjEtZDNmMWU2YWZkMGI1");
Deleted : user_pref("CT3289847.migrateAppsAndComponents", true);
Deleted : user_pref("CT3289847.missingMachineIdSent", "true");
Deleted : user_pref("CT3289847.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Deleted : user_pref("CT3289847.openThankYouPage", "false");
Deleted : user_pref("CT3289847.openUninstallPage", "true");
Deleted : user_pref("CT3289847.originalHomepage", "about:home");
Deleted : user_pref("CT3289847.originalSearchAddressUrl", "");
Deleted : user_pref("CT3289847.originalSearchEngine", "");
Deleted : user_pref("CT3289847.revertSettingsEnabled", "true");
Deleted : user_pref("CT3289847.sac-country-code.enc", "IlVTIg==");
Deleted : user_pref("CT3289847.sac-experiments-animation.enc", "eyJuYW1lIjoiMC43NSIsInZlcnNpb24iOjN9");
Deleted : user_pref("CT3289847.sac-experiments-hover_effect.enc", "eyJuYW1lIjoic2hvcnQiLCJ2ZXJzaW9uIjoyfQ==");
Deleted : user_pref("CT3289847.sac-experiments-image_analysis.enc", "eyJuYW1lIjoid2l0aG91dFN1YnRpdGxlIiwidmVyc[...]
Deleted : user_pref("CT3289847.sac-experiments-peoplebar_call_to_action.enc", "eyJuYW1lIjoiMyIsInZlcnNpb24iOjR[...]
Deleted : user_pref("CT3289847.sac-experiments-placement.enc", "eyJuYW1lIjoid3JlY2std2lkZSIsInZlcnNpb24iOjEyfQ[...]
Deleted : user_pref("CT3289847.sac-experiments-play_icon.enc", "eyJuYW1lIjoibm8iLCJ2ZXJzaW9uIjoyfQ==");
Deleted : user_pref("CT3289847.sac-experiments-taboola_config.enc", "eyJuYW1lIjoiYWxsVHlwZXMiLCJ2ZXJzaW9uIjozf[...]
Deleted : user_pref("CT3289847.sac-periodic-reports.enc", "eyJ5dHRfcGluZ18wIjpbMTM2OTk3MTQ4MDYzMCwxNDQwMDAwMF1[...]
Deleted : user_pref("CT3289847.sac-user-id.enc", "ImUyNjg3YjYyLTM0ZGMtNGIzMy04M2I1LTUyNzI2N2U1OTEyNyI=");
Deleted : user_pref("CT3289847.sac-yt-first-ping.enc", "MTM2OTc4NTU4ODE3Nw==");
Deleted : user_pref("CT3289847.search.searchAppId", "130068661007799818");
Deleted : user_pref("CT3289847.search.searchCount", "0");
Deleted : user_pref("CT3289847.searchFromAddressBarEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchInNewTabEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchInNewTabEnabledInHidden", "true");
Deleted : user_pref("CT3289847.searchRevert", "true");
Deleted : user_pref("CT3289847.searchSuggestEnabledByUser", "true");
Deleted : user_pref("CT3289847.searchUserMode", "2");
Deleted : user_pref("CT3289847.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Deleted : user_pref("CT3289847.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Deleted : user_pref("CT3289847.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Deleted : user_pref("CT3289847.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Deleted : user_pref("CT3289847.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data[...]
Deleted : user_pref("CT3289847.serviceLayer_services_Configuration_lastUpdate", "1372464588150");
Deleted : user_pref("CT3289847.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1369514381810");
Deleted : user_pref("CT3289847.serviceLayer_services_appsMetadata_lastUpdate", "1369974542400");
Deleted : user_pref("CT3289847.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1369514381707");
Deleted : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstallEarly_lastUpdate", "1369514381[...]
Deleted : user_pref("CT3289847.serviceLayer_services_installUsage_ToolbarInstall_lastUpdate", "1369514382802")[...]
Deleted : user_pref("CT3289847.serviceLayer_services_location_lastUpdate", "1372378187954");
Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.2.509_lastUpdate", "1372132958861");
Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.2.9_lastUpdate", "1369514382810");
Deleted : user_pref("CT3289847.serviceLayer_services_login_10.16.4.519_lastUpdate", "1372463294732");
Deleted : user_pref("CT3289847.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1369514381665");
Deleted : user_pref("CT3289847.serviceLayer_services_searchAPI_lastUpdate", "1372464587970");
Deleted : user_pref("CT3289847.serviceLayer_services_serviceMap_lastUpdate", "1372464587828");
Deleted : user_pref("CT3289847.serviceLayer_services_toolbarContextMenu_lastUpdate", "1369514381618");
Deleted : user_pref("CT3289847.serviceLayer_services_toolbarSettings_lastUpdate", "1372463294232");
Deleted : user_pref("CT3289847.serviceLayer_services_translation_lastUpdate", "1372070598254");
Deleted : user_pref("CT3289847.settingsINI", true);
Deleted : user_pref("CT3289847.shouldFirstTimeDialog", "false");
Deleted : user_pref("CT3289847.showToolbarPermission", "false");
Deleted : user_pref("CT3289847.smartbar.CTID", "CT3289847");
Deleted : user_pref("CT3289847.smartbar.Uninstall", "0");
Deleted : user_pref("CT3289847.smartbar.homepage", "true");
Deleted : user_pref("CT3289847.smartbar.isHidden", true);
Deleted : user_pref("CT3289847.smartbar.toolbarName", "WhiteSmoke New ");
Deleted : user_pref("CT3289847.startPage", "true");
Deleted : user_pref("CT3289847.toolbarBornServerTime", "25-5-2013");
Deleted : user_pref("CT3289847.toolbarCurrentServerTime", "29-6-2013");
Deleted : user_pref("CT3289847.toolbarLoginClientTime", "Sat May 25 2013 12:39:42 GMT-0800 (Alaskan Standard T[...]
Deleted : user_pref("CT3289847.url_history0001.enc", "aHR0cDovL3d3dy5rYmIuY29tL3RveW90YS80cnVubmVyLzIwMDEtdG95[...]
Deleted : user_pref("CT3289847.versionFromInstaller", "10.16.2.9");
Deleted : user_pref("CT3289847.whitelist.enc", "W3sibmFtZSI6IlRpbWUiLCJkb21haW5fcmVneCI6IiguKlxcLik/dGltZS5jb2[...]
Deleted : user_pref("CT3289847.whitelist_ts.enc", "MTM2OTk1NjI4Mjc4Ng==");
Deleted : user_pref("CT3289847.wreck-country-code.enc", "IlVTIg==");
Deleted : user_pref("CT3289847.wreck-experiments-design.enc", "eyJuYW1lIjoiYWN0dWFsbHlMaWdodCIsInZlcnNpb24iOjN[...]
Deleted : user_pref("CT3289847.wreck-experiments-feed.enc", "eyJuYW1lIjoid3JlY2tBbmRUYWJvb2xhIiwidmVyc2lvbiI6M[...]
Deleted : user_pref("CT3289847.wreck-experiments-hover_effect.enc", "eyJuYW1lIjoiaGFsZiIsInZlcnNpb24iOjF9");
Deleted : user_pref("CT3289847.wreck-experiments-trigger.enc", "eyJuYW1lIjoieDAuNSIsInZlcnNpb24iOjF9");
Deleted : user_pref("CT3289847.wreck-periodic-reports.enc", "eyJ3cmVja19waW5nXzAiOlsxMzY5OTcxNDgwNTQ2LDE0NDAwM[...]
Deleted : user_pref("CT3289847.wreck-user-id.enc", "ImYwZmFiZjRjLWVlMTUtNGU3MC1iY2IxLWQ3MTkwZTA4NmY4NSI=");
Deleted : user_pref("CT3289847_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]

Deleted : user_pref("Smartbar.ConduitSearchEngineList", "WhiteSmoke New Customized Web Search");

Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");
Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3289847");

Deleted : user_pref("browser.search.defaultthis.engineName", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("browser.search.selectedEngine", "WhiteSmoke New Customized Web Search");
Deleted : user_pref("extensions.wecarereminder.merchHash", "{\"AFFILIATES\":{\"1-Sale-A-Day\":{\"name\":\"1 Sa[...]

Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3289847");


Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3289847");
Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3289847");
Deleted : user_pref("smartbar.machineId", "QLTCF8W/ZUT6PZSKJVODY+VPOR3O/SFUB3NV/+QGG3GJVXDT2ZPQ8XGOUWKPJO7RE1D[...]

Deleted : user_pref("sweetim.toolbar.RevertDialog.enable", "false");
Deleted : user_pref("sweetim.toolbar.SearchBoxLogo", "bing.png");
Deleted : user_pref("sweetim.toolbar.SearchBoxText", "Search with Bing");
Deleted : user_pref("sweetim.toolbar.UserSelectedSaveSettings", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Deleted : user_pref("sweetim.toolbar.cargo", "3.5000006.10045");
Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "false");
Deleted : user_pref("sweetim.toolbar.defaultProvider", "bng");
Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");

Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");

Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");

Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");

Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");

Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");

Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.goog[...]
Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Deleted : user_pref("sweetim.toolbar.keywordUrlGuard.enable", "false");
Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Deleted : user_pref("sweetim.toolbar.newtab.created", "false");
Deleted : user_pref("sweetim.toolbar.newtab.enable", "false");


Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");

Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "WhiteSmoke New Customized Web S[...]

Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");

Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");

Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");

Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");

Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..[...]
Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");

Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engin[...]
Deleted : user_pref("sweetim.toolbar.search.history", "censored,kelly%20blue%20book");
Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Deleted : user_pref("sweetim.toolbar.simapp_id", "{17DF9A5C-C674-11E2-8DC6-00266C6D8FB1}");






Deleted : user_pref("sweetim.toolbar.version", "1.13.0.1");
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_blackList", "form=CONTLB|babsrc=too[...]


Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]
Deleted : user_pref("{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}.ScriptData_product_name", "Updater By SweetPacks")[...]

-\\ Google Chrome v27.0.1453.116

File : C:\Users\Stuart\AppData\Local\Google\Chrome\User Data\Default\Preferences


Deleted [l.25] : keyword = "start.sweetim.com",


*************************

AdwCleaner[R1].txt - [30093 octets] - [28/06/2013 18:00:32]
AdwCleaner[s1].txt - [30601 octets] - [28/06/2013 18:43:37]

########## EOF - C:\AdwCleaner[s1].txt - [30662 octets] ##########
 

Link to post
Share on other sites

RogueKiller V8.6.1 [Jun 17 2013] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/file/413-roguekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User : Stuart [Admin rights]
Mode : Scan -- Date : 06/28/2013 21:42:30
| ARK || FAK || MBR |

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Scheduled tasks : 1 ¤¤¤
[V2][sUSP PATH] TopArcadeHits : C:\Users\Stuart\AppData\Local\TopArcadeHits\updater.exe [x] -> FOUND

¤¤¤ Startup Entries : 0 ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [NOT LOADED] ¤¤¤

¤¤¤ External Hives: ¤¤¤

¤¤¤ Infection :  ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts




¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS545050B9A300 ATA Device +++++
--- User ---
[MBR] b98b1a5bc44530c34829c6ac4c443ea2
[bSP] 2c02042aef6ef4af51bb391381bbf1a9 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 1500 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 3074048 | Size: 464784 Mo
2 - [XXXXXX] NTFS (0x17) [HIDDEN!] Offset (sectors): 954951680 | Size: 10655 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[0]_S_06282013_214230.txt >>
RKreport[0]_D_06282013_152313.txt;RKreport[0]_S_06282013_151302.txt


 

Link to post
Share on other sites

Thanks for all your help.

Is it ok to run adwcleaner on my other pcs to clean out the junk?

Yes it is.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Run RogueKiller again and click Scan

When the scan completes > click on the Scheduled Tasks tab

Put a check next to all of these and uncheck the rest: (if found)

 

[V2][sUSP PATH] TopArcadeHits : C:\Users\Stuart\AppData\Local\TopArcadeHits\updater.exe [x] -> FOUND

Now click Delete on the right hand column under Options

-------------

Then.......

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

more-reply-options.jpg

New window that comes up.

choose-files1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.