Jump to content

Homeland Security/FBI Ransomware Assistance


Recommended Posts

My boyfriend seems to have picked up this nasty ransomware and for the past 3 hours we've been trying, with no avail, to get the manual methods to work for us. It appears they've 'updated' this virus, and now it just...freezes any attempts at Safe Mode, System Recovery, or anything of the sort. My boyfriend does not have his windows 7 install disc, and isn't really too happy about the idea of having to wipe. We used the FRST method and managed to get a log; That's as far as I've gotten. I'm not adept enough to attempt the manual creation of the 'fixlist,' and so I've come to ask you guys for help so we can go back to playing FF14: A Realm Reborn in peace. :(

 

Here's his log:

 

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 24-10-2013
Ran by Guest (ATTENTION: The logged in user is not administrator) on OWNER-PC on 25-10-2013 03:58:52
Running from K:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal
 
==================== Could not list processes ===============
 
==================== Registry (Whitelisted) ==================
 
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [8067616 2009-08-18] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-03-15] (Adobe Systems Incorporated)
HKLM\...\Run: [EvtMgr6] - C:\Program Files\Logitech\SetPointP\SetPoint.exe [1744152 2011-10-07] (Logitech, Inc.)
HKLM\...\Run: [intel Scheduler2 Service] - C:\Program Files (x86)\Common Files\Intel\Schedule2\schedhlp.exe [362296 2010-11-01] (Intel)
HKLM\...\Run: [Nvtmru] - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028896 2013-07-27] (NVIDIA Corporation)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\Run: [Logitech Download Assistant] - C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\RunOnce: [*WerKernelReporting] - %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-13] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
HKCU\...\Run: [swg] - C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-01-27] (Google Inc.)
HKCU\...\Run: [Logitech Vid] - C:\Program Files (x86)\Logitech\Vid HD\Vid.exe [6123032 2011-06-01] (Logitech Inc.)
HKCU\...\Run: [msnmsgr] - C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [3872080 2010-04-16] (Microsoft Corporation)
HKCU\...\Run: [RESTART_STICKY_NOTES] - C:\Windows\System32\StikyNot.exe [427520 2009-07-13] (Microsoft Corporation)
HKCU\...\Policies\Explorer: [NoDesktopCleanupWizard] 1
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] - [x]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [sSBkgdUpdate] - C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe [210472 2006-10-25] (Nuance Communications, Inc.)
HKLM-x32\...\Run: [iSUSScheduler] - C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [81920 2005-02-16] (InstallShield Software Corporation)
HKLM-x32\...\Run: [DNS7reminder] - C:\ProgramData\Nuance\NaturallySpeaking10\Ereg.ini [328 2013-10-25] ()
HKLM-x32\...\Run: [AVG9_TRAY] - C:\Program Files (x86)\AVG\AVG9\avgtray.exe [2077536 2012-01-26] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [instaLAN] - C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinRouterMonitor.exe [1485208 2010-07-28] (Affinegy, Inc.)
HKLM-x32\...\Run: [ATICustomerCare] - C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe [311296 2010-03-04] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [ApnUpdater] - C:\Program Files (x86)\Ask.com\Updater\Updater.exe [1646216 2013-01-24] (Ask)
HKLM-x32\...\Run: [switchBoard] - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2011-10-24] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKLM-x32\...\Run: [bM.exe] - C:\Program Files (x86)\HP\Button Manager\BM.exe [1571328 2011-05-02] (Hewlett-Packard)
HKLM-x32\...\Run: [DataMigrationSoftwareMonitor.exe] - C:\Program Files (x86)\Intel\DataMigrationSoftware\DataMigrationSoftwareMonitor.exe [2605224 2010-11-01] (Intel)
HKLM-x32\...\Run: [hpqSRMon] - C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] - C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [startCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [642808 2012-12-19] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [uSB3MON] - C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [Razer Synapse] - C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [610152 2013-06-21] (Razer Inc.)
HKLM-x32\...\Run: [LogMeIn Hamachi Ui] - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2345296 2013-10-01] (LogMeIn Inc.)
AppInit_DLLs: avgrssta.dll, C:\PROGRA~1\NVIDIA~1\NVSTRE~1\rxinput.dll [653600 2013-07-27] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\PROGRA~2\NVIDIA~1\NVSTRE~1\rxinput.dll [593696 2013-07-27] (NVIDIA Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com/
SearchScopes: HKLM-x32 - Backup.Old.DefaultScope {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
SearchScopes: HKLM-x32 - {0B4A10D1-FBD6-451d-BFDA-F03252B05984} URL = http://slirsredirect.search.aol.com/redirector/sredir?sredir=2706&query={searchTerms}&invocationType=tb50-ie-aim-chromesbox-en-us&tb_uuid=20100502184320327&tb_oid=02-05-2010&tb_mrud=02-05-2010
SearchScopes: HKLM-x32 - {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=adknlg&chnl=adknlg&cd=2XzuyEtN2Y1L1Qzu0EtD0C0ByE0E0ByD0BtA0DtDyEyCyC0DtN0D0Tzu0CtCzzyEtN1L2XzutBtFtCtFtDtFtAtDtC&cr=588729865
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live Family Safety Browser Helper Class - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
BHO: Skype add-on for Internet Explorer - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: No Name - {5C255C8A-E604-49b4-9D64-90988571CECB} -  No File
BHO-x32: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO-x32: Funmoods Helper Object - {75EBB0AA-4214-4CB4-90EC-E3E07ECD04F7} - C:\PROGRA~2\Funmoods\1.5.23.22\bh\escort.dll No File
BHO-x32: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV2.dll (Conduit Ltd.)
BHO-x32: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Skype Browser Helper - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
BHO-x32: AIM Toolbar Loader - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
BHO-x32: SmartSelect Class - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
BHO-x32: Yontoo Layers - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo LLC)
BHO-x32: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\YTSingleInstance.dll (Yahoo! Inc)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - AIM Toolbar - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files (x86)\AIM Toolbar\aimtb.dll (AOL Inc.)
Toolbar: HKLM-x32 - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} -  No File
Toolbar: HKLM-x32 - IMVU Inc Toolbar - {90b49673-5506-483e-b92b-ca0265bd9ca8} - C:\Program Files (x86)\IMVU_Inc\prxtbIMV2.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - Funmoods Toolbar - {A4C272EC-ED9E-4ACE-A6F2-9558C7F29EF3} - C:\PROGRA~2\Funmoods\1.5.23.22\escorTlbr.dll No File
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKCU - No Name - {61539ECD-CC67-4437-A03C-9AACCBD14326} -  No File
Toolbar: HKCU - No Name - {B2E293EE-FD7E-4C71-A714-5F4750D8D7B7} -  No File
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} -  No File
Toolbar: HKCU - No Name - {21FA44EF-376D-4D53-9B0F-8A89D3229068} -  No File
Toolbar: HKCU - Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
Toolbar: HKCU - No Name - {90B49673-5506-483E-B92B-CA0265BD9CA8} -  No File
Toolbar: HKCU - No Name - {30F9B915-B755-4826-820B-08FBA6BD249D} -  No File
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: HKLM-x32 {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace.com/upload/MySpaceUploader2.cab
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
Handler-x32: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 
FireFox:
========
FF ProfilePath: C:\Users\Guest\AppData\Roaming\Mozilla\Firefox\Profiles\csrtqv1l.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.0 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.104.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.118.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @funwebproducts.com/Plugin - C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll (Fun Web Products, Inc.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater - C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.3.1 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/JavaPlugin,version=10.3.1 - C:\Program Files (x86)\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 - C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeLive,version=1.3 - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=14.0.8117.0416 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @nexon.net/NxGame - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
FF Plugin-x32: @raidcall.en/RCplugin - C:\Users\Owner\AppData\Roaming\raidcall\plugins\nprcplugin.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.1 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.10 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.3 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wacom-plugin,version=1.1.0.5 - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.1 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF Plugin-x32: @wacom.com/wtPlugin,version=2.0.0.3 - C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\answers.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\avg_igeared.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\creativecommons.xml
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
FF Extension: Skype Click to Call - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF HKLM-x32\...\Firefox\Extensions: [{3f963a5b-e555-4543-90e2-c3908898db71}] - C:\Program Files (x86)\AVG\AVG9\Firefox
FF Extension: AVG Safe Search - C:\Program Files (x86)\AVG\AVG9\Firefox
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
 
Chrome: 
=======
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\gcswf32.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll No File
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll (Apple Inc.)
CHR Plugin: (QuickTime Plug-in 7.6.9) - C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll (Apple Inc.)
CHR Plugin: (Java Deployment Toolkit 6.0.270.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll No File
CHR Plugin: (Java Platform SE 6 U27) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll No File
CHR Plugin: (Silverlight Plug-In) - C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll No File
CHR Plugin: (Shockwave for Director) - C:\Windows\system32\Adobe\Director\np32dsw.dll No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office Live Plug-in for Firefox) - C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
CHR Plugin: (Remoting Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\23.0.1271.64\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (downloadUpdater) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll (AOL LLC)
CHR Plugin: (downloadUpdater2) - C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll (AOL LLC)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\0.80.0\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.0\npesnsonar.dll No File
CHR Plugin: (Fun Web Products Plugin Stub) - C:\Program Files (x86)\FunWebProducts\Installr\1.bin\NPFunWeb.dll (Fun Web Products, Inc.)
CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.69\npGoogleUpdate3.dll No File
CHR Plugin: (Pando Web Plugin) - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll No File
CHR Plugin: ( Wacom Dynamic Link Library) - C:\Program Files (x86)\TabletPlugins\npwacom.dll (Wacom, Inc.)
CHR Plugin: (Windows Live\u00AE Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Nexon Game Controller) - C:\ProgramData\NexonUS\NGM\npNxGameUS.dll (Nexon)
CHR Plugin: (Default Plug-in) - default_plugin No File
CHR Extension: (PriceGong) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.4_0
CHR Extension: (YouTube) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0
CHR Extension: (Google Search) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0
CHR Extension: (Skype Click to Call) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0
CHR Extension: (Gmail) - C:\Users\Guest\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0
CHR HKLM\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Owner\AppData\Local\funmoods.crx
CHR HKLM\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Owner\AppData\Local\funmoods-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [bbjciahceamgodcoidkjpchnokgfpphh] - C:\Users\Owner\AppData\Local\funmoods.crx
CHR HKLM-x32\...\Chrome\Extension: [cjpglkicenollcignonpgiafdgfeehoj] - C:\Users\Owner\AppData\Local\funmoods-speeddial.crx
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Users\Owner\AppData\Local\Temp\YontooLayers.crx
 
==================== Services (Whitelisted) =================
 
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AffinegyService; C:\Program Files (x86)\Belkin\Router Setup and Monitor\BelkinService.exe [569752 2010-07-28] (Affinegy, Inc.)
S2 avg9emc; C:\Program Files (x86)\AVG\AVG9\avgemc.exe [921952 2010-08-15] (AVG Technologies CZ, s.r.o.)
R2 avg9wd; C:\Program Files (x86)\AVG\AVG9\avgwdsvc.exe [308136 2010-08-15] (AVG Technologies CZ, s.r.o.)
R2 avgfws9; C:\Program Files (x86)\AVG\AVG9\avgfws9.exe [2331544 2010-11-24] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Bin\AVGIDSAgent.exe [5897808 2010-08-15] (AVG Technologies CZ, s.r.o.)
R2 Belkin Local Backup Service; C:\Program Files\Belkin\Belkin USB Print and Storage Center\BkBackupScheduler.exe [181760 2010-02-17] ()
R2 Belkin Network USB Helper; C:\Program Files\Belkin\Belkin USB Print and Storage Center\Bkapcs.exe [55296 2010-02-09] ()
S3 Common Toolkit Tools; C:\Program Files (x86)\Fighters\FULL-DISKfighter\Common Toolkit Tools.exe [270960 2012-06-05] (SPAMfighter ApS)
S3 COMSysApp; C:\Windows\SysWow64\dllhost.exe [7168 2009-07-13] (Microsoft Corporation)
R2 HiPatchService; I:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [8704 2013-02-12] (Hi-Rez Studios)
R2 IntSch2Svc; C:\Program Files (x86)\Common Files\Intel\Schedule2\schedul2.exe [1164704 2010-11-01] (Intel)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
R2 lmhosts; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
S2 LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [373640 2010-12-08] (LogMeIn, Inc.)
S3 msiserver; C:\Windows\SysWow64\msiexec.exe [73216 2010-11-20] (Microsoft Corporation)
R2 NlaSvc; C:\Windows\System32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 nsi; C:\Windows\system32\svchost.exe [27136 2009-07-13] (Microsoft Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14984480 2013-07-27] (NVIDIA Corporation)
R2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-10-09] ()
R2 RalinkRegistryWriter; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry.exe [377088 2011-11-21] (Ralink Technology, Corp.)
R2 RalinkRegistryWriter64; C:\Program Files (x86)\NETGEAR\WNDA4100\Service\RaRegistry64.exe [455424 2011-11-21] (Ralink Technology, Corp.)
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [99048 2010-08-09] (SANDBOXIE L.T.D)
S2 Suite Service; C:\Program Files (x86)\Fighters\FighterSuiteService.exe [1267264 2012-05-10] (SPAMfighter ApS)
R2 uCamMonitor; C:\Program Files (x86)\ArcSoft\HP Webcam Software Suite\Magic-i Visual Effects 2\uCamMonitor.exe [104960 2008-09-18] (ArcSoft, Inc.)
S2 Winmgmt; C:\PROGRA~3\bl3bbd.pzz [60512 2013-10-14] (Microsoft Corporation)
R2 WSearch; C:\Windows\SysWow64\SearchIndexer.exe [427520 2011-05-03] (Microsoft Corporation)
 
==================== Drivers (Whitelisted) ====================
 
S3 ArcSoftKsUFilter; C:\Windows\System32\DRIVERS\ArcSoftKsUFilter.sys [19968 2009-05-26] (ArcSoft, Inc.)
R2 ASInsHelp; C:\Windows\SysWow64\drivers\AsInsHelp64.sys [11832 2008-01-04] ()
R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2009-08-03] ()
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [13368 2009-07-06] ()
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6a.sys [29976 2010-08-15] (AVG Technologies CZ, s.r.o.)
R3 AVGIDSDriverw7a; C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSDriver.sys [132688 2010-08-15] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSErHrw7a; C:\Windows\System32\Drivers\AVGIDSwa.sys [27216 2010-08-15] (AVG Technologies CZ, s.r.o. )
R3 AVGIDSFilterw7a; C:\Program Files (x86)\AVG\AVG9\Identity Protection\Agent\Driver\Platform_WIN764\AVGIDSFilter.sys [35920 2010-08-15] (AVG Technologies CZ, s.r.o. )
R1 AvgLdx64; C:\Windows\System32\Drivers\avgldx64.sys [282976 2013-01-17] (AVG Technologies CZ, s.r.o.)
R1 AvgMfx64; C:\Windows\System32\Drivers\avgmfx64.sys [35664 2011-09-13] (AVG Technologies CZ, s.r.o.)
R0 AvgRkx64; C:\Windows\System32\Drivers\avgrkx64.sys [56008 2010-08-15] (AVG Technologies CZ, s.r.o.)
R1 AvgTdiA; C:\Windows\System32\Drivers\avgtdia.sys [317520 2011-05-05] (AVG Technologies CZ, s.r.o.)
S2 Htsysm; C:\Windows\SysWow64\HtsysmNT.sys [2304 2010-11-04] ()
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [26640 2009-05-15] (Kaspersky Lab)
S4 LMIRfsClientNP; No ImagePath
S3 LVPr2M64; C:\Windows\System32\DRIVERS\LVPr2M64.sys [30232 2009-10-07] ()
S3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [15416 2009-07-16] ()
R3 Neo_VPN; C:\Windows\System32\DRIVERS\Neo_0061.sys [29312 2013-04-18] (SoftEther Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [39712 2013-05-14] (NVIDIA Corporation)
R2 RtNdPt60; C:\Windows\System32\DRIVERS\RtNdPt60.sys [26624 2007-12-11] (Windows ® Codename Longhorn DDK provider)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [143464 2010-08-09] (SANDBOXIE L.T.D)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-13] (Brother Industries Ltd.)
R0 sptd; C:\Windows\System32\Drivers\sptd.sys [834544 2010-05-16] ()
R3 sxuptp; C:\Windows\System32\DRIVERS\sxuptp.sys [291352 2010-03-10] (silex technology, Inc.)
R3 VCSVADHWSer; C:\Windows\System32\DRIVERS\vcsvad.sys [21504 2008-12-26] (Avnex)
U3 ax5oib9i; C:\Windows\System32\Drivers\ax5oib9i.sys [0 ] (Microsoft Corporation)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [x]
S2 LMIInfo; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [x]
U3 tmlwf; 
U3 tmwfp; 
S3 X6va005; \??\C:\Users\Owner\AppData\Local\Temp\0058A08.tmp [x]
 
==================== NetSvcs (Whitelisted) ===================
 
 
==================== One Month Created Files and Folders ========
 
2013-10-25 02:29 - 2013-10-25 02:29 - 00000000 ____D C:\Users\Guest\AppData\Local\LogMeIn
2013-10-25 02:28 - 2013-10-25 02:28 - 00000756 _____ C:\Windows\LkmdfCoInst.log
2013-10-25 02:27 - 2013-10-25 02:27 - 00000000 ____D C:\Users\Guest\AppData\Local\Razer
2013-10-25 02:26 - 2013-10-25 02:26 - 00000000 ____D C:\Users\Guest\AppData\Roaming\AVG9
2013-10-18 15:21 - 2013-10-18 15:21 - 00000000 ____D C:\Program Files (x86)\Yawcam
2013-10-14 15:10 - 2013-10-14 15:11 - 00000000 ____D C:\Windows\rescache
2013-10-14 13:06 - 2013-10-25 03:43 - 95025368 ____T C:\ProgramData\bl3bbd.pff
2013-10-14 13:06 - 2013-10-25 03:43 - 00000000 _____ C:\ProgramData\bl3bbd.ctrl
2013-10-14 13:06 - 2013-10-14 13:06 - 00180224 _____ (Borland Software Corporation) C:\ProgramData\dbb3lb.plz
2013-10-14 13:06 - 2013-10-14 13:06 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\bl3bbd.pzz
2013-10-10 03:09 - 2013-09-22 18:28 - 01767936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-10-10 03:09 - 2013-09-22 18:28 - 01141248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 14335488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 02876928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-10-10 03:09 - 2013-09-22 18:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-10-10 03:09 - 2013-09-22 17:55 - 02241024 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-10-10 03:09 - 2013-09-22 17:55 - 01365504 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-10-10 03:09 - 2013-09-22 17:55 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-10-10 03:09 - 2013-09-22 17:54 - 19252224 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-10-10 03:09 - 2013-09-22 17:54 - 15404544 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-10-10 03:09 - 2013-09-22 17:54 - 03959296 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-10-10 03:09 - 2013-09-22 17:54 - 02647552 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-10-10 03:09 - 2013-09-22 17:54 - 00855552 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-10-10 03:09 - 2013-09-22 17:54 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-10-10 03:09 - 2013-09-22 17:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-10-10 03:09 - 2013-09-22 17:54 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-10-10 03:09 - 2013-09-22 17:54 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-10-10 03:09 - 2013-09-22 17:54 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-10-10 03:09 - 2013-09-22 17:54 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-10-10 03:09 - 2013-09-20 22:38 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-10-10 03:09 - 2013-09-20 22:30 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-10-10 03:09 - 2013-09-20 21:48 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-10 03:09 - 2013-09-20 21:39 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-10-09 23:58 - 2013-09-13 20:10 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-10-09 23:58 - 2013-09-07 21:30 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-10-09 23:58 - 2013-09-07 21:27 - 00327168 _____ (Microsoft Corporation) C:\Windows\system32\mswsock.dll
2013-10-09 23:58 - 2013-09-07 21:03 - 00231424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mswsock.dll
2013-10-09 23:58 - 2013-08-28 21:17 - 05549504 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-10-09 23:58 - 2013-08-28 21:16 - 01732032 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-10-09 23:58 - 2013-08-28 21:16 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\tdh.dll
2013-10-09 23:58 - 2013-08-28 21:16 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2013-10-09 23:58 - 2013-08-28 21:13 - 00878080 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2013-10-09 23:58 - 2013-08-28 20:51 - 03969472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2013-10-09 23:58 - 2013-08-28 20:51 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2013-10-09 23:58 - 2013-08-28 20:50 - 01292192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2013-10-09 23:58 - 2013-08-28 20:50 - 00619520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdh.dll
2013-10-09 23:58 - 2013-08-28 20:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2013-10-09 23:58 - 2013-08-28 20:48 - 00640512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2013-10-09 23:58 - 2013-08-28 19:49 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2013-10-09 23:58 - 2013-08-28 19:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2013-10-09 23:58 - 2013-08-28 19:49 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2013-10-09 23:58 - 2013-08-28 19:49 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2013-10-09 23:58 - 2013-08-27 20:21 - 03155968 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-10-09 23:58 - 2013-08-27 20:12 - 00461312 _____ (Microsoft Corporation) C:\Windows\system32\scavengeui.dll
2013-10-09 23:58 - 2013-08-01 07:09 - 00983488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-10-09 23:58 - 2013-07-20 05:33 - 00124112 _____ (Microsoft Corporation) C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 23:58 - 2013-07-20 05:33 - 00102608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-09 23:58 - 2013-07-12 05:41 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbvideo.sys
2013-10-09 23:58 - 2013-07-12 05:41 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbcir.sys
2013-10-09 23:58 - 2013-07-12 05:40 - 00109824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBAUDIO.sys
2013-10-09 23:58 - 2013-07-04 07:57 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\WebClnt.dll
2013-10-09 23:58 - 2013-07-04 07:50 - 00633856 _____ (Microsoft Corporation) C:\Windows\system32\comctl32.dll
2013-10-09 23:58 - 2013-07-04 07:50 - 00102400 _____ (Microsoft Corporation) C:\Windows\system32\davclnt.dll
2013-10-09 23:58 - 2013-07-04 06:57 - 00205824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WebClnt.dll
2013-10-09 23:58 - 2013-07-04 06:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\davclnt.dll
2013-10-09 23:58 - 2013-07-04 06:50 - 00530432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comctl32.dll
2013-10-09 23:58 - 2013-07-04 05:11 - 00140800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2013-10-09 23:58 - 2013-07-02 23:40 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbscan.sys
2013-10-09 23:58 - 2013-07-02 23:05 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidclass.sys
2013-10-09 23:58 - 2013-07-02 23:05 - 00032896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hidparse.sys
2013-10-09 23:58 - 2013-06-25 17:55 - 00785624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2013-10-09 23:58 - 2013-06-06 00:50 - 00041472 _____ (Microsoft Corporation) C:\Windows\system32\lpk.dll
2013-10-09 23:58 - 2013-06-06 00:49 - 00100864 _____ (Microsoft Corporation) C:\Windows\system32\fontsub.dll
2013-10-09 23:58 - 2013-06-06 00:49 - 00014336 _____ (Microsoft Corporation) C:\Windows\system32\dciman32.dll
2013-10-09 23:58 - 2013-06-06 00:47 - 00046080 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2013-10-09 23:58 - 2013-06-05 23:57 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\lpk.dll
2013-10-09 23:58 - 2013-06-05 23:51 - 00070656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontsub.dll
2013-10-09 23:58 - 2013-06-05 23:50 - 00010240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dciman32.dll
2013-10-09 23:58 - 2013-06-05 22:30 - 00368128 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2013-10-09 23:58 - 2013-06-05 22:01 - 00295424 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2013-10-09 23:58 - 2013-06-05 22:01 - 00034304 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2013-10-09 17:05 - 2013-10-09 17:05 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-09 13:38 - 2013-10-09 13:38 - 00001209 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
2013-10-09 13:37 - 2013-10-09 13:37 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-02 21:12 - 2013-10-02 21:12 - 00001035 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2013-10-02 13:38 - 2013-10-02 13:38 - 651904839 _____ C:\Windows\MEMORY.DMP
2013-10-01 16:44 - 2013-10-01 16:44 - 00000000 ____D C:\ProgramData\fltk.org
 
==================== One Month Modified Files and Folders =======
 
2013-10-25 03:59 - 2011-10-06 10:42 - 00000000 ____D C:\Users\Guest\AppData\Local\LogMeIn Hamachi
2013-10-25 03:57 - 2013-06-11 19:59 - 00016236 _____ C:\Windows\setupact.log
2013-10-25 03:56 - 2011-11-30 23:31 - 00000000 ____D C:\Users\Guest\Tracing
2013-10-25 03:55 - 2011-09-09 09:20 - 00000000 ____D C:\Users\Guest\AppData\Local\TSVNCache
2013-10-25 03:54 - 2013-03-06 08:09 - 00000000 ____D C:\ProgramData\NVIDIA
2013-10-25 03:43 - 2013-10-14 13:06 - 95025368 ____T C:\ProgramData\bl3bbd.pff
2013-10-25 03:43 - 2013-10-14 13:06 - 00000000 _____ C:\ProgramData\bl3bbd.ctrl
2013-10-25 03:26 - 2013-06-12 10:30 - 00025518 _____ C:\Windows\PFRO.log
2013-10-25 03:03 - 2010-01-26 21:51 - 01946135 _____ C:\Windows\WindowsUpdate.log
2013-10-25 02:33 - 2009-07-13 23:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-10-25 02:33 - 2009-07-13 23:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-10-25 02:29 - 2013-10-25 02:29 - 00000000 ____D C:\Users\Guest\AppData\Local\LogMeIn
2013-10-25 02:28 - 2013-10-25 02:28 - 00000756 _____ C:\Windows\LkmdfCoInst.log
2013-10-25 02:28 - 2012-01-21 15:24 - 00018960 _____ (Logitech, Inc.) C:\Windows\system32\Drivers\LNonPnP.sys
2013-10-25 02:28 - 2011-09-09 09:31 - 00000000 ____D C:\Users\Guest\AppData\Local\Google
2013-10-25 02:27 - 2013-10-25 02:27 - 00000000 ____D C:\Users\Guest\AppData\Local\Razer
2013-10-25 02:26 - 2013-10-25 02:26 - 00000000 ____D C:\Users\Guest\AppData\Roaming\AVG9
2013-10-25 02:26 - 2011-09-09 09:20 - 00121112 _____ C:\Users\Guest\AppData\Local\GDIPFONTCACHEV1.DAT
2013-10-25 02:25 - 2011-09-09 09:19 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-10-25 02:25 - 2011-09-09 09:19 - 00000000 ___RD C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-10-25 02:24 - 2011-09-09 09:19 - 00001413 _____ C:\Users\Guest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-10-24 20:35 - 2010-08-15 05:16 - 00000000 ____D C:\Windows\system32\Drivers\Avg
2013-10-21 14:27 - 2009-07-14 00:13 - 00006468 _____ C:\Windows\system32\PerfStringBackup.INI
2013-10-18 15:21 - 2013-10-18 15:21 - 00000000 ____D C:\Program Files (x86)\Yawcam
2013-10-18 15:21 - 2010-01-26 21:52 - 00000000 ____D C:\Users\Owner
2013-10-16 11:39 - 2013-04-18 17:59 - 00002106 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-10-16 01:39 - 2011-10-04 09:16 - 00000000 ____D C:\Program Files (x86)\Origin
2013-10-15 00:28 - 2010-08-26 01:46 - 00000000 ____D C:\ProgramData\LogMeIn
2013-10-14 15:11 - 2013-10-14 15:10 - 00000000 ____D C:\Windows\rescache
2013-10-14 13:06 - 2013-10-14 13:06 - 00180224 _____ (Borland Software Corporation) C:\ProgramData\dbb3lb.plz
2013-10-14 13:06 - 2013-10-14 13:06 - 00060512 ____T (Microsoft Corporation) C:\ProgramData\bl3bbd.pzz
2013-10-14 12:59 - 2011-05-07 21:07 - 00000258 __RSH C:\ProgramData\ntuser.pol
2013-10-14 12:59 - 2009-07-13 23:45 - 05047136 _____ C:\Windows\system32\FNTCACHE.DAT
2013-10-14 12:56 - 2012-05-15 19:35 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-10-14 12:56 - 2012-05-15 19:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2013-10-14 12:56 - 2011-10-04 10:30 - 00000000 ____D C:\Program Files (x86)\Battlelog Web Plugins
2013-10-11 20:25 - 2011-10-04 09:17 - 00000000 ____D C:\Program Files (x86)\Origin Games
2013-10-11 11:56 - 2013-08-14 23:32 - 00214392 _____ C:\Windows\SysWOW64\PnkBstrB.exe
2013-10-11 11:56 - 2010-01-27 13:46 - 00215416 _____ C:\Windows\SysWOW64\PnkBstrB.ex0
2013-10-10 03:10 - 2009-11-13 12:11 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-10-09 17:05 - 2013-10-09 17:05 - 00000000 ____D C:\Program Files (x86)\LogMeIn Hamachi
2013-10-09 13:38 - 2013-10-09 13:38 - 00001209 _____ C:\Users\Public\Desktop\Battlefield 4™ Beta.lnk
2013-10-09 13:37 - 2013-10-09 13:37 - 00000000 ____D C:\ProgramData\Package Cache
2013-10-09 13:37 - 2013-08-14 23:32 - 00076888 _____ C:\Windows\SysWOW64\PnkBstrA.exe
2013-10-09 13:37 - 2013-07-17 17:07 - 00092189 _____ C:\Windows\DirectX.log
2013-10-09 05:31 - 2012-04-05 07:48 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-10-09 05:31 - 2011-05-16 15:01 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-10-02 21:12 - 2013-10-02 21:12 - 00001035 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2013-10-02 21:12 - 2009-11-13 12:03 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-10-02 18:15 - 2011-06-15 21:29 - 00000000 ____D C:\Program Files (x86)\Ask.com
2013-10-02 13:50 - 2009-11-13 12:03 - 00000000 ____D C:\Program Files (x86)\Intel
2013-10-02 13:38 - 2013-10-02 13:38 - 651904839 _____ C:\Windows\MEMORY.DMP
2013-10-01 16:44 - 2013-10-01 16:44 - 00000000 ____D C:\ProgramData\fltk.org
2013-09-29 20:47 - 2010-08-24 18:03 - 00002520 _____ C:\Windows\Sandboxie.ini
 
Files to move or delete:
====================
C:\ProgramData\bl3bbd.ctrl
C:\ProgramData\bl3bbd.pff
C:\ProgramData\dbb3lb.plz
 
 
==================== Bamital & volsnap Check =================
 
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 
==================== End Of Log ============================

 

 

Please guide us.

Link to post
Share on other sites

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 24-10-2013

Ran by Owner at 2013-10-25 12:43:34 Run:1

Running from K:\

Boot Mode: Normal

==============================================

 

Content of fixlist:

*****************

C:\ProgramData\1bl3bbd.ctrl

C:\ProgramData\1bl3bbd.pff

C:\ProgramData\1dbb3lb.plz

S2 Winmgmt; C:\PROGRA~3\bl3bbd.pzz [60512 2013-10-14] (Microsoft Corporation)

C:\ProgramData\1bl3bbd.pz

*****************

 

C:\ProgramData\1bl3bbd.ctrl => Moved successfully.

C:\ProgramData\1bl3bbd.pff => Moved successfully.

"C:\ProgramData\1dbb3lb.plz" => File/Directory not found.

Winmgmt => Service restored successfully.

"C:\ProgramData\1bl3bbd.pz" => File/Directory not found.

 

==== End of Fixlog ====

 

 

 

He had the 'smart' idea of renaming the files to be able to get on his user account, hence why the names on here are removed. I'm sorry, he did this while I was asleep. It worked, however, and he looked in the program data file to make sure it was all out of there, which it is. What's next?

Link to post
Share on other sites

Well we should run some more scans to ensure you're clean......

First:

Download Malwarebytes Anti-Rootkit from HERE

  • Unzip the contents to a folder in a convenient location.
  • Open the folder where the contents were unzipped and run mbar.exe
  • Follow the instructions in the wizard to update and allow the program to scan your computer for threats.
  • Click on the Cleanup button to remove any threats and reboot if prompted to do so.
  • Wait while the system shuts down and the cleanup process is performed.
  • Perform another scan with Malwarebytes Anti-Rootkit to verify that no threats remain. If they do, then click Cleanup once more and repeat the process.
  • When done, please post the two logs produced they will be in the MBAR folder..... mbar-log.txt and system-log.txt
To attach a log if needed:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

~~~~~~~~~~~~~~~~~~~~~~~

Note:

If no additional threats were found, verify that your system is now running normally, making sure that the following items are functional:

Internet access

Windows Update

Windows Firewall

If there are additional problems with your system, such as any of those listed above or other system issues, then run the fixdamage tool included with Malwarebytes Anti-Rootkit and reboot. It's located in the Plugins folder which is in the MBAR folder.

Just run fixdamage.exe.

Verify that they are now functioning normally.

MrC

Link to post
Share on other sites

Well Done, lets run ComboFix to clear up any leftovers.

Please download and run ComboFix.

The most important things to remember when running it is to disable all your malware programs and run Combofix from your desktop.

Please visit this webpage for download links, and instructions for running ComboFix

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please make sure you click download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Information on disabling your malware programs can be found Here.

Make sure you run ComboFix from your desktop.

Give it at least 30-45 minutes to finish if needed.

Please include the C:\ComboFix.txt in your next reply for further review.

---------->NOTE<----------

If you get the message Illegal operation attempted on registry key that has been marked for deletion after you run ComboFix....please reboot the computer, this should resolve the problem. You may have to do this several times if needed.

MrC

Link to post
Share on other sites

Looks Good......

Lets clean out any adware now: (this will require a reboot so save all your work)

Please download AdwCleaner by Xplode and save to your Desktop.

Make sure you click on download buttons that look like this, not "sponsored ad links":

bleep-crop.jpg

  • Double click on AdwCleaner.exe to run the tool.

    Vista/Windows 7/8 users right-click and select Run As Administrator

  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
  • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
  • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • Look over the log especially under Files/Folders for any program you want to save.
  • If there's a program you may want to save, just uncheck it from AdwCleaner.
  • If you're not sure, post the log for review. (all items found are adware/spyware/foistware)
  • If you're ready to clean it all up.....click the Clean button.
  • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
  • To restore an item that has been deleted:
  • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
Then..................

Open up Malwarebytes > Settings Tab > Scanner Settings > Under action for PUP > Select: Show in Results List and Check for removal.

Please Update and run a Quick Scan with Malwarebytes Anti-Malware, post the report.

Make sure that everything is checked, and click Remove Selected.

Please let me know how computer is running now, MrC

Link to post
Share on other sites

# AdwCleaner v3.010 - Report created 27/10/2013 at 12:32:31
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Owner - OWNER-PC
# Running from : C:\Users\Owner\Desktop\AdwCleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Ask.com
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\ExpressFiles
Folder Deleted : C:\Program Files (x86)\Yontoo Layers
Folder Deleted : C:\Program Files (x86)\IMVU_Inc
Folder Deleted : C:\Program Files (x86)\Common Files\FreeCause
Folder Deleted : C:\Program Files (x86)\Common Files\Software Update Utility
Folder Deleted : C:\Windows\installer\{86d4b82a-abed-442a-be86-96357b70f4fe}
Folder Deleted : C:\Users\Owner\AppData\Local\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\AskToolbar
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Owner\AppData\LocalLow\Playbryte
[x] Not Deleted : C:\Users\Owner\AppData\LocalLow\IMVU_Inc
Folder Deleted : C:\Users\Owner\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Owner\AppData\Roaming\ExpressFiles
Folder Deleted : C:\Users\Owner\AppData\Roaming\Search Protection
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\Conduit
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\ConduitCommon
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\ConduitEngine
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\FCTB
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\CT1460988
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\Extensions\engine@conduit.com
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\Extensions\playbryte@playbryte.com
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\Extensions\toolbar@ask.com
Folder Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\Extensions\{b2e293ee-fd7e-4c71-a714-5f4750d8d7b7}
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Folder Deleted : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpglkicenollcignonpgiafdgfeehoj
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\Extensions\plugin@yontoo.com.xpi
File Deleted : C:\Users\Owner\AppData\Local\funmoods-speeddial.crx
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files (x86)\Mozilla Firefox\plugins\npdnupdater2.xpt
File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\searchplugins\search.xml
File Deleted : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\user.js
File Deleted : C:\Windows\System32\Tasks\Scheduled Update for Ask Toolbar

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [backup.old.Start Page]
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho
Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskInstallChecker_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BingBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ClickPotatoLiteSA_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCS
Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@funwebproducts.com/Plugin
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT1460988
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2612669
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_opencanvas_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_opencanvas_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_quicktime_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_quicktime_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_utorrent[1]_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_utorrent[1]_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B27D9527-3762-4D71-963D-FB7A94FDD678}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{37B98CD8-8D2E-4EB1-B9C9-291C9F1E45B8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{37B98CD8-8D2E-4EB1-B9C9-291C9F1E45B8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{90B49673-5506-483E-B92B-CA0265BD9CA8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{37B98CD8-8D2E-4EB1-B9C9-291C9F1E45B8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4A59B9FB-D1E5-4073-8F11-30B454644949}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74B5D06D-0C07-4C80-B2E0-F6F0D1273B9F}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{91607FA7-3C2F-4F90-93E3-D5337A6B0AC2}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{90B49673-5506-483E-B92B-CA0265BD9CA8}]
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{898EA8C8-E7FF-479B-8935-AEC46303B9E5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D80F1C5-D17B-4177-AC68-955F3EF9F191}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23C70BCA-6E23-4A65-AD2E-1389062074F1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23D8EEF7-0E13-4000-B9C4-6603C1E912D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{295CACB4-51F5-46FD-914E-C72BAAE1B672}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2CE5C4B9-6DBE-4528-96FA-C9FF38EF1762}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{34C1FDF7-02C1-4F23-B393-F48B16E071D1}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{54291324-7A3D-4F11-B707-3FB6A2C97BD9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{59C63F11-D4E5-46E7-9B8A-EE158DCA83A8}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{5DA22CBD-0029-4A09-B757-CF0FAFC488ED}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{77A6E7D4-4A83-4A9B-A2A0-EF3B125DC29D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C0585B2F-74D7-4734-88DE-6C150C5D4036}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{CA17D76B-F91D-4659-A7FD-A9F7ED375CDD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D8242E89-2F81-484A-AE5B-BA8CAD5B7347}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{EF0588D6-1621-4A75-B8BE-F4BC34794136}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\APN
Key Deleted : HKCU\Software\Ask.com
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\AppDataLow\Toolbar
Key Deleted : HKCU\Software\AppDataLow\Software\AskToolbar
Key Deleted : HKCU\Software\AppDataLow\Software\Compete
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKCU\Software\AppDataLow\Software\IMVU_Inc
Key Deleted : HKLM\Software\APN
Key Deleted : HKLM\Software\AskToolbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\FunWebProducts
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\IMVU_Inc
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IMVU_Inc Toolbar
Key Deleted : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Key Deleted : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720


-\\ Mozilla Firefox v8.0.1 (en-US)

[ File : C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\240vz5ko.default\prefs.js ]

Line Deleted : user_pref("CT1460988..clientLogIsEnabled", false);


Line Deleted : user_pref("CT1460988.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);

Line Deleted : user_pref("CT1460988.BrowserCompStateIsOpen_130040854674636737", true);
Line Deleted : user_pref("CT1460988.CT1667811.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1667811.alertChannelId", "24183");
Line Deleted : user_pref("CT1460988.CT1668860.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1668860.alertChannelId", "24247");
Line Deleted : user_pref("CT1460988.CT1668889.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1668889.alertChannelId", "24250");
Line Deleted : user_pref("CT1460988.CT1669100.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1669100.alertChannelId", "24264");
Line Deleted : user_pref("CT1460988.CT1669115.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1669115.alertChannelId", "24266");
Line Deleted : user_pref("CT1460988.CT1670222.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1670222.alertChannelId", "24349");
Line Deleted : user_pref("CT1460988.CT1670245.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1670245.alertChannelId", "24350");
Line Deleted : user_pref("CT1460988.CT1729581.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1729581.alertChannelId", "28311");
Line Deleted : user_pref("CT1460988.CT1729585.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1729585.alertChannelId", "28312");
Line Deleted : user_pref("CT1460988.CT1729587.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1729587.alertChannelId", "28313");
Line Deleted : user_pref("CT1460988.CT1729593.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT1729593.alertChannelId", "28315");
Line Deleted : user_pref("CT1460988.CT2164362.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT2164362.alertChannelId", "563458");
Line Deleted : user_pref("CT1460988.CT2651538.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.CT2651538.alertChannelId", "1044202");
Line Deleted : user_pref("CT1460988.CTID", "ct1460988");
Line Deleted : user_pref("CT1460988.CommunitiesChangesLastCheckTime", "Wed Oct 23 2013 14:23:30 GMT-0500 (Central Daylight Time)");

Line Deleted : user_pref("CT1460988.CommunityChanged", true);
Line Deleted : user_pref("CT1460988.ConfigurationLastCheckTime", "Wed Oct 23 2013 14:23:31 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.CurrentServerDate", "23-10-2013");
Line Deleted : user_pref("CT1460988.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1460988.DialogsGetterLastCheckTime", "Wed Oct 23 2013 14:23:33 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT1460988.EMailNotifierPollDate", "Wed Oct 23 2013 14:23:30 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.ExternalComponentPollDate129270392180007164", "Wed Sep 14 2011 12:30:12 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1460988.FeedPollDate128460898315556274", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.FeedPollDate128460899415556929", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.FeedPollDate128460899564463182", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.FeedPollDate128460899661963361", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.FeedPollDate128460899768994715", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.FeedPollDate128479826070094154", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.FeedTTL128460898315556274", 10);
Line Deleted : user_pref("CT1460988.FeedTTL128460899415556929", 20);
Line Deleted : user_pref("CT1460988.FeedTTL128460899564463182", 15);
Line Deleted : user_pref("CT1460988.FeedTTL128460899661963361", 15);
Line Deleted : user_pref("CT1460988.FeedTTL128460899768994715", 5);
Line Deleted : user_pref("CT1460988.FirstServerDate", "29-5-2010");
Line Deleted : user_pref("CT1460988.FirstTime", true);
Line Deleted : user_pref("CT1460988.FirstTimeFF3", true);
Line Deleted : user_pref("CT1460988.FixPageNotFoundErrors", true);
Line Deleted : user_pref("CT1460988.GroupingLastCheckTime", "Wed Oct 23 2013 14:23:30 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.GroupingLastErrorCode", "");
Line Deleted : user_pref("CT1460988.GroupingLastResponse", true);
Line Deleted : user_pref("CT1460988.GroupingLastServerUpdateTime", "130263341335670000");
Line Deleted : user_pref("CT1460988.GroupingServerCheckInterval", 1440);

Line Deleted : user_pref("CT1460988.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT1460988.Initialize", true);
Line Deleted : user_pref("CT1460988.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT1460988.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT1460988.InstalledDate", "Sat May 29 2010 00:52:52 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1460988.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT1460988.IsGrouping", true);
Line Deleted : user_pref("CT1460988.IsMulticommunity", false);
Line Deleted : user_pref("CT1460988.IsOpenThankYouPage", false);
Line Deleted : user_pref("CT1460988.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT1460988.LanguagePackLastCheckTime", "Sat May 29 2010 00:52:54 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1460988.LanguagePackReloadIntervalMM", 1440);

Line Deleted : user_pref("CT1460988.LastLogin_2.5.6.0", "Tue Jun 29 2010 02:39:45 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1460988.LastLogin_3.13.0.6", "Thu Jul 19 2012 10:31:50 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1460988.LastLogin_3.14.1.0", "Mon Oct 29 2012 13:54:29 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1460988.LastLogin_3.15.1.0", "Fri Jan 25 2013 20:07:05 GMT-0600 (Central America Standard Time)");
Line Deleted : user_pref("CT1460988.LastLogin_3.16.0.3", "Wed Oct 02 2013 17:29:16 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.LastLogin_3.20.0.4", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.LastLogin_3.5.0.12", "Sun Sep 11 2011 10:42:53 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1460988.LastLogin_3.6.0.10", "Wed Sep 14 2011 20:30:13 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1460988.LatestVersion", "3.20.0.4");
Line Deleted : user_pref("CT1460988.Locale", "en-us");
Line Deleted : user_pref("CT1460988.LoginCache", 4);
Line Deleted : user_pref("CT1460988.MCDetectTooltipHeight", "83");

Line Deleted : user_pref("CT1460988.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT1460988.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT1460988.RadioIsPodcast", false);
Line Deleted : user_pref("CT1460988.RadioMediaID", "6820481");
Line Deleted : user_pref("CT1460988.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT1460988.RadioMenuSelectedID", "EBRadioMenu_CT14609886820481");
Line Deleted : user_pref("CT1460988.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT1460988.RadioStationName", "100.7%20FM%20ICRT");

Line Deleted : user_pref("CT1460988.SHRINK_TOOLBAR", 1);
Line Deleted : user_pref("CT1460988.SearchAPILastCheckTime", "Wed Oct 23 2013 14:23:31 GMT-0500 (Central Daylight Time)");

Line Deleted : user_pref("CT1460988.SearchFromAddressBarIsInit", true);

Line Deleted : user_pref("CT1460988.SearchInNewTabEnabled", false);
Line Deleted : user_pref("CT1460988.SearchInNewTabIntervalMM", 1440);



Line Deleted : user_pref("CT1460988.ServiceMapLastCheckTime", "Wed Oct 23 2013 14:23:30 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT1460988.SettingsLastCheckTime", "Sat May 29 2010 00:52:52 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1460988.SettingsLastUpdate", "1274808027");
Line Deleted : user_pref("CT1460988.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT1460988.ThirdPartyComponentsLastCheck", "Sat May 29 2010 00:52:52 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT1460988.ThirdPartyComponentsLastUpdate", "1274808027");

Line Deleted : user_pref("CT1460988.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT1460988.UserID", "UN79756013029353948");
Line Deleted : user_pref("CT1460988.WeatherNetwork", "");
Line Deleted : user_pref("CT1460988.WeatherPollDate", "Wed Oct 23 2013 14:23:34 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.WeatherUnit", "F");
Line Deleted : user_pref("CT1460988.alertChannelId", "10896");
Line Deleted : user_pref("CT1460988.backendstorage.ct1460988ads1", "25374225323261647325323225334125354225374225323261696425323225334125323232343330382532322532432532327469746C652532322533412532322532383225323925323[...]
Line Deleted : user_pref("CT1460988.backendstorage.ct1460988current_term", "64656D692B6C6F7661746F");
Line Deleted : user_pref("CT1460988.backendstorage.ct1460988sdate", "3134");
Line Deleted : user_pref("CT1460988.backendstorage.for_aoi", "31333136303430383131");
Line Deleted : user_pref("CT1460988.backendstorage.for_ccid", "4D61727368616C6C746F776E");
Line Deleted : user_pref("CT1460988.backendstorage.for_cdtr6", "31333136303430383131");
Line Deleted : user_pref("CT1460988.backendstorage.for_cid", "5553");
Line Deleted : user_pref("CT1460988.backendstorage.for_ip", "3137332E33312E302E323237");
Line Deleted : user_pref("CT1460988.backendstorage.for_lcut", "31333832353536323137");
Line Deleted : user_pref("CT1460988.backendstorage.for_rid", "4941");
Line Deleted : user_pref("CT1460988.backendstorage.for_zoneid", "3130323631");



Line Deleted : user_pref("CT1460988.backendstorage.searchappstate", "31");
Line Deleted : user_pref("CT1460988.backendstorage.searchapptracking", "73656E74");
Line Deleted : user_pref("CT1460988.clientLogIsEnabled", true);

Line Deleted : user_pref("CT1460988.countryCode", "US");
Line Deleted : user_pref("CT1460988.ct1460988.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT1460988.ct1460988.FeedLastCount128460900971181341", 300);
Line Deleted : user_pref("CT1460988.ct1460988.GroupingInvalidateCache", false);
Line Deleted : user_pref("CT1460988.ct1460988.GroupingLastCheckTime", "Wed Oct 23 2013 14:23:30 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.ct1460988.GroupingLastErrorCode", "");
Line Deleted : user_pref("CT1460988.ct1460988.GroupingLastResponse", true);
Line Deleted : user_pref("CT1460988.ct1460988.GroupingLastServerUpdateTime", "130263341335670000");
Line Deleted : user_pref("CT1460988.ct1460988.InvalidateCache", false);
Line Deleted : user_pref("CT1460988.ct1460988.LanguagePackLastCheckTime", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.ct1460988.Locale", "en-us");
Line Deleted : user_pref("CT1460988.ct1460988.RadioLastCheckTime", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.ct1460988.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT1460988.ct1460988.RadioLastUpdateServer", "128929877726170000");

Line Deleted : user_pref("CT1460988.ct1460988.SearchInNewTabLastCheckTime", "Wed Oct 02 2013 17:29:16 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.ct1460988.SettingsCheckIntervalMin", 120);
Line Deleted : user_pref("CT1460988.ct1460988.SettingsLastCheckTime", "Wed Oct 23 2013 14:23:30 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.ct1460988.SettingsLastUpdate", "1382258586");
Line Deleted : user_pref("CT1460988.ct1460988.ThirdPartyComponentsLastCheck", "Wed Oct 23 2013 14:23:30 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.ct1460988.ThirdPartyComponentsLastUpdate", "1331805997");
Line Deleted : user_pref("CT1460988.ct1460988.ToggleComponentState129160818675915142", true);
Line Deleted : user_pref("CT1460988.ct1460988.globalFirstTimeInfoLastCheckTime", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");

Line Deleted : user_pref("CT1460988.ct1460988.toolbarAppMetaDataLastCheckTime", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CT1460988.ct1460988.toolbarContextMenuLastCheckTime", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");

Line Deleted : user_pref("CT1460988.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1460988.initDone", true);
Line Deleted : user_pref("CT1460988.isAppTrackingManagerOn", false);
Line Deleted : user_pref("CT1460988.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT1460988.myStuffEnabled", true);
Line Deleted : user_pref("CT1460988.myStuffPublihserMinWidth", 400);

Line Deleted : user_pref("CT1460988.myStuffServiceIntervalMM", 1440);

Line Deleted : user_pref("CT1460988.oldAppsList", "200,128460836995869597,128460837015400818,111,128479744034950538,129245372403038108,129459838965331706,129172674604646379,129463896726438282,129246285419730227,1292[...]
Line Deleted : user_pref("CT1460988.revertSettingsEnabled", true);
Line Deleted : user_pref("CT1460988.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT1460988.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT1460988.testingCtid", "");
































Line Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
Line Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Line Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);

Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.20.0.4");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
Line Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");

Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT1460988,ConduitEngine");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1460988");
Line Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat May 07 2011 08:25:26 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Sun Sep 11 2011 21:27:57 GMT-0400 (Eastern Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Line Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Sep 13 2011 11:49:59 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);

Line Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.alert.userId", "bf274c6a-bbee-45a6-a9c1-5da589db17c1");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "cc067f6f-4bd1-40d5-9b0b-b3b39774bf84");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Wed Oct 23 2013 14:23:32 GMT-0500 (Central Daylight Time)");

Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Oct 23 2013 14:23:31 GMT-0500 (Central Daylight Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);

Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "6894c602-148e-47e2-b68b-f1b93404839b");
Line Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat May 07 2011 16:08:01 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
Line Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Sun Sep 11 2011 10:42:49 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.FirstServerDate", "05/07/2011 15");
Line Deleted : user_pref("ConduitEngine.FirstTime", true);
Line Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Line Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Line Deleted : user_pref("ConduitEngine.Initialize", true);
Line Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Line Deleted : user_pref("ConduitEngine.InstalledDate", "Sat May 07 2011 08:25:28 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Line Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Line Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Line Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Tue Sep 13 2011 11:50:00 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Sep 14 2011 05:50:00 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Sep 14 2011 05:50:00 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.UserID", "UN16914671092132183");
Line Deleted : user_pref("ConduitEngine.componentAlertEnabled", false);
Line Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Line Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Tue Sep 13 2011 11:50:00 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Sep 14 2011 03:50:00 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("ConduitEngine.initDone", true);
Line Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);

Line Deleted : user_pref("aim_toolbar.winamp.volume", "");
Line Deleted : user_pref("aol_toolbar.surf.date", "12");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "2");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "9");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Line Deleted : user_pref("aol_toolbar.surf.month", "12");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "2");
Line Deleted : user_pref("aol_toolbar.surf.total", "35306");
Line Deleted : user_pref("aol_toolbar.surf.week", "12");
Line Deleted : user_pref("aol_toolbar.surf.year", "28");
Line Deleted : user_pref("backup.old.browser.search.defaultenginename", "Search the web (Babylon)");

Line Deleted : user_pref("browser.search.order.1", "Search the web (Babylon)");
Line Deleted : user_pref("extensions.asktb.InstallDir", "C:\\Program Files (x86)\\Ask.com\\");
Line Deleted : user_pref("extensions.asktb.abar-war-regex", "conduit\\.com");
Line Deleted : user_pref("extensions.asktb.abar-war-timeout", "4000");
Line Deleted : user_pref("extensions.asktb.autofill-competitor-query-enabled", true);
Line Deleted : user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
Line Deleted : user_pref("extensions.asktb.cbid", "5I");
Line Deleted : user_pref("extensions.asktb.config-updated", false);
Line Deleted : user_pref("extensions.asktb.crumb", "2011.06.15+19.29.25-toolbar003iad-US-VGFtcGEsRkwsVW5pdGVkIFN0YXRlcw%3D%3D");

Line Deleted : user_pref("extensions.asktb.displaybehavior", "");
Line Deleted : user_pref("extensions.asktb.displaytext", "");
Line Deleted : user_pref("extensions.asktb.dtid", "YYYYYYYYUS");
Line Deleted : user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", false);
Line Deleted : user_pref("extensions.asktb.dyn-weather-locid-weatherWidget", "USFL0481");
Line Deleted : user_pref("extensions.asktb.dyn-weather-tempunit-weatherWidget", "F");
Line Deleted : user_pref("extensions.asktb.fresh-install", false);
Line Deleted : user_pref("extensions.asktb.guid", "a491bc06-ab9d-4c0a-a5f9-21113467f68c");

Line Deleted : user_pref("extensions.asktb.if", "new");
Line Deleted : user_pref("extensions.asktb.keyword-toggled-in-session", false);
Line Deleted : user_pref("extensions.asktb.l", "dis");
Line Deleted : user_pref("extensions.asktb.last-config-req", "1382556194283");
Line Deleted : user_pref("extensions.asktb.last-search-timestamp", "1316104698199");
Line Deleted : user_pref("extensions.asktb.locale", "en_US");
Line Deleted : user_pref("extensions.asktb.location", "Tampa,FL,United States");
Line Deleted : user_pref("extensions.asktb.lstation", "");
Line Deleted : user_pref("extensions.asktb.new-tab-opt-out", true);
Line Deleted : user_pref("extensions.asktb.news-native-on", true);
Line Deleted : user_pref("extensions.asktb.o", "102868");
Line Deleted : user_pref("extensions.asktb.oldVersion", "5.12.2.16749");
Line Deleted : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Line Deleted : user_pref("extensions.asktb.pstate", "");
Line Deleted : user_pref("extensions.asktb.qsrc", "2871");
Line Deleted : user_pref("extensions.asktb.r", "21");
Line Deleted : user_pref("extensions.asktb.sa", "NO");
Line Deleted : user_pref("extensions.asktb.search-history-queries", "google.com||www.google.com||suntrust");
Line Deleted : user_pref("extensions.asktb.search-suggestions-enabled", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade", true);
Line Deleted : user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
Line Deleted : user_pref("extensions.asktb.socialmini-first", true);
Line Deleted : user_pref("extensions.asktb.socialmini-interval", "1200000");
Line Deleted : user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
Line Deleted : user_pref("extensions.asktb.socialmini-max-items", "30");
Line Deleted : user_pref("extensions.asktb.socialmini-native-on", true);
Line Deleted : user_pref("extensions.asktb.socialmini-speed", "5000");
Line Deleted : user_pref("extensions.asktb.socialmini-transition-first-open", false);
Line Deleted : user_pref("extensions.asktb.themeid", "");
Line Deleted : user_pref("extensions.asktb.timeinstalled", "10/2/2013 6:15:09 PM");
Line Deleted : user_pref("extensions.asktb.to", "");
Line Deleted : user_pref("extensions.asktb.v", "3.15.15.100013");
Line Deleted : user_pref("extensions.asktb.version", "5.15.15.35882");
Line Deleted : user_pref("extensions.asktb.volume", "");
Line Deleted : user_pref("extensions.enabledAddons", "browseforchange@browseforchange.com:1.1,ffxtlbr@funmoods.com:1.5.1,playbryte@playbryte.com:1.1,amznUWL2@amazon.com:1.10,{6e6347bc-3cf0-aa94-8d40-b0f3e4b41e92}:1.[...]
Line Deleted : user_pref("extensions.enabledItems", "linkfilter@kaspersky.ru:9.0.0.463,{c2f863cd-0429-48c7-bb54-db756a951760}:5.96.10.6044,searchrecs@veoh.com:1.5.2,{AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906,[...]
Line Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Line Deleted : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
Line Deleted : user_pref("extensions.funmoods.aflt", "adknlg");
Line Deleted : user_pref("extensions.funmoods.autoRvrt", false);
Line Deleted : user_pref("extensions.funmoods.cntry", "US");
Line Deleted : user_pref("extensions.funmoods.cv", "cv5");
Line Deleted : user_pref("extensions.funmoods.dfltLng", "");
Line Deleted : user_pref("extensions.funmoods.dfltSrch", true);
Line Deleted : user_pref("extensions.funmoods.dnsErr", true);
Line Deleted : user_pref("extensions.funmoods.envrmnt", "production");
Line Deleted : user_pref("extensions.funmoods.excTlbr", false);
Line Deleted : user_pref("extensions.funmoods.hdrMd5", "41AA8E3BEA96C2591E67F23F204B9ADD");
Line Deleted : user_pref("extensions.funmoods.hmpg", true);

Line Deleted : user_pref("extensions.funmoods.id", "E0CB4EB5B3D0466D");
Line Deleted : user_pref("extensions.funmoods.instlDay", "15523");
Line Deleted : user_pref("extensions.funmoods.instlRef", "adknlg");
Line Deleted : user_pref("extensions.funmoods.isdcmntcmplt", true);
Line Deleted : user_pref("extensions.funmoods.lastVrsnTs", "1.5.23.2218:9:11");
Line Deleted : user_pref("extensions.funmoods.mntrvrsn", "1.3.0");
Line Deleted : user_pref("extensions.funmoods.newTab", true);

Line Deleted : user_pref("extensions.funmoods.pnu_base", "{\"newVrsn\":\"245\",\"lastVrsn\":\"245\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.funmoods.prdct", "funmoods");
Line Deleted : user_pref("extensions.funmoods.prtnrId", "funmoods");
Line Deleted : user_pref("extensions.funmoods.sg", "none");
Line Deleted : user_pref("extensions.funmoods.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods.srchPrvdr", "Search");
Line Deleted : user_pref("extensions.funmoods.tlbrId", "base");

Line Deleted : user_pref("extensions.funmoods.vrsn", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.vrsnTs", "1.5.23.2218:9:11");
Line Deleted : user_pref("extensions.funmoods.vrsni", "1.5.23.22");
Line Deleted : user_pref("extensions.funmoods.xpestat\\xpereportdata", "25-0-2013");
Line Deleted : user_pref("extensions.funmoods_i.newTab", true);
Line Deleted : user_pref("extensions.funmoods_i.smplGrp", "none");
Line Deleted : user_pref("extensions.funmoods_i.vrsnTs", "1.5.23.2218:9:11");
Line Deleted : user_pref("extensions.searchrecs@veoh.com.install-event-fired", true);
Line Deleted : user_pref("extensions.toolbar@ask.com.install-event-fired", true);
Line Deleted : user_pref("extensions.veohsearchrecs.SupportedSites", "<?xml version=\"1.0\" ?>\r\n<results revision=\"1.5.2\">\r\n <sites>\r\n <searchsite MatchesDomain=\"google.\" MatchesPath=\"/search\" [...]
Line Deleted : user_pref("extensions.veohsearchrecs.VeohVersion", "1.5.2");
Line Deleted : user_pref("extensions.veohsearchrecs.id", "c09775513-7d3c-eb13-8984-10db67146e7");
Line Deleted : user_pref("extensions.veohsearchrecs.lastsitedate", "4");
Line Deleted : user_pref("extentions.y2layers.installId", "293111ca-2359-463e-8b52-cd71eb639164");
Line Deleted : user_pref("extentions.y2layers.lastDnsTest", 371894);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.AutoSearchEventData", "auto%20search");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.ClearCacheDate", 23);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.DNSCatch", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.DisplayEULA", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.DnsCatchEventData", "dns%20catch");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.EBOMode", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.EnableDCA", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.EnableDCAData", false);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.FirstLaunchShown", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.LoadLayoutDate.100275", 23);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.NewTabSearchEventData", "tab%20search");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.ShowRecommendedOptions", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.StateReportDate", "1382556210098");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.TopRightSearchEventData", "top%20right%20search");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.customNewTab", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.CaptureType", 2);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.contentSubstitutionInterval", 86400000);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.currentOffset", -20);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.dcaConfigInterval", 86400000);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.enableUserIdentification", false);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.epochTimeInterval", 86400000);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.eulaVersion", 0);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.externalJSFsccInterval", 86400000);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.externalJSInterval", 86400000);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.externalJSSerpInterval", 86400000);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.externalJSShoppingcartInterval", 86400000);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastDcaConfigModification", "");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastDcaConfigTime", "1315752177300");

Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastEpochTime", "1315752176832");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastExternalJSFsccModification", "Wed, 07 Sep 2011 16:45:14 GMT");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastExternalJSFsccTime", "1315752177551");

Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastExternalJSModification", "Tue, 16 Aug 2011 18:15:36 GMT");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastExternalJSSerpModification", "Tue, 16 Aug 2011 18:15:37 GMT");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastExternalJSSerpTime", "1315752177543");

Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastExternalJSShoppingcartModification", "Thu, 01 Sep 2011 19:30:37 GMT");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastExternalJSShoppingcartTime", "1315752177755");

Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastExternalJSTime", "1315752177624");

Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastPingTime", 1315752168);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastPrivacyRulesModification", "Tue, 16 Aug 2011 21:30:16 GMT");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastPrivacyRulesTime", "1315752177595");

Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastVoiceboxRulesModification", "Tue, 23 Aug 2011 21:15:45 GMT");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastVoiceboxRulesTime", "1315752177540");

Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastWhitelistModification", "Thu, 08 Sep 2011 16:00:30 GMT");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.lastWhitelistTime", "1315752177749");

Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.panelID", "freecausefox");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.privacyFailures", 0);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.privacyFailuresThreshold", 5);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.privacyRulesInterval", 86400000);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.probationLength", 0);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.rulesVersion", "1143");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.userID", "FCZ5I8J100254280");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.version", "1.5.0.8275");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.voicebox.campaigns", "");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.voiceboxRulesInterval", 86400000);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.dca.whitelistInterval", 86400000);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.helpUsImprove", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.hideOthers", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.installDate", "06202011");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.partnerauth", false);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.processAddrBar", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.restoreSearch", false);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.searchHistory", true);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.session", "295EBEF661F264D2E9EF8EB31279FBDB3BE2F501A862A30E4C00FC32593324685C03289B9AE3071D93133BBE62516E9021888F8217E71A47B1F30305E98B069EE29B5255[...]
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.showFirstLaunchOptions", false);
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.tb_lang", "en");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.tool_id", "100275");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.user_id", "100254280");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.user_key", "a954b65a2fbee6f2baae56514f5a613cebce0d75");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.user_layouts", "100275");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.user_lnames", "SocialRibbons");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.version", "0");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.xml_service_url", "6bb94bbf55fe2f255901a560824a6ebe");
Line Deleted : user_pref("freecause6e6347bc3cf0aa948d40b0f3e4b41e92.yahooSearch", true);

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [66396 octets] - [27/10/2013 12:24:32]
AdwCleaner[s0].txt - [67049 octets] - [27/10/2013 12:32:31]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [67110 octets] ##########

 

-------------------------------------

 

This  is from adw cleaner, now i am running the malewarebytes with pup.

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.25.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
Owner :: OWNER-PC [administrator]

10/27/2013 12:46:52 PM
mbam-log-2013-10-27 (12-46-52).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 405184
Time elapsed: 32 minute(s), 47 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

----

 

There is the report. Everything is looking good.

Link to post
Share on other sites

Great!

Lets check your computers security before you go and we have a little cleanup to do also:

Download Security Check by screen317 from HERE or HERE.

  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • If you get Unsupported operating system. Aborting now, just reboot and try again.
  • A Notepad document should open automatically called checkup.txt.
  • Please Post the contents of that document.
  • Do Not Attach It!!!
MrC
Link to post
Share on other sites

Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
AVG Internet Security
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware version 1.75.0.1300
CCleaner
IMVU Cache Cleaner 5
JavaFX 2.0.3
Java 6 Update 31
Java version out of Date!
Adobe Flash Player 11.9.900.117
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox (8.0.1)
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
Google Chrome Plugins...
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
AVG avgtray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 0%
````````````````````End of Log``````````````````````

 

------

This is what i was given.

Link to post
Share on other sites

Out dated programs on the system are vulnerable to malware.
Please update or uninstall them:


~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please uninstall these and any other Java from your add/remove programs:

JavaFX 2.0.3
Java™ 6 Update 31


Java version out of Date! <-------Download and install the latest version (Java™ 7 Update 45) from Here. Uncheck the box to install the Ask toolbar!!! and any other free "stuff".

-----------------------------

Adobe Reader 9 Adobe Reader out of Date! <---please check for an update if available or uninstall and download and install Foxit Reader which is less vulnerable to malware and much better than Adobe. Don't install any toolbars that may come with it (ASK Toolbar).

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

A little clean up to do....

Please Uninstall ComboFix: (if you used it)

Press the Windows logo key + R to bring up the "run box"

Copy and paste next command in the field:

ComboFix /uninstall

Make sure there's a space between Combofix and /

cf2.jpg

Then hit enter.
This will uninstall Combofix, delete its related folders and files, hide file extensions, hide the system/hidden files and clears System Restore cache and create new Restore point

(If that doesn't work.....you can simply rename ComboFix.exe to Uninstall.exe and double click it to complete the uninstall or download and run the uninstaller)

---------------------------------

If you used FRST and can't delete the quarantine folder:
Download the fixlist.txt to the same folder as FRST.
Run FRST and click Fix only once and wait
That will delete the quarantine folder created by FRST.
The rest you can manually delete.

-----------------------------

Please download OTC to your desktop.
http://oldtimer.geekstogo.com/OTC.exe

Double-click OTC to run it. (Vista and up users, please right click on OTC and select "Run as an Administrator")
Click on the CleanUp! button and follow the prompts.
(If you get a warning from your firewall or other security programs regarding OTC attempting to contact the Internet, please allow the connection.)
You will be asked to reboot the machine to finish the Cleanup process, choose Yes.
After the reboot all the tools we used should be gone.
Note: Some more recently created tools may not yet be removed by OTC. Feel free to manually delete any tools it leaves behind.

Any other programs or logs you can manually delete.
IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST, MBAR, etc....AdwCleaner > just run the program and click uninstall.

-------------------------------

Any questions...please post back.

If you think I've helped you, please leave a comment > click on my avatar picture > click Profile Feed.

Take a look at My Preventive Maintenance to avoid being infected again. (also HERE)

Good Luck and Thanks for using the forum, MrC

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.