Jump to content

Recommended Posts

Hi there,
my name is Marius and I will assist you with your malware related problems.

Before we move on, please read the following points carefully.

  • First, read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while following my instructions, Stop there and tell me the exact nature of your problem.
  • Do not run any other scans without instruction or add/remove software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 3 days from this initial or any subsequent post, then this thread will be closed.
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

 
 
 
 
Scan with DDS

Download DDS and save it to your desktop from here or here or
here.

Disable any script blocker, and then double click dds.scr to run the tool.

When done, DDS will open two (2) logs

DDS.txt: save to your desktop then post its contents in your topic
Attach.txt: save to your desktop then attach it to your next reply
 
 
 
 
Scan with Gmer rootkit scanner

Please download Gmer from here by clicking on the "Download EXE" Button.
  • Double click on the randomly named GMER.exe. If asked to allow gmer.sys driver to load, please consent.
  • If it gives you a warning about rootkit activity and asks if you want to run scan...click on NO.
  • In the right panel, you will see several boxes that have been checked. Uncheck the following ...
    • Sections
    • IAT/EAT
    • Show All ( should be unchecked by default )

    [*]Leave everything else as it is. [*]Close all other running programs as well as your Browser. [*]Click the Scan button & wait for it to finish. [*]Once done click on the Save.. button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post. [*]Save it where you can easily find it, such as your desktop. [*]Please post the content of the ark.txt here.


**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries

Link to post
Share on other sites

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16720  BrowserJavaVersion: 10.15.2
Run by rac4777 at 8:45:04 on 2013-10-28
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.4044.2150 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\system32\taskeng.exe
c:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Sony\VAIO Gate\VAIO Gate.exe
C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files (x86)\Sony\VAIO Event Service\VESMgrSub.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe
C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Apoint\ApMsgFwd.exe
C:\Program Files\Apoint\Apvfb.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
C:\Program Files\Sony\VAIO Smart Network\VSNClient.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Users\rac4777\AppData\Roaming\Yontoo\YontooDesktop.exe
C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe
C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe
C:\Program Files\Sony\VAIO Care\VCPerfService.exe
C:\Program Files\Sony\VAIO Care\listener.exe
C:\Program Files (x86)\DDNi\Oasis\VAIO Messenger.exe
C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Sony\VAIO Care\VCsystray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Sony\VAIO Care\VCService.exe
C:\Program Files\Sony\VAIO Care\VCAgent.exe
C:\Windows\system32\Macromed\Flash\FlashUtil64_11_9_900_117_ActiveX.exe
C:\Program Files\Sony\VAIO Update 5\VUAgent.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://http://www.yahoo.com/?ilc=8.yahoo.com



uURLSearchHooks: {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - <orphaned>
mWinlogon: Userinit = userinit.exe,
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Unit: {2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3} -
BHO: Java Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: {E8861423-0DAB-459E-A8D5-DB264E69E70C} - <orphaned>
BHO: TBSB07898 Class: {FCBCCB87-9224-4B8D-B117-F56D924BEB18} -
BHO: Yontoo: {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll
TB: Coupons.com CouponBar: {8660E5B3-6C41-44DE-8503-98D99BBECD41} -
uRun: [Facebook Update] "C:\Users\rac4777\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [Overwolf] C:\Program Files (x86)\Overwolf\Overwolf.exe -silent
uRun: [DW7] "C:\Program Files (x86)\The Weather Channel\The Weather Channel App\TWCApp.exe"
uRun: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
mRun: [iAStorIcon] C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
mRun: [iSBMgr.exe] "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
mRun: [PMBVolumeWatcher] c:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [speetItUpFree] "C:\Program Files (x86)\SpeedItup Free\speeditupfree.exe"
mRun: [sunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
dRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_7_700_224_ActiveX.exe -update activex
StartupFolder: C:\Users\rac4777\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\OPENOF~1.LNK - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\office15\ONBttnIELinkedNotes.dll





TCP: NameServer = 192.168.1.1
TCP: Interfaces\{E7D476AE-5CE1-4266-98D3-307BCEEEF99D} : DHCPNameServer = 192.168.1.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-BHO: Java Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} -
x64-Run: [cAudioFilterAgent] C:\Program Files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe
x64-Run: [igfxTray] C:\Windows\System32\igfxtray.exe
x64-Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe
x64-Run: [Persistence] C:\Windows\System32\igfxpers.exe
x64-Run: [Apoint] C:\Program Files (x86)\Apoint\Apoint.exe
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\rac4777\AppData\Roaming\Mozilla\Firefox\Profiles\q7xvdgk1.default\



FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\rac4777\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1166636.dll
FF - plugin: C:\Windows\System32\Adobe\Director\np32dsw_1168638.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 1969-12-31 19:00; {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}; C:\Users\rac4777\AppData\Roaming\Mozilla\Firefox\Profiles\q7xvdgk1.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
.
---- FIREFOX POLICIES ----
.
user_pref('extensions.autoDisableScopes', 0);user_pref('security.csp.enable', false);user_pref('security.OCSP.enabled', 0);user_pref('extensions.blocklist.enabled', false);FF - user.js: extentions.y2layers.installId - 349a785b-fe64-4417-b1f5-3810bf44f2c6
FF - user.js: extentions.y2layers.defaultEnableAppsList - easyinline2,YontooNewOffers
FF - user.js: network.protocol-handler.warn-external.dnupdate - false
============= SERVICES / DRIVERS ===============
.
R2 IAStorDataMgrSvc;Intel® Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-7-9 13336]
R2 IconMan_R;IconMan_R;C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2012-7-9 2361344]
R2 Oasis2Service;Oasis2Service;C:\Program Files (x86)\DDNi\Oasis2Service\Oasis2Service.exe [2013-7-2 61440]
R2 OfficeSvc;Microsoft Office Service;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-4-30 1907896]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2010-11-27 398176]
R2 SampleCollector;VAIO Care Performance Service;C:\Program Files\Sony\VAIO Care\VCPerfService.exe [2012-7-9 259192]
R2 uCamMonitor;CamMonitor;C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2012-7-9 105024]
R2 UNS;Intel® Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2012-7-9 2656280]
R2 VSNService;VSNService;C:\Program Files\Sony\VAIO Smart Network\VSNService.exe [2012-7-9 852160]
R2 Yontoo Desktop Updater;Yontoo Desktop Updater;C:\Program Files (x86)\Yontoo\Y2Desktop.Updater.exe [2013-6-16 23552]
R3 IntcDAud;Intel® Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-3-29 317440]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;C:\Windows\System32\drivers\RtsPStor.sys [2012-7-9 335464]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-3-29 425064]
R3 SFEP;Sony Firmware Extension Parser;C:\Windows\System32\drivers\SFEP.sys [2010-6-1 12032]
R3 VCService;VCService;C:\Program Files\Sony\VAIO Care\VCService.exe [2012-7-9 44736]
R3 VUAgent;VUAgent;C:\Program Files\Sony\VAIO Update 5\VUAgent.exe [2012-7-9 1021112]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;C:\Windows\System32\drivers\ArcSoftKsUFilter.sys [2012-7-9 19968]
S3 cricut;cricut;C:\Windows\System32\drivers\cricut_x64.sys [2013-2-20 72248]
S3 e1yexpress;Intel® Gigabit Network Connections Driver;C:\Windows\System32\drivers\e1y60x64.sys [2009-6-10 281088]
S3 SOHCImp;VAIO Content Importer;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-2-21 113824]
S3 SOHDs;VAIO Device Searcher;C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-2-21 67232]
S3 SpfService;VAIO Entertainment Common Service;C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-1-20 286936]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-12-13 54784]
S3 VCFw;VAIO Content Folder Watcher;C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-1-20 887000]
S3 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-2-19 546608]
S3 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-2-19 385336]
S3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-2-19 99104]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2012-7-16 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
.
=============== Created Last 30 ================
.
2013-10-26 05:07:39 75888 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDCAC312-59A6-4D5A-9B16-373F6E5EDD78}\offreg.dll
2013-10-25 17:10:50 10280728 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDCAC312-59A6-4D5A-9B16-373F6E5EDD78}\mpengine.dll
2013-10-13 17:06:26 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-10-13 17:05:58 2241024 ----a-w- C:\Windows\System32\wininet.dll
2013-10-10 01:17:42 -------- d-----w- C:\Windows\System32\MpEngineStore
2013-10-09 01:25:55 99840 ----a-w- C:\Windows\System32\drivers\usbccgp.sys
2013-10-09 01:25:55 7808 ----a-w- C:\Windows\System32\drivers\usbd.sys
2013-10-09 01:25:55 52736 ----a-w- C:\Windows\System32\drivers\usbehci.sys
2013-10-09 01:25:55 343040 ----a-w- C:\Windows\System32\drivers\usbhub.sys
2013-10-09 01:25:55 325120 ----a-w- C:\Windows\System32\drivers\usbport.sys
2013-10-09 01:25:54 30720 ----a-w- C:\Windows\System32\drivers\usbuhci.sys
2013-10-09 01:25:54 25600 ----a-w- C:\Windows\System32\drivers\usbohci.sys
2013-10-05 07:00:47 -------- d-----w- C:\Windows\System32\MRT
2013-10-05 02:04:58 -------- d-----w- C:\Users\rac4777\AppData\Roaming\MusicNet
2013-10-05 02:04:04 -------- d-----w- C:\Program Files (x86)\BearShare Applications
2013-10-04 19:25:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-04 19:25:38 692616 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-10-04 19:05:08 -------- d-----w- C:\Users\rac4777\AppData\Local\ElevatedDiagnostics
.
==================== Find3M  ====================
.
2013-09-22 23:28:06 1767936 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-09-22 23:27:49 2876928 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-09-22 23:27:48 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-09-22 23:27:48 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-09-22 22:54:51 3959296 ----a-w- C:\Windows\System32\jscript9.dll
2013-09-22 22:54:50 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-09-22 22:54:50 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-09-21 03:38:39 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-09-21 02:48:36 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-09-21 02:39:47 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-09-14 01:10:19 497152 ----a-w- C:\Windows\System32\drivers\afd.sys
2013-09-08 02:30:37 1903552 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2013-09-08 02:27:14 327168 ----a-w- C:\Windows\System32\mswsock.dll
2013-09-08 02:03:58 231424 ----a-w- C:\Windows\SysWow64\mswsock.dll
2013-09-03 18:35:10 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-08-28 01:21:06 3155968 ----a-w- C:\Windows\System32\win32k.sys
2013-08-28 01:12:33 461312 ----a-w- C:\Windows\System32\scavengeui.dll
2013-08-05 02:25:45 155584 ----a-w- C:\Windows\System32\drivers\ataport.sys
2013-08-01 12:09:36 983488 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
.
============= FINISH:  8:45:25.77 ===============
 

Link to post
Share on other sites

UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7/12/2012 3:39:41 PM
System Uptime: 10/28/2013 8:29:16 AM (0 hours ago)
.
Motherboard: Sony Corporation |  | VAIO
Processor: Intel® Core i3-2310M CPU @ 2.10GHz | N/A | 2100/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 455 GiB total, 385.254 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP184: 10/19/2013 7:00:15 PM - Windows Update
RP185: 10/20/2013 9:10:25 AM - Windows Update
RP186: 10/21/2013 3:40:45 PM - Windows Update
RP187: 10/22/2013 1:12:09 PM - Windows Update
RP188: 10/23/2013 8:50:42 AM - Windows Update
RP189: 10/25/2013 1:06:34 PM - Windows Update
RP190: 10/25/2013 10:40:39 PM - Removed HP Deskjet 3050A J611 series Basic Device Software
RP191: 10/25/2013 10:43:52 PM - Removed Print Workshop 2008
RP192: 10/28/2013 7:01:37 AM - Windows Update
RP193: 10/28/2013 7:24:54 AM - Removed Facebook Video Calling 1.2.0.287
RP194: 10/28/2013 7:25:38 AM - Removed EZ Cards Creator
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader XI (11.0.02)
Adobe Shockwave Player 11.6
Alps Pointing-device for VAIO
AOL Toolbar
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Application Manager for VAIO
ArcSoft Magic-i Visual Effects 2
ArcSoft WebCam Companion 4
Bonjour
Conexant HD Audio
Cricut Driver v2.01
Cricut Craft Room®
D3DX10
HP Officejet 6100 Basic Device Software
Intel® Control Center
Intel® Management Engine Components
Intel® Processor Graphics
Intel® Rapid Storage Technology
iTunes
Java 7 Update 15
Java Auto Updater
Junk Mail filter update
Malwarebytes Anti-Malware version 1.75.0.1300
Media Gallery
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft Application Error Reporting
Microsoft Office 365 Home Premium - en-us
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 24.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB2721691)
MSXML 4.0 SP3 Parser (KB2758694)
Oasis2Service
Office 15 Click-to-Run Extensibility Component
Office 15 Click-to-Run Licensing Component
Office 15 Click-to-Run Localization Component
OOBE
OpenOffice.org 3.4.1
PlayReady PC Runtime amd64
PMB
PMB VAIO Edition Guide
PMB VAIO Edition Plug-in
Realtek PCIE Card Reader
Remote Keyboard
Remote Play with PlayStation 3
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2858302v2)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Security Update for Microsoft .NET Framework 4 Extended (KB2736428)
Security Update for Microsoft .NET Framework 4 Extended (KB2742595)
Security Update for Microsoft .NET Framework 4 Extended (KB2858302v2)
Serif CraftArtist Baby Photos Collection
Serif CraftArtist Greeting Cards Collection
Serif CraftArtist Professional
Serif CraftArtist Scrapbooks Collection
Serif CraftArtist Wedding Days Collection
Sony Corporation
SSLx64
SSLx86
swMSM
Unity Web Player
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2836939)
Update for Microsoft .NET Framework 4 Extended (KB2836939v3)
VAIO - Media Gallery
VAIO - PMB VAIO Edition Guide
VAIO - PMB VAIO Edition Plug-in
VAIO - Remote Keyboard
VAIO - Remote Play with PlayStation®3
VAIO Care
VAIO Control Center
VAIO Data Restore Tool
VAIO Easy Connect
VAIO Event Service
VAIO Gate
VAIO Gate Default
VAIO Hardware Diagnostics
VAIO Help and Support
VAIO Improvement
VAIO Manual
VAIO Messenger
VAIO Quick Web Access
VAIO Sample Contents
VAIO Satisfaction Survey.
VAIO Smart Network
VAIO Transfer Support
VAIO Update
VCCx86
VESx64
VESx86
VIx64
VIx86
VSNx64
VWSTx86
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Mesh ActiveX Control for Remote Connections
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
Yontoo 2.053
.
==== Event Viewer Messages From Past Week ========
.
10/28/2013 7:02:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Windows 7 for x64-based Systems (KB2882822).
10/28/2013 7:02:26 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Security Update for Windows 7 for x64-based Systems (KB2872339).
10/25/2013 7:48:57 PM, Error: cdrom [11]  - The driver detected a controller error on \Device\CdRom5.
10/23/2013 8:51:36 AM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80070643: Update for Microsoft Security Essentials - KB2866337 (4.3.219.0).
.
==== End Of File ===========================
 

Link to post
Share on other sites

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-10-28 08:59:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0006 465.76GB
Running: crv5vncq.exe; Driver: C:\Users\rac4777\AppData\Local\Temp\uwlirkob.sys

---- Devices - GMER 2.1 ----

Device  \Driver\iaStor \Device\Ide\IAAStorageDevice-1                                                               fffffa8006c575e8

---- Trace I/O - GMER 2.1 ----

Trace   ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa8006c575e8]<<                                         fffffa8006c575e8
Trace   1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d47060]                                             fffffa8004d47060
Trace   3 CLASSPNP.SYS[fffff880013a943f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8004ae0050]  fffffa8004ae0050
Trace   \Driver\iaStor[0xfffffa8004c4b9e0] -> IRP_MJ_CREATE -> 0xfffffa8006c575e8                                   fffffa8006c575e8

---- Threads - GMER 2.1 ----

Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3724:4072]                                              000007fefb3b2a7c

---- EOF - GMER 2.1 ----

Link to post
Share on other sites

Delete junk with adwCleaner


Please download AdwCleaner to your desktop.


  • Run adwcleaner.exe
  • Hit Scan and wait for the scan to finish.
  • Confirm the message but don´t uncheck anything.
  • Hit Clean
  • When the run is finished, it will open up a text file
  • Please post its contents within your next reply
  • You´ll find the log file at C:\AdwCleaner[s1].txt also

 
 
 
Full System Scan with Malwarebytes Antimalware


  • If not existing, please download
Malwarebytes' Anti-Malware to your desktop. Double-click mbam-setup.exe and follow the prompts to install the program. At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.



If the program is already installed:

  • Run Malwarebytes Antimalware
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform fullscan, place a checkmark on all hard drives, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please save it to a convenient location.
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt
  • Post that log back here.

Link to post
Share on other sites

# AdwCleaner v3.010 - Report created 28/10/2013 at 09:46:08
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : rac4777 - RAC4777-VAIO
# Running from : C:\Users\rac4777\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : Yontoo Desktop Updater

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\apn
Folder Deleted : C:\ProgramData\PC Optimizer Pro
Folder Deleted : C:\Program Files (x86)\OApps
Folder Deleted : C:\Program Files (x86)\SaveValet
Folder Deleted : C:\Program Files (x86)\Yontoo
Folder Deleted : C:\Users\rac4777\AppData\Local\apn
Folder Deleted : C:\Users\rac4777\AppData\Local\unitlayers
Folder Deleted : C:\Users\rac4777\AppData\Local\visi_coupon
Folder Deleted : C:\Users\rac4777\AppData\Local\Wajam
Folder Deleted : C:\Users\rac4777\AppData\Local\Temp\AirInstaller
Folder Deleted : C:\Users\rac4777\AppData\LocalLow\Toolbar4
Folder Deleted : C:\Users\rac4777\AppData\Roaming\Conduit
Folder Deleted : C:\Users\rac4777\AppData\Roaming\registry mechanic
Folder Deleted : C:\Users\rac4777\AppData\Roaming\Yontoo
Folder Deleted : C:\Users\rac4777\AppData\Roaming\Mozilla\Firefox\Profiles\q7xvdgk1.default\Smartbar
Folder Deleted : C:\Users\rac4777\AppData\Roaming\Mozilla\Firefox\Profiles\q7xvdgk1.default\Extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
Folder Deleted : C:\Users\rac4777\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle
File Deleted : C:\Users\rac4777\AppData\Roaming\Mozilla\Firefox\Profiles\q7xvdgk1.default\Extensions\savevalet@savevalet.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\rac4777\AppData\Local\Temp\END
File Deleted : C:\Users\rac4777\AppData\Roaming\Mozilla\Firefox\Profiles\q7xvdgk1.default\searchplugins\my-web-search.xml
File Deleted : C:\Users\rac4777\AppData\Roaming\Mozilla\Firefox\Profiles\q7xvdgk1.default\searchplugins\web-search.xml
File Deleted : C:\Users\rac4777\AppData\Roaming\Mozilla\Firefox\Profiles\q7xvdgk1.default\user.js

***** [ Shortcuts ] *****

Shortcut Disinfected : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Messenger\View Inbox.lnk

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Key Deleted : HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Key Deleted : HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Key Deleted : HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Key Deleted : HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Key Deleted : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ApnSetup_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajam_install_rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\wajamupdater_rasmancs
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.IEToolbar.1
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\TBSB07898.TBSB07898.3
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898
Key Deleted : HKLM\SOFTWARE\Classes\Toolbar3.TBSB07898.1
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{058F0E48-61CA-4964-9FBA-1978A1BB060D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{18F33C35-8EF2-40D7-8BA4-932B0121B472}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3BF72F68-72D8-461D-A884-329D936C5581}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{78E9D883-93CD-4072-BEF3-38EE581E2839}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{83AC1413-FCE4-4A46-9DD5-4F31F306E71F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7D86A08B-0A8F-4BE0-B693-F05E6947E780}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2C4BA31C-0C15-11E2-90C7-9BFCBEB168B3}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7C3B01BC-53A5-48A0-A43B-0C67731134B9}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0ABE0FED-50E7-4E42-A125-57C0A11DBCDE}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{96BD48DD-741B-41AE-AC4A-AFF96BA00F7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{23119123-0854-469D-807A-171568457991}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\pc optimizer pro
Key Deleted : HKCU\Software\SocialBit
Key Deleted : HKCU\Software\wecarereminder
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKCU\Software\AppDataLow\Software\CompeteInc
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DeviceVM
Key Deleted : HKLM\Software\InstallIQ
Key Deleted : HKLM\Software\PIP
Key Deleted : [x64] HKLM\SOFTWARE\DeviceVM
Key Deleted : [x64] HKLM\SOFTWARE\Tarma Installer
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

-\\ Mozilla Firefox v24.0 (en-US)

[ File : C:\Users\rac4777\AppData\Roaming\Mozilla\Firefox\Profiles\q7xvdgk1.default\prefs.js ]

Line Deleted : user_pref("CT2260173.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.FirstTime", "true");
Line Deleted : user_pref("CT2260173.FirstTimeFF3", "true");
Line Deleted : user_pref("CT2260173.UserID", "UN23832142501052715");
Line Deleted : user_pref("CT2260173.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT2260173.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT2260173.countryCode", "US");
Line Deleted : user_pref("CT2260173.embeddedsData", "[{\"appId\":\"128848965243869715\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]
Line Deleted : user_pref("CT2260173.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT2260173.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT2260173.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT2260173.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT2260173.fixUrls", true);
Line Deleted : user_pref("CT2260173.fullUserID", "UN23832142501052715.UP.20130706012516");
Line Deleted : user_pref("CT2260173.installType", "DirectDownload");
Line Deleted : user_pref("CT2260173.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT2260173.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT2260173.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT2260173.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.keyword", true);

Line Deleted : user_pref("CT2260173.lastVersion", "10.19.2.505");
Line Deleted : user_pref("CT2260173.mam_gk_installer_preapproved.enc", "VFJVRQ==");
Line Deleted : user_pref("CT2260173.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT2260173.missingMachineIdSent", "true");
Line Deleted : user_pref("CT2260173.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Facebook\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp[...]

Line Deleted : user_pref("CT2260173.originalSearchEngine", "AOL Search");
Line Deleted : user_pref("CT2260173.revertSettingsEnabled", "false");
Line Deleted : user_pref("CT2260173.search.searchAppId", "128848965243869715");
Line Deleted : user_pref("CT2260173.search.searchCount", "0");
Line Deleted : user_pref("CT2260173.searchInNewTabEnabledByUser", "false");
Line Deleted : user_pref("CT2260173.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT2260173.searchSuggestEnabledByUser", "false");
Line Deleted : user_pref("CT2260173.searchUserMode", "2");
Line Deleted : user_pref("CT2260173.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT2260173\"}");

Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"Swag Bucks \"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT2260173.serviceLayer_services_Configuration_lastUpdate", "1378950933262");
Line Deleted : user_pref("CT2260173.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1378950933972");
Line Deleted : user_pref("CT2260173.serviceLayer_services_appsMetadata_lastUpdate", "1378950933612");
Line Deleted : user_pref("CT2260173.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377946766349");
Line Deleted : user_pref("CT2260173.serviceLayer_services_location_lastUpdate", "1373079331451");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.2.509_lastUpdate", "1373079332265");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.4.519_lastUpdate", "1375389665960");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.16.9.506_lastUpdate", "1378000856210");
Line Deleted : user_pref("CT2260173.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378950932290");
Line Deleted : user_pref("CT2260173.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377946766350");
Line Deleted : user_pref("CT2260173.serviceLayer_services_searchAPI_lastUpdate", "1378950933274");
Line Deleted : user_pref("CT2260173.serviceLayer_services_serviceMap_lastUpdate", "1378950934290");
Line Deleted : user_pref("CT2260173.serviceLayer_services_setupAPI_lastUpdate", "1371362052775");
Line Deleted : user_pref("CT2260173.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377946766349");
Line Deleted : user_pref("CT2260173.serviceLayer_services_toolbarSettings_lastUpdate", "1378950933623");
Line Deleted : user_pref("CT2260173.serviceLayer_services_translation_lastUpdate", "1378950934338");
Line Deleted : user_pref("CT2260173.settingsINI", true);
Line Deleted : user_pref("CT2260173.showToolbarPermission", "false");
Line Deleted : user_pref("CT2260173.smartbar.CTID", "CT2260173");
Line Deleted : user_pref("CT2260173.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT2260173.smartbar.toolbarName", "Swag Bucks ");
Line Deleted : user_pref("CT2260173.toolbarBornServerTime", "16-6-2013");
Line Deleted : user_pref("CT2260173.toolbarCurrentServerTime", "12-9-2013");
Line Deleted : user_pref("CT2260173.toolbarLoginClientTime", "Sun Jun 16 2013 01:52:13 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT2260173_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1378855704558,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("CT3263904.1000082.isDisplayHidden", "true");
Line Deleted : user_pref("CT3263904.1000082.isPlayDisplay", "true");

Line Deleted : user_pref("CT3263904.1000234.TWC_TMP_city", "MILWAUKEE");
Line Deleted : user_pref("CT3263904.1000234.TWC_TMP_country", "US");
Line Deleted : user_pref("CT3263904.1000234.TWC_locId", "USWI0455");
Line Deleted : user_pref("CT3263904.1000234.TWC_location", "Milwaukee, WI");
Line Deleted : user_pref("CT3263904.1000234.TWC_region", "US");
Line Deleted : user_pref("CT3263904.1000234.TWC_temp_dis", "f");
Line Deleted : user_pref("CT3263904.1000234.TWC_wind_dis", "mph");
Line Deleted : user_pref("CT3263904.1000234.weatherData", "{\"icon\":\"33.png\",\"temperature\":\"78°F\",\"temperatureClear\":\"78°F\",\"highTemperature\":\"78°F\",\"lowTemperature\":\"70°F\",\"feelsLike\":\"81°F\",[...]
Line Deleted : user_pref("CT3263904.3263904a130178368192796955000000paramsGK0.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzczNjAzNjg2NDU1LCJ1cGRhdGVSZXNwVGltZSI6MTM3MzU3ODY0MDM0NCwiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]
Line Deleted : user_pref("CT3263904.3263904a130178368192796955000000paramsGK6.enc", "eyJ1cGRhdGVSZXFUaW1lIjoxMzc4MDAwODU0NDI1LCJ1cGRhdGVSZXNwVGltZSI6MTM3ODAwMDg1NTg3NywiZGF0YSI6eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3[...]
Line Deleted : user_pref("CT3263904.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3263904.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3263904.FirstTime", "true");
Line Deleted : user_pref("CT3263904.FirstTimeFF3", "true");
Line Deleted : user_pref("CT3263904.GetData.enc", "bnVsbA==");
Line Deleted : user_pref("CT3263904.LAST_CLIENT_STATS_SUBMIT_2.enc", "MTM3ODAwMDk4Mg==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_STATS_LAST_SUBMIT_6.enc", "MTM3ODg1NzA1Mw==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MA==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_STATS_STATS_SITE_NEW.enc", "MA==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_STATS_STATS_SITE_NOT_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MA==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_STATS_STATS_USE_HISTORY.enc", "MA==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_STATS_STATS_USE_POP.enc", "MA==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_STATS_STATS_USE_RELATED.enc", "MA==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_STATS_STATS_USE_TYPED.enc", "MA==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_IRRELEVANT.enc", "MTM3ODA3MzIxMw==");
Line Deleted : user_pref("CT3263904.LOCAL_COOKIE_THROTTLE_BASEadd_stats|0|LOCAL_COOKIE_STATS_STATS_SITE_SUPPORTED.enc", "MTM3ODg1NzA1Mw==");
Line Deleted : user_pref("CT3263904.LoginRevertSettingsEnabled", true);
Line Deleted : user_pref("CT3263904.PG_ENABLE", "dHJ1ZQ==");
Line Deleted : user_pref("CT3263904.RSS_Pub_Config.enc", "eyJzZXR0aW5ncyI6eyJpY29uIjoiaHR0cDovL3N0b3JhZ2UuY29uZHVpdC5jb20vNC8zMjYvQ1QzMjYzOTA0L2ltYWdlcy82MzUwOTE0MDU1NzI1OTI3OTNfMjRQWC5wbmciLCJjb21wb25lbnRJZCI6IjEzM[...]
Line Deleted : user_pref("CT3263904.RSSapp3263904a130178368192796955000000embeddedVersion.enc", "Mi40LjA=");
Line Deleted : user_pref("CT3263904.RSSapp3263904a130178368192796955000000lastReportTime.enc", "MTM3ODAwMDg1NTg4OCA=");
Line Deleted : user_pref("CT3263904.RSSapp3263904a130178368192796955000000newFeeds.enc", "bmV3RmVlZHM=");
Line Deleted : user_pref("CT3263904.RevertSettingsEnabled", true);
Line Deleted : user_pref("CT3263904.Run.enc", "bnVsbA==");
Line Deleted : user_pref("CT3263904.SF_JUST_INSTALLED.enc", "RkFMU0U=");
Line Deleted : user_pref("CT3263904.SF_STATUS.enc", "RU5BQkxFRA==");
Line Deleted : user_pref("CT3263904.SF_USER_ID.enc", "Y2lkXzMxODIwMTMyMjMwNDA1NDA1Mw==");

Line Deleted : user_pref("CT3263904.UserID", "UN64930599198882271");
Line Deleted : user_pref("CT3263904.acp_personal.appstate.enc", "ZW5hYmxl");
Line Deleted : user_pref("CT3263904.addressBarTakeOverEnabledInHidden", "true");
Line Deleted : user_pref("CT3263904.browser.search.defaultthis.engineName", true);
Line Deleted : user_pref("CT3263904.cbfirsttime.enc", "TW9uIEp1biAxNyAyMDEzIDIyOjA2OjU4IEdNVC0wNDAwIChFYXN0ZXJuIERheWxpZ2h0IFRpbWUp");
Line Deleted : user_pref("CT3263904.countryCode", "US");
Line Deleted : user_pref("CT3263904.embeddedsData", "[{\"appId\":\"10000002\",\"apiPermissions\":{\"crossDomainAjax\":true,\"getMainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"instantAlert\":[...]
Line Deleted : user_pref("CT3263904.enableAlerts", "always");
Line Deleted : user_pref("CT3263904.enableFix404ByUser", "FALSE");
Line Deleted : user_pref("CT3263904.firstTimeDialogOpened", "true");
Line Deleted : user_pref("CT3263904.fixPageNotFoundErrorByUser", "TRUE");
Line Deleted : user_pref("CT3263904.fixPageNotFoundErrorInHidden", "true");
Line Deleted : user_pref("CT3263904.fixUrls", true);
Line Deleted : user_pref("CT3263904.fullUserID", "UN64930599198882271.UP.20130706012517");
Line Deleted : user_pref("CT3263904.installType", "Unknown");
Line Deleted : user_pref("CT3263904.isCheckedStartAsHidden", true);
Line Deleted : user_pref("CT3263904.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3263904.isFirstTimeToolbarLoading", "false");
Line Deleted : user_pref("CT3263904.isNewTabEnabled", false);
Line Deleted : user_pref("CT3263904.isPerformedSmartBarTransition", "true");
Line Deleted : user_pref("CT3263904.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Line Deleted : user_pref("CT3263904.keyword", true);

Line Deleted : user_pref("CT3263904.lastVersion", "10.19.2.505");
Line Deleted : user_pref("CT3263904.mam_gk_appStateReportTime.enc", "MTM3ODk1MDkwNzk2OQ==");
Line Deleted : user_pref("CT3263904.mam_gk_appState_ACplus.enc", "b24=");
Line Deleted : user_pref("CT3263904.mam_gk_appState_CouponBuddy.enc", "b24=");
Line Deleted : user_pref("CT3263904.mam_gk_appState_Discover.enc", "b24=");
Line Deleted : user_pref("CT3263904.mam_gk_appState_Easytobook.enc", "b24=");
Line Deleted : user_pref("CT3263904.mam_gk_appState_Easytobook_targeted.enc", "b24=");
Line Deleted : user_pref("CT3263904.mam_gk_appState_Find-a-Pro.enc", "b24=");
Line Deleted : user_pref("CT3263904.mam_gk_appState_PiclickV2-WebSearch.enc", "b24=");
Line Deleted : user_pref("CT3263904.mam_gk_appState_PriceGong.enc", "b24=");
Line Deleted : user_pref("CT3263904.mam_gk_appState_WindowShopper.enc", "b24=");
Line Deleted : user_pref("CT3263904.mam_gk_appsData.enc", "eyJhcHBzIjpbeyJpZCI6IlByaWNlR29uZyIsInVybCI6Imh0dHA6Ly9wcmljZWdvbmcuY29uZHVpdGFwcHMuY29tL01BTS92MS9odG1sX2NvbXAuaHRtbCIsInNjcmlwdFVybCI6bnVsbCwib3B0aW9uc0Rp[...]
Line Deleted : user_pref("CT3263904.mam_gk_appsDefaultEnabled.enc", "bnVsbA==");
Line Deleted : user_pref("CT3263904.mam_gk_calledSetupService.enc", "MQ==");
Line Deleted : user_pref("CT3263904.mam_gk_configuration.enc", "eyJjb25maWd1cmF0aW9uIjpbeyJpZCI6IlBpY2xpY2tWMi1XZWJTZWFyY2giLCJjcml0ZXJpYXMiOlt7ImNyaXRlcmlhSWQiOiJjYjUyMDFkZi01MjBkLTQ1YTctYWJmZC1iZTc5NWE0YjcxZDQiLCJ[...]
Line Deleted : user_pref("CT3263904.mam_gk_currentVersion.enc", "MS4xMC40LjA=");
Line Deleted : user_pref("CT3263904.mam_gk_existingUsersRecoveryDone.enc", "MQ==");
Line Deleted : user_pref("CT3263904.mam_gk_first_time.enc", "MQ==");
Line Deleted : user_pref("CT3263904.mam_gk_lastLoginTime.enc", "MTM3ODk1MDkwOTAxNg==");
Line Deleted : user_pref("CT3263904.mam_gk_localization.enc", "eyJnYWRnZXRDb250ZW50UG9saWN5Ijp7IlRleHQiOiJDb250ZW50IFBvbGljeSJ9LCJnYWRnZXREZXNjcmlwdGlvblByaW1hcnkiOnsiVGV4dCI6IlZhbHVlIEFwcHMgZW5yaWNoZXMgeW91ciB3ZWIg[...]
Line Deleted : user_pref("CT3263904.mam_gk_new_welcome_experience.enc", "MQ==");
Line Deleted : user_pref("CT3263904.mam_gk_pgUnloadedOnce.enc", "dHJ1ZQ==");
Line Deleted : user_pref("CT3263904.mam_gk_settings1.10.4.0.enc", "eyJTdGF0dXMiOiJzdWNjZWVkZWQiLCJEYXRhIjp7ImludGVydmFsIjoyNDAsInN0YW1wIjoiMzVfMCIsImlzVGVzdCI6dHJ1ZSwiVXNlckNvdW50cnlDb2RlIjoiVVMiLCJpc1dlbGNvbWVFeHBl[...]
Line Deleted : user_pref("CT3263904.mam_gk_showWelcomeGadget.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3263904.mam_gk_userId.enc", "ZGZlZjhjZWItOTc1MC00NDExLWJhYzEtOTMwZjZkMjkzNjgw");
Line Deleted : user_pref("CT3263904.mam_gk_user_approval_interacted.enc", "MQ==");
Line Deleted : user_pref("CT3263904.mam_gk_welcomeDialogMode.enc", "MQ==");
Line Deleted : user_pref("CT3263904.migrateAppsAndComponents", true);
Line Deleted : user_pref("CT3263904.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxps%3A%2F%2Fwww.facebook.com%2F\",\"EB_MAIN_FRAME_TITLE\":\"Facebook\",\"EB_SEARCH_TERM\":\"\",\"EB_TOOLBAR_SUB_DOMAIN\":\"hxxp[...]


Line Deleted : user_pref("CT3263904.originalSearchEngine", "Bing");
Line Deleted : user_pref("CT3263904.originalSearchEngineName", "TB Myga Customized Web Search");
Line Deleted : user_pref("CT3263904.personalApps", "{\"dataType\":\"object\",\"data\":\"[\\\"EMAIL_NOTIFIER\\\"]\"}");
Line Deleted : user_pref("CT3263904.price-gong.isManagedApp", "true");
Line Deleted : user_pref("CT3263904.search.searchAppId", "10000002");
Line Deleted : user_pref("CT3263904.search.searchCount", "0");
Line Deleted : user_pref("CT3263904.searchInNewTabEnabledByUser", "true");
Line Deleted : user_pref("CT3263904.searchInNewTabEnabledInHidden", "true");
Line Deleted : user_pref("CT3263904.searchSuggestEnabledByUser", "true");
Line Deleted : user_pref("CT3263904.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3263904.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3263904.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\"}");
Line Deleted : user_pref("CT3263904.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"data\":\"CT3263904\"}");

Line Deleted : user_pref("CT3263904.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"string\",\"data\":\"TB Myga \"}");
Line Deleted : user_pref("CT3263904.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data\":\"true\"}");
Line Deleted : user_pref("CT3263904.serviceLayer_service_usage_toolbarUsageCount", "{\"dataType\":\"number\",\"data\":\"2\"}");
Line Deleted : user_pref("CT3263904.serviceLayer_services_Configuration_lastUpdate", "1378950933033");
Line Deleted : user_pref("CT3263904.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1378950933041");
Line Deleted : user_pref("CT3263904.serviceLayer_services_appsMetadata_lastUpdate", "1378950933599");
Line Deleted : user_pref("CT3263904.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1377946765999");
Line Deleted : user_pref("CT3263904.serviceLayer_services_login_10.13.40.15_lastUpdate", "1373079325351");
Line Deleted : user_pref("CT3263904.serviceLayer_services_login_10.16.4.519_lastUpdate", "1373253328078");
Line Deleted : user_pref("CT3263904.serviceLayer_services_login_10.16.7.524_lastUpdate", "1373508918213");
Line Deleted : user_pref("CT3263904.serviceLayer_services_login_10.16.7.525_lastUpdate", "1374159546423");
Line Deleted : user_pref("CT3263904.serviceLayer_services_login_10.16.70.505_lastUpdate", "1378000856303");
Line Deleted : user_pref("CT3263904.serviceLayer_services_login_10.19.2.505_lastUpdate", "1378950932214");
Line Deleted : user_pref("CT3263904.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1377946765999");
Line Deleted : user_pref("CT3263904.serviceLayer_services_searchAPI_lastUpdate", "1378950933125");
Line Deleted : user_pref("CT3263904.serviceLayer_services_serviceMap_lastUpdate", "1378950933361");
Line Deleted : user_pref("CT3263904.serviceLayer_services_toolbarContextMenu_lastUpdate", "1377946765998");
Line Deleted : user_pref("CT3263904.serviceLayer_services_toolbarSettings_lastUpdate", "1378950934005");
Line Deleted : user_pref("CT3263904.serviceLayer_services_translation_lastUpdate", "1378950933081");
Line Deleted : user_pref("CT3263904.settingsINI", true);
Line Deleted : user_pref("CT3263904.showToolbarPermission", "false");
Line Deleted : user_pref("CT3263904.smartbar.CTID", "CT3263904");
Line Deleted : user_pref("CT3263904.smartbar.Uninstall", "0");
Line Deleted : user_pref("CT3263904.smartbar.homepage", true);
Line Deleted : user_pref("CT3263904.smartbar.toolbarName", "TB Myga ");
Line Deleted : user_pref("CT3263904.startDate.enc", "bnVsbA==");
Line Deleted : user_pref("CT3263904.timeLeft.enc", "MA==");
Line Deleted : user_pref("CT3263904.toolbarBornServerTime", "18-6-2013");
Line Deleted : user_pref("CT3263904.toolbarCurrentServerTime", "12-9-2013");
Line Deleted : user_pref("CT3263904.toolbarLoginClientTime", "Sat Jul 06 2013 01:25:32 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3263904.twitter_v1.8.0_twitter_app_open_t_f.enc", "ZmFsc2U=");
Line Deleted : user_pref("CT3263904.url_history0001.enc", "aHR0cHM6Ly93d3cuZmFjZWJvb2suY29tL2FqYXgvc2hhcmVyLz9zPTk5JmFwcGlkPTIzMDk4Njk3NzImcCU1QjAlNUQ9MTAwMDA1MTcwOTYxNDEyJnAlNUIxJTVEPTE5MDI1Mjk5NDQ5MDM5OCZwcm9maWxl[...]
Line Deleted : user_pref("CT3263904.userData.enc", "bnVsbA==");
Line Deleted : user_pref("CT3263904_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1378855704542,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");
Line Deleted : user_pref("FirstSearch.aol_toolbar.search.hasDoneFirst", 22);
Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");
Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");
Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3263904");
Line Deleted : user_pref("aol_toolbar.aolmail.address", "");
Line Deleted : user_pref("aol_toolbar.aolmail.count", "0");
Line Deleted : user_pref("aol_toolbar.aolmail.id", "value");
Line Deleted : user_pref("aol_toolbar.aolmail.imagelist.layout", "empty");
Line Deleted : user_pref("aol_toolbar.aolmail.popup.autoclose", "true");
Line Deleted : user_pref("aol_toolbar.aolmail.user", "");
Line Deleted : user_pref("aol_toolbar.button.facebook_40839.click", "1");
Line Deleted : user_pref("aol_toolbar.buttons.layout", "aol_mail_5496;facebook_40839;mapquest_40872;twitter_40883;ebay_46278;wikipedia_46497;yahoo_mail_46508;netflix_46519;radio_46530;share_this_page_46541;");
Line Deleted : user_pref("aol_toolbar.calendar.date", "{system.date.timestamp}");
Line Deleted : user_pref("aol_toolbar.calendar.displaydate", "{system.date.locale}");
Line Deleted : user_pref("aol_toolbar.calendar.timestamp", "1381069008908");
Line Deleted : user_pref("aol_toolbar.cookie.homepage", "");
Line Deleted : user_pref("aol_toolbar.cookie.search", "");
Line Deleted : user_pref("aol_toolbar.curtain.congrats", "n");
Line Deleted : user_pref("aol_toolbar.default.homepage.protection", false);

Line Deleted : user_pref("aol_toolbar.default.search.label", "AOL Search");

Line Deleted : user_pref("aol_toolbar.facebook.imagelist.layout", "facebook");
Line Deleted : user_pref("aol_toolbar.facebook.notifications", "0");
Line Deleted : user_pref("aol_toolbar.facebook.popup.autoclose", "true");
Line Deleted : user_pref("aol_toolbar.firsttime.showwindow", false);
Line Deleted : user_pref("aol_toolbar.guid", "{499DA2E5-B073-7D89-6B51-E4485B98E5BE}");
Line Deleted : user_pref("aol_toolbar.historybutton.active", true);
Line Deleted : user_pref("aol_toolbar.historybutton.enabled", true);
Line Deleted : user_pref("aol_toolbar.historybutton.ignoreids", "");
Line Deleted : user_pref("aol_toolbar.homepageprotection.enabled", false);
Line Deleted : user_pref("aol_toolbar.install.distroid", "aol");

Line Deleted : user_pref("aol_toolbar.install.homepage.label", "AOL.com");
Line Deleted : user_pref("aol_toolbar.install.lastTbVersion", "5.74.1.9660");
Line Deleted : user_pref("aol_toolbar.install.lid", "hyplognew00000010");
Line Deleted : user_pref("aol_toolbar.install.mtmhp", "hyplogusaolp00000023");
Line Deleted : user_pref("aol_toolbar.install.ncid", "");
Line Deleted : user_pref("aol_toolbar.install.type", "upgrade");
Line Deleted : user_pref("aol_toolbar.metrics.activestampdate", "28");
Line Deleted : user_pref("aol_toolbar.metrics.activestampmonth", "9");
Line Deleted : user_pref("aol_toolbar.metrics.activestampyear", "2013");
Line Deleted : user_pref("aol_toolbar.metrics.log", false);
Line Deleted : user_pref("aol_toolbar.metrics.originalDate", "16");
Line Deleted : user_pref("aol_toolbar.metrics.originalHours", "4");
Line Deleted : user_pref("aol_toolbar.metrics.originalMinutes", "0");
Line Deleted : user_pref("aol_toolbar.metrics.originalMonth", "6");
Line Deleted : user_pref("aol_toolbar.metrics.originalSeconds", "0");
Line Deleted : user_pref("aol_toolbar.metrics.originalYear", "2013");
Line Deleted : user_pref("aol_toolbar.presethomepage", "conduit.com");
Line Deleted : user_pref("aol_toolbar.presetsearch", "AOL Search");
Line Deleted : user_pref("aol_toolbar.relatednews.enabled", false);
Line Deleted : user_pref("aol_toolbar.remote.config.js", "");
Line Deleted : user_pref("aol_toolbar.remote.historyconfig.js", "");
Line Deleted : user_pref("aol_toolbar.remote.publish.xml", "1382963436445");
Line Deleted : user_pref("aol_toolbar.remote.searchterm.js", "");
Line Deleted : user_pref("aol_toolbar.reset.flag", "3");
Line Deleted : user_pref("aol_toolbar.reset.style", "B");
Line Deleted : user_pref("aol_toolbar.resetprompt.daily.num", "1");
Line Deleted : user_pref("aol_toolbar.resetprompt.daily.timestamp", "Fri Jul 05 2013 22:53:06 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("aol_toolbar.resetprompt.display.limit", "8");
Line Deleted : user_pref("aol_toolbar.rtw.active", false);
Line Deleted : user_pref("aol_toolbar.search.button", true);
Line Deleted : user_pref("aol_toolbar.search.cid", "04-10-2013");
Line Deleted : user_pref("aol_toolbar.search.focusnewtab", true);
Line Deleted : user_pref("aol_toolbar.search.instd", "76F3173EEE6544CEB8A2904113842B15");
Line Deleted : user_pref("aol_toolbar.search.newtab", true);
Line Deleted : user_pref("aol_toolbar.search.oid", "16-06-2013");
Line Deleted : user_pref("aol_toolbar.search.placement", "right");
Line Deleted : user_pref("aol_toolbar.search.populateoncomplete", false);
Line Deleted : user_pref("aol_toolbar.search.savehistory", false);
Line Deleted : user_pref("aol_toolbar.search.searchtype", "web");
Line Deleted : user_pref("aol_toolbar.search.source", "adknowledgeaol-ff");
Line Deleted : user_pref("aol_toolbar.searchengine.label", "AOL Search");
Line Deleted : user_pref("aol_toolbar.searchprotection.enabled", false);
Line Deleted : user_pref("aol_toolbar.skin.custom", false);
Line Deleted : user_pref("aol_toolbar.surf.date", "133");
Line Deleted : user_pref("aol_toolbar.surf.lastDate", "4");
Line Deleted : user_pref("aol_toolbar.surf.lastMonth", "9");
Line Deleted : user_pref("aol_toolbar.surf.lastYear", "2013");
Line Deleted : user_pref("aol_toolbar.surf.month", "133");
Line Deleted : user_pref("aol_toolbar.surf.prevMonth", "24");
Line Deleted : user_pref("aol_toolbar.surf.total", "2060");
Line Deleted : user_pref("aol_toolbar.surf.week", "133");
Line Deleted : user_pref("aol_toolbar.surf.year", "2034");
Line Deleted : user_pref("aol_toolbar.ticker.active", false);
Line Deleted : user_pref("aol_toolbar.uninstallreset", "3");
Line Deleted : user_pref("aol_toolbar.upgrade.showwindow", false);
Line Deleted : user_pref("aol_toolbar.weather.condition", "9");
Line Deleted : user_pref("aol_toolbar.weather.degc", "19");
Line Deleted : user_pref("aol_toolbar.weather.degf", "66");
Line Deleted : user_pref("aol_toolbar.weather.degrees", "F");

Line Deleted : user_pref("aol_toolbar.weather.lastupdate", "");
Line Deleted : user_pref("aol_toolbar.weather.locationid", "USNY0996");
Line Deleted : user_pref("aol_toolbar.weather.metric", true);
Line Deleted : user_pref("aol_toolbar.weather.tooltip", "New York , NY : Mostly Cloudy");
Line Deleted : user_pref("aol_toolbar.weather.update", "1380939825758");
Line Deleted : user_pref("aol_toolbar.weather.zipcode", "10006");
Line Deleted : user_pref("aol_toolbar.widgets.layout", "aolmail,facebook");
Line Deleted : user_pref("aol_toolbar.widgets.log", false);
Line Deleted : user_pref("aol_toolbar.widgets.timestamp", "1382835015461");
Line Deleted : user_pref("aol_toolbar.widgets.version", "5.74.1.9660");
Line Deleted : user_pref("aol_toolbar.winamp.volume", "");
Line Deleted : user_pref("aol_toolbar.youtube.color", "white");
Line Deleted : user_pref("aol_toolbar.youtube.id", "0");
Line Deleted : user_pref("aol_toolbar.youtube.imagelist.layout", "youtube");
Line Deleted : user_pref("aol_toolbar.youtube.lastpage", "0");
Line Deleted : user_pref("aol_toolbar.youtube.lasttab", "0");
Line Deleted : user_pref("aol_toolbar.youtube.timestamp", "0");
Line Deleted : user_pref("browser.search.defaultenginename", "Swag Bucks Customized Web Search");

Line Deleted : user_pref("extentions.y2layers.defaultEnableAppsList", "easyinline2,YontooNewOffers");
Line Deleted : user_pref("extentions.y2layers.installId", "349a785b-fe64-4417-b1f5-3810bf44f2c6");

Line Deleted : user_pref("smartbar.addressBarOwnerCTID", "CT3263904");


Line Deleted : user_pref("smartbar.defaultSearchOwnerCTID", "CT3263904");
Line Deleted : user_pref("smartbar.homePageOwnerCTID", "CT3263904");
Line Deleted : user_pref("smartbar.machineId", "I4EUZK7MKBHLCKIUYDNEFYGRBDTMLGKYM9U5NBULPRPZCX8FHTC2LVBKM287DFBPHOAOPQ91IUEYFB8AB59HFQ");

Line Deleted : user_pref("smartbar.originalSearchAddressUrl", "");
Line Deleted : user_pref("smartbar.originalSearchEngine", false);

[ File : C:\Users\School\AppData\Roaming\Mozilla\Firefox\Profiles\bci36lbc.default\prefs.js ]

-\\ Google Chrome v

[ File : C:\Users\rac4777\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url

*************************

AdwCleaner[R0].txt - [46734 octets] - [28/10/2013 09:45:27]
AdwCleaner[s0].txt - [46702 octets] - [28/10/2013 09:46:08]

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [46763 octets] ##########

Link to post
Share on other sites

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.28.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16721
rac4777 :: RAC4777-VAIO [administrator]

10/28/2013 9:50:34 AM
mbam-log-2013-10-28 (09-50-34).txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 485628
Time elapsed: 1 hour(s), 37 minute(s), 23 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

Link to post
Share on other sites

Scan with ESET Online Scan

Please go to here to run the online scannner from ESET.

  • Turn off the real time scanner of any existing antivirus program while performing the online scan
  • Tick the box next to YES, I accept the Terms of Use.
  • Click Start
  • When asked, allow the activex control to install
  • Click Start
  • Make sure that the option Remove found threats is unticked
  • Click on Advanced Settings and ensure these options are ticked:
    • Scan for potentially unwanted applications
  • Scan for potentially unsafe applications
  • Enable Anti-Stealth Technology

[*]Click Scan[*]Wait for the scan to finish[*]If any threats were found, click the 'List of found threats' , then click Export to text file.... [*]Save it to your desktop, then please copy and paste that log as a reply to this topic.

Link to post
Share on other sites

C:\AdwCleaner\Quarantine\C\Program Files (x86)\OApps\SelectionLinks.dll.vir Win32/AdWare.Facetheme.F application
C:\AdwCleaner\Quarantine\C\Program Files (x86)\Yontoo\YontooIEClient.dll.vir a variant of Win32/Adware.Yontoo.A application
C:\AdwCleaner\Quarantine\C\ProgramData\apn\APN-Stub\W3IV6-G\APNIC.dll.vir Win32/Bundled.Toolbar.Ask.B application
C:\AdwCleaner\Quarantine\C\Users\rac4777\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle\1.3.332.1_0\plugins\opcm.dll.vir a variant of Win32/Adware.RK.AM application
C:\AdwCleaner\Quarantine\C\Users\rac4777\AppData\Roaming\Yontoo\YontooDesktop.exe.vir a variant of MSIL/WebCake.B application
C:\ProgramData\Microsoft\Windows\DRM\FB78.tmp Win64/Olmarik.AY trojan
C:\ProgramData\Microsoft\Windows\DRM\FBA8.tmp Win64/Olmarik.AY trojan
C:\Users\All Users\Microsoft\Windows\DRM\FB78.tmp Win64/Olmarik.AY trojan
C:\Users\All Users\Microsoft\Windows\DRM\FBA8.tmp Win64/Olmarik.AY trojan
C:\Users\rac4777\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\08ZDMWEY\yontoosetup[1].exe multiple threats
C:\Users\rac4777\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9F1ORH3E\installer-silent[1].exe a variant of Win32/Adware.CouponAmazing.A application
C:\Users\rac4777\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\SVZ3EAO2\yontoosetup[1].exe multiple threats
C:\Users\rac4777\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\ZYBG8XX9\installer-silent[1].exe a variant of Win32/Adware.CouponAmazing.A application
C:\Users\rac4777\AppData\Local\Temp\airE400.exe Win32/Wajam.C application
C:\Users\rac4777\AppData\Local\Temp\ask.exe a variant of Win32/Bundled.Toolbar.Ask application
C:\Users\rac4777\AppData\Local\Temp\hsbing_717_active.exe multiple threats
C:\Users\rac4777\AppData\Local\Temp\DIQ\FlashPlayer_151\software\FlashPlayer.exe Win32/DomaIQ.M application
C:\Users\rac4777\AppData\Local\Temp\DIQ\FlashPlayer_151\software\Yontoo.exe multiple threats
C:\Users\rac4777\AppData\Local\Temp\extension\back.js JS/Adware.Yontoo.B application
C:\Users\rac4777\AppData\Local\Temp\nsf59D8.tmp\util_ex.dll a variant of Win32/ExFriendAlert.B application
C:\Users\rac4777\AppData\Roaming\VisicomToolBar\GamesAGoGo_toolbar_3.0.0.2.exe multiple threats
C:\Users\rac4777\Downloads\FPP_Setup.exe a variant of Win32/AirAdInstaller.A application
 

Link to post
Share on other sites

Combofix

Combofix should only be run when adviced by a team member!

Link


Important - Save the file to your desktop!


  • Deactivate any and all of your antivirus programs /spyware scanners - they can prevent CF from doing its work.
  • Run Combofix.exe



When finished, Combofix creates a log file named C:\Combofix.txt. Please post its content in your next reply.

Note: When receiving an error message containing ""Illegal operation attempted on a registry key that has been marked for deletion" simply restart your computer to fix this.

Link to post
Share on other sites

  • Root Admin

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.