Jump to content

How do I remove www-search.info/?src=us ?


Recommended Posts

For the past few days, when I open Google Chrome, instead of the usual Google home page, I get a different page (www-search.info/?src=us) and can't seem to reset it to open in Google.  I've gone into settings multiple times, but to no avail...all of my settings indicate that Google is my home page.


 


I also keep getting pop-ups just below the favorites bar that tell me things like, "Additional plugins are required to display all the media on this page"  or  "an update for your browser is available"  or  "your flash player may need to be updated".  If I click the "X" to close the popup, a new tab opens offering me new software, and the popup doesn't go away on the original window.  Often, the popup covers buttons at the top of a page I'm using (for instance, the "Sign In" or "Create Account" buttons at the top of this forum page.)


 


PLEASE help me get rid of www-search.info/?src=us   and these popups!!  


 


Thanks, in advance for any help you can provide.


Link to post
Share on other sites

Welcome to the forum. (Do what you can)

General P2P/Piracy Warning:

 

1. If you're using Peer 2 Peer software such uTorrent, BitTorrent or similar you must either fully uninstall it or completely disable it from running while being assisted here.

2. If you have illegal/cracked software (MS Office, Adobe Products), cracks, keygens, custom (Adobe) host file, etc. on the system, please remove or uninstall them now and read the policy on Piracy.

Failure to remove such software will result in your topic being closed and no further assistance being provided.

 

<====><====><====><====><====><====><====><====>

 

1. Please run a Threat Scan with Malwarebytes (if possible)

Start Malwarebytes 2.0.........

Click on Settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware

Same for PUM (Potentially Unwanted Modifications)

Quarantine all that's found

Post the log (save the log as a .txt file not .xml)

Then......

2. Please download Farbar Recovery Scan Tool (FRST) and save it to a folder.

(use correct version for your system.....Which system am I using?)

FRST <----for 32 bit systems

FRST64 <----for 64 bit systems

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Press Scan button. (make sure the Addition box is checked)
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If the logs are large, you can attach them:

To attach a log:

Bottom right corner of this page.

reply1.jpg

New window that comes up.

replyer1.jpg

Last................

3. Please download and run RogueKiller 32 bit to your desktop.

RogueKiller<---use this one for 64 bit systems

Which system am I using?

Quit all running programs.

For Windows XP, double-click to start.

For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Wait for the Prescan to finish

Click Scan to scan the system.

When the scan completes > Don't Fix anything! > Click on the Report Button > Copy and paste the Report back here.

Don't run any other options, they're not all bad!!!!!!!

RogueKiller logs will also be located here:

%programdata%/RogueKiller/Logs <-------W7

C:\Documents and Settings\All Users\Application Data\RogueKiller\Logs <-------XP

(please don't put logs in code or quotes and use the default font)

MrC

Link to post
Share on other sites

Thank you, MrC!  I hope I do this right!  Here is the report from RogueKiller, and I've attached the files from Malwarebytes and Farbar.

 

I have another question...I had downloaded one of the suggested programs (feeling kind of dumb, right now!)  I was able to remove all of the files except the exe. file for Reimage Repair.  When I try to delete it, it says I can't because it's in use or protected.  I'm assuming that it's being used by the Search.info program, or whatever it's attached to??  Anyway, how do I get rid of that?  Or, will that be deleted by the steps you're having me do?

 

Again, THANK YOU SO MUCH FOR YOUR HELP!!

 

 

 

RogueKiller V10.2.0.0 [Jan 19 2015] by Adlice Software
 
Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User : Rose [Administrator]
Mode : Scan -- Date : 02/08/2015  17:03:42
 
¤¤¤ Processes : 4 ¤¤¤
[Proc.Injected] rcore.exe(2388) -- C:\WINDOWS\rcore.exe[-] -> Killed [TermProc]
[PUP] (SVC) netfilter -- system32\drivers\netfilter.sys[-] -> ERROR [41c]
[PUP] (SVC) UniversalUpdater -- C:\Program Files\Umtbhyzrhotq3nwn\mwnhzjqzowu3mgm.exe[-] -> Stopped
[PUP] (SVC) vToolbarUpdater18.1.9 -- C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe[7] -> Stopped
 
¤¤¤ Registry : 47 ¤¤¤
[PUP] HKEY_CLASSES_ROOT\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{3c471948-f874-49f5-b338-4f214a2ee0b1} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C} -> Found
[PUP] HKEY_CLASSES_ROOT\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78} -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} -> Found
[PUP] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run | vProt : "C:\Program Files\AVG SafeGuard toolbar\vprot.exe"  -> Found
[Hidden.From.SCM] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\mksmgxri (System32\drivers\vktm.sys) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\netfilter (system32\drivers\netfilter.sys) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\UniversalUpdater (C:\Program Files\Umtbhyzrhotq3nwn\mwnhzjqzowu3mgm.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\vToolbarUpdater18.1.9 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\netfilter (system32\drivers\netfilter.sys) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UniversalUpdater (C:\Program Files\Umtbhyzrhotq3nwn\mwnhzjqzowu3mgm.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vToolbarUpdater18.1.9 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdate (C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /svc) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\globalUpdatem (C:\Program Files\globalUpdate\Update\GoogleUpdate.exe /medsvc) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\netfilter (system32\drivers\netfilter.sys) -> Found
[suspicious.Path] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\rcores (C:\WINDOWS\rcore.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\UniversalUpdater (C:\Program Files\Umtbhyzrhotq3nwn\mwnhzjqzowu3mgm.exe) -> Found
[PUP] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\vToolbarUpdater18.1.9 (C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\18.1.9\ToolbarUpdater.exe) -> Found
[PUM.SearchPage] HKEY_USERS\S-1-5-21-776561741-2052111302-1417001333-1003\Software\Microsoft\Internet Explorer\Main | Search Page : http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{6EC4A107-8DC4-47E2-9C58-DD62009D92FB} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{6EC4A107-8DC4-47E2-9C58-DD62009D92FB} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.Dns] HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Tcpip\Parameters\Interfaces\{6EC4A107-8DC4-47E2-9C58-DD62009D92FB} | DhcpNameServer : 209.18.47.61 209.18.47.62 [uNITED STATES (US)][uNITED STATES (US)]  -> Found
[PUM.DesktopIcons] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\HideDesktopIcons\NewStartPanel | {20D04FE0-3AEA-1069-A2D8-08002B30309D} : 1  -> Found
 
¤¤¤ Tasks : 1 ¤¤¤
[suspicious.Path] AVG-Secure-Search-Update_1114tb_rmv.job -- C:\Program Files\AVG Security Toolbar\AVG-Secure-Search-Update_1114tb.exe ( --CMPID=1114tb --uninstall=1) -> Found
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 2 ¤¤¤
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1       localhost
[C:\WINDOWS\System32\drivers\etc\hosts] 127.0.0.1 d3oxij66pru1i3.cloudfront.net
 
¤¤¤ Antirootkit : 0 (Driver: Loaded) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: ST9320423AS +++++
--- User ---
[MBR] a65fa31f96d73e594deb257a2a720c83
[bSP] b3e7808bfebf0cc1b2fb232f2055cd2e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB [Windows XP Bootstrap | Windows XP Bootloader]
User = LL1 ... OK
User != LL2 ... KO!
--- LL2 ---
[MBR] a65fa31f96d73e594deb257a2a720c83
[bSP] b3e7808bfebf0cc1b2fb232f2055cd2e : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 305242 MB [Error reading VBR! ([3e6] Invalid access to memory location. )]
 

 

FRST.txt

Addition.txt

protection log 2 7 15.txt

Link to post
Share on other sites

Make sure you have created a restore point and.....
bwebb7v.jpgDownload Delfix from Here and save it to your desktop.

  • Place a check mark in front of .......
  • Create registry backup <---only!
  • Uncheck the rest!
  • Click the Run button.

    Close the tool out when it's done....we'll use it later.

    ===================================

    Please uninstall these two programs from your add/remove programs if possible:
    Reimage Protector 
    Salus 

    ===================================

    Download the attached fixlist.txt to the same folder as FRST.exe/FRST64.exe.
    Run FRST.exe/FRST64.exe and click Fix only once and wait
    The tool will create a log (Fixlog.txt) in the folder, please post it to your reply.

    ==================================

    Please download AdwCleaner from HERE or HERE to your desktop.
    • Double click on AdwCleaner.exe to run the tool.
      Vista/Windows 7/8 users right-click and select Run As Administrator
    • Click on the Scan button.
    • AdwCleaner will begin...be patient as the scan may take some time to complete.
    • When it's done you'll see: Pending: Please uncheck elements you don't want removed.
    • Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
    • Look over the log especially under Files/Folders for any program you want to save.
    • If there's a program you may want to save, just uncheck it from AdwCleaner.
    • If you're not sure, post the log for review. (all items found are either adware/spyware/foistware)
    • If you're ready to clean it all up.....click the Clean button.
    • After rebooting, a logfile report (AdwCleaner[s0].txt) will open automatically.
    • Copy and paste the contents of that logfile in your next reply.
    • A copy of that logfile will also be saved in the C:\AdwCleaner folder.
    • Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine
    • To restore an item that has been deleted:
    • Go to Tools > Quarantine Manager > check what you want restored > now click on Restore.
    Next..................

    thisisujrt.gif Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista or Seven, right-mouse click it and select Run as Administrator.
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
    Next.........

    Clean out temp files:

    Download TFC from here and save it to your desktop.
    http://oldtimer.geekstogo.com/TFC.exe
    http://www.bleepingcomputer.com/download/tfc/dl/92/
    Close any open programs and Internet browsers.
    Double click TFC.exe to run it on XP (for Vista and Windows 7 right click and choose "Run as administrator") and once it opens click on the Start button on the lower left of the program to allow it to begin cleaning.
    Please be patient as clearing out temp files may take a while.
    Once it completes you may be prompted to restart your computer, please do so.
    Once it's finished you may delete TFC.exe from your desktop or save it for later use for the cleaning of temporary files.

    Last..........

    Please Update and run a Threat Scan (Malwarebytes)
    Click on settings > Detection and Protection > Non-Malware Protection > PUP (Potentially Unwanted Program) detections > Make sure it's set to Treat detections as malware
    Same for PUM (Potentially Unwanted Modifications)
    Quarantine All that's found

    MrC
Link to post
Share on other sites

AdwCleanerR0.txtThanks, Mr. C!

 

I've gotten to the AdwCleaner portion of your instructions, but am unsure which files I should uncheck.  some of them are obvious, like the AVG toolbars ones, but others have MS Windows, Firefox, Chrome or IE in the file names.  I don't want to lose any of those programs as I have a lot of bookmarks associated with the browsers and certainly don't want to mess up Windows.

 

Are you able to help me determine which files I should save?  I'm cool with getting rid of anything I don't need, as long as my bookmarks are preserved.

Link to post
Share on other sites

I forgot to attache the fixlog.txt to my previous reply...have done so with this one.  this is the logfile report from AdwCleaner....I'll get on to the next step.

 

 

 

 

# AdwCleaner v4.110 - Logfile created 09/02/2015 at 15:02:00

# Updated 05/02/2015 by Xplode

# Database : 2015-02-05.2 [Local]

# Operating system : Microsoft Windows XP Service Pack 3 (x86)

# Username : Rose - MYLAPTOP

# Running from : C:\Documents and Settings\Rose\My Documents\Downloads\AdwCleaner.exe

# Option : Cleaning

 

***** [ Services ] *****

 

[#] Service Deleted : netfilter

[#] Service Deleted : UniversalUpdater

[#] Service Deleted : vToolbarUpdater18.1.9

 

***** [ Files / Folders ] *****

 

Folder Deleted : C:\Documents and Settings\All Users\Application Data\apn

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG SafeGuard 

 

toolbar

Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure 

 

Search

Folder Deleted : C:\Documents and Settings\All Users\Application Data\CoolSalleeCoupOn

Folder Deleted : C:\Documents and Settings\All Users\Application Data\lesoso2payy

Folder Deleted : C:\Documents and Settings\All Users\Application Data\saferweb

Folder Deleted : C:\Documents and Settings\All Users\Application Data\SaveerAddaon

Folder Deleted : C:\Documents and Settings\All Users\Application 

 

Data\13280106931252492753

Folder Deleted : C:\Documents and Settings\All Users\Application Data\6fb14b600000199d

Folder Deleted : C:\Documents and Settings\All Users\Application Data\b84c6ae49881f9d1

Folder Deleted : C:\Documents and Settings\All Users\Application Data\beca102e00007a17

Folder Deleted : C:\Program Files\AVG SafeGuard toolbar

Folder Deleted : C:\Program Files\Conduit

Folder Deleted : C:\Program Files\globalUpdate

Folder Deleted : C:\Program Files\SearchProtect

Folder Deleted : C:\Program Files\Shop For Rewards

Folder Deleted : C:\Program Files\AApptoUU

Folder Deleted : C:\Program Files\deAlstter

Folder Deleted : C:\Program Files\doownloaiditkeep

Folder Deleted : C:\Program Files\eAssytoshoop

Folder Deleted : C:\Program Files\Common Files\AVG Secure Search

Folder Deleted : C:\DOCUME~1\Rose\LOCALS~1\Temp\apn

Folder Deleted : C:\DOCUME~1\Rose\LOCALS~1\Temp\BrowseStudio

[!] Folder Deleted : C:\Documents and Settings\Rose\Local Settings\Application 

 

Data\AVG SafeGuard toolbar

Folder Deleted : C:\Documents and Settings\Rose\Local Settings\Application 

 

Data\Conduit

Folder Deleted : C:\Documents and Settings\Rose\Local Settings\Application 

 

Data\globalUpdate

Folder Deleted : C:\Documents and Settings\Rose\Application Data\AVG SafeGuard toolbar

Folder Deleted : C:\Documents and Settings\Rose\Application Data\SecureSearch

Folder Deleted : C:\Documents and Settings\Rose\Application Data\Pro PC Cleaner

Folder Deleted : C:\Documents and Settings\Rose\My Documents\Optimizer Pro

Folder Deleted : C:\Documents and Settings\Rose\Application 

 

Data\Mozilla\Firefox\Profiles\ub9dnfrp.default\Extensions\HGkj@K4.net

Folder Deleted : C:\Documents and Settings\Rose\Application 

 

Data\Mozilla\Firefox\Profiles\ub9dnfrp.default\Extensions\J@RoqXxgJI2.edu

Folder Deleted : C:\Documents and Settings\Rose\Application 

 

Data\Mozilla\Firefox\Profiles\ub9dnfrp.default\Extensions\KENre@J.net

Folder Deleted : C:\Documents and Settings\Rose\Application 

 

Data\Mozilla\Firefox\Profiles\ub9dnfrp.default\Extensions\m@EnF.edu

Folder Deleted : C:\Documents and Settings\Rose\Application 

 

Data\Mozilla\Firefox\Profiles\ub9dnfrp.default\Extensions\QkWz@BV3rD.org

Folder Deleted : C:\Documents and Settings\Rose\Application 

 

Data\Mozilla\Firefox\Profiles\ub9dnfrp.default\Extensions\TMoqCKg@q69.com

Folder Deleted : C:\Documents and Settings\All Users\Application 

 

Data\gafndcgddddahibcodbboeldnmjmbmej

Folder Deleted : C:\Documents and Settings\All Users\Application 

 

Data\pgnnediionmbcmomnadccalbmoocehde

File Deleted : C:\END

File Deleted : C:\WINDOWS\Reimage.ini

File Deleted : C:\WINDOWS\rcore.exe

File Deleted : C:\WINDOWS\system32\drivers\netfilter.sys

File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\adawaretb.xml

File Deleted : C:\Documents and Settings\Rose\Application 

 

Data\Mozilla\Firefox\Profiles\ub9dnfrp.default\searchplugins\safeguard-secure-search.x

 

ml

File Deleted : C:\Program Files\Mozilla 

 

Firefox\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Program Files\Mozilla 

 

Firefox\browser\searchplugins\safeguard-secure-search.xml

File Deleted : C:\Documents and Settings\Rose\Application 

 

Data\Mozilla\Firefox\Profiles\ub9dnfrp.default\user.js

File Deleted : C:\Documents and Settings\Rose\Local Settings\Application 

 

Data\Google\Chrome\User Data\Default\Local Storage\hxxp_www.saveur.com_0.localstorage

File Deleted : C:\Documents and Settings\Rose\Local Settings\Application 

 

Data\Google\Chrome\User Data\Default\Local 

 

Storage\hxxp_www.saveur.com_0.localstorage-journal

 

***** [ Scheduled tasks ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Registry ] *****

 

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\oejkcgajlodefenbbjdnaiahmbnnoole

Key Deleted : HKCU\Software\Microsoft\Internet Explorer\DOMStorage\conduit.com

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE

Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.BrowserWndAPI.1

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj

Key Deleted : HKLM\SOFTWARE\Classes\AVG SafeGuard toolbar.PugiObj.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdate.OneClickProcessLauncherMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoCreateAsync.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CoreMachineClass.1

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.CredentialDialogMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback

Key Deleted : 

 

HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.OnDemandCOMClassSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.ProcessLauncher.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3COMClassService.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachine.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebMachineFallback.1.0

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc

Key Deleted : HKLM\SOFTWARE\Classes\globalUpdateUpdate.Update3WebSvc.1.0

Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol

Key Deleted : HKLM\SOFTWARE\Classes\S

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi

Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE

Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1

Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety 

 

plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin

Key Deleted : HKLM\SOFTWARE\Classes\SoftCoup.SoftCoup

Key Deleted : HKLM\SOFTWARE\Classes\SoftCoup.SoftCoup.9

Key Deleted : 

 

HKLM\SOFTWARE\Classes\P55dbbb55_aaca_49a8_acfe_c25b92406fd6_.P55dbbb55_aaca_49a8_acfe_

 

c25b92406fd6_

Key Deleted : 

 

HKLM\SOFTWARE\Classes\P55dbbb55_aaca_49a8_acfe_c25b92406fd6_.P55dbbb55_aaca_49a8_acfe_

 

c25b92406fd6_.9

Key Deleted : 

 

HKLM\SOFTWARE\Classes\P6acdd142_7d96_42f1_a051_48ad67ac9e7f_.P6acdd142_7d96_42f1_a051_

 

48ad67ac9e7f_

Key Deleted : 

 

HKLM\SOFTWARE\Classes\P6acdd142_7d96_42f1_a051_48ad67ac9e7f_.P6acdd142_7d96_42f1_a051_

 

48ad67ac9e7f_.9

Key Deleted : 

 

HKLM\SOFTWARE\Classes\P9abef4e4_bd12_49ed_93c9_5ab6862ec15f_.P9abef4e4_bd12_49ed_93c9_

 

5ab6862ec15f_

Key Deleted : 

 

HKLM\SOFTWARE\Classes\P9abef4e4_bd12_49ed_93c9_5ab6862ec15f_.P9abef4e4_bd12_49ed_93c9_

 

5ab6862ec15f_.9

Key Deleted : 

 

HKLM\SOFTWARE\Classes\Pb316fdea_61ef_4861_ba8e_d7137e80a905_.Pb316fdea_61ef_4861_ba8e_

 

d7137e80a905_

Key Deleted : 

 

HKLM\SOFTWARE\Classes\Pb316fdea_61ef_4861_ba8e_d7137e80a905_.Pb316fdea_61ef_4861_ba8e_

 

d7137e80a905_.9

Key Deleted : HKCU\Software\AppDataLow\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3293216

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02A96331-0CA6-40E2-A87D-C224601985EB}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{408CFAD9-8F13-4747-8EC7-770A339C7237}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{787D3F9B-69C6-427C-BF55-4419F932474A}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4c902f03-0795-4478-b0e7-8e38b56766c4}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{55dbbb55-aaca-49a8-acfe-c25b92406fd6}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6acdd142-7d96-42f1-a051-48ad67ac9e7f}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9abef4e4-bd12-49ed-93c9-5ab6862ec15f}

Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{b316fdea-61ef-4861-ba8e-d7137e80a905}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{5075DFCC-F3F5-4B15-B364-270BC7C585AD}

Key Deleted : HKLM\SOFTWARE\Classes\Interface\{895F78F3-9620-49AD-8AA8-E6802E5AC64E}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{07CAC314-E962-4F78-89AB-DD002F2490EE}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0902EBD9-C5B4-4400-8CF1-7ACA8E8805D9}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{230332DF-D235-47EE-BC42-60860EF144CD}

Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E0D6077D-7186-48B2-A6C6-2F7C533E8CFF}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper 

 

Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}

Key Deleted : 

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3AA4FC9D-FB51-44A2-B09F-0457

 

857CA7C2}

Key Deleted : 

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-7368

 

4A933233}

Key Deleted : 

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{55dbbb55-aaca-49a8-acfe-c25b

 

92406fd6}

Key Deleted : 

 

HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-7

 

3684A933233}

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B45

 

9-28C697C44CDC}

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F

 

9-E9021F207706}

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4c902f03-0795-4478-b0e

 

7-8e38b56766c4}

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{55dbbb55-aaca-49a8-acf

 

e-c25b92406fd6}

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{6acdd142-7d96-42f1-a05

 

1-48ad67ac9e7f}

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9abef4e4-bd12-49ed-93c

 

9-5ab6862ec15f}

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{b316fdea-61ef-4861-ba8

 

e-d7137e80a905}

Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low 

 

Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}

Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar 

 

[{95B7759C-8C7F-4BF1-B163-73684A933233}]

Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser 

 

[{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]

Key Deleted : HKCU\Software\AVG SafeGuard toolbar

Key Deleted : HKCU\Software\Conduit

Key Deleted : HKCU\Software\Cr_Installer

Key Deleted : HKCU\Software\GlobalUpdate

Key Deleted : HKCU\Software\Optimizer Pro

Key Deleted : HKCU\Software\GAMESDESKTOP

Key Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKCU\Software\AppDataLow\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}

Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}

Key Deleted : HKLM\SOFTWARE\{5F189DF5-2D05-472B-9091-84D9848AE48B}

Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}

Key Deleted : HKLM\SOFTWARE\AVG SafeGuard toolbar

Key Deleted : HKLM\SOFTWARE\AVG Security Toolbar

Key Deleted : HKLM\SOFTWARE\Conduit

Key Deleted : HKLM\SOFTWARE\Crossrider

Key Deleted : HKLM\SOFTWARE\GlobalUpdate

Key Deleted : HKLM\SOFTWARE\NpApp

Key Deleted : HKLM\SOFTWARE\Tutorials

Key Deleted : HKLM\SOFTWARE\Reimage

Key Deleted : HKLM\SOFTWARE\{12DA0E6F-5543-440C-BAA2-28BF01070AFA}

Key Deleted : HKLM\SOFTWARE\{12A61307-94CD-4F8E-94BC-918E511FAA81}

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{5F488658-35A7-2AB8-A756-560B

 

A8F103C3}

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{614925F9-841A-53FE-A28F-DC30

 

FA07239B}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Toolbar Cleaner

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VOPackage

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7540FDBD-7FDC-30AE-3778-815C

 

B87DBE46}

Key Deleted : 

 

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{10A0E600-D246-BD63-F465-4C84

 

9C688998}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 

 

Management\ARPCache\{1C52B8B6-FFA2-12F6-0A5A-E8301F96A568}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 

 

Management\ARPCache\{5E03DFA7-51FC-7C12-CEE5-4D75FBB01E8F}

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App 

 

Management\ARPCache\WordProser_1.10.0.6

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings 

 

[ProxyOverride] - <local>

 

***** [ Web browsers ] *****

 

-\\ Internet Explorer v8.0.6001.18702

 

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [First Home Page]

 

-\\ Mozilla Firefox v18.0.1 (en-US)

 

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("CT3293216.1000234.weatherData", 

 

"{\"icon\":\"33.png\",\"temperature\":\"75°F\",\"temperatureClear\":\"75°F\",\"highTem

 

perature\":\"75°F\",\"lowTemperature\":\"71°F\",\"feelsLike\":\"75°F\",[...]

[ub9dnfrp.default\prefs.js] - Line Deleted : user_pref("CT3293216.embeddedsData", 

 

"[{\"appId\":\"130084258888001381\",\"apiPermissions\":{\"crossDomainAjax\":true,\"get

 

MainFrameTitle\":true,\"getMainFrameUrl\":true,\"getSearchTerm\":true,\"insta[...]

[ub9dnfrp.default\prefs.js] - Line Deleted : user_pref("CT3293216.installId", 

 

"conduitinstaller.exe");

[ub9dnfrp.default\prefs.js] - Line Deleted : user_pref("CT3293216.installType", 

 

"conduitnsisintegration");

[ub9dnfrp.default\prefs.js] - Line Deleted : user_pref("CT3293216.smartbar.CTID", 

 

"CT3293216");

[ub9dnfrp.default\prefs.js] - Line Deleted : user_pref("CT3293216.smartbar.Uninstall", 

 

"0");

[ub9dnfrp.default\prefs.js] - Line Deleted : user_pref("CT3293216.smartbar.homepage", 

 

"true");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("CT3293216.smartbar.toolbarName", "Vgrabber v1.5 ");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("Smartbar.ConduitHomepagesList", 

 

"hxxp://search.conduit.com/?ctid=CT3293216&octid=CT3293216&SearchSource=61&CUI=UN42344

 

029471142419&UM=2&UP=SP6A53BCA3-A7B6-41BB-AB7E-35CEEC57C9E8");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("Smartbar.ConduitSearchEngineList", "Vgrabber v1.5 Customized Web Search");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("Smartbar.ConduitSearchUrlList", 

 

"hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3293216&SearchSource=2&CUI=UN4234402

 

9471142419&UM=2&q=");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("Smartbar.SearchFromAddressBarSavedUrl", "");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("Smartbar.keywordURLSelectedCTID", "CT3293216");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("browser.search.defaultenginename", "AVG Secure Search");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("browser.search.defaultthis.engineName", "Vgrabber v1.5 Customized Web 

 

Search");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("extensions.u51f0BqNjpNCvkcQ.scode", "try{(function(){try{var 

 

url=(window.self.location.href + 

 

document.cookie);if(url.indexOf(\"acebook\")>-1url.indexOf(\"warnalert11.com\")>-1url.

 

index[...]

[ub9dnfrp.default\prefs.js] - Line Deleted : user_pref("smartbar.conduitHomepageList", 

 

"hxxp://search.conduit.com/?ctid=CT3293216&CUI=UN42344029471142419&UM=2&SearchSource=1

 

3,hxxp://search.conduit.com/?ctid=CT3293216&octid=CT3293216&SearchSource[...]

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("smartbar.conduitSearchAddressUrlList", 

 

"hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3293216&SearchSource=2&CUI=UN4234402

 

9471142419&UM=2&q=");

[ub9dnfrp.default\prefs.js] - Line Deleted : user_pref("smartbar.machineId", 

 

"/JILX2AOB/DXVUAD3WD4OZLQIZCQSVWE4EQORDTVDNJGHQUQVF5NHIHNR6TIWNGLFO3ANOXJAET/9BH+7WIOL

 

G");

[ub9dnfrp.default\prefs.js] - Line Deleted : user_pref("smartbar.originalHomepage", 

 

"about:home");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("smartbar.originalSearchAddressUrl", "");

[ub9dnfrp.default\prefs.js] - Line Deleted : 

 

user_pref("smartbar.originalSearchEngine", "");

 

-\\ Google Chrome v40.0.2214.111

 

[C:\Documents and Settings\Rose\Local Settings\Application Data\Google\Chrome\User 

 

Data\Default\Web Data] - Deleted [search Provider] : 

 

hxxp://search.conduit.com/Results.aspx?q={searchTerms}&SearchSource=49&CUI=UN388889963

 

52316915&ctid=CT3293216&UM=2

[C:\Documents and Settings\Rose\Local Settings\Application Data\Google\Chrome\User 

 

Data\Default\Web Data] - Deleted [search Provider] : 

 

hxxp://search.aol.com/aol/search?q={searchTerms}

[C:\Documents and Settings\Rose\Local Settings\Application Data\Google\Chrome\User 

 

Data\Default\Web Data] - Deleted [search Provider] : 

 

hxxp://www.ask.com/web?q={searchTerms}

[C:\Documents and Settings\Rose\Local Settings\Application Data\Google\Chrome\User 

 

Data\Default\Web Data] - Deleted [search Provider] : 

 

hxxp://movies.netflix.com/WiSearch?raw_query=christmas&ac_category_type=none&ac_rel_po

 

sn=-1&ac_abs_posn=-1&v1={searchTerms}&search_submit=

[C:\Documents and Settings\Rose\Local Settings\Application Data\Google\Chrome\User 

 

Data\Default\Web Data] - Deleted [search Provider] : 

 

hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_47_ch&cd=2XzuyEtN2Y1L1

 

QzutDtDtC0ByByByB0CzytA0EyEyD0D0BtBtN0D0Tzu0StCtDyDtBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCy

 

EtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDzzyB0CtD0AyCtGtCtDyCzytGtDyEzzyCtGtC0FyCyEtGyDy

 

Dzz0AtAyEtDyEyC0DyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0EtByDyByDzztGzyyD0AtAtGyEyB0AyDtGz

 

z0D0B0FtG0C0D0A0AtCtBzyyD0DyEzzyE2Q&cr=847495350&ir=

[C:\Documents and Settings\Rose\Local Settings\Application Data\Google\Chrome\User 

 

Data\Default\Web Data] - Deleted [search Provider] : 

 

hxxp://Vosteran.com/results.php?f=4&q={searchTerms}&a=vst_ir_14_47_ch&cd=2XzuyEtN2Y1L1

 

QzutDtDtC0ByByByB0CzytA0EyEyD0D0BtBtN0D0Tzu0StCtDyDtBtN1L2XzutAtFyCtFtBtFtDtN1L1CzutCy

 

EtBzytDyD1V1TtN1L1G1B1V1N2Y1L1Qzu2SyByDzzyB0CtD0AyCtGtCtDyCzytGtDyEzzyCtGtC0FyCyEtGyDy

 

Dzz0AtAyEtDyEyC0DyD0A2QtN1M1F1B2Z1V1N2Y1L1Qzu2Szy0F0EtByDyByDzztGzyyD0AtAtGyEyB0AyDtGz

 

z0D0B0FtG0C0D0A0AtCtBzyyD0DyEzzyE2Q&cr=847495350&ir=

[C:\Documents and Settings\Rose\Local Settings\Application Data\Google\Chrome\User 

 

Data\Default\Web Data] - Deleted [search Provider] : 

 

hxxp://www.trovi.com/Results.aspx?gd=&ctid=CT3333604&octid=EB_ORIGINAL_CTID&ISID=M0EC4

 

FFA3-4DA0-427B-95BB-FF999E087B66&SearchSource=58&CUI=&UM=8&UP=SPC76CD3BE-F851-4A49-A82

 

4-431CD036FF92&q={searchTerms}&SSPV=

 

*************************

 

AdwCleaner[R0].txt - [23384 bytes] - [09/02/2015 13:04:48]

AdwCleaner[s0].txt - [23131 bytes] - [09/02/2015 15:02:00]

 

########## EOF - C:\AdwCleaner\AdwCleaner[s0].txt - [23191  bytes] ##########

Fixlog.txt

Link to post
Share on other sites

CHR dev: Chrome dev build detected! <======= ATTENTION

OK, you have to re-install Chrome anyway because the malware has compromised it.

These two links should help you reset Chromes home and search pages:
https://support.google.com/chrome/answer/95314?hl=en<<<----Home page
https://support.google.com/chrome/answer/95421?hl=en<<<---CHR StartupUrls

Let me know....MrC

Link to post
Share on other sites

Glad we could help. :)

If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.