Page 1 of 3 123 LastLast
Results 1 to 10 of 21
  1. #1
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default Ask Toolbar (and other toolbars??)/potential spyware problems

    I ran Malware Bytes and Superantispyware scans and got rid of some things, but still had an ad pop up at the bottom of the screen so I scanned with Hijack This and posted a log to the Help2Go detective. I could see the Ask toolbar on 2 lines in the log, and the detective told me to reboot into safe mode and do another scan with Hijack This and check those and fix them, but I don't see them show up in the box where I can check them off to fix them when running in safe mode (or non-safe mode for that matter). There are several other lines of toolbars listed though, but I didn't fix those as I was not sure what to do. Also, when running the Hijack scan it says that my system is denying access to the hosts file. Below are my logs:

    SUPERAntiSpyware Scan Log
    SUPERAntiSpyware | Remove Malware | Remove Spyware - AntiMalware, AntiSpyware, AntiAdware!

    Generated 09/25/2012 at 01:14 AM

    Application Version : 5.5.1016

    Core Rules Database Version : 9277
    Trace Rules Database Version: 7089

    Scan type : Quick Scan
    Total Scan Time : 00:00:41

    Operating System Information
    Windows 7 Home Premium 64-bit (Build 6.01.7600)
    UAC On - Limited User

    Memory items scanned : 215
    Memory threats detected : 0
    Registry items scanned : 27462
    Registry threats detected : 0
    File items scanned : 3781
    File threats detected : 2

    Adware.Tracking Cookie
    C:\Users\Cusson\AppData\Roaming\Microsoft\Windows\Cookies\JNQLFTF0.txt [ /invitemedia.com ]
    C:\USERS\CUSSON\Cookies\JNQLFTF0.txt [ Cookie:cusson@invitemedia.com/ ]


    Malwarebytes Anti-Malware 1.65.0.1400
    Malwarebytes : Free anti-malware download

    Database version: v2012.09.24.01

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Cusson :: SHALOSH [administrator]

    9/25/2012 1:15:17 AM
    mbam-log-2012-09-25 (01-15-17).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 324586
    Time elapsed: 10 minute(s), 8 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

    Logfile of Trend Micro HijackThis v2.0.4
    Scan saved at 12:46:35 PM, on 3/9/2012
    Platform: Windows 7 (WinNT 6.00.3504)
    MSIE: Internet Explorer v8.00 (8.00.7600.16930)
    Boot mode: Safe mode

    Running processes:
    C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = Preserve
    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = blekko | spam-free search
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = AOL.com - News, Sports, Weather, Entertainment, Local & Lifestyle
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Bing
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Bing
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = AOL.com - News, Sports, Weather, Entertainment, Local & Lifestyle
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    F2 - REG:system.ini: UserInit=userinit.exe,
    O1 - Hosts: ::1 localhost
    O1 - Hosts: 67.215.245.19 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
    O1 - Hosts: 67.215.245.19 ad-emea.doubleclick.net.
    O1 - Hosts: 67.215.245.19 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    O1 - Hosts: 108.163.215.51 Google Analytics Official Website - Web Analytics & Reporting ? Google Analytics.
    O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
    O1 - Hosts: 108.163.215.51 StatCounter - Free Invisible Web Tracker, Hit Counter and Web Stats.
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
    O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
    O2 - BHO: DVDVideoSoftTB - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    O2 - BHO: LastPass Browser Helper Object - {95D9ECF5-2A4D-4550-BE49-70D42F71296E} - C:\Program Files (x86)\LastPass\LPBar.dll
    O2 - BHO: Lexmark Printable Web - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
    O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
    O2 - BHO: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
    O3 - Toolbar: LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar.dll
    O3 - Toolbar: DVDVideoSoft Toolbar - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files (x86)\DVDVideoSoft\tbDVDV.dll
    O3 - Toolbar: DVDVideoSoftTB Toolbar - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVD0.dll
    O3 - Toolbar: Safe &Eyes Toolbar - {430DDB4F-38CC-4E91-AF33-4157334EC937} - C:\Program Files (x86)\Internet Content Filter\setoolbar.dll
    O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files (x86)\Hewlett-Packard\Recovery\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Hewlett-Packard\Recovery" UpdateWithCreateOnce "Software\CyberLink\PowerRecover"
    O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [ICF] "C:\Program Files (x86)\Internet Content Filter\SafeEyes.exe"
    O4 - HKLM\..\Run: [Nikon Message Center 2] C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe -s
    O4 - HKLM\..\Run: [AirPort Base Station Agent] "C:\Program Files (x86)\AirPort\APAgent.exe"
    O4 - HKLM\..\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
    O4 - HKLM\..\Run: [ConnectionCenter] "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
    O4 - HKLM\..\Run: [AmazonGSDownloaderTray] C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
    O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
    O4 - HKCU\..\Run: [Google Update] "C:\Users\Cusson\AppData\Local\Google\Update\GoogleUpdate.exe" /c
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\Cusson\AppData\Local\Akamai\netsession_win.exe"
    O4 - HKCU\..\Run: [MediaGet2] C:\Users\Cusson\AppData\Local\MediaGet2\mediaget.exe --minimized
    O4 - HKCU\..\Run: [Spotify] "C:\Users\Cusson\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
    O4 - HKCU\..\Run: [SMD] "C:\ProgramData\14525a\StrongMD.exe" /s
    O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
    O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
    O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
    O4 - Startup: Dropbox.lnk = Cusson\AppData\Roaming\Dropbox\bin\Dropbox.exe
    O4 - Startup: EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
    O4 - Global Startup: RescueTime.lnk = C:\Program Files (x86)\RescueTime\RescueTime.exe
    O8 - Extra context menu item: Add to Evernote 4.0 - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
    O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Cusson\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
    O9 - Extra button: LastPass - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\Program Files (x86)\LastPass\LPBar.dll
    O9 - Extra button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (file missing)
    O9 - Extra button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - (no file) (HKCU)
    O9 - Extra 'Tools' menuitem: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - (no file) (HKCU)
    O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\icf.dll
    O18 - Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O18 - Filter hijack: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll
    O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE
    O23 - Service: Adobe Active File Monitor V9 (AdobeActiveFileMonitor9.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
    O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
    O23 - Service: Amazon Download Agent - Amazon.com - C:\Program Files (x86)\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
    O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
    O23 - Service: CrypKey License - Unknown owner - C:\Windows\system32\crypserv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
    O23 - Service: GameConsoleService - WildTangent, Inc. - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
    O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: LeapFrog Connect Device Service - LeapFrog Enterprises, Inc. - C:\Program Files (x86)\LeapFrog\LeapFrog Connect\CommandService.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\Windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
    O23 - Service: lxec_device - - C:\Windows\system32\lxeccoms.exe
    O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
    O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: Safe Eyes Update Service (seUpdateSvc) - InternetSafety.com, Inc. - C:\Program Files (x86)\Internet Content Filter\UpdateService.exe
    O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
    O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
    O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
    O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
    O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
    O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
    O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
    O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
    O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

    --
    End of file - 15289 bytes

  2. #2
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    Hello,

    Please download and run the following tools.

    Download AdwCleaner
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
      ***Note: Windows Vista and Windows 7 users:
      Right click in the adwCleaner.exe and select
    • Click on Delete.
    • Confirm each time with Ok.
    • You will be prompted to restart your computer. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.



    2.
    Please download Malwarebytes Anti-Malware and save it to your desktop.
    • Important!! When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download.

    Malwarebytes may "make changes to your registry" as part of its disinfection routine. If using other security programs that detect registry changes (ie Spybot's Teatimer), they may interfere or alert you. Temporarily disable such programs or permit them to allow the changes.

    • Make sure you are connected to the Internet and double-click on the renamed file to install the application.
      For instructions with screenshots, please refer to this Guide.
    • When the installation begins, follow the prompts and do not make any changes to default settings.
    • Malwarebytes will automatically start and you will be asked to update the program before performing a scan.
    • If an update is found, the program will automatically update itself. Press the OK button and continue.
    • If you encounter any problems while downloading the definition updates, manually download them from here and just double-click on mbam-rules.exe to install.

    • Under the Scanner tab, make sure the "Perform Quick Scan" option is selected.
    • Click on the Scan button.
    • When finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
    • Click OK to close the message box, then click the Show Results button to see a list of any malware that was found.
    • Make sure that everything is checked and then click Remove Selected.
    • When removal is completed, a log report will open in Notepad.
    • The log is automatically saved and can be viewed by clicking the Logs tab.
    • Copy and paste the contents of that report in your next reply. Be sure to post the complete log to include the top portion which shows the database version and your operating system.
    • Exit Malwarebytes when done.

    Note: If Malwarebytes encounters a file that is difficult to remove, you will be asked to reboot your computer so it can proceed with the disinfection process. If asked to restart the computer, please do so immediately. Failure to reboot normally will prevent Malwarebytes from removing all the malware.


    Things to include in your next reply:;
    AdwCleaner log
    MBAm log
    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  3. #3
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    "When you save the mbam-setup file, rename it to something random (such as 123abc.exe) before beginning the download."

    Could you explain how to do this? I can rename it after downloading and before installing...but don't know how to do this before downloading.

    Thanks!

    Here is the first log:



    # AdwCleaner v2.003 - Logfile created 09/30/2012 at 18:51:32
    # Updated 23/09/2012 by Xplode
    # Operating system : Windows 7 Home Premium (64 bits)
    # User : Cusson - SHALOSH
    # Boot Mode : Normal
    # Running from : C:\Users\Cusson\Downloads\adwcleaner.exe
    # Option [Delete]


    ***** [Services] *****

    Stopped & Deleted : WajamUpdater

    ***** [Files / Folders] *****

    File Deleted : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
    File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
    File Deleted : C:\user.js
    File Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi
    Folder Deleted : C:\Program Files (x86)\BabylonToolbar
    Folder Deleted : C:\Program Files (x86)\Common Files\DVDVideoSoft
    Folder Deleted : C:\Program Files (x86)\Common Files\spigot
    Folder Deleted : C:\Program Files (x86)\Conduit
    Folder Deleted : C:\Program Files (x86)\Dogpile Bundle Toolbar
    Folder Deleted : C:\Program Files (x86)\DVDVideoSoft
    Folder Deleted : C:\Program Files (x86)\DVDVideoSoftTB
    Folder Deleted : C:\Program Files (x86)\Funmoods
    Folder Deleted : C:\Program Files (x86)\I Want This
    Folder Deleted : C:\Program Files (x86)\Qwiklinx
    Folder Deleted : C:\Program Files (x86)\Shop To Win
    Folder Deleted : C:\Program Files (x86)\Wajam
    Folder Deleted : C:\ProgramData\Babylon
    Folder Deleted : C:\ProgramData\boost_interprocess
    Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
    Folder Deleted : C:\ProgramData\WeCareReminder
    Folder Deleted : C:\Users\Cusson\AppData\Local\Conduit
    Folder Deleted : C:\Users\Cusson\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_mpfapcdfbbledbojijcbcclmlieaoogk_0
    Folder Deleted : C:\Users\Cusson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Folder Deleted : C:\Users\Cusson\AppData\Local\Google\Chrome\User Data\Default\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
    Folder Deleted : C:\Users\Cusson\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Folder Deleted : C:\Users\Cusson\AppData\Local\Wajam
    Folder Deleted : C:\Users\Cusson\AppData\LocalLow\BabylonToolbar
    Folder Deleted : C:\Users\Cusson\AppData\LocalLow\Conduit
    Folder Deleted : C:\Users\Cusson\AppData\LocalLow\Dealio
    Folder Deleted : C:\Users\Cusson\AppData\LocalLow\DVDVideoSoft
    Folder Deleted : C:\Users\Cusson\AppData\LocalLow\DVDVideoSoftTB
    Folder Deleted : C:\Users\Cusson\AppData\LocalLow\PriceGong
    Folder Deleted : C:\Users\Cusson\AppData\LocalLow\Search Settings
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Babylon
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\BabylonToolbar
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\DVDVideoSoft
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dogpile Bundle Toolbar
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Wajam
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\Conduit
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\ConduitCommon
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\ConduitEngine
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\CT2260173
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\CT2269050
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{6921B3CC-9935-4D28-9A83-B3D824210580}
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\extensions\ffxtlbr@babylon.com
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\FCTB
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\OpenCandy
    Folder Deleted : C:\Users\Cusson\AppData\Roaming\Qwiklinx
    Folder Deleted : C:\Users\Cusson\Documents\DVDVideoSoft
    Folder Deleted : C:\Users\Cusson\Documents\ShopToWin

    ***** [Registry] *****

    Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
    Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoft
    Key Deleted : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
    Key Deleted : HKCU\Software\AppDataLow\Software\Freecause
    Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
    Key Deleted : HKCU\Software\AppDataLow\Toolbar
    Key Deleted : HKCU\Software\BabylonToolbar
    Key Deleted : HKCU\Software\Conduit
    Key Deleted : HKCU\Software\DVDVideoSoft
    Key Deleted : HKCU\Software\IM
    Key Deleted : HKCU\Software\ImInstaller
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
    Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
    Key Deleted : HKCU\Software\Qwiklinx
    Key Deleted : HKCU\Software\ShopToWin
    Key Deleted : HKCU\Software\Wajam
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
    Key Deleted : HKLM\Software\Babylon
    Key Deleted : HKLM\Software\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FAEE6D5-34F4-42AA-8025-3FD8F3EC4634}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D616A4A2-7B38-4DBC-9093-6FE7A4A21B17}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
    Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
    Key Deleted : HKLM\SOFTWARE\Classes\b
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
    Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
    Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
    Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.FCTB000060231Pos.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000060231.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.FCTB000100683Pos
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.FCTB000100683Pos.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.IEToolbar
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.IEToolbar.1
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.JSOptionsImpl
    Key Deleted : HKLM\SOFTWARE\Classes\FCTB000100683.JSOptionsImpl.1
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook
    Key Deleted : HKLM\SOFTWARE\Classes\FreeCauseURLSearchHook.FCToolbarURLSearchHook.1
    Key Deleted : HKLM\SOFTWARE\Classes\Installer\Products\3192AA38321C641458DBDAF83979D193
    Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO
    Key Deleted : HKLM\SOFTWARE\Classes\QwiklinxBHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{095BFD3C-4602-4FE1-96F1-AEFAFBFD067D}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{204C0025-C26A-43E2-853C-D8A8EB1BCE51}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
    Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamBHO.1
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader
    Key Deleted : HKLM\SOFTWARE\Classes\wajam.WajamDownloader.1
    Key Deleted : HKLM\Software\Conduit
    Key Deleted : HKLM\Software\DVDVideoSoft
    Key Deleted : HKLM\Software\DVDVideoSoftTB
    Key Deleted : HKLM\SOFTWARE\FCTB000060231
    Key Deleted : HKLM\SOFTWARE\FCTB000100683
    Key Deleted : HKLM\Software\ImInstaller
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{565B8BB5-8E0E-4FCA-B923-BE768EFE93F4}
    Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{77C7FDE4-00B8-48CD-9047-86517BBD70A4}
    Key Deleted : HKLM\Software\Wajam
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{565B8BB5-8E0E-4FCA-B923-BE768EFE93F4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{77C7FDE4-00B8-48CD-9047-86517BBD70A4}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C80BDEB2-8735-44C6-BD55-A1CCD555667A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dnfaglepmjgohnkcoieaijlheabmcdeo
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{974A04B3-6D38-4DA7-954D-DA03A5E41689}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E8E3413F-73C9-434B-BB3B-1D0D08F7F1D2}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A6995D-6EE1-4FD1-A258-49395D5BF99C}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BFE4B5CB-63F7-4A51-9266-6167655D5B4F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2E497885-E60B-420A-832D-0148B392E058}_is1
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{83AA2913-C123-4146-85BD-AD8F93971D39}
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\BabylonToolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoft Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
    Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Wajam
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{431532BD-0AE1-4ABC-BE8C-919F3D1332E2}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E2C1A522-B8E1-45D1-B316-F5625004A28C}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
    Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
    Key Deleted : HKLM\SOFTWARE\Software
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
    Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{F78BF7A8-CF12-4DE7-A6DA-C463D1B539A7}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
    Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{C80BDEB2-8735-44C6-BD55-A1CCD555667A}]
    Value Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{E9911EC6-1BCC-40B0-9993-E0EEA7F6953F}]

    ***** [Internet Browsers] *****

    -\\ Internet Explorer v9.0.8112.16421

    Restored : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Restored : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
    Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.babylon.com/?affID=110795&tt=010812_906_cln_3112_3&babsrc=HP_ss&mntrId=16ee3ee400000000000006268221f135 --> hxxp://www.google.com

    -\\ Mozilla Firefox v5.0 (en-US)

    Profile name : default
    File : C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\prefs.js

    C:\Users\Cusson\AppData\Roaming\Mozilla\Firefox\Profiles\v3w171xm.default\user.js ... Deleted !

    Deleted : user_pref("CT2260173..clientLogIsEnabled", false);
    Deleted : user_pref("CT2260173..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
    Deleted : user_pref("CT2260173..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
    Deleted : user_pref("CT2260173.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
    Deleted : user_pref("CT2260173.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2260173.CTID", "CT2260173");
    Deleted : user_pref("CT2260173.CommunitiesChangesLastCheckTime", "0");
    Deleted : user_pref("CT2260173.CurrentServerDate", "30-1-2012");
    Deleted : user_pref("CT2260173.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2260173.DialogsGetterLastCheckTime", "Sun Jan 29 2012 20:07:05 GMT-0500 (Eastern Standa[...]
    Deleted : user_pref("CT2260173.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2260173.FeedLastCount128940659599556287", 0);
    Deleted : user_pref("CT2260173.FeedLastCount128962387092725141", 3);
    Deleted : user_pref("CT2260173.FeedPollDate128940659196275477", "Sun Jan 29 2012 20:06:59 GMT-0500 (Eastern St[...]
    Deleted : user_pref("CT2260173.FeedPollDate128940659574712536", "Sun Jan 29 2012 20:06:59 GMT-0500 (Eastern St[...]
    Deleted : user_pref("CT2260173.FeedPollDate128962387092725141", "Wed Mar 09 2011 23:38:59 GMT-0500 (Eastern St[...]
    Deleted : user_pref("CT2260173.FeedTTL128940659574712536", 40);
    Deleted : user_pref("CT2260173.FirstServerDate", "24-1-2010");
    Deleted : user_pref("CT2260173.FirstTime", true);
    Deleted : user_pref("CT2260173.FirstTimeFF3", true);
    Deleted : user_pref("CT2260173.FirstTimeSettingsDone", true);
    Deleted : user_pref("CT2260173.GroupingInvalidateCache", false);
    Deleted : user_pref("CT2260173.GroupingLastCheckTime", "0");
    Deleted : user_pref("CT2260173.GroupingLastServerUpdateTime", "0");
    Deleted : user_pref("CT2260173.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2260173.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2260173.HasUserGlobalKeys", true);
    Deleted : user_pref("CT2260173.HomePageProtectorEnabled", false);
    Deleted : user_pref("CT2260173.HomepageBeforeUnload", "hxxps://accounts.google.com/ServiceLogin?service=mail&p[...]
    Deleted : user_pref("CT2260173.Initialize", true);
    Deleted : user_pref("CT2260173.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2260173.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2260173.InstalledDate", "Sun Jan 24 2010 13:54:52 GMT-0500 (Eastern Standard Time)");
    Deleted : user_pref("CT2260173.InvalidateCache", false);
    Deleted : user_pref("CT2260173.IsAlertDBUpdated", true);
    Deleted : user_pref("CT2260173.IsGrouping", false);
    Deleted : user_pref("CT2260173.IsMulticommunity", false);
    Deleted : user_pref("CT2260173.IsOpenThankYouPage", true);
    Deleted : user_pref("CT2260173.IsOpenUninstallPage", true);
    Deleted : user_pref("CT2260173.LanguagePackLastCheckTime", "Sun Jan 29 2012 20:07:00 GMT-0500 (Eastern Standar[...]
    Deleted : user_pref("CT2260173.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2260173.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2260173.LastLogin_2.5.6.0", "Mon Apr 12 2010 20:32:05 GMT-0400 (Eastern Daylight Time)"[...]
    Deleted : user_pref("CT2260173.LastLogin_2.5.8.6", "Tue Jul 06 2010 09:36:16 GMT-0400 (Eastern Daylight Time)"[...]
    Deleted : user_pref("CT2260173.LastLogin_2.7.0.14", "Wed Sep 08 2010 22:08:50 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2260173.LastLogin_2.7.2.0", "Tue Oct 05 2010 10:54:08 GMT-0400 (Eastern Daylight Time)"[...]
    Deleted : user_pref("CT2260173.LastLogin_3.2.5.2", "Mon Jun 27 2011 16:05:29 GMT-0400 (Eastern Daylight Time)"[...]
    Deleted : user_pref("CT2260173.LastLogin_3.9.0.3", "Sun Jan 29 2012 20:07:00 GMT-0500 (Eastern Standard Time)"[...]
    Deleted : user_pref("CT2260173.LatestVersion", "3.9.0.3");
    Deleted : user_pref("CT2260173.Locale", "en");
    Deleted : user_pref("CT2260173.LoginCache", 4);
    Deleted : user_pref("CT2260173.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2260173.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2260173.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2260173.MyStuffEnabledAtInstallation", true);
    Deleted : user_pref("CT2260173.RadioLastCheckTime", "0");
    Deleted : user_pref("CT2260173.RadioLastUpdateIPServer", "0");
    Deleted : user_pref("CT2260173.RadioLastUpdateServer", "0");
    Deleted : user_pref("CT2260173.SHRINK_TOOLBAR", 1);
    Deleted : user_pref("CT2260173.SearchBoxWidth", 150);
    Deleted : user_pref("CT2260173.SearchEngine", "Health||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Deleted : user_pref("CT2260173.SearchEngineBeforeUnload", "Google");
    Deleted : user_pref("CT2260173.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2260173.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
    Deleted : user_pref("CT2260173.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2260173.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2260173.SearchInNewTabLastCheckTime", "Sun Jan 29 2012 20:07:00 GMT-0500 (Eastern Stand[...]
    Deleted : user_pref("CT2260173.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2260173.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2260173.SearchProtectorEnabled", false);
    Deleted : user_pref("CT2260173.SearchProtectorToolbarDisabled", true);
    Deleted : user_pref("CT2260173.ServiceMapLastCheckTime", "Sun Jan 29 2012 20:06:58 GMT-0500 (Eastern Standard [...]
    Deleted : user_pref("CT2260173.SettingsCheckIntervalMin", 120);
    Deleted : user_pref("CT2260173.SettingsLastCheckTime", "Sun Jan 29 2012 20:06:58 GMT-0500 (Eastern Standard Ti[...]
    Deleted : user_pref("CT2260173.SettingsLastUpdate", "1326723880");
    Deleted : user_pref("CT2260173.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2260173.ThirdPartyComponentsLastCheck", "Sun Jan 29 2012 20:06:58 GMT-0500 (Eastern Sta[...]
    Deleted : user_pref("CT2260173.ThirdPartyComponentsLastUpdate", "1312887586");
    Deleted : user_pref("CT2260173.ToolbarDisabled", true);
    Deleted : user_pref("CT2260173.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2260173");
    Deleted : user_pref("CT2260173.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
    Deleted : user_pref("CT2260173.UserID", "UN02553248885864068");
    Deleted : user_pref("CT2260173.ValidationData_Search", 2);
    Deleted : user_pref("CT2260173.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT2260173.alertChannelId", "657446");
    Deleted : user_pref("CT2260173.clientLogIsEnabled", true);
    Deleted : user_pref("CT2260173.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Deleted : user_pref("CT2260173.components.1000034", false);
    Deleted : user_pref("CT2260173.components.1000082", false);
    Deleted : user_pref("CT2260173.components.1000234", false);
    Deleted : user_pref("CT2260173.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
    Deleted : user_pref("CT2260173.globalFirstTimeInfoLastCheckTime", "Sun Jan 29 2012 20:07:01 GMT-0500 (Eastern [...]
    Deleted : user_pref("CT2260173.homepageProtectorEnableByLogin", true);
    Deleted : user_pref("CT2260173.initDone", true);
    Deleted : user_pref("CT2260173.isAppTrackingManagerOn", true);
    Deleted : user_pref("CT2260173.myStuffEnabled", true);
    Deleted : user_pref("CT2260173.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2260173.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2260173.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2260173.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2260173.oldAppsList", "128848965243869714,128848965243869715,111,128958821111237507,128[...]
    Deleted : user_pref("CT2260173.revertSettingsEnabled", false);
    Deleted : user_pref("CT2260173.searchProtectorDialogDelayInSec", 10);
    Deleted : user_pref("CT2260173.searchProtectorEnableByLogin", true);
    Deleted : user_pref("CT2260173.testingCtid", "");
    Deleted : user_pref("CT2260173.toolbarAppMetaDataLastCheckTime", "Sun Jan 29 2012 20:07:01 GMT-0500 (Eastern S[...]
    Deleted : user_pref("CT2260173.toolbarContextMenuLastCheckTime", "Sun Jan 29 2012 20:07:01 GMT-0500 (Eastern S[...]
    Deleted : user_pref("CT2260173.undefined", "Tue Dec 07 2010 15:09:18 GMT-0500 (Eastern Standard Time)");
    Deleted : user_pref("CT2260173.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Deleted : user_pref("CT2260173.usagesFlag", 2);
    Deleted : user_pref("CT2269050.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
    Deleted : user_pref("CT2269050.CTID", "CT2269050");
    Deleted : user_pref("CT2269050.CurrentServerDate", "25-7-2010");
    Deleted : user_pref("CT2269050.DialogsAlignMode", "LTR");
    Deleted : user_pref("CT2269050.DownloadReferralCookieData", "");
    Deleted : user_pref("CT2269050.EMailNotifierPollDate", "Sun Jul 25 2010 09:49:54 GMT-0400 (Eastern Daylight Ti[...]
    Deleted : user_pref("CT2269050.FirstServerDate", "13-4-2010");
    Deleted : user_pref("CT2269050.FirstTime", true);
    Deleted : user_pref("CT2269050.FirstTimeFF3", true);
    Deleted : user_pref("CT2269050.FirstTimeSettingsDone", true);
    Deleted : user_pref("CT2269050.FixPageNotFoundErrors", true);
    Deleted : user_pref("CT2269050.GroupingServerCheckInterval", 1440);
    Deleted : user_pref("CT2269050.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
    Deleted : user_pref("CT2269050.Initialize", true);
    Deleted : user_pref("CT2269050.InitializeCommonPrefs", true);
    Deleted : user_pref("CT2269050.InstallationAndCookieDataSentCount", 3);
    Deleted : user_pref("CT2269050.InstalledDate", "Tue Apr 13 2010 00:18:48 GMT-0400 (Eastern Daylight Time)");
    Deleted : user_pref("CT2269050.InvalidateCache", false);
    Deleted : user_pref("CT2269050.IsGrouping", false);
    Deleted : user_pref("CT2269050.IsMulticommunity", false);
    Deleted : user_pref("CT2269050.IsOpenThankYouPage", false);
    Deleted : user_pref("CT2269050.IsOpenUninstallPage", false);
    Deleted : user_pref("CT2269050.LanguagePackLastCheckTime", "Sat Jul 24 2010 08:59:32 GMT-0400 (Eastern Dayligh[...]
    Deleted : user_pref("CT2269050.LanguagePackReloadIntervalMM", 1440);
    Deleted : user_pref("CT2269050.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
    Deleted : user_pref("CT2269050.LastLogin_2.5.8.6", "Fri Apr 16 2010 21:24:14 GMT-0400 (Eastern Daylight Time)"[...]
    Deleted : user_pref("CT2269050.LastLogin_2.7.0.14", "Sun Jul 25 2010 08:14:54 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2269050.LatestVersion", "2.1.0.18");
    Deleted : user_pref("CT2269050.Locale", "en");
    Deleted : user_pref("CT2269050.LoginCache", 4);
    Deleted : user_pref("CT2269050.MCDetectTooltipHeight", "83");
    Deleted : user_pref("CT2269050.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
    Deleted : user_pref("CT2269050.MCDetectTooltipWidth", "295");
    Deleted : user_pref("CT2269050.RadioIsPodcast", false);
    Deleted : user_pref("CT2269050.RadioLastCheckTime", "Sun Jul 25 2010 08:59:54 GMT-0400 (Eastern Daylight Time)[...]
    Deleted : user_pref("CT2269050.RadioLastUpdateIPServer", "3");
    Deleted : user_pref("CT2269050.RadioLastUpdateServer", "129132338014870000");
    Deleted : user_pref("CT2269050.RadioMediaID", "12473383");
    Deleted : user_pref("CT2269050.RadioMediaType", "Media Player");
    Deleted : user_pref("CT2269050.RadioMenuSelectedID", "EBRadioMenu_CT226905012473383");
    Deleted : user_pref("CT2269050.RadioStationName", "Hotmix%20108");
    Deleted : user_pref("CT2269050.RadioStationURL", "hxxp://67.202.67.18:8082");
    Deleted : user_pref("CT2269050.SHRINK_TOOLBAR", 1);
    Deleted : user_pref("CT2269050.SavedHomepage", "hxxp://www.swagbucks.com/");
    Deleted : user_pref("CT2269050.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_SEARCH_TER[...]
    Deleted : user_pref("CT2269050.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
    Deleted : user_pref("CT2269050.SearchInNewTabEnabled", true);
    Deleted : user_pref("CT2269050.SearchInNewTabIntervalMM", 1440);
    Deleted : user_pref("CT2269050.SearchInNewTabLastCheckTime", "Sun Jul 25 2010 08:59:27 GMT-0400 (Eastern Dayli[...]
    Deleted : user_pref("CT2269050.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
    Deleted : user_pref("CT2269050.SearchInNewTabUsageUrl", "hxxp://Usage.Hosting.conduit-services.com/UsageServic[...]
    Deleted : user_pref("CT2269050.SearchProtectorToolbarDisabled", true);
    Deleted : user_pref("CT2269050.SettingsCheckIntervalMin", 120);
    Deleted : user_pref("CT2269050.SettingsLastCheckTime", "Sun Jul 25 2010 08:14:54 GMT-0400 (Eastern Daylight Ti[...]
    Deleted : user_pref("CT2269050.SettingsLastUpdate", "1279705483");
    Deleted : user_pref("CT2269050.ThirdPartyComponentsInterval", 504);
    Deleted : user_pref("CT2269050.ThirdPartyComponentsLastCheck", "Sat Jul 24 2010 08:59:25 GMT-0400 (Eastern Day[...]
    Deleted : user_pref("CT2269050.ThirdPartyComponentsLastUpdate", "1279705483");
    Deleted : user_pref("CT2269050.ToolbarDisabled", true);
    Deleted : user_pref("CT2269050.TrusteLinkUrl", "hxxp://www.truste.org/pvr.php?page=validate&softwareProgramId=[...]
    Deleted : user_pref("CT2269050.UserID", "UN10306451623854042");
    Deleted : user_pref("CT2269050.ValidationData_Toolbar", 2);
    Deleted : user_pref("CT2269050.WeatherNetwork", "");
    Deleted : user_pref("CT2269050.WeatherPollDate", "Sun Jul 25 2010 09:44:55 GMT-0400 (Eastern Daylight Time)");
    Deleted : user_pref("CT2269050.WeatherUnit", "C");
    Deleted : user_pref("CT2269050.alertChannelId", "666138");
    Deleted : user_pref("CT2269050.backendstorage.hxxp://cmg1_conduit-widgets_com/pitsi.state", "4F50454E");
    Deleted : user_pref("CT2269050.clientLogIsEnabled", false);
    Deleted : user_pref("CT2269050.clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asm[...]
    Deleted : user_pref("CT2269050.myStuffEnabled", true);
    Deleted : user_pref("CT2269050.myStuffPublihserMinWidth", 400);
    Deleted : user_pref("CT2269050.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
    Deleted : user_pref("CT2269050.myStuffServiceIntervalMM", 1440);
    Deleted : user_pref("CT2269050.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
    Deleted : user_pref("CT2269050.uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Reg[...]
    Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2260173");
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/DEFAULT", "\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/657446/653307/US", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/DEFAULT", "\"[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2260173", [...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.app.conduit-services.com/apps/TranslatedApps.ash[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.engine.conduit-services.com/apps/TranslatedApps.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2260173",[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63443493058760[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=11/8/20[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2260173/CT2260173[...]
    Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"cde[...]
    Deleted : user_pref("CommunityToolbar.EngineOwner", "ConduitEngine");
    Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "engine@conduit.com");
    Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "conduitengine");
    Deleted : user_pref("CommunityToolbar.FeedDeleteDontAskAgain", true);
    Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
    Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
    Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Cusson\\AppData\\Roaming\\Mozilla\\[...]
    Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
    Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://toolbartv.swagbucks.com", "591x129");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "ConduitEngine");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "engine@conduit.com");
    Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "conduitengine");
    Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://mystart.incredimail.com/?loc=ff_a[...]
    Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2260173,CT2269050,ConduitEngine");
    Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2260173,CT2269050");
    Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Mon Jun 27 2011 17:38:59 GMT-04[...]
    Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
    Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 28 2011 08:29:34 GMT-0400 (Easte[...]
    Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.locale", "en");
    Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Mon Jun 27 2011 17:38:55 GMT-0400 (Eastern D[...]
    Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
    Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.alert.userId", "{20f93011-ab53-4371-b43b-78921ff8fc33}");
    Deleted : user_pref("CommunityToolbar.facebook.sessionKey", "2.XxtMxf2vDRjIjeHywKYb9A__.86400.1278212400-16029[...]
    Deleted : user_pref("CommunityToolbar.facebook.sessionSecret", "qZCBXKBbDGFE6old8eeloQ__");
    Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Sun Jan 29 2012 20:07:00 GMT-0500 (Eas[...]
    Deleted : user_pref("CommunityToolbar.facebook.userId", "1602955786");
    Deleted : user_pref("CommunityToolbar.globalUserId", "77114f1a-9edb-4c8a-afde-c2071f2bee4b");
    Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
    Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2269050");
    Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Jan 29 2012 20:07:0[...]
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);
    Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Sun Jan 29 2012 20:07:11 GMT-050[...]
    Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
    Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
    Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Sun Jan 29 2012 20:06:58 GMT-0500 (E[...]
    Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
    Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
    Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
    Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
    Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
    Deleted : user_pref("CommunityToolbar.notifications.userId", "1f91730a-11d5-4de4-b25e-deed72a01c24");
    Deleted : user_pref("ConduitEngine.CTID", "ConduitEngine");
    Deleted : user_pref("ConduitEngine.FirstServerDate", "11/25/2010 17");
    Deleted : user_pref("ConduitEngine.FirstTime", true);
    Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
    Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
    Deleted : user_pref("ConduitEngine.Initialize", true);
    Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
    Deleted : user_pref("ConduitEngine.InstalledDate", "Thu Nov 25 2010 10:52:15 GMT-0500 (Eastern Standard Time)"[...]
    Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
    Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
    Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
    Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Thu Dec 02 2010 00:14:00 GMT-0500 (Eastern Sta[...]
    Deleted : user_pref("ConduitEngine.LastLogin_3.2.5.2", "Thu Dec 02 2010 14:42:13 GMT-0500 (Eastern Standard Ti[...]
    Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
    Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Thu Dec 02 2010 14:42:13 GMT-0500 (Eastern Standar[...]
    Deleted : user_pref("ConduitEngine.UserID", "UN66067726209866689");
    Deleted : user_pref("ConduitEngine.componentAlertEnabled", true);
    Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
    Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Thu Dec 02 2010 00:14:00 GMT-0500 (Easte[...]
    Deleted : user_pref("ConduitEngine.initDone", true);
    Deleted : user_pref("ConduitEngine.usagesFlag", 2);
    Deleted : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=110795&tt=010812_906_cln_3112_3&ba[...]
    Deleted : user_pref("browser.search.defaultengine", "Ask.com");
    Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&Sea[...]
    Deleted : user_pref("extensions.BabylonToolbar.admin", false);
    Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
    Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
    Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
    Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
    Deleted : user_pref("extensions.BabylonToolbar.id", "16ee3ee400000000000006268221f135");
    Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15557");
    Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
    Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
    Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
    Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
    Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
    Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
    Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
    Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=110795&tt=010812_906_cln_3112_3");
    Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
    Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
    Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
    Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.114:02:27");
    Deleted : user_pref("extensions.crossriderapp2258@crossrider.com.install-event-fired", true);
    Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
    Deleted : user_pref("extensions.ffxtlbr@babylon.com.install-event-fired", true);
    Deleted : user_pref("extensions.ffxtlbr@funmoods.com.install-event-fired", true);
    Deleted : user_pref("extensions.wajam.affiliate_id", "3004");
    Deleted : user_pref("extensions.wajam.firstrun", "false");
    Deleted : user_pref("extensions.wajam.log_send_info", "false");
    Deleted : user_pref("extensions.wajam.mappingListJsonString", "{\"version\":\"0.21083\",\"supported_sites\":{\[...]
    Deleted : user_pref("extensions.wajam.no_trace", "false");
    Deleted : user_pref("extensions.wajam.server_current_mapping_version", "0.21083");
    Deleted : user_pref("extensions.wajam.trace_log", "1347545872946 - onFlagInfoReceived - Same server mapping ve[...]
    Deleted : user_pref("extensions.wajam.unique_id", "32BD1F418C83B48EC4BAD0F6D6958B20");
    Deleted : user_pref("extensions.wajam.user_current_mapping_version", "0");
    Deleted : user_pref("extensions.wajam.version", "1.25");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.AutoSearchEventData", "auto%20search");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.ClearCacheDate", 30);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.DNSCatch", false);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.DisplayEULA", true);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.DnsCatchEventData", "dns%20catch");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.EBOMode", true);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.FirstLaunchShown", true);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.InstallDomain", "freecause.com");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.InstallType", "standard");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.LoadLayoutDate.100683", 29);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.NewTabSearchEventData", "tab%20search");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.ShowRecommendedOptions", true);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.StateReportDate", "1349035160670");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.TopRightSearchEventData", "top%20right%20search[...]
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.beforeInstallSaved", true);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.beforeinstall.homepage", "hxxp%3A//search.babyl[...]
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.beforeinstall.search", "Search%20the%20web%20%2[...]
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.customNewTab", false);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.helpUsImprove", true);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.hideOthers", false);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.partnerauth", false);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.processAddrBar", false);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.restoreSearch", false);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.searchHistory", true);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.session", "5DAD218A61F7119E57210F7662C8D7479892[...]
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.showFirstLaunchOptions", false);
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.tb_lang", "en");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.tool_id", "100683");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.user_id", "117739370");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.user_key", "50a66c895b49ff9124e0c475fdbb46f4c47[...]
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.user_layouts", "100683");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.user_lnames", "Shop%20to%20Win%2036");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.vars.disablecuidinject", "1");
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.xml_service_url", "6bb94bbf55fe2f255901a560824a[...]
    Deleted : user_pref("freecause806215f31fe95c04f5dd1617f7bae315.yahooSearch", false);

    -\\ Google Chrome v22.0.1229.79

    File : C:\Users\Cusson\AppData\Local\Google\Chrome\User Data\Default\Preferences

    Deleted [l.12] : homepage = "hxxp://start.funmoods.com/?f=1&a=ironto",
    Deleted [l.16] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=ironto" ]
    Deleted [l.53] : icon_url = "hxxp://www.babylon.com/favicon.ico",
    Deleted [l.56] : keyword = "babylon.com",
    Deleted [l.59] : search_url = "hxxp://search.babylon.com/?q={searchTerms}&affID=110795&tt=010812_906_cln_3112_3&babsrc=SP_ss&mntrId=16ee3ee400000000000006268221f135",
    Deleted [l.1419] : homepage = "hxxp://start.funmoods.com/?f=1&a=ironto",
    Deleted [l.2123] : urls_to_restore_on_startup = [ "hxxp://start.funmoods.com/?f=1&a=ironto" ]

    *************************

    AdwCleaner[S1].txt - [49708 octets] - [30/09/2012 18:51:32]

    ########## EOF - C:\AdwCleaner[S1].txt - [49769 octets] ##########

  4. #4
    Member Spyware Fighter DonnaB's Avatar
    Join Date
    Apr 2009
    Location
    Illiana, Ill. USA
    Posts
    3,521
    Points
    563

    Default

    Hi cindyinohio,

    Could you explain how to do this? I can rename it after downloading and before installing...but don't know how to do this before downloading.
    Allow me to guide you while fireman4it is away from his desk.

    Download the setup file to the desktop. Right click on the setup file then choose rename from the list. Press the backspace key on your keyboard and just type 123abc.exe into the little box. Then click anywhere else on the desktop.

    Next, proceed to install and execute from the instructions posted by fireman4it.

    Donna
    If you think you might be infected with malware or have recently cleansed your computer of malware without the help of an expert, please read and follow the instructions in How to Start Removing Viruses and Spyware from your Computer. This can alleviate time consumed in trouble shooting your current computer problems.

    If your problem is solved, here's how to say thanks!

    Very proud parent of a U.S. Navy "CB"



    "People may forget what you say,
    People may forget what you did,
    but People will never forget how you made them feel!"

  5. #5
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    Malwarebytes log:

    Malwarebytes Anti-Malware 1.65.0.1400
    Malwarebytes : Free anti-malware download

    Database version: v2012.09.30.06

    Windows 7 x64 NTFS
    Internet Explorer 9.0.8112.16421
    Cusson :: SHALOSH [administrator]

    9/30/2012 8:48:32 PM
    mbam-log-2012-09-30 (20-48-32).txt

    Scan type: Quick scan
    Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
    Scan options disabled: P2P
    Objects scanned: 327394
    Time elapsed: 9 minute(s), 45 second(s)

    Memory Processes Detected: 0
    (No malicious items detected)

    Memory Modules Detected: 0
    (No malicious items detected)

    Registry Keys Detected: 0
    (No malicious items detected)

    Registry Values Detected: 0
    (No malicious items detected)

    Registry Data Items Detected: 0
    (No malicious items detected)

    Folders Detected: 0
    (No malicious items detected)

    Files Detected: 0
    (No malicious items detected)

    (end)

  6. #6
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    How is your machine running now?
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  7. #7
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    I haven't seen any pop-ups since running the AdwCleaner.

    I have Microsoft Security Essentials running, run scans with Malwarebytes and Super-anti-spyware, and try not to click on unsafe websites or links in emails...what else can I do to prevent this from happening again? Can I run the AdwCleaner on a regular basis? Would this have been prevented with Avast or another program since MSE didn't catch anything?

  8. #8
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    I haven't seen any pop-ups since running the AdwCleaner.

    I have Microsoft Security Essentials running, run scans with Malwarebytes and Super-anti-spyware, and try not to click on unsafe websites or links in emails...what else can I do to prevent this from happening again? Can I run the AdwCleaner on a regular basis? Would this have been prevented with Avast or another program since MSE didn't catch anything?

    No single product is 100% foolproof and can prevent, detect and remove all threats at any given time. Just because one anti-virus detected threats that another missed, does not mean its more effective. The security community is in a constant state of change as new infections appear and it takes time for them to be reported, samples collected, analyzed, and tested by anti-vendors. Security vendors use different scanning engines and different detection methods such as heuristic analysis or behavioral analysis which can account for discrepancies in scanning outcomes. Depending on how often the anti-virus database is updated can also account for differences in threat detections.

    Further, each vendor has its own definition of what constitutes malware and scanning your computer using different criteria will yield different results. The fact that each program has its own definition files means that some malware may be picked up by one that could be missed by another. Thus, a multi-layered defense using anti-spyware products (including an effective firewall) to supplement your anti-virus combined with common sense, safe computing and safe surfing habits provides the most complete protection.


    Open HijackThis, click Config, click Misc Tools
    Click "Open Uninstall Manager"
    Click "Save List" (generates uninstall_list.txt)
    Click Save, copy and paste the results in your next post.
    More information with a screenshot, can be found here.


    • Download RogueKiller on the desktop
    • Close all the running processes
    • Under Vista/Seven, right click -> Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • When prompted, Click Scan
    • A report should open, give its content to your helper. (RKreport could also be found next to the executable)
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename in winlogon.exe (or winlogon.com) and try again
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




  9. #9
    Member
    Join Date
    Jul 2010
    Posts
    47
    Points
    0

    Default

    I cannot seem to save a list for you...when I click on "Save" it says it cannot find the file and asks if I want to create a new one...when I reply "Yes" it opens up a blank Notepad window. When I search for "uninstall_txt" it will show up in the search window but when I click to open it, it just says that it is missing the shortcut.

    I could hand type in all the results if you'd like...

  10. #10
    Member Spyware Fighter
    Join Date
    Jun 2010
    Location
    Bement,Ill USA
    Posts
    1,340
    Points
    146

    Default

    • 1. Please download OTL from one of the following mirrors:
    • This is THE Mirror
      2. Save it to your desktop.
      3. Double click on the icon on your desktop.
      4. Under the Custom Scan box paste this in
      Code:
      c:\windows\*. /SL
      c:\windows\*. /RP 
      netsvcs
      activex
      drivers32
      %ALLUSERSPROFILE%\Application Data\*.
      %ALLUSERSPROFILE%\Application Data\*.exe /s
      %APPDATA%\*.
      %APPDATA%\*.exe /s
      %SYSTEMDRIVE%\*.exe
      %systemroot%\*. /mp /s
      CREATERESTOREPOINT
      %systemroot%\system32\*.dll /lockedfiles
      %systemroot%\Tasks\*.job /lockedfiles
      %systemroot%\system32\drivers\*.sys /lockedfiles
      %systemroot%\System32\config\*.sav 
      %systemroot%\system32\drivers\*.sys /90
      5. Push the Quick Scan button.
      6. Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized


    Please also include the Rogu Killer log
    " Extinguishing Malware from the world"

    The Spware Help forum is very busy. If I'm helping you and I've not posted back within 24 hrs., send a PM with your topic link. Thank you.
    HELP REQUESTS VIA THE PM SYSTEM WILL BE IGNORED. The Forums are there for a reason!
    Thanks-




Page 1 of 3 123 LastLast