SpyWare BeWare! ASAP
March 25, 2017, 12:49:48 AM *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News:
 
   Home   Help Search Calendar Donations Login Register Chat  



Google It!
Pages: [1]   Go Down
  Print  
Author Topic: Babylon Search Engine Hijacker, various Java type games  (Read 1620 times)
0 Members and 1 Guest are viewing this topic.
LicKwiD
Newbie
*
Offline Offline

Date Registered:March 10, 2006, 07:50:36 PM
Posts: 30


« on: September 30, 2013, 12:02:43 PM »

To who this may concern,
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #1 on: September 30, 2013, 12:06:54 PM »

If you require malware removal assistance, Please Start HERE! & post the required logs.

Thank you.

Logged

LicKwiD
Newbie
*
Offline Offline

Date Registered:March 10, 2006, 07:50:36 PM
Posts: 30


« Reply #2 on: September 30, 2013, 12:13:18 PM »

I recently had to do a system restore point to get my mothers laptop able to turn on again.  I updated malwarebytes, eset smart security, and all windows updates.  I did a deep malwarebytes search in safe mode and detected 1 item.  I removed that and thought I removed the other search engine hijackers from her laptop.  I come to find when she opens new windows it goes to the babylon search engine site and I have the default set to google.com.  It is becoming a pain in the rear.  I would like to see if you can help me locate the root file that continues to install these programs and clean up her laptop.  It seems she has lost the use of her laptops touch pad scroll feature as well.  She likes to play online java type games and I have installed no script in firefox from day 1, but she may have gotten a little ahead of herself and allowed some sites that may have infected her laptop. Any help is greatly appreciated.  Thank you in advance.  Below are the 2 txt files from DDS.

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 11/20/2011 12:43:30 PM
System Uptime: 9/30/2013 11:43:09 AM (1 hours ago)
.
Motherboard: Gateway |  | SJV50_HR
Processor: Intel(R) Celeron(R) CPU B800 @ 1.50GHz | CPU1 | 1395/1333mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 285 GiB total, 234.57 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP169: 8/30/2013 9:44:25 AM - Windows Update
RP170: 9/3/2013 8:49:06 AM - Windows Update
RP171: 9/6/2013 12:27:17 PM - Windows Update
RP172: 9/10/2013 8:04:31 AM - Windows Update
RP173: 9/11/2013 9:58:30 AM - Windows Update
RP174: 9/12/2013 11:42:40 AM - Windows Update
RP175: 9/23/2013 12:46:32 PM - Windows Update
RP176: 9/29/2013 1:28:32 AM - Windows Update
RP177: 9/29/2013 1:39:01 AM - Windows Update
RP178: 9/29/2013 2:20:05 AM - Windows Update
.
==== Installed Programs ======================
.
 Update for Microsoft Office 2007 (KB2508958)
7-Zip 9.20
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.Cool
ArcadeCandy
Backup Manager V3
Best Buy pc app
Broadcom Card Reader Driver Installer
Broadcom NetLink Controller
CyberLink PowerDVD 10
D3DX10
Epson Connect
Epson Customer Participation
Epson Download Navigator
Epson Event Manager
EPSON NX430 Series Printer Uninstall
EPSON Scan
ESET Smart Security
ETDWare PS/2-X64 8.0.6.3_WHQL
Ficir
Galerie de photos Windows Live
Gateway MyBackup
Gateway Power Management
Gateway Recovery Management
Gateway Registration
Gateway ScreenSaver
Gateway Social Networks
Gateway Updater
Google Chrome
Google Update Helper
Identity Card
ImgBurn
Intel(R) Control Center
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Intel(R) Rapid Storage Technology
Java Auto Updater
Java(TM) 6 Update 29
Junk Mail filter update
Launch Manager
LTCM Client
Malwarebytes Anti-Malware version 1.75.0.1300
McAfee Security Scan Plus
McAfee SiteAdvisor
Mesh Runtime
Microsoft .NET Framework 4 Client Profile
Microsoft Application Error Reporting
Microsoft IntelliPoint 8.2
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office 2010
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office Office 64-bit Components 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared 64-bit MUI (English) 2007
Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 22.0 (x86 en-US)
Mozilla Maintenance Service
MSVCRT
MSVCRT_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero Control Center 10
Nero ControlCenter 10 Help (CHM)
Nero Core Components 10
Nero DiscSpeed 10
Nero DiscSpeed 10 Help (CHM)
Nero Express 10
Nero Express 10 Help (CHM)
Nero Multimedia Suite 10 Essentials
Nero StartSmart 10
Nero StartSmart 10 Help (CHM)
Nero Update
Realtek High Definition Audio Driver
RunningTheSahara
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2804576)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2835393)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2840628v2)
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596754) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596825) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597973) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687309) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2687439) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760411) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760588) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2760823) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2760583) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2687440) 32-Bit Edition
Security Update for Microsoft Office Outlook 2007 (KB2825999) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2597971) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2767773) 32-Bit Edition
Tablet Driver V5.02
UnfriendApp
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Client Profile (KB2836939)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office 2007 suites (KB2596620) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596660) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2596848) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2687493) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767849) 32-Bit Edition
Update for Microsoft Office 2007 suites (KB2767916) 32-Bit Edition
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2687404) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2825641) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
VC80CRTRedist - 8.0.50727.6195
Video Web Camera
VLC media player 1.1.11
Welcome Center
Windows Live
Windows Live Communications Platform
Windows Live Essentials
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Language Selector
Windows Live Mail
Windows Live Mesh
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Movie Maker
Windows Live Photo Common
Windows Live Photo Gallery
Windows Live PIMT Platform
Windows Live Remote Client
Windows Live Remote Client Resources
Windows Live Remote Service
Windows Live Remote Service Resources
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinRAR 4.11 (64-bit)
WorldWinner Games
.
==== Event Viewer Messages From Past Week ========
.
9/30/2013 10:36:14 AM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001]  - The computer has rebooted from a bugcheck.  The bugcheck was: 0x0000004e (0x000000000000009a, 0x0000000000018b4f, 0x0000000000000006, 0x0000000000000002). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 093013-38516-01.
9/29/2013 2:40:20 AM, Error: Service Control Manager [7030]  - The WinTab Service service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
9/29/2013 12:07:21 AM, Error: Service Control Manager [7022]  - The ESET Service service hung on starting.
9/29/2013 12:07:07 AM, Error: Service Control Manager [7011]  - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the eventlog service.
9/24/2013 5:21:54 AM, Error: Service Control Manager [7023]  - The Function Discovery Resource Publication service terminated with the following error:  %%-2147014847
9/24/2013 4:29:59 AM, Error: Service Control Manager [7001]  - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error:  The dependency service or group failed to start.
9/24/2013 4:29:59 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
9/24/2013 4:29:58 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
9/24/2013 4:29:57 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
9/24/2013 4:29:57 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
9/24/2013 4:29:56 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
9/24/2013 4:29:48 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
9/24/2013 4:29:37 AM, Error: Service Control Manager [7026]  - The following boot-start or system-start driver(s) failed to load:  AFD DfsC discache eamonm ehdrv EpfwLWF NetBIOS NetBT nsiproxy Psched rdbss spldr tdx vwififlt Wanarpv6 WfpLwf
9/24/2013 4:29:36 AM, Error: Service Control Manager [7001]  - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/24/2013 4:29:36 AM, Error: Service Control Manager [7001]  - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/24/2013 4:29:36 AM, Error: Service Control Manager [7001]  - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error:  A device attached to the system is not functioning.
9/24/2013 4:29:36 AM, Error: Service Control Manager [7001]  - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/24/2013 4:29:36 AM, Error: Service Control Manager [7001]  - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error:  The dependency service or group failed to start.
9/24/2013 4:29:36 AM, Error: Service Control Manager [7001]  - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error:  A device attached to the system is not functioning.
9/24/2013 4:29:36 AM, Error: Service Control Manager [7001]  - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/24/2013 4:29:36 AM, Error: Service Control Manager [7001]  - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error:  The dependency service or group failed to start.
9/24/2013 4:29:36 AM, Error: Service Control Manager [7001]  - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error:  A device attached to the system is not functioning.
9/24/2013 4:29:36 AM, Error: Service Control Manager [7001]  - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error:  A device attached to the system is not functioning.
9/24/2013 2:02:41 AM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service wuauserv with arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}
9/23/2013 12:47:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office Excel 2007 (KB2760583).
9/23/2013 12:47:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2760588).
9/23/2013 12:47:31 PM, Error: Microsoft-Windows-WindowsUpdateClient [20]  - Installation Failure: Windows failed to install the following update with error 0x80246007: Security Update for Microsoft Office 2007 suites (KB2760411).
9/23/2013 1:44:22 PM, Error: Microsoft-Windows-DistributedCOM [10005]  - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
.
==== End Of File ===========================


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16686  BrowserJavaVersion: 1.6.0_29
Run by Jamie at 12:57:51 on 2013-09-30
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.1900.681 [GMT -4:00]
.
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\Drivers\WTSRV.EXE
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
C:\Windows\SysWOW64\WTClient.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files\Common Files\Microsoft Shared\Ink\InputPersonalization.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uDefault_Page_URL = hxxp://www.bing.com/?pc=MAGW
mWinlogon: Userinit = userinit.exe,
BHO: MSS+ Identifier: {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: ArcadeCandy Games: {AB6BD08C-DB6B-4F02-8A22-4BD343E990FF} - C:\Users\Jamie\AppData\Local\ArcadeCandy\candyEX.dll
BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [WTClient] WTClient.exe
StartupFolder: C:\Users\Jamie\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\ONENOT~1.LNK - C:\Program Files (x86)\Microsoft Office\Office12\ONENOTEM.EXE
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\Startup\MCAFEE~1.LNK - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} - hxxp://www.worldwinner.com/games/v47/skillgam/skillgam.cab
DPF: {1D082E71-DF20-4AAF-863B-596428C49874} - hxxp://www.worldwinner.com/games/v50/tpir/tpir.cab
DPF: {2C153C75-8476-434B-B3C3-57B63A3D1939} - hxxp://www.worldwinner.com/games/v48/brickout/brickout.cab
DPF: {33E54F7F-561C-49E6-929B-D7E76D3AFEB1} - hxxp://www.worldwinner.com/games/v50/pool/pool.cab
DPF: {555F1BBC-6EC2-474F-84AF-633EF097FF54} - hxxp://www.worldwinner.com/games/v53/wwhearts/wwhearts.cab
DPF: {61900274-3323-4446-BDCD-91548D32AF1B} - hxxp://www.worldwinner.com/games/v56/spidersolitaire/spidersolitaire.cab
DPF: {62969CF2-0F7A-433B-A221-FD8818C06C2F} - hxxp://www.worldwinner.com/games/v49/blockwerx/blockwerx.cab
DPF: {64CD313F-F079-4D93-959F-4D28B5519449} - hxxp://www.worldwinner.com/games/v56/jeopardy/jeopardy.cab
DPF: {6C6FE41A-0DA6-42A1-9AD8-792026B2B2A7} - hxxp://www.worldwinner.com/games/v41/freecell/freecell.cab
DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} - hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {8F6E7FB2-E56B-4F66-A4E1-9765D2565280} - hxxp://www.worldwinner.com/games/launcher/ie/v2.23.01.0/iewwload.cab
DPF: {95A311CD-EC8E-452A-BCEC-B844EB616D03} - hxxp://www.worldwinner.com/games/v51/bejeweledtwist/bejeweledtwist.cab
DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} - hxxp://www.worldwinner.com/games/v41/hangman/hangman.cab
DPF: {BA94245D-2AA0-4953-9D9F-B0EE4CC02C43} - hxxp://www.worldwinner.com/games/v42/tilecity/tilecity.cab
DPF: {BB637307-92FA-47EC-B3F7-6969078673CC} - hxxp://www.worldwinner.com/games/v45/royal/royal.cab
DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} - hxxp://www.worldwinner.com/games/v52/dinerdash/dinerdash.cab
DPF: {C82BB209-F528-46F9-96D5-69DEF7260916} - hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} - hxxp://www.worldwinner.com/games/v43/paint/paint.cab
DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab
DPF: {E12EB891-D000-421B-A8ED-EDE1BDCA14A0} - hxxp://www.worldwinner.com/games/v44/golfsol/golfsol.cab
DPF: {E70E3E64-2793-4AEF-8CC8-F1606BE563B0} - hxxp://www.worldwinner.com/games/v54/wwspades/wwspades.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{4509BDB2-EE99-49C6-84E2-933D46AB3BF9} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4509BDB2-EE99-49C6-84E2-933D46AB3BF9}\14D494C4F43414C4C494E4B4 : DHCPNameServer = 192.168.0.1
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.76\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: McAfee SiteAdvisor BHO: {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-TB: McAfee SiteAdvisor Toolbar: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
x64-Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - <orphaned>
x64-Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: igfxcui - igfxdev.dll
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\
FF - prefs.js: browser.search.selectedEngine - Bing
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMSS.dll
FF - plugin: C:\Program Files (x86)\McAfee\SiteAdvisor\NPMcFFPlg32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files (x86)\WorldWinner.com, Inc\WorldWinner Games\npwwload.dll
FF - plugin: C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
FF - plugin: C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\extensions\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}\plugins\np-mswmp.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.BabylonToolbar_i.babTrack -
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - def
FF - user.js: extensions.BabylonToolbar_i.id - 4ac6472a00000000000074de2b3343b3
FF - user.js: extensions.BabylonToolbar_i.hardId - 4ac6472a00000000000074de2b3343b3
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15390
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.179:39:16
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babclient
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - base
FF - user.js: extensions.BabylonToolbar_i.instlRef - std
.
============= SERVICES / DRIVERS ===============
.
R0 epfwwfp;epfwwfp;C:\Windows\System32\drivers\epfwwfp.sys [2012-3-14 62496]
R1 eamonm;eamonm;C:\Windows\System32\drivers\eamonm.sys [2012-3-14 209768]
R1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\Windows\System32\drivers\EpfwLWF.sys [2012-3-14 38288]
R2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-3-7 913144]
R2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE [2013-3-18 151648]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-2-26 418376]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-2-26 701512]
R3 b57xdbd;Broadcom xD Picture Bus Driver Service;C:\Windows\System32\drivers\b57xdbd.sys [2011-1-20 67624]
R3 b57xdmp;Broadcom xD Picture vstorp client drv;C:\Windows\System32\drivers\b57xdmp.sys [2011-1-20 19496]
R3 bScsiMSa;bScsiMSa;C:\Windows\System32\drivers\bScsiMSa.sys [2011-5-16 51240]
R3 bScsiSDa;bScsiSDa;C:\Windows\System32\drivers\bScsiSDa.sys [2011-5-6 86056]
R3 ETD;ELAN PS/2 Port Input Device;C:\Windows\System32\drivers\ETD.sys [2011-8-18 142632]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\System32\drivers\IntcDAud.sys [2011-8-18 317440]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2011-5-9 425000]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2011-11-20 25928]
R3 PTSimBus;PenTablet Bus Enumerator;C:\Windows\System32\drivers\PTSimBus.sys [2009-6-18 27304]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 McComponentHostService;McAfee Security Scan Component Host Service;C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-2-5 235216]
S3 PTSimHid;PenTablet Simulated HID MiniDriver;C:\Windows\System32\drivers\PTSimHid.sys [2009-6-18 17064]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2013-9-29 19456]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-9-29 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2013-9-29 30208]
S3 WDC_SAM;WD SCSI Pass Thru driver;C:\Windows\System32\drivers\wdcsam64.sys [2008-5-6 14464]
S4 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-8-18 353360]
S4 ePowerSvc;ePower Service;C:\Program Files\Gateway\Gateway Power Management\ePowerSvc.exe [2011-9-25 872552]
S4 EpsonCustomerParticipation;EpsonCustomerParticipation;C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe [2011-6-9 555392]
S4 GREGService;GREGService;C:\Program Files (x86)\Gateway\Registration\GREGsvc.exe [2011-5-29 36456]
S4 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-8-18 13592]
S4 Live Updater Service;Live Updater Service;C:\Program Files\Gateway\Gateway Updater\UpdaterService.exe [2011-8-18 244624]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;C:\PROGRA~2\mcafee\SITEAD~1\mcsacore.exe [2012-1-23 103440]
S4 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
S4 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NTI\Gateway MyBackup\IScheduleSvc.exe [2011-3-9 257344]
.
=============== Created Last 30 ================
.
2013-09-30 15:52:12   --------   d-----w-   C:\Users\Jamie\AppData\Local\{6263C7F1-2E14-4CC6-8970-DFD7D3B6AD27}
2013-09-29 06:45:11   --------   d-----w-   C:\Program Files (x86)\TABLET SOFTWARE
2013-09-29 06:39:50   --------   d-----w-   C:\Windows\SysWow64\TabletPmt
2013-09-29 06:39:50   --------   d-----w-   C:\Program Files (x86)\TABLET
2013-09-29 05:57:03   2706432   ----a-w-   C:\Windows\SysWow64\mshtml.tlb
2013-09-29 05:57:03   2706432   ----a-w-   C:\Windows\System32\mshtml.tlb
2013-09-29 05:57:01   356864   ----a-w-   C:\Program Files\Internet Explorer\IEShims.dll
2013-09-29 05:57:01   257536   ----a-w-   C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-09-29 05:57:01   236032   ----a-w-   C:\Program Files (x86)\Internet Explorer\IEShims.dll
2013-09-29 05:57:00   61440   ----a-w-   C:\Windows\SysWow64\iesetup.dll
2013-09-29 05:57:00   278528   ----a-w-   C:\Program Files\Internet Explorer\sqmapi.dll
2013-09-29 05:57:00   217600   ----a-w-   C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-09-29 05:48:27   155584   ----a-w-   C:\Windows\System32\drivers\ataport.sys
2013-09-29 05:30:20   3072   ----a-w-   C:\Windows\System32\drivers\en-US\tsusbflt.sys.mui
2013-09-29 05:30:18   13312   ----a-w-   C:\Windows\System32\TsUsbRedirectionGroupPolicyExtension.dll
2013-09-29 05:30:18   13312   ----a-w-   C:\Windows\System32\TsUsbRedirectionGroupPolicyControl.exe
2013-09-29 05:30:17   15360   ----a-w-   C:\Windows\System32\RdpGroupPolicyExtension.dll
2013-09-29 05:30:15   30208   ----a-w-   C:\Windows\System32\drivers\TsUsbGD.sys
2013-09-29 05:30:15   19456   ----a-w-   C:\Windows\System32\drivers\rdpvideominiport.sys
2013-09-29 05:30:14   57856   ----a-w-   C:\Windows\System32\drivers\TsUsbFlt.sys
2013-09-29 05:30:01   44032   ----a-w-   C:\Windows\System32\tsgqec.dll
2013-09-29 05:30:01   43520   ----a-w-   C:\Windows\System32\TsUsbGDCoInstaller.dll
2013-09-29 05:30:01   18432   ----a-w-   C:\Windows\System32\wksprtPS.dll
2013-09-29 05:30:00   192000   ----a-w-   C:\Windows\SysWow64\rdpendp_winip.dll
2013-09-29 05:30:00   16896   ----a-w-   C:\Windows\SysWow64\wksprtPS.dll
2013-09-29 05:28:03   458712   ----a-w-   C:\Windows\System32\drivers\cng.sys
2013-09-29 05:28:03   340992   ----a-w-   C:\Windows\System32\schannel.dll
2013-09-29 05:28:03   247808   ----a-w-   C:\Windows\SysWow64\schannel.dll
2013-09-29 05:28:02   154480   ----a-w-   C:\Windows\System32\drivers\ksecpkg.sys
2013-09-29 05:28:02   1448448   ----a-w-   C:\Windows\System32\lsasrv.dll
2013-09-29 05:28:01   96768   ----a-w-   C:\Windows\SysWow64\sspicli.dll
2013-09-29 05:28:01   22016   ----a-w-   C:\Windows\SysWow64\secur32.dll
2013-09-29 05:27:57   514560   ----a-w-   C:\Windows\SysWow64\qdvd.dll
2013-09-29 05:27:56   366592   ----a-w-   C:\Windows\System32\qdvd.dll
2013-09-03 13:53:52   187248   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\plugins\nppdf32.dll
.
==================== Find3M  ====================
.
2013-09-29 06:36:28   71048   ----a-w-   C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-09-29 06:36:28   692616   ----a-w-   C:\Windows\SysWow64\FlashPlayerApp.exe
2013-08-10 05:22:18   2241024   ----a-w-   C:\Windows\System32\wininet.dll
2013-08-10 05:20:59   3959296   ----a-w-   C:\Windows\System32\jscript9.dll
2013-08-10 05:20:55   67072   ----a-w-   C:\Windows\System32\iesetup.dll
2013-08-10 05:20:55   136704   ----a-w-   C:\Windows\System32\iesysprep.dll
2013-08-10 03:59:10   1767936   ----a-w-   C:\Windows\SysWow64\wininet.dll
2013-08-10 03:58:09   2876928   ----a-w-   C:\Windows\SysWow64\jscript9.dll
2013-08-10 03:58:06   109056   ----a-w-   C:\Windows\SysWow64\iesysprep.dll
2013-08-10 02:27:59   89600   ----a-w-   C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-10 02:17:19   71680   ----a-w-   C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-08-08 01:20:43   3155456   ----a-w-   C:\Windows\System32\win32k.sys
2013-08-07 08:22:02   278800   ------w-   C:\Windows\System32\MpSigStub.exe
2013-08-02 02:23:53   5550528   ----a-w-   C:\Windows\System32\ntoskrnl.exe
2013-08-02 02:15:44   1732032   ----a-w-   C:\Windows\System32\ntdll.dll
2013-08-02 02:15:03   362496   ----a-w-   C:\Windows\System32\wow64win.dll
2013-08-02 02:15:03   243712   ----a-w-   C:\Windows\System32\wow64.dll
2013-08-02 02:15:03   13312   ----a-w-   C:\Windows\System32\wow64cpu.dll
2013-08-02 02:14:57   215040   ----a-w-   C:\Windows\System32\winsrv.dll
2013-08-02 02:14:11   16384   ----a-w-   C:\Windows\System32\ntvdm64.dll
2013-08-02 02:13:34   424448   ----a-w-   C:\Windows\System32\KernelBase.dll
2013-08-02 01:59:30   3968960   ----a-w-   C:\Windows\SysWow64\ntkrnlpa.exe
2013-08-02 01:59:30   3913664   ----a-w-   C:\Windows\SysWow64\ntoskrnl.exe
2013-08-02 01:51:23   1292192   ----a-w-   C:\Windows\SysWow64\ntdll.dll
2013-08-02 01:50:42   5120   ----a-w-   C:\Windows\SysWow64\wow32.dll
2013-08-02 01:50:42   274944   ----a-w-   C:\Windows\SysWow64\KernelBase.dll
2013-08-02 01:09:17   338432   ----a-w-   C:\Windows\System32\conhost.exe
2013-08-02 00:59:09   112640   ----a-w-   C:\Windows\System32\smss.exe
2013-08-02 00:45:37   25600   ----a-w-   C:\Windows\SysWow64\setup16.exe
2013-08-02 00:45:36   14336   ----a-w-   C:\Windows\SysWow64\ntvdm64.dll
2013-08-02 00:45:35   7680   ----a-w-   C:\Windows\SysWow64\instnm.exe
2013-08-02 00:45:34   2048   ----a-w-   C:\Windows\SysWow64\user.exe
2013-08-02 00:43:05   6144   ---ha-w-   C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2013-08-02 00:43:05   4608   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-08-02 00:43:05   3584   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2013-08-02 00:43:05   3072   ---ha-w-   C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2013-07-25 09:25:54   1888768   ----a-w-   C:\Windows\System32\WMVDECOD.DLL
2013-07-25 08:57:27   1620992   ----a-w-   C:\Windows\SysWow64\WMVDECOD.DLL
2013-07-19 01:58:42   2048   ----a-w-   C:\Windows\System32\tzres.dll
2013-07-19 01:41:01   2048   ----a-w-   C:\Windows\SysWow64\tzres.dll
2013-07-09 05:52:52   224256   ----a-w-   C:\Windows\System32\wintrust.dll
2013-07-09 05:51:16   1217024   ----a-w-   C:\Windows\System32\rpcrt4.dll
2013-07-09 05:46:20   184320   ----a-w-   C:\Windows\System32\cryptsvc.dll
2013-07-09 05:46:20   1472512   ----a-w-   C:\Windows\System32\crypt32.dll
2013-07-09 05:46:20   139776   ----a-w-   C:\Windows\System32\cryptnet.dll
2013-07-09 04:52:33   663552   ----a-w-   C:\Windows\SysWow64\rpcrt4.dll
2013-07-09 04:52:10   175104   ----a-w-   C:\Windows\SysWow64\wintrust.dll
2013-07-09 04:46:31   140288   ----a-w-   C:\Windows\SysWow64\cryptsvc.dll
2013-07-09 04:46:31   1166848   ----a-w-   C:\Windows\SysWow64\crypt32.dll
2013-07-09 04:46:31   103936   ----a-w-   C:\Windows\SysWow64\cryptnet.dll
2013-07-06 06:03:53   1910208   ----a-w-   C:\Windows\System32\drivers\tcpip.sys
.
============= FINISH: 12:59:51.83 ===============


Logged
LicKwiD
Newbie
*
Offline Offline

Date Registered:March 10, 2006, 07:50:36 PM
Posts: 30


« Reply #3 on: September 30, 2013, 12:15:38 PM »

I apologize for the early post, I hit the tab button and space and it hit post on me.. teehee
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #4 on: September 30, 2013, 12:34:34 PM »

Hi and welcome back to the SWBW forums.  Smiley

I'm melboy and I am going to try to help you with your problem. Please take note of the following:

  • I will be working on your Malware issues this may or may not solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine.
  • If you don't know or understand something, please don't hesitate to ask.
  • Please refrain from making any further changes to your computer (Install/Uninstall programs, delete files, edit the registry, etc...)
  • Please DO NOT run any other tools or scans whilst I am helping you.
  • It is important that you reply to this thread. Do not start a new topic.
  • DO NOT attach logs unless requested to. Please copy/paste all requested logs into your replies.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
  • Absence of symptoms does not mean that everything is clear.
.

IMPORTANT: Please take time to read this topic where the Forum Guidelines are explained.

NOTE: Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.


No Reply Within 3 Days Will Result In Your Topic Being Closed!! If you need more time, please inform me.


==================================


Uninstall Programs

  • Go to start > control panel > Programs > programs and features.
  • Right click on each instance of:
Quote
ArcadeCandy
Java(TM) 6 Update 29
McAfee Security Scan Plus
VLC media player 1.1.11

  • Click Uninstall & then follow the prompts to remove it.
.


AdwCleaner

Download AdwCleaner from HERE & save it to your desktop.

  • Right click AdwCleaner.exe and choose "Run as Administrator" to run it.
  • Click the Scan button.
  • When the scan finishes, click the Report button.
  • A logfile will open in notepad. Copy/paste to post the contents of the logfile in your next reply.
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner[R*].txt.
Logged

LicKwiD
Newbie
*
Offline Offline

Date Registered:March 10, 2006, 07:50:36 PM
Posts: 30


« Reply #5 on: September 30, 2013, 01:11:02 PM »

programs uninstalled, arcade candy required reboot... i did not complete this. I just said do later.

# AdwCleaner v3.005 - Report created 30/09/2013 at 14:08:51
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jamie - JAMIE-LAPTOP
# Running from : C:\Users\Jamie\Desktop\adwcleaner.exe
# Option : Scan

***** [ Services ] *****


***** [ Files / Folders ] *****

File Found : C:\END
File Found : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\Extensions\adapter@babylontc.com.xpi
File Found : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\Extensions\ocr@babylon.com.xpi
File Found : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\searchplugins\Askcom.xml
File Found : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\user.js
Folder Found : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\Extensions\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}
Folder Found : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\Extensions\ffxtlbr@babylon.com
Folder Found C:\Users\Jamie\AppData\Local\apn
Folder Found C:\Users\Jamie\AppData\Local\Temp\AskSearch
Folder Found C:\Users\Jamie\AppData\Local\Temp\BabylonToolbar
Folder Found C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\ConduitCommon
Folder Found C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\CT3018509

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Found : HKCU\Software\APN PIP
Key Found : HKCU\Software\AppDataLow\Software\DynConIE
Key Found : HKCU\Software\Conduit
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKCU\Software\PIP
Key Found : [x64] HKCU\Software\APN PIP
Key Found : [x64] HKCU\Software\Conduit
Key Found : [x64] HKCU\Software\PIP
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Found : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Found : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Found : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Found : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Found : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Key Found : HKLM\Software\PIP
Key Found : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\prefs.js ]

Line Found : user_pref("CT3018509..clientLogIsEnabled", true);
Line Found : user_pref("CT3018509..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Found : user_pref("CT3018509..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Found : user_pref("CT3018509.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Found : user_pref("CT3018509.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Found : user_pref("CT3018509.BrowserCompStateIsOpen_129683388555092712", true);
Line Found : user_pref("CT3018509.BrowserCompStateIsOpen_129774349446762757", true);
Line Found : user_pref("CT3018509.BrowserCompStateIsOpen_1366704352000", true);
Line Found : user_pref("CT3018509.BrowserCompStateIsOpen_1367226436000", true);
Line Found : user_pref("CT3018509.CT3018509", "CT3018509");
Line Found : user_pref("CT3018509.CurrentServerDate", "15-8-2013");
Line Found : user_pref("CT3018509.DSInstall", false);
Line Found : user_pref("CT3018509.DialogsAlignMode", "LTR");
Line Found : user_pref("CT3018509.DialogsGetterLastCheckTime", "Thu Aug 15 2013 12:08:00 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.DownloadReferralCookieData", "");
Line Found : user_pref("CT3018509.ExternalComponentPollDate129510405198305199", "Tue Feb 28 2012 09:24:42 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.ExternalComponentPollDate129510405203040747", "Tue Feb 28 2012 09:24:42 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.FirstServerDate", "24-2-2012");
Line Found : user_pref("CT3018509.FirstTime", true);
Line Found : user_pref("CT3018509.FirstTimeFF3", true);
Line Found : user_pref("CT3018509.FixPageNotFoundErrors", false);
Line Found : user_pref("CT3018509.GroupingServerCheckInterval", 1440);
Line Found : user_pref("CT3018509.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Found : user_pref("CT3018509.HPInstall", false);
Line Found : user_pref("CT3018509.HasUserGlobalKeys", true);
Line Found : user_pref("CT3018509.HomePageProtectorEnabled", false);
Line Found : user_pref("CT3018509.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CT3018509.Initialize", true);
Line Found : user_pref("CT3018509.InitializeCommonPrefs", true);
Line Found : user_pref("CT3018509.InstallationAndCookieDataSentCount", 3);
Line Found : user_pref("CT3018509.InstallationType", "Unknown");
Line Found : user_pref("CT3018509.InstalledDate", "Fri Feb 24 2012 07:28:57 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.InvalidateCache", false);
Line Found : user_pref("CT3018509.IsAlertDBUpdated", true);
Line Found : user_pref("CT3018509.IsGrouping", false);
Line Found : user_pref("CT3018509.IsInitSetupIni", true);
Line Found : user_pref("CT3018509.IsMulticommunity", false);
Line Found : user_pref("CT3018509.IsOpenThankYouPage", true);
Line Found : user_pref("CT3018509.IsOpenUninstallPage", true);
Line Found : user_pref("CT3018509.IsProtectorsInit", true);
Line Found : user_pref("CT3018509.LanguagePackLastCheckTime", "Thu Aug 15 2013 12:08:00 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.LanguagePackReloadIntervalMM", 1440);
Line Found : user_pref("CT3018509.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Found : user_pref("CT3018509.LastLogin_3.12.0.7", "Tue Apr 24 2012 13:31:56 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT3018509.LastLogin_3.12.2.3", "Wed May 30 2012 07:42:38 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT3018509.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:02:45 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT3018509.LastLogin_3.14.1.0", "Tue Aug 21 2012 07:40:40 GMT-0400 (Eastern Daylight Time)");
Line Found : user_pref("CT3018509.LastLogin_3.15.1.0", "Fri Nov 09 2012 06:56:51 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.LastLogin_3.16.0.3", "Sun Feb 10 2013 08:10:30 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.LastLogin_3.18.0.7", "Mon Jul 15 2013 07:21:56 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.LastLogin_3.19.0.3", "Thu Aug 15 2013 12:07:59 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.LastLogin_3.9.0.3", "Tue Feb 28 2012 17:42:04 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.LatestVersion", "3.19.0.3");
Line Found : user_pref("CT3018509.Locale", "en-us");
Line Found : user_pref("CT3018509.MCDetectTooltipHeight", "83");
Line Found : user_pref("CT3018509.MCDetectTooltipShow", false);
Line Found : user_pref("CT3018509.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Found : user_pref("CT3018509.MCDetectTooltipWidth", "295");
Line Found : user_pref("CT3018509.MyStuffEnabledAtInstallation", true);
Line Found : user_pref("CT3018509.OriginalFirstVersion", "3.9.0.3");
Line Found : user_pref("CT3018509.RadioIsPodcast", false);
Line Found : user_pref("CT3018509.RadioLastCheckTime", "Fri Feb 24 2012 07:28:57 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.RadioLastUpdateIPServer", "3");
Line Found : user_pref("CT3018509.RadioLastUpdateServer", "3");
Line Found : user_pref("CT3018509.RadioMediaID", "9962");
Line Found : user_pref("CT3018509.RadioMediaType", "Media Player");
Line Found : user_pref("CT3018509.RadioMenuSelectedID", "EBRadioMenu_CT30185099962");
Line Found : user_pref("CT3018509.RadioShrinkedFromSetup", false);
Line Found : user_pref("CT3018509.RadioStationName", "California%20Rock");
Line Found : user_pref("CT3018509.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Found : user_pref("CT3018509.SearchCaption", "Game Master 2.1 Customized Web Search");
Line Found : user_pref("CT3018509.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("CT3018509.SearchFromAddressBarIsInit", true);
Line Found : user_pref("CT3018509.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&SearchSource=2&q=");
Line Found : user_pref("CT3018509.SearchInNewTabEnabled", true);
Line Found : user_pref("CT3018509.SearchInNewTabIntervalMM", 1440);
Line Found : user_pref("CT3018509.SearchInNewTabLastCheckTime", "Thu Aug 15 2013 12:07:58 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Found : user_pref("CT3018509.SearchProtectorEnabled", false);
Line Found : user_pref("CT3018509.SearchProtectorToolbarDisabled", false);
Line Found : user_pref("CT3018509.SendProtectorDataViaLogin", true);
Line Found : user_pref("CT3018509.ServiceMapLastCheckTime", "Thu Aug 15 2013 12:07:59 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.SettingsLastCheckTime", "Thu Aug 15 2013 12:07:58 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.SettingsLastUpdate", "1376554442");
Line Found : user_pref("CT3018509.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3018509&SearchSource=13");
Line Found : user_pref("CT3018509.ThirdPartyComponentsInterval", 504);
Line Found : user_pref("CT3018509.ThirdPartyComponentsLastCheck", "Fri Feb 24 2012 07:28:53 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.ThirdPartyComponentsLastUpdate", "1312887586");
Line Found : user_pref("CT3018509.ToolbarShrinkedFromSetup", false);
Line Found : user_pref("CT3018509.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3018509");
Line Found : user_pref("CT3018509.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Found : user_pref("CT3018509.UserID", "UN72471336034694172");
Line Found : user_pref("CT3018509.ValidationData_Toolbar", 2);
Line Found : user_pref("CT3018509.alertChannelId", "1410096");
Line Found : user_pref("CT3018509.approveUntrustedApps", false);
Line Found : user_pref("CT3018509.components.1000082", false);
Line Found : user_pref("CT3018509.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Found : user_pref("CT3018509.globalFirstTimeInfoLastCheckTime", "Fri Feb 24 2012 07:28:54 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.homepageProtectorEnableByLogin", true);
Line Found : user_pref("CT3018509.initDone", true);
Line Found : user_pref("CT3018509.isAppTrackingManagerOn", true);
Line Found : user_pref("CT3018509.isFirstRadioInstallation", false);
Line Found : user_pref("CT3018509.myStuffEnabled", true);
Line Found : user_pref("CT3018509.myStuffPublihserMinWidth", 400);
Line Found : user_pref("CT3018509.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Found : user_pref("CT3018509.myStuffServiceIntervalMM", 1440);
Line Found : user_pref("CT3018509.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Found : user_pref("CT3018509.revertSettingsEnabled", false);
Line Found : user_pref("CT3018509.searchProtectorDialogDelayInSec", 10);
Line Found : user_pref("CT3018509.searchProtectorEnableByLogin", true);
Line Found : user_pref("CT3018509.testingCtid", "");
Line Found : user_pref("CT3018509.toolbarAppMetaDataLastCheckTime", "Thu Aug 15 2013 12:08:00 GMT-0400 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.toolbarContextMenuLastCheckTime", "Fri Feb 24 2012 07:28:58 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CT3018509.usagesFlag", 2);
Line Found : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3018509/CT3018509", "\"890a77f62ec742e7b1758f13b895f4c93\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1410096/1405754/US", "\"0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3018509", "\"1367226773\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "m4Df43NZ+9lr21ZNdyYrjA==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "B8Px/Te74hi98N2hb9yOAQ==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "ktZKgREPsk5m13TY9rsX+A==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "cTVrc75U9YwdI74PAhUYFw==");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"d229fa25f6c9cc1:12e4\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:1694\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:12e4\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3018509", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalizer_dead.gif", "\"09586ee4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize.gif", "\"09586ee4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif", "\"09586ee4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif", "\"09586ee4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif", "\"09586ee4e19c81:0\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"c89bcb7d9350c7350a3548054c42b78a\"");
Line Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"f9512f0385339c40c8d2b94d227065cc\"");
Line Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jamie\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ag3h3zrd.default\\conduitCommon\\modules\\3.9.0.3");
Line Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Line Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Found : user_pref("CommunityToolbar.ToolbarsList", "CT3018509");
Line Found : user_pref("CommunityToolbar.ToolbarsList2", "CT3018509");
Line Found : user_pref("CommunityToolbar.ToolbarsList4", "CT3018509");
Line Found : user_pref("CommunityToolbar.globalUserId", "7fb1b9cc-1457-4b0f-8e22-89f53074883a");
Line Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Feb 24 2012 07:28:55 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Found : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Feb 28 2012 09:47:55 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.locale", "en");
Line Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 28 2012 09:47:47 GMT-0500 (Eastern Standard Time)");
Line Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Found : user_pref("CommunityToolbar.notifications.userId", "e79bd290-f960-42fd-9b80-d51ebcd1e85e");
Line Found : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Found : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Found : user_pref("extensions.BabylonToolbar.admin", false);
Line Found : user_pref("extensions.BabylonToolbar.aflt", "babclient");
Line Found : user_pref("extensions.BabylonToolbar.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar.babTrack", "");
Line Found : user_pref("extensions.BabylonToolbar.bbDpng", 30);
Line Found : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Line Found : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Found : user_pref("extensions.BabylonToolbar.id", "4ac6472a00000000000074de2b3343b3");
Line Found : user_pref("extensions.BabylonToolbar.instlDay", "15390");
Line Found : user_pref("extensions.BabylonToolbar.instlRef", "std");
Line Found : user_pref("extensions.BabylonToolbar.lastDP", 30);
Line Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.179:39:16");
Line Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "22.0");
Line Found : user_pref("extensions.BabylonToolbar.newTab", true);
Line Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Line Found : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar.propectorlck", 119119359);
Line Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Found : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Line Found : user_pref("extensions.BabylonToolbar.srcExt", "def");
Line Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.179:39:16");
Line Found : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Line Found : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Found : user_pref("extensions.BabylonToolbar_i.babTrack", "");
Line Found : user_pref("extensions.BabylonToolbar_i.hardId", "4ac6472a00000000000074de2b3343b3");
Line Found : user_pref("extensions.BabylonToolbar_i.id", "4ac6472a00000000000074de2b3343b3");
Line Found : user_pref("extensions.BabylonToolbar_i.instlDay", "15390");
Line Found : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Line Found : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Found : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Found : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Found : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
Line Found : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:39:16");
Line Found : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Found : user_pref("extensions.enabledAddons", "adapter%40babylontc.com:1.0.0.1,ffxtlbr%40babylon.com:1.1.9,ocr%40babylon.com:1.1,rqhunxcomh%40rqhunxcomh.org:1.0,toolbar%40shopathome.com:6.0.5.1,games%40acandy[...]
Line Found : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n   <XMLVersion Number=\"{bdd09e8b-8dee-478c-9f4e-0db5e30597cc}\" />\r\n   <AnalyticsURL URL=\"hxxp://www.google-analytics.com/__utm.gif?utmw[...]

-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Found : homepage
Found : urls_to_restore_on_startup
Found : homepage
Found : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [24286 octets] - [30/09/2013 14:08:51]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [24347 octets] ##########
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #6 on: September 30, 2013, 01:14:59 PM »

Hi

Let me know how things are running after completing this.

AdwCleaner

  • Right click AdwCleaner.exe and choose "Run as Administrator" to run it.
  • Click the Scan button.
  • When the scan finishes, click the Clean button.
  • Click OK to the prompt and let AdwCleaner reboot the computer.
  • A logfile will open in notepad after reboot. Copy/paste to post the contents of the logfile in your next reply.
  • You can also find the logfile at C:\AdwCleaner\AdwCleaner[S**].txt.
Logged

LicKwiD
Newbie
*
Offline Offline

Date Registered:March 10, 2006, 07:50:36 PM
Posts: 30


« Reply #7 on: October 01, 2013, 03:08:37 AM »

(the search page hi-jacker seems to be gone... its not the first page to pop up when i open a new tab or window.  I appreciate all the help you have provided so far!)

# AdwCleaner v3.005 - Report created 01/10/2013 at 04:00:50
# Updated 22/09/2013 by Xplode
# Operating System : Windows 7 Home Premium Service Pack 1 (64 bits)
# Username : Jamie - JAMIE-LAPTOP
# Running from : C:\Users\Jamie\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\Jamie\AppData\Local\apn
Folder Deleted : C:\Users\Jamie\AppData\Local\Temp\AskSearch
Folder Deleted : C:\Users\Jamie\AppData\Local\Temp\BabylonToolbar
Folder Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\ConduitCommon
Folder Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\CT3018509
Folder Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\Extensions\ffxtlbr@babylon.com
Folder Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\Extensions\{22dfbf5b-a7cd-4b25-9471-3dc68c71855f}
File Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\Extensions\adapter@babylontc.com.xpi
File Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\Extensions\ocr@babylon.com.xpi
File Deleted : C:\END
File Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\searchplugins\Askcom.xml
File Deleted : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Classes\AppID\BabylonHelper.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\askpartnercobrandingtool_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\tracing\askpartnercobrandingtool_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\AskSLib_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\BabylonTC_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\TaskScheduler_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6536801B-F50C-449B-9476-093DFD3789E3}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{44ED99E2-16A6-4B89-80D6-5B21CF42E78B}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{64B00DAC-870D-4E6A-8D34-3A6E3E427A30}
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\AppDataLow\Software\DynConIE
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16686


-\\ Mozilla Firefox v22.0 (en-US)

[ File : C:\Users\Jamie\AppData\Roaming\Mozilla\Firefox\Profiles\ag3h3zrd.default\prefs.js ]

Line Deleted : user_pref("CT3018509..clientLogIsEnabled", true);
Line Deleted : user_pref("CT3018509..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");
Line Deleted : user_pref("CT3018509..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");
Line Deleted : user_pref("CT3018509.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);
Line Deleted : user_pref("CT3018509.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Line Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_129683388555092712", true);
Line Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_129774349446762757", true);
Line Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_1366704352000", true);
Line Deleted : user_pref("CT3018509.BrowserCompStateIsOpen_1367226436000", true);
Line Deleted : user_pref("CT3018509.CT3018509", "CT3018509");
Line Deleted : user_pref("CT3018509.CurrentServerDate", "15-8-2013");
Line Deleted : user_pref("CT3018509.DSInstall", false);
Line Deleted : user_pref("CT3018509.DialogsAlignMode", "LTR");
Line Deleted : user_pref("CT3018509.DialogsGetterLastCheckTime", "Thu Aug 15 2013 12:08:00 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.DownloadReferralCookieData", "");
Line Deleted : user_pref("CT3018509.ExternalComponentPollDate129510405198305199", "Tue Feb 28 2012 09:24:42 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.ExternalComponentPollDate129510405203040747", "Tue Feb 28 2012 09:24:42 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.FirstServerDate", "24-2-2012");
Line Deleted : user_pref("CT3018509.FirstTime", true);
Line Deleted : user_pref("CT3018509.FirstTimeFF3", true);
Line Deleted : user_pref("CT3018509.FixPageNotFoundErrors", false);
Line Deleted : user_pref("CT3018509.GroupingServerCheckInterval", 1440);
Line Deleted : user_pref("CT3018509.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Line Deleted : user_pref("CT3018509.HPInstall", false);
Line Deleted : user_pref("CT3018509.HasUserGlobalKeys", true);
Line Deleted : user_pref("CT3018509.HomePageProtectorEnabled", false);
Line Deleted : user_pref("CT3018509.HomepageBeforeUnload", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CT3018509.Initialize", true);
Line Deleted : user_pref("CT3018509.InitializeCommonPrefs", true);
Line Deleted : user_pref("CT3018509.InstallationAndCookieDataSentCount", 3);
Line Deleted : user_pref("CT3018509.InstallationType", "Unknown");
Line Deleted : user_pref("CT3018509.InstalledDate", "Fri Feb 24 2012 07:28:57 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.InvalidateCache", false);
Line Deleted : user_pref("CT3018509.IsAlertDBUpdated", true);
Line Deleted : user_pref("CT3018509.IsGrouping", false);
Line Deleted : user_pref("CT3018509.IsInitSetupIni", true);
Line Deleted : user_pref("CT3018509.IsMulticommunity", false);
Line Deleted : user_pref("CT3018509.IsOpenThankYouPage", true);
Line Deleted : user_pref("CT3018509.IsOpenUninstallPage", true);
Line Deleted : user_pref("CT3018509.IsProtectorsInit", true);
Line Deleted : user_pref("CT3018509.LanguagePackLastCheckTime", "Thu Aug 15 2013 12:08:00 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LanguagePackReloadIntervalMM", 1440);
Line Deleted : user_pref("CT3018509.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");
Line Deleted : user_pref("CT3018509.LastLogin_3.12.0.7", "Tue Apr 24 2012 13:31:56 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.12.2.3", "Wed May 30 2012 07:42:38 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.13.0.6", "Mon Jul 16 2012 06:02:45 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.14.1.0", "Tue Aug 21 2012 07:40:40 GMT-0400 (Eastern Daylight Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.15.1.0", "Fri Nov 09 2012 06:56:51 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.16.0.3", "Sun Feb 10 2013 08:10:30 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.18.0.7", "Mon Jul 15 2013 07:21:56 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.19.0.3", "Thu Aug 15 2013 12:07:59 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LastLogin_3.9.0.3", "Tue Feb 28 2012 17:42:04 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.LatestVersion", "3.19.0.3");
Line Deleted : user_pref("CT3018509.Locale", "en-us");
Line Deleted : user_pref("CT3018509.MCDetectTooltipHeight", "83");
Line Deleted : user_pref("CT3018509.MCDetectTooltipShow", false);
Line Deleted : user_pref("CT3018509.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Line Deleted : user_pref("CT3018509.MCDetectTooltipWidth", "295");
Line Deleted : user_pref("CT3018509.MyStuffEnabledAtInstallation", true);
Line Deleted : user_pref("CT3018509.OriginalFirstVersion", "3.9.0.3");
Line Deleted : user_pref("CT3018509.RadioIsPodcast", false);
Line Deleted : user_pref("CT3018509.RadioLastCheckTime", "Fri Feb 24 2012 07:28:57 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.RadioLastUpdateIPServer", "3");
Line Deleted : user_pref("CT3018509.RadioLastUpdateServer", "3");
Line Deleted : user_pref("CT3018509.RadioMediaID", "9962");
Line Deleted : user_pref("CT3018509.RadioMediaType", "Media Player");
Line Deleted : user_pref("CT3018509.RadioMenuSelectedID", "EBRadioMenu_CT30185099962");
Line Deleted : user_pref("CT3018509.RadioShrinkedFromSetup", false);
Line Deleted : user_pref("CT3018509.RadioStationName", "California%20Rock");
Line Deleted : user_pref("CT3018509.RadioStationURL", "hxxp://feedlive.net/california.asx");
Line Deleted : user_pref("CT3018509.SearchCaption", "Game Master 2.1 Customized Web Search");
Line Deleted : user_pref("CT3018509.SearchEngineBeforeUnload", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("CT3018509.SearchFromAddressBarIsInit", true);
Line Deleted : user_pref("CT3018509.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3018509&SearchSource=2&q=");
Line Deleted : user_pref("CT3018509.SearchInNewTabEnabled", true);
Line Deleted : user_pref("CT3018509.SearchInNewTabIntervalMM", 1440);
Line Deleted : user_pref("CT3018509.SearchInNewTabLastCheckTime", "Thu Aug 15 2013 12:07:58 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID&UM=UM_ID");
Line Deleted : user_pref("CT3018509.SearchProtectorEnabled", false);
Line Deleted : user_pref("CT3018509.SearchProtectorToolbarDisabled", false);
Line Deleted : user_pref("CT3018509.SendProtectorDataViaLogin", true);
Line Deleted : user_pref("CT3018509.ServiceMapLastCheckTime", "Thu Aug 15 2013 12:07:59 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.SettingsLastCheckTime", "Thu Aug 15 2013 12:07:58 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.SettingsLastUpdate", "1376554442");
Line Deleted : user_pref("CT3018509.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3018509&SearchSource=13");
Line Deleted : user_pref("CT3018509.ThirdPartyComponentsInterval", 504);
Line Deleted : user_pref("CT3018509.ThirdPartyComponentsLastCheck", "Fri Feb 24 2012 07:28:53 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.ThirdPartyComponentsLastUpdate", "1312887586");
Line Deleted : user_pref("CT3018509.ToolbarShrinkedFromSetup", false);
Line Deleted : user_pref("CT3018509.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3018509");
Line Deleted : user_pref("CT3018509.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]
Line Deleted : user_pref("CT3018509.UserID", "UN72471336034694172");
Line Deleted : user_pref("CT3018509.ValidationData_Toolbar", 2);
Line Deleted : user_pref("CT3018509.alertChannelId", "1410096");
Line Deleted : user_pref("CT3018509.approveUntrustedApps", false);
Line Deleted : user_pref("CT3018509.components.1000082", false);
Line Deleted : user_pref("CT3018509.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]
Line Deleted : user_pref("CT3018509.globalFirstTimeInfoLastCheckTime", "Fri Feb 24 2012 07:28:54 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.homepageProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3018509.initDone", true);
Line Deleted : user_pref("CT3018509.isAppTrackingManagerOn", true);
Line Deleted : user_pref("CT3018509.isFirstRadioInstallation", false);
Line Deleted : user_pref("CT3018509.myStuffEnabled", true);
Line Deleted : user_pref("CT3018509.myStuffPublihserMinWidth", 400);
Line Deleted : user_pref("CT3018509.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");
Line Deleted : user_pref("CT3018509.myStuffServiceIntervalMM", 1440);
Line Deleted : user_pref("CT3018509.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");
Line Deleted : user_pref("CT3018509.revertSettingsEnabled", false);
Line Deleted : user_pref("CT3018509.searchProtectorDialogDelayInSec", 10);
Line Deleted : user_pref("CT3018509.searchProtectorEnableByLogin", true);
Line Deleted : user_pref("CT3018509.testingCtid", "");
Line Deleted : user_pref("CT3018509.toolbarAppMetaDataLastCheckTime", "Thu Aug 15 2013 12:08:00 GMT-0400 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.toolbarContextMenuLastCheckTime", "Fri Feb 24 2012 07:28:58 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CT3018509.usagesFlag", 2);
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3018509/CT3018509", "\"890a77f62ec742e7b1758f13b895f4c93\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1410096/1405754/US", "\"0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3018509", "\"1367226773\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en-us", "m4Df43NZ+9lr21ZNdyYrjA==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en-us", "B8Px/Te74hi98N2hb9yOAQ==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en-us", "ktZKgREPsk5m13TY9rsX+A==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en-us", "cTVrc75U9YwdI74PAhUYFw==");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"d229fa25f6c9cc1:12e4\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.0.7", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.12.2.3", "\"4ead38b3e6bcd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0d648794549cd1:14f1\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.14.1.0", "\"0e0a4327275cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.15.1.0", "\"0343677cfb1cd1:155b\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.16.0.3", "\"0343677cfb1cd1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.18.0.7", "\"0343677cfb1cd1:1694\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.19.0.3", "\"23c5489aa686ce1:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.9.0.3", "\"801a319dd78ccc1:12e4\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3018509", "\"9971ee9815a5fc569766cf6ddcaaca8e\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/equalizer_dead.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/minimize.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/play.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/stop.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/StarFleet/vol.gif", "\"09586ee4e19c81:0\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE", "\"c89bcb7d9350c7350a3548054c42b78a\"");
Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"f9512f0385339c40c8d2b94d227065cc\"");
Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Jamie\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\ag3h3zrd.default\\conduitCommon\\modules\\3.9.0.3");
Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.9.0.3");
Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3018509");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3018509");
Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3018509");
Line Deleted : user_pref("CommunityToolbar.globalUserId", "7fb1b9cc-1457-4b0f-8e22-89f53074883a");
Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Fri Feb 24 2012 07:28:55 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", true);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Feb 28 2012 09:47:55 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Tue Feb 28 2012 09:47:47 GMT-0500 (Eastern Standard Time)");
Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Line Deleted : user_pref("CommunityToolbar.notifications.userId", "e79bd290-f960-42fd-9b80-d51ebcd1e85e");
Line Deleted : user_pref("CommunityToolbar.originalHomepage", "chrome://branding/locale/browserconfig.properties");
Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "chrome://browser-region/locale/region.properties");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babclient");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 30);
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "4ac6472a00000000000074de2b3343b3");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15390");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "std");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 30);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.179:39:16");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "22.0");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 119119359);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "czb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "def");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.179:39:16");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babclient");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "4ac6472a00000000000074de2b3343b3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "4ac6472a00000000000074de2b3343b3");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15390");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "std");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "def");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.179:39:16");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("extensions.enabledAddons", "adapter%40babylontc.com:1.0.0.1,ffxtlbr%40babylon.com:1.1.9,ocr%40babylon.com:1.1,rqhunxcomh%40rqhunxcomh.org:1.0,toolbar%40shopathome.com:6.0.5.1,games%40acandy[...]
Line Deleted : user_pref("extensions.sahtb.url.prefs.data", "<ToolbarPrefs>\r\n   <XMLVersion Number=\"{bdd09e8b-8dee-478c-9f4e-0db5e30597cc}\" />\r\n   <AnalyticsURL URL=\"hxxp://www.google-analytics.com/__utm.gif?utmw[...]

-\\ Google Chrome v29.0.1547.76

[ File : C:\Users\Jamie\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [24444 octets] - [30/09/2013 14:08:51]
AdwCleaner[R1].txt - [24505 octets] - [01/10/2013 03:59:49]
AdwCleaner[S0].txt - [24772 octets] - [01/10/2013 04:00:50]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [24833 octets] ##########
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #8 on: October 01, 2013, 12:39:10 PM »

(the search page hi-jacker seems to be gone... its not the first page to pop up when i open a new tab or window.  I appreciate all the help you have provided so far!)

You're welcome. That sounds good.

Disable Malwarebytes' Anti-malware (mbam)
 
We need to disable mbam's realtime protection so it doesn't interfere with any fixes.

  • Right click the mbam system tray icon
  • Uncheck Filesystem Protection & Website Blocking
  • Uncheck Start with windows
  • Reboot your computer for the changes to take effect.
.


TFC

  • Please download TFC by Old Timer to your desktop,
  • Save any unsaved work. TFC will close all open application windows.
  • Right click on TFC.exe and select "Run as Administrator"
  • Click the Start button in the bottom left of TFC
  • If prompted, click "Yes" to reboot.
.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. Only if needed will you be prompted to reboot.



Malwarebytes' Anti-Malware (MBAM)

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:

  • Open Malwarebytes' Anti-Malware
  • Select the Update tab
  • Click Check for Updates
  • After the update have been completed, Select the Scanner tab.
  • Select Perform Quick scan, then click on Scan
  • When done, you will be prompted. Click OK. If Items are found, then click on Show Results
  • Check all items then click on Remove Selected
  • After it has removed the items, Notepad will open. Please post this log in your next reply.

The log can also be found here:

  • C:\Users\All Users\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when the application is started.

    Note: MBAM may ask to reboot your computer so it can continue with the removal process, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
Logged

LicKwiD
Newbie
*
Offline Offline

Date Registered:March 10, 2006, 07:50:36 PM
Posts: 30


« Reply #9 on: October 02, 2013, 03:51:20 AM »

Malwarebytes Anti-Malware (PRO) 1.75.0.1300
www.malwarebytes.org

Database version: v2013.10.02.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16686
Jamie :: JAMIE-LAPTOP [administrator]

Protection: Disabled

10/2/2013 4:45:29 AM
mbam-log-2013-10-02 (04-45-29).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 199678
Time elapsed: 4 minute(s), 51 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #10 on: October 02, 2013, 05:27:56 PM »

Hi

How are things running now? Any further problems?
Logged

LicKwiD
Newbie
*
Offline Offline

Date Registered:March 10, 2006, 07:50:36 PM
Posts: 30


« Reply #11 on: October 03, 2013, 02:52:06 AM »

No I think its back to being clean again.  No Hi-jacker search engine, and I have been able to remove the few programs that would keep re-installing.  Another issue has cleared itself back up as well with not being able to add attachments via web based email.  Laptop seems to run a little smoother.  Is it ok to re-enable the malwarebytes active scanning and start with windows?
Logged
melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #12 on: October 04, 2013, 07:46:56 AM »

Hi

Your log now appears to be clean. Congratulations!
This is my general post for when your logs show no more signs of malware - Please let me know if you still are having problems with your computer and what these problems are.


AdwCleaner

  • Right click AdwCleaner.exe and choose "Run as Administrator" to run it..
  • Click Uninstall.
  • Click Yes to the prompt.
.
AdwCleaner will close and uninstall itself

Note: If AdwCleaner prompts you an update is available, click Cancel and continue to uninstall.



Update Adobe Reader

Your Adobe Reader is out of date.
Older versions may have vulnerabilities that malware can use to infect your system.

  • Go to start > control panel > Programs > programs and features. & uninstall:
    Quote
    Adobe Reader X 10.1.8

    Please visit the Adobe Site & download & install Adobe Reader XI (11.0.4).
  • Then using the internal updater ensure the software is updated to the current increment 11.0.4
    • Open Adobe Reader go to > Help > Check for updates and allow the updater to check.
    • Click to download and install any necessary updates.
    .

    Protection Programs
    Don't forget to re-enable any protection programs we disabled during your fix.


    ---------------------------------------


    General Security and Computer Health
    Below are some steps to follow in order to dramatically lower the chances of reinfection. You may have already implemented some of the steps below, however you should follow any steps that you have not already implemented.

    Create a new, clean System Restore point

    • Click on Start > Control Panel.
    • Double click on System.
    • On the left, click on the System Protection link.
    • At the bottom right hand corner, click on the Create... button.
    • Give this System Restore point a descriptive name and click on Create.
    • You should receive a prompt that a System Restore point is created successfully. Click OK to confirm.
    • Click OK again to close the System Protection window. Then close Control Panel.
    Warning: Do not clear infected System Restore points before creating a new System Restore point first!

    Please read the above to create a new System Restore point first, then clear out the infected System Restore points.


    Clear infected System Restore points

    • Click on Start > All Programs > Accessories > System Tools.
    • Right click on Disk Cleanup and select Run As Administrator to run it. UAC will prompt. Allow it.
    • Select your C drive and click OK.
    • Select the More Options tab.
    • Under System Restore and Shadow Copies, click on the Clean up... button.
    • You will receive a prompt. Click on Delete to delete the old System Restore points.
    • When done, click OK. You will receive another prompt. Click Delete Files to confirm.
    • When done, Disk Cleanup will automatically close.
    .

    Enable UAC

    The User Account Control (UAC) helps protect your PC against malicious software.

    http://windows.microsoft.com/en-US/windows7/products/features/user-account-control

    • Click on Start > Control Panel.
    • In the search box, type uac, and then click Change User Account Control settings.
    • Move the slider to choose when you want to be notified (I recommend at least the Default level).
    • Click OK.
    .
    • Make sure that you keep your antivirus updated
      New viruses come out every minute, so it is essential that you have the latest signatures for your antivirus program to provide you with the best possible protection from malicious software.
      Note: You should only have one antivirus installed at a time. Having more than one antivirus program installed at once is likely to cause conflicts and may well decrease your overall protection as well as impairing the performance of your PC.
    • Security Updates for Windows, Internet Explorer & Microsoft Office
      Whenever a security problem in its software is found, Microsoft will usually create a patch so that after the patch is installed, attackers can't use the vulnerability to install malicious software on your PC.  Keeping up with these patches will help to prevent malicious software being installed on your PC. Manually check for Windows updates via Start > All Programs > Windows Update > In the left pane, click Check for updates, and then wait while Windows looks for the latest updates for your PC, or visit the Microsoft Update site on a regular basis.
      Note: The update process uses ActiveX, so you will need to use internet explorer for it and allow the ActiveX control to install.
    • Update Non-Microsoft Programs
      Microsoft isn't the only company whose products can contain security vulnerabilities.  To check whether other programs running on your PC are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it at least once a month.
    .

    Recommended Programs

    I would recommend the download and installation of some or all of the following programs (if not already present), and the updating of them on a regular basis.

    • WinPatrol
      As a robust security monitor, WinPatrol will alert you to hijackings, malware attacks and critical changes made to your computer without your permission.  WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.  For more information, please visit HERE.
    • Hosts File
      For added protection you may also like to add a host file.  A simple explanation of what a Hosts file does is HERE and for more information regarding host files read HERE.
    .

    Finally I am trying to make one point very clear. It is absolutely essential to keep all of your security programs up to date.

    Also please read this great article by Tony Klein So How Did I Get Infected In First Place

    I'd be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

    Happy surfing and stay clean!
Logged

melboy
Moderator
Hero Member
*****
Offline Offline

Date Registered:April 02, 2009, 02:56:03 AM
Posts: 756



« Reply #13 on: October 19, 2013, 09:28:06 AM »




As this issue appears resolved this Topic is now closed.

The fixes and advice in this thread are for this machine only. Do not apply the instructions from this thread to your own machine.

Any other members requiring Malware Removal assistance, Please Start HERE!


If you have been helped and wish to donate to help with the costs of this volunteer site:
Please Help Support This Site and ASAPô


Thanks!
Logged

Pages: [1]   Go Up
  Print  
 
Jump to:  


Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2013, Simple Machines Valid XHTML 1.0! Valid CSS!