Reply to thread

Message: <blockquote data-quote="LvonB" data-source="post: 282977" data-attributes="member: 29480">I don't have a clue how to use the:aswMBR version 1.0.1.2161 Copyright(c) 2014 AVAST SoftwareRun date: 2014-10-23 19:26:51-----------------------------19:26:51.811  OS Version: Windows 6.1.7601 Service Pack 119:26:51.811  Number of processors: 2 586 0x170619:26:51.815  ComputerName: STLR-PC  UserName: stlr19:26:52.113  Initialze error C0000022 - driver not loaded19:27:08.464  AVAST engine download error: 019:27:38.024  Scan error: Incorrect function.19:27:42.450  Disk 0 statistics 0/0/0 @ -1,#J MB/s19:27:42.451  Scan stopped19:27:45.748  Scan error: Incorrect function.19:28:03.725  The log file has been saved successfully to "C:\Users\stlr\Desktop\aswMBR.txt"# AdwCleaner v4.001 - Report created 22/10/2014 at 23:31:39# Updated 20/10/2014 by Xplode# Database :# Operating System : Windows 7 Professional Service Pack 1 (32 bits)# Username : stlr - STLR-PC# Running from : C:\Users\stlr\Downloads\AdwCleaner.exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****File Found : C:\Users\stlr\AppData\Roaming\Mozilla\Firefox\Profiles\16x6kc6q.default\searchplugins\astromenda.xmlFile Found : C:\Users\stlr\AppData\Roaming\Mozilla\Firefox\Profiles\16x6kc6q.default\user.jsFolder Found : C:\Program Files\file scoutFolder Found : C:\Program Files\MapsGalaxy_39EIFolder Found : C:\Program Files\VideoPerformerFolder Found : C:\ProgramData\2308189059Folder Found : C:\ProgramData\Browser ManagerFolder Found : C:\ProgramData\Tarma InstallerFolder Found : C:\Users\stlr\AppData\Local\GameoFolder Found : C:\Users\stlr\AppData\Local\PutLockerDownloaderFolder Found : C:\Users\stlr\AppData\Local\Temp\AirInstallerFolder Found : C:\Users\stlr\AppData\Local\torchFolder Found : C:\Users\stlr\AppData\LocalLow\MapsGalaxy_39EIFolder Found : C:\Users\stlr\AppData\Roaming\FunmoodsFolder Found : C:\Users\stlr\AppData\Roaming\GameoFolder Found : C:\Users\stlr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.comFolder Found : C:\Users\stlr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformerFolder Found : C:\Users\stlr\AppData\Roaming\PerformerSoftFolder Found : C:\Users\stlr\AppData\Roaming\WebExtend***** [ Scheduled Tasks ] *****Task Found : FunmoodsTask Found : LaunchSignup***** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKCU\Software\1ClickDownloadKey Found : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Found : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EIKey Found : HKCU\Software\AppDataLow\Software\SmartBarKey Found : HKCU\Software\ClickConnectKey Found : HKCU\Software\ConduitKey Found : HKCU\Software\filescoutKey Found : HKCU\Software\FunmoodsKey Found : HKCU\Software\ilividKey Found : HKCU\Software\InstallCoreKey Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Found : HKCU\Software\systweakKey Found : HKCU\Software\torchKey Found : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Found : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Found : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279411Key Found : HKLM\SOFTWARE\ConduitKey Found : HKLM\SOFTWARE\InstallCoreKey Found : HKLM\SOFTWARE\MapsGalaxy_39EIKey Found : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32Key Found : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCSKey Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}Key Found : HKLM\SOFTWARE\Tarma InstallerKey Found : HKLM\SOFTWARE\torchValue Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17344-\\ Mozilla Firefox v32.0.3 (x86 en-US)[16x6kc6q.default] - Line Found : user_pref("CT3279411_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361928092224,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");[16x6kc6q.default] - Line Found : user_pref("Smartbar.ConduitHomepagesList", "");[16x6kc6q.default] - Line Found : user_pref("Smartbar.ConduitSearchEngineList", "");[16x6kc6q.default] - Line Found : user_pref("Smartbar.ConduitSearchUrlList", "");[16x6kc6q.default] - Line Found : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=2354520593834836&o=APN10645&q=");[16x6kc6q.default] - Line Found : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279411");[16x6kc6q.default] - Line Found : user_pref("browser.search.defaultenginename", "Astromenda");[16x6kc6q.default] - Line Found : user_pref("browser.search.defaultthis.engineName", "appbario12 Customized Web Search");[16x6kc6q.default] - Line Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279411&SearchSource=3&q={searchTerms}&CUI=UN14353232782267721");[16x6kc6q.default] - Line Found : user_pref("browser.search.order.1", "Search Results");[16x6kc6q.default] - Line Found : user_pref("browser.search.selectedEngine", "Astromenda");[16x6kc6q.default] - Line Found : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyE[...][16x6kc6q.default] - Line Found : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutC[...][16x6kc6q.default] - Line Found : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");[16x6kc6q.default] - Line Found : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");[16x6kc6q.default] - Line Found : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1Czu[...][16x6kc6q.default] - Line Found : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279411&SearchSource=2&CUI=UN14353232782267721&UM=UM_ID&q=");[16x6kc6q.default] - Line Found : user_pref("smartBar.searchInNewTabOwner", "CT3279411");*************************AdwCleaner[R0].txt - [8306 octets] - [22/10/2014 23:31:39]########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [8366 octets] ########## AdwCleaner v4.001 - Report created 22/10/2014 at 23:48:42# Updated 20/10/2014 by Xplode# Database : 2014-10-21.1# Operating System : Windows 7 Professional Service Pack 1 (32 bits)# Username : stlr - STLR-PC# Running from : C:\Users\stlr\Downloads\AdwCleaner(1).exe# Option : Scan***** [ Services ] ********** [ Files / Folders ] *****Folder Found : C:\Program Files\Enigma Software GroupFolder Found : C:\ProgramData\Browser Manager***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Key Found : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Found : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Found : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Found : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}Key Found : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}Key Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Found : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Found : HKLM\SOFTWARE\Classes\Toolbar.CT3279411Key Found : HKLM\SOFTWARE\EnigmaSoftwareGroupKey Found : HKLM\SOFTWARE\TermTutorValue Found : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [<a href="mailto:termtutor@termtutor.com">termtutor@termtutor.com</a>]Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]Value Found : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17344-\\ Mozilla Firefox v32.0.3 (x86 en-US)*************************AdwCleaner[R0].txt - [8446 octets] - [22/10/2014 23:31:39]AdwCleaner[R1].txt - [2301 octets] - [22/10/2014 23:48:42]AdwCleaner[S0].txt - [8688 octets] - [22/10/2014 23:36:13]########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2421 octets] ########### AdwCleaner v4.001 - Report created 22/10/2014 at 23:36:13# DB v# Updated 20/10/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (32 bits)# Username : stlr - STLR-PC# Running from : C:\Users\stlr\Downloads\AdwCleaner.exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****Folder Deleted : C:\Users\stlr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\1clickmoviedownloader.comFolder Deleted : C:\ProgramData\2308189059Folder Deleted : C:\Users\stlr\AppData\Local\Temp\AirInstaller[!] Folder Deleted : C:\ProgramData\Browser ManagerFolder Deleted : C:\Program Files\file scoutFolder Deleted : C:\Users\stlr\AppData\Roaming\FunmoodsFolder Deleted : C:\Users\stlr\AppData\Local\GameoFolder Deleted : C:\Users\stlr\AppData\Roaming\GameoFolder Deleted : C:\Program Files\MapsGalaxy_39EIFolder Deleted : C:\Users\stlr\AppData\LocalLow\MapsGalaxy_39EIFolder Deleted : C:\Users\stlr\AppData\Roaming\PerformerSoftFolder Deleted : C:\Users\stlr\AppData\Local\PutLockerDownloaderFolder Deleted : C:\ProgramData\Tarma InstallerFolder Deleted : C:\Users\stlr\AppData\Local\torchFolder Deleted : C:\Program Files\VideoPerformerFolder Deleted : C:\Users\stlr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VideoPerformerFolder Deleted : C:\Users\stlr\AppData\Roaming\WebExtendFile Deleted : C:\Users\stlr\AppData\Roaming\Mozilla\Firefox\Profiles\16x6kc6q.default\searchplugins\astromenda.xmlFile Deleted : C:\Users\stlr\AppData\Roaming\Mozilla\Firefox\Profiles\16x6kc6q.default\user.js***** [ Scheduled Tasks ] *****Task Deleted : FunmoodsTask Deleted : LaunchSignup***** [ Shortcuts ] ********** [ Registry ] *****Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancsKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\FunmoodsSetup_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividMediaBar_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetup_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\VideoPerformerSetup_RASMANCSKey Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASAPI32Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\YontooDesktop_RASMANCSKey Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279411Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8F0B76E1-4E46-427B-B55B-B90593468AC6}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2E00D31D-D171-423D-836D-1A4D7EA7F1A9}Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]Key Deleted : HKCU\Software\1ClickDownloadKey Deleted : HKCU\Software\ClickConnectKey Deleted : HKCU\Software\ConduitKey Deleted : HKCU\Software\filescoutKey Deleted : HKCU\Software\FunmoodsKey Deleted : HKCU\Software\ilividKey Deleted : HKCU\Software\InstallCoreKey Deleted : HKCU\Software\systweakKey Deleted : HKCU\Software\torchKey Deleted : HKCU\Software\AppDataLow\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKCU\Software\AppDataLow\Software\MapsGalaxy_39EIKey Deleted : HKCU\Software\AppDataLow\Software\SmartBarKey Deleted : HKLM\SOFTWARE\{1146AC44-2F03-4431-B4FD-889BC837521F}Key Deleted : HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}Key Deleted : HKLM\SOFTWARE\{6791A2F3-FC80-475C-A002-C014AF797E9C}Key Deleted : HKLM\SOFTWARE\ConduitKey Deleted : HKLM\SOFTWARE\InstallCoreKey Deleted : HKLM\SOFTWARE\MapsGalaxy_39EIKey Deleted : HKLM\SOFTWARE\Tarma InstallerKey Deleted : HKLM\SOFTWARE\torch***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17344-\\ Mozilla Firefox v32.0.3 (x86 en-US)[16x6kc6q.default] - Line Deleted : user_pref("CT3279411_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\":1361928092224,\"isWithState\":\"\",\"timeFromStart\":0,\"timeFromPrev\":0}]");[16x6kc6q.default] - Line Deleted : user_pref("Smartbar.ConduitHomepagesList", "");[16x6kc6q.default] - Line Deleted : user_pref("Smartbar.ConduitSearchEngineList", "");[16x6kc6q.default] - Line Deleted : user_pref("Smartbar.ConduitSearchUrlList", "");[16x6kc6q.default] - Line Deleted : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://dts.search-results.com/sr?src=ffb&gct=ds&appid=400&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&apn_uid=2354520593834836&o=APN10645&q=");[16x6kc6q.default] - Line Deleted : user_pref("Smartbar.keywordURLSelectedCTID", "CT3279411");[16x6kc6q.default] - Line Deleted : user_pref("browser.search.defaultenginename", "Astromenda");[16x6kc6q.default] - Line Deleted : user_pref("browser.search.defaultthis.engineName", "appbario12 Customized Web Search");[16x6kc6q.default] - Line Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279411&SearchSource=3&q={searchTerms}&CUI=UN14353232782267721");[16x6kc6q.default] - Line Deleted : user_pref("browser.search.order.1", "Search Results");[16x6kc6q.default] - Line Deleted : user_pref("browser.search.selectedEngine", "Astromenda");[16x6kc6q.default] - Line Deleted : user_pref("extensions.astrmndasr.hmpgUrl", "hxxp://astromenda.com/?f=1&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutCyE[...][16x6kc6q.default] - Line Deleted : user_pref("extensions.astrmndasr.newTabUrl", "hxxp://astromenda.com/?f=2&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1CzutC[...][16x6kc6q.default] - Line Deleted : user_pref("extensions.astrmndasr.prtnrId", "WSE_Astromenda");[16x6kc6q.default] - Line Deleted : user_pref("extensions.astrmndasr.srchPrvdr", "Astromenda");[16x6kc6q.default] - Line Deleted : user_pref("extensions.astrmndasr.tlbrSrchUrl", "hxxp://astromenda.com/?f=3&a=ast_clickconnect_14_38_ff&cd=2XzuyEtN2Y1L1QzutDtDtBtCyD0DyCtBzztDyD0CyC0EyB0CtN0D0Tzu0SzyzytDtN1L2XzutAtFtBtFtCtFyDtN1L1Czu[...][16x6kc6q.default] - Line Deleted : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3279411&SearchSource=2&CUI=UN14353232782267721&UM=UM_ID&q=");[16x6kc6q.default] - Line Deleted : user_pref("smartBar.searchInNewTabOwner", "CT3279411");*************************AdwCleaner[R0].txt - [8446 octets] - [22/10/2014 23:31:39]AdwCleaner[S0].txt - [8548 octets] - [22/10/2014 23:36:13]########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [8608 octets] ########## AdwCleaner v4.001 - Report created 22/10/2014 at 23:51:07# DB v2014-10-21.1# Updated 20/10/2014 by Xplode# Operating System : Windows 7 Professional Service Pack 1 (32 bits)# Username : stlr - STLR-PC# Running from : C:\Users\stlr\Downloads\AdwCleaner(1).exe# Option : Clean***** [ Services ] ********** [ Files / Folders ] *****[#] Folder Deleted : C:\ProgramData\Browser ManagerFolder Deleted : C:\Program Files\Enigma Software Group***** [ Scheduled Tasks ] ********** [ Shortcuts ] ********** [ Registry ] *****Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [<a href="mailto:termtutor@termtutor.com">termtutor@termtutor.com</a>]Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbhoKey Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1Key Deleted : HKLM\SOFTWARE\Classes\Toolbar.CT3279411Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8F0B76E1-4E46-427B-B55B-B90593468AC6}Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDTray.exe]Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDFSSvc.exe]Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdate.exe]Value Deleted : HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List [C:\Program Files\Spybot - Search & Destroy 2\SDUpdSvc.exe]Key Deleted : HKLM\SOFTWARE\EnigmaSoftwareGroupKey Deleted : HKLM\SOFTWARE\TermTutor***** [ Browsers ] *****-\\ Internet Explorer v11.0.9600.17344-\\ Mozilla Firefox v32.0.3 (x86 en-US)*************************AdwCleaner[R0].txt - [8446 octets] - [22/10/2014 23:31:39]AdwCleaner[R1].txt - [2501 octets] - [22/10/2014 23:48:42]AdwCleaner[S0].txt - [8688 octets] - [22/10/2014 23:36:13]AdwCleaner[S1].txt - [2453 octets] - [22/10/2014 23:51:07]########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2513 octets] ##########Malwarebytes Anti-Malware<a href="http://www.malwarebytes.org" target="_blank">www.malwarebytes.org</a>Scan Date: 23/10/14Scan Time: 00:11:22Logfile: malwarebytes scan.txtAdministrator: YesVersion: 2.00.3.1025Malware Database: v2014.10.23.01Rootkit Database: v2014.10.22.01License: TrialMalware Protection: EnabledMalicious Website Protection: EnabledSelf-protection: DisabledOS: Windows 7 Service Pack 1CPU: x86File System: NTFSUser: stlrScan Type: Threat ScanResult: CompletedObjects Scanned: 294115Time Elapsed: 17 min, 14 secMemory: EnabledStartup: EnabledFilesystem: EnabledArchives: EnabledRootkits: DisabledHeuristics: EnabledPUP: EnabledPUM: EnabledProcesses: 0(No malicious items detected)Modules: 0(No malicious items detected)Registry Keys: 1PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD, Quarantined, [dc4119ff027a5bdbc36830f48281718f],Registry Values: 2PUP.Optional.Somoto, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUNONCE|network_smb_saisoftwarecracks, "C:\Users\stlr\AppData\Local\Temp\\BI_RunOnce.exe" /initurl <a href="http://sub.hereon.info/init/N4xKZste6/:uid:?" target="_blank">http://sub.hereon.info/init/N4xKZste6/:uid:?</a> /affid "-" /id "0" /name " " /uniqid N4xKZste6 /uuid 80DA284F-517A-DD11-8023-CD3D98022083 /biosserial 98022083H /biosversion TOSHIB - 20080603 /csname TECRA S10, Quarantined, [9786df39cfad87af2c4e14fcf213956b]PUP.Optional.TermTutor.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TTNFD|ImagePath, system32\drivers\ttnfd.sys, Quarantined, [dc4119ff027a5bdbc36830f48281718f]Registry Data: 0(No malicious items detected)Folders: 4PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\xpi, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\xpi\defaults, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\xpi\defaults\preferences, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],Files: 15PUP.Optional.Somoto, C:\Users\stlr\AppData\Local\Temp\BI_RunOnce.exe, Quarantined, [9786df39cfad87af2c4e14fcf213956b],PUP.Optional.PCPerformer.A, C:\Users\stlr\AppData\Local\Temp\ibtmpc810551\component_358.decrpt, Quarantined, [21fc9c7c483455e141c1db45c33e56aa],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ibtmpc810551\component_514, Quarantined, [27f66dab1c6093a3307c5ce259a7bd43],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\ctbe.exe, Quarantined, [66b748d01a628bab43d3ee319967d52b],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\ieLogic.exe, Quarantined, [39e42eea710bf34399a773bfa55cb749],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\statisticsStub.exe, Quarantined, [48d51008f3891620269e28f45ea33dc3],PUP.Optional.SweetPacks.A, C:\Users\stlr\AppData\Local\Temp\BundleSweetIMSetup.exe, Quarantined, [4fce869293e964d2f6de929c778c619f],PUP.Optional.Babylon.A, C:\Users\stlr\AppData\Local\Temp\MybabylonTB.exe, Quarantined, [8697bd5bbbc166d0706636f860a3e719],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\chromeid.txt, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\conduit.xml, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\CT3279411.xpi, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\setup.ini.txt, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\version.txt, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\xpi\install.rdf, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],PUP.Optional.Conduit.A, C:\Users\stlr\AppData\Local\Temp\ct3279411\xpi\defaults\preferences\defaults.js, Quarantined, [0e0f5dbbf587a88eeab4c828f40eba46],Physical Sectors: 0(No malicious items detected)(end)</blockquote>

Verification

Top