Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
nsa virus moneypak
Message
<blockquote data-quote="magnolia245" data-source="post: 142434" data-attributes="member: 14396"><p># AdwCleaner v3.010 - Report created 31/10/2013 at 10:47:14</p><p># Updated 20/10/2013 by Xplode</p><p># Operating System : Microsoft Windows XP Service Pack 3 (32 bits)</p><p># Username : CPW - PETER</p><p># Running from : C:\Documents and Settings\CPW\Desktop\AdwCleaner.exe</p><p># Option : Clean</p><p></p><p>***** [ Services ] *****</p><p></p><p>Service Deleted : Application Updater</p><p></p><p>***** [ Files / Folders ] *****</p><p></p><p>Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search</p><p>Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar</p><p>Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic</p><p>Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro</p><p>Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium</p><p>Folder Deleted : C:\Documents and Settings\All Users\Application Data\SpeedyPC Software</p><p>Folder Deleted : C:\Program Files\Application Updater</p><p>Folder Deleted : C:\Program Files\AVG Secure Search</p><p>Folder Deleted : C:\Program Files\IObit Apps Toolbar</p><p>Folder Deleted : C:\Program Files\registry mechanic</p><p>Folder Deleted : C:\Program Files\Common Files\AVG Secure Search</p><p>Folder Deleted : C:\Program Files\Common Files\ParetoLogic</p><p>Folder Deleted : C:\Program Files\Common Files\spigot</p><p>Folder Deleted : C:\Documents and Settings\CPW\Local Settings\Application Data\AVG Secure Search</p><p>Folder Deleted : C:\Documents and Settings\CPW\Local Settings\Application Data\AVG Security Toolbar</p><p>Folder Deleted : C:\Documents and Settings\CPW\Local Settings\Application Data\PackageAware</p><p>Folder Deleted : C:\Documents and Settings\CPW\Application Data\AVG Secure Search</p><p>Folder Deleted : C:\Documents and Settings\CPW\Application Data\DriverCure</p><p>Folder Deleted : C:\Documents and Settings\CPW\Application Data\registry mechanic</p><p>Folder Deleted : C:\Documents and Settings\CPW\Application Data\Search Settings</p><p>Folder Deleted : C:\Documents and Settings\CPW\Application Data\SpeedyPC Software</p><p>Folder Deleted : C:\Documents and Settings\CPW\Application Data\Mozilla\Firefox\Profiles\mknq500a.default\ConduitCommon</p><p>Folder Deleted : C:\Documents and Settings\CPW\Application Data\Mozilla\Firefox\Profiles\mknq500a.default\Extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1}</p><p>[!] Folder Deleted : C:\Documents and Settings\CPW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof</p><p>File Deleted : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e136b25o.default\.autoreg</p><p>File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml</p><p>File Deleted : C:\Documents and Settings\CPW\Application Data\Mozilla\Firefox\Profiles\mknq500a.default\user.js</p><p>File Deleted : C:\WINDOWS\Tasks\paretologic registration3.job</p><p>File Deleted : C:\WINDOWS\Tasks\paretologic update version3.job</p><p></p><p>***** [ Shortcuts ] *****</p><p></p><p></p><p>***** [ Registry ] *****</p><p></p><p>Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]</p><p>Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\driverscanner</p><p>Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho</p><p>Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol</p><p>Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi</p><p>Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions</p><p>Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1</p><p>Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE</p><p>Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]</p><p>Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}</p><p>Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C}</p><p>Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}</p><p>Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}]</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]</p><p>Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]</p><p>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}]</p><p>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}]</p><p>Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}]</p><p>Key Deleted : HKCU\Software\AVG Secure Search</p><p>Key Deleted : HKCU\Software\AVG Security Toolbar</p><p>Key Deleted : HKCU\Software\ParetoLogic</p><p>Key Deleted : HKCU\Software\pc optimizer pro</p><p>Key Deleted : HKCU\Software\Search Settings</p><p>Key Deleted : HKCU\Software\SpeedyPC Software</p><p>Key Deleted : HKCU\Software\YahooPartnerToolbar</p><p>Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings</p><p>Key Deleted : HKLM\Software\Application Updater</p><p>Key Deleted : HKLM\Software\AVG Secure Search</p><p>Key Deleted : HKLM\Software\AVG Security Toolbar</p><p>Key Deleted : HKLM\Software\ParetoLogic</p><p>Key Deleted : HKLM\Software\pc optimizer pro</p><p>Key Deleted : HKLM\Software\Search Settings</p><p>Key Deleted : HKLM\Software\SpeedyPC Software</p><p>Key Deleted : HKLM\Software\Uniblue\DriverScanner</p><p>Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search</p><p>Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9</p><p>Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24</p><p>Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607</p><p>Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F</p><p>Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21</p><p>Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF</p><p></p><p>***** [ Browsers ] *****</p><p></p><p>-\\ Internet Explorer v8.0.6001.18702</p><p></p><p></p><p>-\\ Mozilla Firefox v3.6.13 (en-US)</p><p></p><p>[ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e136b25o.default\prefs.js ]</p><p></p><p></p><p>[ File : C:\Documents and Settings\CPW\Application Data\Mozilla\Firefox\Profiles\mknq500a.default\prefs.js ]</p><p></p><p>Line Deleted : user_pref("CT3196716..clientLogIsEnabled", false);</p><p>Line Deleted : user_pref("CT3196716..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent");</p><p>Line Deleted : user_pref("CT3196716..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation");</p><p>Line Deleted : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false);</p><p>Line Deleted : user_pref("CT3196716.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");</p><p>Line Deleted : user_pref("CT3196716.AppTrackingLastCheckTime", "Tue Aug 28 2012 08:25:23 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_129774122767598898", true);</p><p>Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_3263554499264134319", true);</p><p>Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_4711547172607932304", true);</p><p>Line Deleted : user_pref("CT3196716.CT3196716", "CT3196716");</p><p>Line Deleted : user_pref("CT3196716.CurrentServerDate", "19-9-2012");</p><p>Line Deleted : user_pref("CT3196716.DSInstall", false);</p><p>Line Deleted : user_pref("CT3196716.DialogsAlignMode", "LTR");</p><p>Line Deleted : user_pref("CT3196716.DialogsGetterLastCheckTime", "Wed Sep 19 2012 11:26:43 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.DownloadReferralCookieData", "");</p><p>Line Deleted : user_pref("CT3196716.EMailNotifierPollDate", "Wed Sep 19 2012 14:09:59 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129755756828511878", "Wed Sep 19 2012 11:26:41 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129757581393447276", "Wed Sep 19 2012 11:26:41 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129844886196746599", "Wed Aug 15 2012 16:15:29 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129844886197059098", "Wed Aug 15 2012 16:15:29 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.FirstServerDate", "11-7-2012");</p><p>Line Deleted : user_pref("CT3196716.FirstTime", true);</p><p>Line Deleted : user_pref("CT3196716.FirstTimeFF3", true);</p><p>Line Deleted : user_pref("CT3196716.FirstTimeHiddenVer", true);</p><p>Line Deleted : user_pref("CT3196716.FixPageNotFoundErrors", true);</p><p>Line Deleted : user_pref("CT3196716.GroupingServerCheckInterval", 1440);</p><p>Line Deleted : user_pref("CT3196716.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");</p><p>Line Deleted : user_pref("CT3196716.HPInstall", false);</p><p>Line Deleted : user_pref("CT3196716.HasUserGlobalKeys", true);</p><p>Line Deleted : user_pref("CT3196716.HomePageProtectorEnabled", false);</p><p>Line Deleted : user_pref("CT3196716.HomepageBeforeUnload", "resource:/browserconfig.properties");</p><p>Line Deleted : user_pref("CT3196716.Initialize", true);</p><p>Line Deleted : user_pref("CT3196716.InitializeCommonPrefs", true);</p><p>Line Deleted : user_pref("CT3196716.InstallationAndCookieDataSentCount", 3);</p><p>Line Deleted : user_pref("CT3196716.InstallationType", "Unknown");</p><p>Line Deleted : user_pref("CT3196716.InstalledDate", "Tue Jul 10 2012 17:37:06 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.InvalidateCache", false);</p><p>Line Deleted : user_pref("CT3196716.IsAlertDBUpdated", true);</p><p>Line Deleted : user_pref("CT3196716.IsGrouping", false);</p><p>Line Deleted : user_pref("CT3196716.IsInitSetupIni", true);</p><p>Line Deleted : user_pref("CT3196716.IsMulticommunity", false);</p><p>Line Deleted : user_pref("CT3196716.IsOpenThankYouPage", true);</p><p>Line Deleted : user_pref("CT3196716.IsOpenUninstallPage", true);</p><p>Line Deleted : user_pref("CT3196716.IsProtectorsInit", true);</p><p>Line Deleted : user_pref("CT3196716.LanguagePackLastCheckTime", "Wed Sep 19 2012 11:26:43 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.LanguagePackReloadIntervalMM", 1440);</p><p>Line Deleted : user_pref("CT3196716.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx");</p><p>Line Deleted : user_pref("CT3196716.LastLogin_3.13.0.6", "Wed Sep 19 2012 11:26:43 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.LatestVersion", "3.13.0.6");</p><p>Line Deleted : user_pref("CT3196716.Locale", "en");</p><p>Line Deleted : user_pref("CT3196716.MCDetectTooltipHeight", "83");</p><p>Line Deleted : user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");</p><p>Line Deleted : user_pref("CT3196716.MCDetectTooltipWidth", "295");</p><p>Line Deleted : user_pref("CT3196716.MyStuffEnabledAtInstallation", true);</p><p>Line Deleted : user_pref("CT3196716.OriginalFirstVersion", "3.13.0.6");</p><p>Line Deleted : user_pref("CT3196716.RadioIsPodcast", false);</p><p>Line Deleted : user_pref("CT3196716.RadioLastCheckTime", "Wed Sep 19 2012 11:26:45 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.RadioLastUpdateIPServer", "3");</p><p>Line Deleted : user_pref("CT3196716.RadioLastUpdateServer", "3");</p><p>Line Deleted : user_pref("CT3196716.RadioMediaID", "9962");</p><p>Line Deleted : user_pref("CT3196716.RadioMediaType", "Media Player");</p><p>Line Deleted : user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT31967169962");</p><p>Line Deleted : user_pref("CT3196716.RadioShrinkedFromSetup", false);</p><p>Line Deleted : user_pref("CT3196716.RadioStationName", "California%20Rock");</p><p>Line Deleted : user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx");</p><p>Line Deleted : user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search");</p><p>Line Deleted : user_pref("CT3196716.SearchEngineBeforeUnload", "Yahoo");</p><p>Line Deleted : user_pref("CT3196716.SearchFromAddressBarIsInit", true);</p><p>Line Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3230028&SearchSource=2&q=");</p><p>Line Deleted : user_pref("CT3196716.SearchInNewTabEnabled", true);</p><p>Line Deleted : user_pref("CT3196716.SearchInNewTabIntervalMM", 1440);</p><p>Line Deleted : user_pref("CT3196716.SearchInNewTabLastCheckTime", "Wed Sep 19 2012 11:26:41 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID");</p><p>Line Deleted : user_pref("CT3196716.SearchProtectorEnabled", false);</p><p>Line Deleted : user_pref("CT3196716.SearchProtectorToolbarDisabled", false);</p><p>Line Deleted : user_pref("CT3196716.SendProtectorDataViaLogin", true);</p><p>Line Deleted : user_pref("CT3196716.ServiceMapLastCheckTime", "Wed Sep 19 2012 11:26:41 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.SettingsLastCheckTime", "Wed Sep 19 2012 14:09:57 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.SettingsLastUpdate", "1347263642");</p><p>Line Deleted : user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3230028&SearchSource=13");</p><p>Line Deleted : user_pref("CT3196716.ThirdPartyComponentsInterval", 504);</p><p>Line Deleted : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Thu Sep 06 2012 19:04:51 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997");</p><p>Line Deleted : user_pref("CT3196716.ToolbarShrinkedFromSetup", false);</p><p>Line Deleted : user_pref("CT3196716.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3196716");</p><p>Line Deleted : user_pref("CT3196716.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]</p><p>Line Deleted : user_pref("CT3196716.UserID", "UN29353480679681254");</p><p>Line Deleted : user_pref("CT3196716.ValidationData_Toolbar", 2);</p><p>Line Deleted : user_pref("CT3196716.WeatherNetwork", "");</p><p>Line Deleted : user_pref("CT3196716.WeatherPollDate", "Wed Sep 19 2012 14:10:08 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.WeatherUnit", "F");</p><p>Line Deleted : user_pref("CT3196716.alertChannelId", "1613210");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.cb_experience_000", "37");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.cb_firstuse0100", "31");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.cb_user_id_000", "43423730373538353234343739355F46697265666F78");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.cbcountry_001", "5553");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.cbfirsttime", "576564204A756C20313120323031322030393A35313A343220474D542D3034303020284561737465726E204461796C696768742054696D6529");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.event_data", "253542253544");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.fired_events", "");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.key_date", "3139");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.exipres", "4D6F6E2053657020323420323031322031313A32363A343720474D542D3034303020284561737465726E204461796C696768742054696D6529");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573");</p><p>Line Deleted : user_pref("CT3196716.backendstorage.url_history0001", "687474703A2F2F7777772E6D63616665652E636F6D2F617070732F667265652D746F6F6C732F7465726D736F667573652E617370783F75726C3D2F75732F646F776E6C6F6164732F6[...]</p><p>Line Deleted : user_pref("CT3196716.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...]</p><p>Line Deleted : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Thu Sep 13 2012 09:31:11 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.homepageProtectorEnableByLogin", true);</p><p>Line Deleted : user_pref("CT3196716.initDone", true);</p><p>Line Deleted : user_pref("CT3196716.isAppTrackingManagerOn", false);</p><p>Line Deleted : user_pref("CT3196716.isFirstRadioInstallation", false);</p><p>Line Deleted : user_pref("CT3196716.isRevertToBase", true);</p><p>Line Deleted : user_pref("CT3196716.myStuffEnabled", true);</p><p>Line Deleted : user_pref("CT3196716.myStuffPublihserMinWidth", 400);</p><p>Line Deleted : user_pref("CT3196716.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID");</p><p>Line Deleted : user_pref("CT3196716.myStuffServiceIntervalMM", 1440);</p><p>Line Deleted : user_pref("CT3196716.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT");</p><p>Line Deleted : user_pref("CT3196716.navigateToUrlOnSearch", false);</p><p>Line Deleted : user_pref("CT3196716.oldAppsList", "129844886193934115,129844886196434100,111,129844886196746599,129844886197059098,1000082,1000234,1000034,129876925791481060,129844886198309094,129844886198621593,326[...]</p><p>Line Deleted : user_pref("CT3196716.revertSettingsEnabled", false);</p><p>Line Deleted : user_pref("CT3196716.searchProtectorDialogDelayInSec", 10);</p><p>Line Deleted : user_pref("CT3196716.searchProtectorEnableByLogin", true);</p><p>Line Deleted : user_pref("CT3196716.testingCtid", "CT3230028");</p><p>Line Deleted : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Wed Sep 19 2012 11:26:43 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Thu Sep 06 2012 19:04:53 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CT3196716.usagesFlag", 2);</p><p>Line Deleted : user_pref("CT3230028.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...]</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3196716/CT3196716", "\"169cafff13ecdda0aec439f00cc2fa352\"");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3230028/CT3230028", "\"62be2d848ed0d730914f237e4e6afdf42\"");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1667895/1660359/US", "\"0\"");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3196716", "\"1340259244\"");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3230028", "\"1340015020\"");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A==");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA==");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA==");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw==");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:151f\"");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0e0a4327275cd1:151f\"");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3196716", "\"f1c77625c0e9bd1c80a2fd6901845fa9\"");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3230028", "\"c912886ea3ba021d3a9ef2d6ad700899\"");</p><p>Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9df6571d7c57f86c70978aa18a1ecbea\"");</p><p>Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\CPW\\Application Data\\Mozilla\\Firefox\\Profiles\\mknq500a.default\\conduitCommon\\modules\\3.13.0.6");</p><p>Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6");</p><p>Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p=");</p><p>Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3196716");</p><p>Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3196716");</p><p>Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3196716");</p><p>Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 15 2012 16:18:02 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CommunityToolbar.globalUserId", "4d531829-12e4-4cd2-9bf5-31e570ffd67e");</p><p>Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);</p><p>Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 15 2012 22:16:08 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false);</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60);</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jul 10 2012 17:37:08 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en");</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Sep 19 2012 11:26:46 GMT-0400 (Eastern Daylight Time)");</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);</p><p>Line Deleted : user_pref("CommunityToolbar.notifications.userId", "73fe9205-dd08-49f1-9a0a-a02d3855f78f");</p><p>Line Deleted : user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties");</p><p>Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Yahoo");</p><p>Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\12.2.5.32");</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=95C09887-79DF-44BE-BDD6-8C36FB028B40&n=77ee10fb&ptnrS=XPman000");</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true);</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", "");</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012090619");</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPman000");</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", "");</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true);</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "95C09887-79DF-44BE-BDD6-8C36FB028B40");</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1348068398454");</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false);</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false);</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false);</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false);</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", "");</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "29201");</p><p>Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com");</p><p></p><p>-\\ Google Chrome v30.0.1599.101</p><p></p><p>[ File : C:\Documents and Settings\CPW\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ]</p><p></p><p></p><p>*************************</p><p></p><p>AdwCleaner[R0].txt - [29982 octets] - [31/10/2013 10:45:36]</p><p>AdwCleaner[S0].txt - [30588 octets] - [31/10/2013 10:47:14]</p><p></p><p>########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30649 octets] ##########</p><p></p><p>RogueKiller V8.7.6 [Oct 28 2013] by Tigzy</p><p>mail : tigzyRK<at>gmail<dot>com</p><p>Feedback : http://www.adlice.com/forum/</p><p>Website : http://www.adlice.com/softwares/roguekiller/</p><p>Blog : http://tigzyrk.blogspot.com/</p><p></p><p>Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version</p><p>Started in : Normal mode</p><p>User : CPW [Admin rights]</p><p>Mode : Remove -- Date : 10/31/2013 11:00:05</p><p>| ARK || FAK || MBR |</p><p></p><p>¤¤¤ Bad processes : 0 ¤¤¤</p><p></p><p>¤¤¤ Registry Entries : 1 ¤¤¤</p><p>[HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)</p><p></p><p>¤¤¤ Scheduled tasks : 1 ¤¤¤</p><p>[V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\WINDOWS\TEMP\{2B2F280E-8104-4AF7-A3C6-16BB0F04852A}.exe - --uninstall=1 [x] -> DELETED</p><p></p><p>¤¤¤ Startup Entries : 2 ¤¤¤</p><p>[LocalService][SUSP UNIC] Maxtor EasyManage?.lnk : C:\Documents and Settings\LocalService\Start Menu\Programs\Startup\Maxtor EasyManage?.lnk [x] -> </p><p>[NetworkService][SUSP UNIC] Maxtor EasyManage?.lnk : C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\Maxtor EasyManage?.lnk [x] -> </p><p></p><p>¤¤¤ Web browsers : 1 ¤¤¤</p><p></p><p>¤¤¤ Particular Files / Folders: ¤¤¤</p><p>[ZeroAccess][Folder] U : C:\Documents and Settings\CPW\Local Settings\Application Data\{44d0e339-4172-5a4e-c336-07a0b263fef5}\U [-] --> DELETED</p><p>[ZeroAccess][Folder] L : C:\Documents and Settings\CPW\Local Settings\Application Data\{44d0e339-4172-5a4e-c336-07a0b263fef5}\L [-] --> DELETED</p><p></p><p>¤¤¤ Driver : [LOADED] ¤¤¤</p><p>[Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA8605A24)</p><p>[Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA8605B70)</p><p></p><p>¤¤¤ External Hives: ¤¤¤</p><p></p><p>¤¤¤ Infection : ZeroAccess ¤¤¤</p><p></p><p>¤¤¤ HOSTS File: ¤¤¤</p><p>--> %SystemRoot%\System32\drivers\etc\hosts</p><p></p><p></p><p>127.0.0.1 localhost</p><p>127.0.0.1 www.007guard.com</p><p>127.0.0.1 007guard.com</p><p>127.0.0.1 008i.com</p><p>127.0.0.1 www.008k.com</p><p>127.0.0.1 008k.com</p><p>127.0.0.1 www.00hq.com</p><p>127.0.0.1 00hq.com</p><p>127.0.0.1 010402.com</p><p>127.0.0.1 www.032439.com</p><p>127.0.0.1 032439.com</p><p>127.0.0.1 www.0scan.com</p><p>127.0.0.1 0scan.com</p><p>127.0.0.1 1000gratisproben.com</p><p>127.0.0.1 www.1000gratisproben.com</p><p>127.0.0.1 1001namen.com</p><p>127.0.0.1 www.1001namen.com</p><p>127.0.0.1 100888290cs.com</p><p>127.0.0.1 www.100888290cs.com</p><p>127.0.0.1 www.100sexlinks.com</p><p>[...]</p><p></p><p></p><p>¤¤¤ MBR Check: ¤¤¤</p><p></p><p>+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MHV2040AH +++++</p><p>--- User ---</p><p>[MBR] ad361b15c0b8a11de893a4095f42e8ea</p><p>[BSP] 43a93dad14f188a51be236d04433a179 : Windows XP MBR Code</p><p>Partition table:</p><p>0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo</p><p>User = LL1 ... OK!</p><p>User = LL2 ... OK!</p><p></p><p>Finished : << RKreport[0]_D_10312013_110005.txt >></p><p>RKreport[0]_S_10312013_105901.txt</p><p></p><p></p><p></p><p>Thanks for your help.</p></blockquote><p></p>
[QUOTE="magnolia245, post: 142434, member: 14396"] # AdwCleaner v3.010 - Report created 31/10/2013 at 10:47:14 # Updated 20/10/2013 by Xplode # Operating System : Microsoft Windows XP Service Pack 3 (32 bits) # Username : CPW - PETER # Running from : C:\Documents and Settings\CPW\Desktop\AdwCleaner.exe # Option : Clean ***** [ Services ] ***** Service Deleted : Application Updater ***** [ Files / Folders ] ***** Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar Folder Deleted : C:\Documents and Settings\All Users\Application Data\ParetoLogic Folder Deleted : C:\Documents and Settings\All Users\Application Data\PC Optimizer Pro Folder Deleted : C:\Documents and Settings\All Users\Application Data\Premium Folder Deleted : C:\Documents and Settings\All Users\Application Data\SpeedyPC Software Folder Deleted : C:\Program Files\Application Updater Folder Deleted : C:\Program Files\AVG Secure Search Folder Deleted : C:\Program Files\IObit Apps Toolbar Folder Deleted : C:\Program Files\registry mechanic Folder Deleted : C:\Program Files\Common Files\AVG Secure Search Folder Deleted : C:\Program Files\Common Files\ParetoLogic Folder Deleted : C:\Program Files\Common Files\spigot Folder Deleted : C:\Documents and Settings\CPW\Local Settings\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\CPW\Local Settings\Application Data\AVG Security Toolbar Folder Deleted : C:\Documents and Settings\CPW\Local Settings\Application Data\PackageAware Folder Deleted : C:\Documents and Settings\CPW\Application Data\AVG Secure Search Folder Deleted : C:\Documents and Settings\CPW\Application Data\DriverCure Folder Deleted : C:\Documents and Settings\CPW\Application Data\registry mechanic Folder Deleted : C:\Documents and Settings\CPW\Application Data\Search Settings Folder Deleted : C:\Documents and Settings\CPW\Application Data\SpeedyPC Software Folder Deleted : C:\Documents and Settings\CPW\Application Data\Mozilla\Firefox\Profiles\mknq500a.default\ConduitCommon Folder Deleted : C:\Documents and Settings\CPW\Application Data\Mozilla\Firefox\Profiles\mknq500a.default\Extensions\{ebd898f8-fcf6-4694-bc3b-eabc7271eeb1} [!] Folder Deleted : C:\Documents and Settings\CPW\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof File Deleted : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e136b25o.default\.autoreg File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\avg-secure-search.xml File Deleted : C:\Documents and Settings\CPW\Application Data\Mozilla\Firefox\Profiles\mknq500a.default\user.js File Deleted : C:\WINDOWS\Tasks\paretologic registration3.job File Deleted : C:\WINDOWS\Tasks\paretologic update version3.job ***** [ Shortcuts ] ***** ***** [ Registry ] ***** Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof Key Deleted : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE Key Deleted : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1 Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj Key Deleted : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1 Key Deleted : HKLM\SOFTWARE\Classes\driverscanner Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.protectorbho.1 Key Deleted : HKLM\SOFTWARE\Classes\protocols\handler\viprotocol Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi Key Deleted : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar Key Deleted : HKLM\SOFTWARE\Classes\toolband.eb_explorerbar.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink Key Deleted : HKLM\SOFTWARE\Classes\toolband.fh_hookeventsink.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem Key Deleted : HKLM\SOFTWARE\Classes\toolband.ipm_printlistitem.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_dialogeventshandler.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_launcher.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager Key Deleted : HKLM\SOFTWARE\Classes\toolband.pm_printmanager.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_bindstatuscallback.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_cancelbuttoneventhandler.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback Key Deleted : HKLM\SOFTWARE\Classes\toolband.pr_printdialogcallback.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband Key Deleted : HKLM\SOFTWARE\Classes\toolband.tbtoolband.1 Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions Key Deleted : HKLM\SOFTWARE\Classes\toolband.useroptions.1 Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE Key Deleted : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1 Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin Key Deleted : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2} Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{327C2873-E90D-4C37-AA9D-10AC9BABA46C} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{94496571-6AC5-4836-82D5-D46260C44B17} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BC9FD17D-30F6-4464-9E53-596A90AFF023} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CC5AD34C-6F10-4CB3-B74A-C2DD4D5060A3} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC} Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{13ABD093-D46F-40DF-A608-47E162EC799D} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8} Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{327C2873-E90D-4C37-AA9D-10AC9BABA46C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{03EB0E9C-7A91-4381-A220-9B52B641CDB1} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{327C2873-E90D-4C37-AA9D-10AC9BABA46C} Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC} Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233} Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829} Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{327C2873-E90D-4C37-AA9D-10AC9BABA46C}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}] Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{CCC7A320-B3CA-4199-B1A6-9F516DD69829}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}] Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{03EB0E9C-7A91-4381-A220-9B52B641CDB1}] Key Deleted : HKCU\Software\AVG Secure Search Key Deleted : HKCU\Software\AVG Security Toolbar Key Deleted : HKCU\Software\ParetoLogic Key Deleted : HKCU\Software\pc optimizer pro Key Deleted : HKCU\Software\Search Settings Key Deleted : HKCU\Software\SpeedyPC Software Key Deleted : HKCU\Software\YahooPartnerToolbar Key Deleted : HKCU\Software\AppDataLow\Software\Search Settings Key Deleted : HKLM\Software\Application Updater Key Deleted : HKLM\Software\AVG Secure Search Key Deleted : HKLM\Software\AVG Security Toolbar Key Deleted : HKLM\Software\ParetoLogic Key Deleted : HKLM\Software\pc optimizer pro Key Deleted : HKLM\Software\Search Settings Key Deleted : HKLM\Software\SpeedyPC Software Key Deleted : HKLM\Software\Uniblue\DriverScanner Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\00E944CB89111313EAF35A0553F547F9 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\53F55AF3F4049ED3FA6EA6F88E414E24 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E4BF4B11615E03C97732FD581AB607 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8CE3DDAB2D152683FBCEB4866BCD2B0F Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AF6CE16AFEA5C9A39B766468A8B35C21 Key Deleted : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FB1E44269B58F433A8C8E671E37CFDCF ***** [ Browsers ] ***** -\\ Internet Explorer v8.0.6001.18702 -\\ Mozilla Firefox v3.6.13 (en-US) [ File : C:\Documents and Settings\LocalService\Application Data\Mozilla\Firefox\Profiles\e136b25o.default\prefs.js ] [ File : C:\Documents and Settings\CPW\Application Data\Mozilla\Firefox\Profiles\mknq500a.default\prefs.js ] Line Deleted : user_pref("CT3196716..clientLogIsEnabled", false); Line Deleted : user_pref("CT3196716..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.asmx/ReportDiagnosticsEvent"); Line Deleted : user_pref("CT3196716..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/RegisterToolbarUninstallation"); Line Deleted : user_pref("CT3196716.ALLOW_SHOWING_HIDDEN_TOOLBAR", false); Line Deleted : user_pref("CT3196716.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx"); Line Deleted : user_pref("CT3196716.AppTrackingLastCheckTime", "Tue Aug 28 2012 08:25:23 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_129774122767598898", true); Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_3263554499264134319", true); Line Deleted : user_pref("CT3196716.BrowserCompStateIsOpen_4711547172607932304", true); Line Deleted : user_pref("CT3196716.CT3196716", "CT3196716"); Line Deleted : user_pref("CT3196716.CurrentServerDate", "19-9-2012"); Line Deleted : user_pref("CT3196716.DSInstall", false); Line Deleted : user_pref("CT3196716.DialogsAlignMode", "LTR"); Line Deleted : user_pref("CT3196716.DialogsGetterLastCheckTime", "Wed Sep 19 2012 11:26:43 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.DownloadReferralCookieData", ""); Line Deleted : user_pref("CT3196716.EMailNotifierPollDate", "Wed Sep 19 2012 14:09:59 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129755756828511878", "Wed Sep 19 2012 11:26:41 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129757581393447276", "Wed Sep 19 2012 11:26:41 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129844886196746599", "Wed Aug 15 2012 16:15:29 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.ExternalComponentPollDate129844886197059098", "Wed Aug 15 2012 16:15:29 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.FirstServerDate", "11-7-2012"); Line Deleted : user_pref("CT3196716.FirstTime", true); Line Deleted : user_pref("CT3196716.FirstTimeFF3", true); Line Deleted : user_pref("CT3196716.FirstTimeHiddenVer", true); Line Deleted : user_pref("CT3196716.FixPageNotFoundErrors", true); Line Deleted : user_pref("CT3196716.GroupingServerCheckInterval", 1440); Line Deleted : user_pref("CT3196716.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/"); Line Deleted : user_pref("CT3196716.HPInstall", false); Line Deleted : user_pref("CT3196716.HasUserGlobalKeys", true); Line Deleted : user_pref("CT3196716.HomePageProtectorEnabled", false); Line Deleted : user_pref("CT3196716.HomepageBeforeUnload", "resource:/browserconfig.properties"); Line Deleted : user_pref("CT3196716.Initialize", true); Line Deleted : user_pref("CT3196716.InitializeCommonPrefs", true); Line Deleted : user_pref("CT3196716.InstallationAndCookieDataSentCount", 3); Line Deleted : user_pref("CT3196716.InstallationType", "Unknown"); Line Deleted : user_pref("CT3196716.InstalledDate", "Tue Jul 10 2012 17:37:06 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.InvalidateCache", false); Line Deleted : user_pref("CT3196716.IsAlertDBUpdated", true); Line Deleted : user_pref("CT3196716.IsGrouping", false); Line Deleted : user_pref("CT3196716.IsInitSetupIni", true); Line Deleted : user_pref("CT3196716.IsMulticommunity", false); Line Deleted : user_pref("CT3196716.IsOpenThankYouPage", true); Line Deleted : user_pref("CT3196716.IsOpenUninstallPage", true); Line Deleted : user_pref("CT3196716.IsProtectorsInit", true); Line Deleted : user_pref("CT3196716.LanguagePackLastCheckTime", "Wed Sep 19 2012 11:26:43 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.LanguagePackReloadIntervalMM", 1440); Line Deleted : user_pref("CT3196716.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx"); Line Deleted : user_pref("CT3196716.LastLogin_3.13.0.6", "Wed Sep 19 2012 11:26:43 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.LatestVersion", "3.13.0.6"); Line Deleted : user_pref("CT3196716.Locale", "en"); Line Deleted : user_pref("CT3196716.MCDetectTooltipHeight", "83"); Line Deleted : user_pref("CT3196716.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1"); Line Deleted : user_pref("CT3196716.MCDetectTooltipWidth", "295"); Line Deleted : user_pref("CT3196716.MyStuffEnabledAtInstallation", true); Line Deleted : user_pref("CT3196716.OriginalFirstVersion", "3.13.0.6"); Line Deleted : user_pref("CT3196716.RadioIsPodcast", false); Line Deleted : user_pref("CT3196716.RadioLastCheckTime", "Wed Sep 19 2012 11:26:45 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.RadioLastUpdateIPServer", "3"); Line Deleted : user_pref("CT3196716.RadioLastUpdateServer", "3"); Line Deleted : user_pref("CT3196716.RadioMediaID", "9962"); Line Deleted : user_pref("CT3196716.RadioMediaType", "Media Player"); Line Deleted : user_pref("CT3196716.RadioMenuSelectedID", "EBRadioMenu_CT31967169962"); Line Deleted : user_pref("CT3196716.RadioShrinkedFromSetup", false); Line Deleted : user_pref("CT3196716.RadioStationName", "California%20Rock"); Line Deleted : user_pref("CT3196716.RadioStationURL", "hxxp://feedlive.net/california.asx"); Line Deleted : user_pref("CT3196716.SearchCaption", "WiseConvert Customized Web Search"); Line Deleted : user_pref("CT3196716.SearchEngineBeforeUnload", "Yahoo"); Line Deleted : user_pref("CT3196716.SearchFromAddressBarIsInit", true); Line Deleted : user_pref("CT3196716.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3230028&SearchSource=2&q="); Line Deleted : user_pref("CT3196716.SearchInNewTabEnabled", true); Line Deleted : user_pref("CT3196716.SearchInNewTabIntervalMM", 1440); Line Deleted : user_pref("CT3196716.SearchInNewTabLastCheckTime", "Wed Sep 19 2012 11:26:41 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_TOOLBAR_ID"); Line Deleted : user_pref("CT3196716.SearchProtectorEnabled", false); Line Deleted : user_pref("CT3196716.SearchProtectorToolbarDisabled", false); Line Deleted : user_pref("CT3196716.SendProtectorDataViaLogin", true); Line Deleted : user_pref("CT3196716.ServiceMapLastCheckTime", "Wed Sep 19 2012 11:26:41 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.SettingsLastCheckTime", "Wed Sep 19 2012 14:09:57 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.SettingsLastUpdate", "1347263642"); Line Deleted : user_pref("CT3196716.TBHomePageUrl", "hxxp://search.conduit.com/?ctid=CT3230028&SearchSource=13"); Line Deleted : user_pref("CT3196716.ThirdPartyComponentsInterval", 504); Line Deleted : user_pref("CT3196716.ThirdPartyComponentsLastCheck", "Thu Sep 06 2012 19:04:51 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.ThirdPartyComponentsLastUpdate", "1331805997"); Line Deleted : user_pref("CT3196716.ToolbarShrinkedFromSetup", false); Line Deleted : user_pref("CT3196716.TrusteLinkUrl", "hxxp://trust.conduit.com/CT3196716"); Line Deleted : user_pref("CT3196716.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...] Line Deleted : user_pref("CT3196716.UserID", "UN29353480679681254"); Line Deleted : user_pref("CT3196716.ValidationData_Toolbar", 2); Line Deleted : user_pref("CT3196716.WeatherNetwork", ""); Line Deleted : user_pref("CT3196716.WeatherPollDate", "Wed Sep 19 2012 14:10:08 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.WeatherUnit", "F"); Line Deleted : user_pref("CT3196716.alertChannelId", "1613210"); Line Deleted : user_pref("CT3196716.backendstorage.cb_experience_000", "37"); Line Deleted : user_pref("CT3196716.backendstorage.cb_firstuse0100", "31"); Line Deleted : user_pref("CT3196716.backendstorage.cb_user_id_000", "43423730373538353234343739355F46697265666F78"); Line Deleted : user_pref("CT3196716.backendstorage.cbcountry_001", "5553"); Line Deleted : user_pref("CT3196716.backendstorage.cbfirsttime", "576564204A756C20313120323031322030393A35313A343220474D542D3034303020284561737465726E204461796C696768742054696D6529"); Line Deleted : user_pref("CT3196716.backendstorage.event_data", "253542253544"); Line Deleted : user_pref("CT3196716.backendstorage.fired_events", ""); Line Deleted : user_pref("CT3196716.backendstorage.key_date", "3139"); Line Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.exipres", "4D6F6E2053657020323420323031322031313A32363A343720474D542D3034303020284561737465726E204461796C696768742054696D6529"); Line Deleted : user_pref("CT3196716.backendstorage.shoppingapp.gk.geolocation", "756E6974656420737461746573"); Line Deleted : user_pref("CT3196716.backendstorage.url_history0001", "687474703A2F2F7777772E6D63616665652E636F6D2F617070732F667265652D746F6F6C732F7465726D736F667573652E617370783F75726C3D2F75732F646F776E6C6F6164732F6[...] Line Deleted : user_pref("CT3196716.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.conduit.com;apps.conduit.com;services.apps.conduit.com\",\"AppsDetectionUrlPattern\":\"hxxp://appdown[...] Line Deleted : user_pref("CT3196716.globalFirstTimeInfoLastCheckTime", "Thu Sep 13 2012 09:31:11 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.homepageProtectorEnableByLogin", true); Line Deleted : user_pref("CT3196716.initDone", true); Line Deleted : user_pref("CT3196716.isAppTrackingManagerOn", false); Line Deleted : user_pref("CT3196716.isFirstRadioInstallation", false); Line Deleted : user_pref("CT3196716.isRevertToBase", true); Line Deleted : user_pref("CT3196716.myStuffEnabled", true); Line Deleted : user_pref("CT3196716.myStuffPublihserMinWidth", 400); Line Deleted : user_pref("CT3196716.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOrigin=29&ctid=EB_TOOLBAR_ID&octid=EB_ORIGINAL_CTID"); Line Deleted : user_pref("CT3196716.myStuffServiceIntervalMM", 1440); Line Deleted : user_pref("CT3196716.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?ComponentId=EB_MY_STUFF_INSTANCE_GUID&lut=EB_MY_STUFF_LUT"); Line Deleted : user_pref("CT3196716.navigateToUrlOnSearch", false); Line Deleted : user_pref("CT3196716.oldAppsList", "129844886193934115,129844886196434100,111,129844886196746599,129844886197059098,1000082,1000234,1000034,129876925791481060,129844886198309094,129844886198621593,326[...] Line Deleted : user_pref("CT3196716.revertSettingsEnabled", false); Line Deleted : user_pref("CT3196716.searchProtectorDialogDelayInSec", 10); Line Deleted : user_pref("CT3196716.searchProtectorEnableByLogin", true); Line Deleted : user_pref("CT3196716.testingCtid", "CT3230028"); Line Deleted : user_pref("CT3196716.toolbarAppMetaDataLastCheckTime", "Wed Sep 19 2012 11:26:43 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.toolbarContextMenuLastCheckTime", "Thu Sep 06 2012 19:04:53 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CT3196716.usagesFlag", 2); Line Deleted : user_pref("CT3230028.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,client.conduit-storage.com,OurToolbar.com,CommunityToolbars.com,ForumToolbar.com,MyBlogToolbar.com,MyCity[...] Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3196716/CT3196716", "\"169cafff13ecdda0aec439f00cc2fa352\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://Settings.toolbar.search.conduit.com/root/CT3230028/CT3230028", "\"62be2d848ed0d730914f237e4e6afdf42\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1667895/1660359/US", "\"0\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3196716", "\"1340259244\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT3230028", "\"1340015020\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&locale=en", "G9mW7heT/8xIX1frcduu0A=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&locale=en", "mfQ70fvlD2zuBxSBj8rQqA=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&locale=en", "k9un27OkAvkwB2ZmvXxTnA=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&locale=en", "4BgM4MhF/sOgPsDNmIs3Yw=="); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\"8076e3ce381dcd1:151f\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.13.0.6", "\"0e0a4327275cd1:151f\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3196716", "\"f1c77625c0e9bd1c80a2fd6901845fa9\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT3230028", "\"c912886ea3ba021d3a9ef2d6ad700899\""); Line Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"9df6571d7c57f86c70978aa18a1ecbea\""); Line Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Documents and Settings\\CPW\\Application Data\\Mozilla\\Firefox\\Profiles\\mknq500a.default\\conduitCommon\\modules\\3.13.0.6"); Line Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.13.0.6"); Line Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "hxxp://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=380920&p="); Line Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT3196716"); Line Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT3196716"); Line Deleted : user_pref("CommunityToolbar.ToolbarsList4", "CT3196716"); Line Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Wed Aug 15 2012 16:18:02 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CommunityToolbar.globalUserId", "4d531829-12e4-4cd2-9bf5-31e570ffd67e"); Line Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true); Line Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true); Line Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sat Sep 15 2012 22:16:08 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CommunityToolbar.notifications.alertEnabled", false); Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoInterval", 60); Line Deleted : user_pref("CommunityToolbar.notifications.alertInfoLastCheckTime", "Tue Jul 10 2012 17:37:08 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com"); Line Deleted : user_pref("CommunityToolbar.notifications.locale", "en"); Line Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440); Line Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Wed Sep 19 2012 11:26:46 GMT-0400 (Eastern Daylight Time)"); Line Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611"); Line Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20); Line Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com"); Line Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false); Line Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300); Line Deleted : user_pref("CommunityToolbar.notifications.userId", "73fe9205-dd08-49f1-9a0a-a02d3855f78f"); Line Deleted : user_pref("CommunityToolbar.originalHomepage", "resource:/browserconfig.properties"); Line Deleted : user_pref("CommunityToolbar.originalSearchEngine", "Yahoo"); Line Deleted : user_pref("avg.install.installDirPath", "C:\\Documents and Settings\\All Users\\Application Data\\AVG Secure Search\\12.2.5.32"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.homepage", "hxxp://home.mywebsearch.com/index.jhtml?ptb=95C09887-79DF-44BE-BDD6-8C36FB028B40&n=77ee10fb&ptnrS=XPman000"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.initialized", true); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.contextKey", ""); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.installDate", "2012090619"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerId", "XPman000"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.partnerSubId", ""); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.success", true); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.installation.toolbarId", "95C09887-79DF-44BE-BDD6-8C36FB028B40"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.lastActivePing", "1348068398454"); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.defaultSearch", false); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.homePageEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.keywordEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.options.tabEnabled", false); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.searchHistory", ""); Line Deleted : user_pref("extensions.toolbar.mindspark._64Members_.weather.location", "29201"); Line Deleted : user_pref("extensions.toolbar.mindspark.lastInstalled", "televisionfanatic@mindspark.com"); -\\ Google Chrome v30.0.1599.101 [ File : C:\Documents and Settings\CPW\Local Settings\Application Data\Google\Chrome\User Data\Default\preferences ] ************************* AdwCleaner[R0].txt - [29982 octets] - [31/10/2013 10:45:36] AdwCleaner[S0].txt - [30588 octets] - [31/10/2013 10:47:14] ########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [30649 octets] ########## RogueKiller V8.7.6 [Oct 28 2013] by Tigzy mail : tigzyRK<at>gmail<dot>com Feedback : http://www.adlice.com/forum/ Website : http://www.adlice.com/softwares/roguekiller/ Blog : http://tigzyrk.blogspot.com/ Operating System : Windows XP (5.1.2600 Service Pack 3) 32 bits version Started in : Normal mode User : CPW [Admin rights] Mode : Remove -- Date : 10/31/2013 11:00:05 | ARK || FAK || MBR | ¤¤¤ Bad processes : 0 ¤¤¤ ¤¤¤ Registry Entries : 1 ¤¤¤ [HJ DESK][PUM] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0) ¤¤¤ Scheduled tasks : 1 ¤¤¤ [V1][SUSP PATH] AVG-Secure-Search-Update_JUNE2013_TB_rmv.job : C:\WINDOWS\TEMP\{2B2F280E-8104-4AF7-A3C6-16BB0F04852A}.exe - --uninstall=1 [x] -> DELETED ¤¤¤ Startup Entries : 2 ¤¤¤ [LocalService][SUSP UNIC] Maxtor EasyManage?.lnk : C:\Documents and Settings\LocalService\Start Menu\Programs\Startup\Maxtor EasyManage?.lnk [x] -> [NetworkService][SUSP UNIC] Maxtor EasyManage?.lnk : C:\Documents and Settings\NetworkService\Start Menu\Programs\Startup\Maxtor EasyManage?.lnk [x] -> ¤¤¤ Web browsers : 1 ¤¤¤ ¤¤¤ Particular Files / Folders: ¤¤¤ [ZeroAccess][Folder] U : C:\Documents and Settings\CPW\Local Settings\Application Data\{44d0e339-4172-5a4e-c336-07a0b263fef5}\U [-] --> DELETED [ZeroAccess][Folder] L : C:\Documents and Settings\CPW\Local Settings\Application Data\{44d0e339-4172-5a4e-c336-07a0b263fef5}\L [-] --> DELETED ¤¤¤ Driver : [LOADED] ¤¤¤ [Address] SSDT[122] : NtOpenProcess @ 0x80574BC1 -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA8605A24) [Address] SSDT[128] : NtOpenThread @ 0x80590CFC -> HOOKED (C:\WINDOWS\system32\drivers\mbamchameleon.sys @ 0xA8605B70) ¤¤¤ External Hives: ¤¤¤ ¤¤¤ Infection : ZeroAccess ¤¤¤ ¤¤¤ HOSTS File: ¤¤¤ --> %SystemRoot%\System32\drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 www.007guard.com 127.0.0.1 007guard.com 127.0.0.1 008i.com 127.0.0.1 www.008k.com 127.0.0.1 008k.com 127.0.0.1 www.00hq.com 127.0.0.1 00hq.com 127.0.0.1 010402.com 127.0.0.1 www.032439.com 127.0.0.1 032439.com 127.0.0.1 www.0scan.com 127.0.0.1 0scan.com 127.0.0.1 1000gratisproben.com 127.0.0.1 www.1000gratisproben.com 127.0.0.1 1001namen.com 127.0.0.1 www.1001namen.com 127.0.0.1 100888290cs.com 127.0.0.1 www.100888290cs.com 127.0.0.1 www.100sexlinks.com [...] ¤¤¤ MBR Check: ¤¤¤ +++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MHV2040AH +++++ --- User --- [MBR] ad361b15c0b8a11de893a4095f42e8ea [BSP] 43a93dad14f188a51be236d04433a179 : Windows XP MBR Code Partition table: 0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 38146 Mo User = LL1 ... OK! User = LL2 ... OK! Finished : << RKreport[0]_D_10312013_110005.txt >> RKreport[0]_S_10312013_105901.txt Thanks for your help. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
