Jump to content


Photo

Yontoo

Started by Painted_Lady, Nov 08 2012 08:10 AM

  • This topic is locked This topic is locked
15 replies to this topic

#1 Painted_Lady

Painted_Lady

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 08 November 2012 - 08:10 AM

Hi there,

I noticed I had Yontoo in my programs list. Not sure where it came from? Definitely didn't install/download knowingly. The problem I have, albeit quite minor, is that when I open another browser page, as it is loading it will flick back to the other page I was on, instead of staying on the newly opened page.

Tried uninstalling from control panel (cannot find it in programs list) and box comes up.......Tarma Installer......setup initialization error......and will not let me.

Ok ok not huge, not even largish, just annoying :rolleyes: And sorry if I'm in the wrong place as I don't know what Yontoo would come under.

Thank you.

EDIT:Please read Instructions for posting requested logs and post the requested logs. Our Helpers need that information in order to help you.

Edited by Rocket Grannie, 08 November 2012 - 08:41 AM.

#2 Painted_Lady

Painted_Lady

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 08 November 2012 - 11:16 AM

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Carla :: CARLA-PC [administrator]

08/11/2012 15:20:46
mbam-log-2012-11-08 (15-20-46).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 244997
Time elapsed: 3 minute(s), 48 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)



DDS (Ver_2012-11-07.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16450 BrowserJavaVersion: 10.9.2
Run by Carla at 15:36:12 on 2012-11-08
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.44.1033.18.2811.1361 [GMT 0:00]
.
AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files (x86)\Launch Manager\dsiwmis.exe
C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe
C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
C:\Program Files\Acer\Acer Updater\UpdaterService.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Windows\system32\vssvc.exe
C:\Windows\System32\svchost.exe -k swprv
C:\Program Files\CheckPoint\ZAForceField\ForceField.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
C:\Program Files\Microsoft Device Center\itype.exe
C:\Program Files\Microsoft Device Center\ipoint.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVH.EXE
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
C:\Windows\System32\StikyNot.exe
C:\Users\Carla\Desktop\UpdateChecker.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe
C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe
C:\Program Files (x86)\Launch Manager\LMworker.exe
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
Q:\140066.enu\Office14\MSOSYNC.EXE
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Windows\notepad.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114274805709170-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=32be14bb000000000000560f6e11b437
uSearch Bar = hxxp://www.google.com/ie
uSearch Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5552&r=273601110615l0484z145v47221973
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Zonealarm Helper Object: {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\bh\zonealarm.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: ZoneAlarm Security Toolbar: {438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.6.7.4\zonealarmTlbr.dll
TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
uRun: [OfficeSyncProcess] "C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVH.EXE" /quietlaunch "MSOSYNC 9014006604090000"
uRun: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
uRun: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
uRun: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
uRun: [Spybot-S&D Cleaning] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" /autoclean
uRun: [FileHippo.com] "C:\Users\Carla\Desktop\UpdateChecker.exe" /background
uRun: [Google Update] "C:\Users\Carla\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_4_402_287_Plugin.exe -update plugin
mRun: [Reader Library Launcher] C:\Program Files (x86)\Sony\Reader\Data\bin\launcher\Reader Library Launcher.exe
mRun: [SuiteTray] "C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe"
mRun: [EgisUpdate] "C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe" -d
mRun: [EgisTecPMMUpdate] "C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe"
mRun: [BackupManagerTray] "C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
mRun: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
mRun: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
mRun: [ZoneAlarm] "C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe"
mRun: [PSUAMain] "C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAMain.exe" /LaunchSysTray
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr/200
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
TCP: NameServer = 192.168.0.1
TCP: Interfaces\{984DDEC5-0EF9-4C65-BC4C-93B8D784C939} : DHCPNameServer = 192.168.0.1
TCP: Interfaces\{984DDEC5-0EF9-4C65-BC4C-93B8D784C939}\86F6D656D293569383137343030383D275962756C6563737 : DHCPNameServer = 192.168.0.1
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
Notify: SDWinLogon - SDWinLogon.dll
x64-mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0809&m=aspire_5552&r=273601110615l0484z145v47221973
x64-BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
x64-BHO: ZoneAlarm Security Engine Registrar: {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
x64-TB: ZoneAlarm Security Engine: {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe
x64-Run: [Acer ePower Management] C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe
x64-Run: [CanonSolutionMenu] C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
x64-Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
x64-Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe /icon="hidden"
x64-Run: [IntelliType Pro] "c:\Program Files\Microsoft Device Center\itype.exe"
x64-Run: [IntelliPoint] "c:\Program Files\Microsoft Device Center\ipoint.exe"
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\szi8mod3.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Search By ZoneAlarm
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Sony\Reader\Data\bin\npebldetectmoz.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
FF - plugin: C:\Users\Carla\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
FF - ExtSQL: 2012-10-31 15:48; en-gb@flyingtophat.co.uk; C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\szi8mod3.default\extensions\en-gb@flyingtophat.co.uk
.
---- FIREFOX POLICIES ----
FF - user.js: extensions.zonealarm.autoRvrt - false
FF - user.js: extensions.zonealarm_i.hmpg - true
FF - user.js: extensions.zonealarm.hmpgUrl - hxxp://search.zonealarm.com/?Source=Homepage&oemCode=ZLN114274805709170-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=32be14bb000000000000560f6e11b437
FF - user.js: extensions.zonealarm.dfltSrch - true
FF - user.js: extensions.zonealarm.srchPrvdr - Search By ZoneAlarm
FF - user.js: extensions.zonealarm.keyWordUrl - hxxp://search.zonealarm.com/search?Source=Browser&oemCode=ZLN114274805709170-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=32be14bb000000000000560f6e11b437&q={searchTerms}
FF - user.js: extensions.zonealarm_i.dnsErr - true
FF - user.js: extensions.zonealarm_i.newTab - true
FF - user.js: extensions.zonealarm.newTabUrl - hxxp://search.zonealarm.com/?Source=Newtab&oemCode=ZLN114274805709170-1001&toolbarId=base&affiliateId=1001&Lan=en&utid=32be14bb000000000000560f6e11b437
FF - user.js: extensions.zonealarm.tlbrSrchUrl - hxxp://search.zonealarm.com/search?Source=ToolBar&oemCode=ZLN114274805709170-1001&toolbarId=base&affiliateId=1001&Lan={dfltLng}&utid=32be14bb000000000000560f6e11b437&q=
FF - user.js: extensions.zonealarm.id - 32be14bb000000000000560f6e11b437
FF - user.js: extensions.zonealarm.instlDay - 15566
FF - user.js: extensions.zonealarm.vrsn - 1.6.7.4
FF - user.js: extensions.zonealarm.vrsni - 1.6.7.4
FF - user.js: extensions.zonealarm_i.vrsnTs - 1.6.7.411:08:35
FF - user.js: extensions.zonealarm.prtnrId - checkpoint
FF - user.js: extensions.zonealarm.prdct - zonealarm
FF - user.js: extensions.zonealarm.aflt - 1001
FF - user.js: extensions.zonealarm_i.smplGrp - none
FF - user.js: extensions.zonealarm.tlbrId - base
FF - user.js: extensions.zonealarm.instlRef - ZLN114274805709170-1001
FF - user.js: extensions.zonealarm.dfltLng - en
FF - user.js: extensions.zonealarm.excTlbr - false
FF - user.js: extensions.zonealarm.admin - false
FF - user.js: extentions.y2layers.installId - 25e37d9e-a8ce-4758-841b-151eb5e13b1e
FF - user.js: extentions.y2layers.defaultEnableAppsList - Buzzdock,Buzzdock,
FF - user.js: extensions.autoDisableScopes - 14
FF - user.js: security.csp.enable - false
.
============= SERVICES / DRIVERS ===============
.
R1 A2DDA;A2 Direct Disk Access Support Driver;C:\Users\Carla\Downloads\EmsisoftEmergencyKit\Run\a2ddax64.sys [2012-8-13 23208]
R1 mwlPSDFilter;mwlPSDFilter;C:\Windows\System32\drivers\mwlPSDFilter.sys [2009-6-3 22576]
R1 mwlPSDNServ;mwlPSDNServ;C:\Windows\System32\drivers\mwlPSDNserv.sys [2009-6-3 20016]
R1 mwlPSDVDisk;mwlPSDVDisk;C:\Windows\System32\drivers\mwlPSDVDisk.sys [2009-6-3 60464]
R1 NNSALPC;NNSALPC;C:\Windows\System32\drivers\NNSAlpc.sys [2012-6-27 89128]
R1 NNSHTTP;NNSHTTP;C:\Windows\System32\drivers\NNSHttp.sys [2012-6-27 116776]
R1 NNSIDS;NNSIDS;C:\Windows\System32\drivers\NNSIds.sys [2012-6-27 113192]
R1 NNSPICC;NNSPICC;C:\Windows\System32\drivers\NNSpicc.sys [2012-6-27 93224]
R1 NNSPOP3;NNSPOP3;C:\Windows\System32\drivers\NNSPop3.sys [2012-6-27 116776]
R1 NNSPROT;NNSPROT;C:\Windows\System32\drivers\NNSProt.sys [2012-6-27 304680]
R1 NNSPRV;NNSPRV;C:\Windows\System32\drivers\NNSPrv.sys [2012-6-27 109096]
R1 NNSSMTP;NNSSMTP;C:\Windows\System32\drivers\NNSSmtp.sys [2012-6-27 112680]
R1 NNSSTRM;NNSSTRM;C:\Windows\System32\drivers\NNSStrm.sys [2012-7-12 219688]
R1 NNSTLSC;NNSTLSC;C:\Windows\System32\drivers\NNStlsc.sys [2012-6-27 105000]
R1 PSINKNC;PSINKNC;C:\Windows\System32\drivers\PSINKNC.sys [2012-7-13 205352]
R1 SBRE;SBRE;C:\Windows\System32\drivers\sbredrv.sys [2012-8-14 57976]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2010-8-5 202752]
R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
R2 DsiWMIService;Dritek WMI Service;C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2010-7-14 321104]
R2 ePowerSvc;Acer ePower Service;C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2010-8-31 868896]
R2 GREGService;GREGService;C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2010-1-8 23584]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2012-7-14 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;C:\Program Files\CheckPoint\ZAForceField\ISWSVC.exe [2012-7-14 827560]
R2 MWLService;MyWinLocker Service;C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-5-27 305520]
R2 NanoServiceMain;Panda Cloud Antivirus Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSANHost.exe [2012-7-13 140064]
R2 NTI IScheduleSvc;NTI IScheduleSvc;C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-6-28 255744]
R2 PSINAflt;PSINAflt;C:\Windows\System32\drivers\PSINAflt.sys [2012-7-13 167464]
R2 PSINFile;PSINFile;C:\Windows\System32\drivers\PSINFile.sys [2012-7-13 119336]
R2 PSINProc;PSINProc;C:\Windows\System32\drivers\PSINProc.sys [2012-7-13 123944]
R2 PSINProt;PSINProt;C:\Windows\System32\drivers\PSINProt.sys [2012-7-13 130088]
R2 PSUAService;Panda Product Service;C:\Program Files (x86)\Panda Security\Panda Cloud Antivirus\PSUAService.exe [2012-7-13 36640]
R2 sbapifs;sbapifs;C:\Windows\System32\drivers\sbapifs.sys [2011-11-29 74872]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2012-9-7 1074720]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2012-9-7 1358360]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2012-9-7 166528]
R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
R2 Updater Service;Updater Service;C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2010-7-14 243232]
R3 k57nd60a;Broadcom NetLink ™ Gigabit Ethernet - NDIS 6.0;C:\Windows\System32\drivers\k57nd60a.sys [2010-7-14 384040]
R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264]
R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648]
R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960]
R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376]
R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
S1 NNSNAHSL;Network Activity Hook Server LightWeight Filter Driver;C:\Windows\System32\drivers\NNSNAHSL.sys [2012-6-27 33320]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-10-19 160944]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2012-9-7 57280]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2012-8-28 246376]
S3 s0016bus;Sony Ericsson Device 0016 driver (WDM);C:\Windows\System32\drivers\s0016bus.sys [2008-5-16 115240]
S3 s0016mdfl;Sony Ericsson Device 0016 USB WMC Modem Filter;C:\Windows\System32\drivers\s0016mdfl.sys [2008-5-16 19496]
S3 s0016mdm;Sony Ericsson Device 0016 USB WMC Modem Driver;C:\Windows\System32\drivers\s0016mdm.sys [2008-5-16 158760]
S3 s0016mgmt;Sony Ericsson Device 0016 USB WMC Device Management Drivers (WDM);C:\Windows\System32\drivers\s0016mgmt.sys [2008-5-16 137256]
S3 s0016nd5;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (NDIS);C:\Windows\System32\drivers\s0016nd5.sys [2008-5-16 34344]
S3 s0016obex;Sony Ericsson Device 0016 USB WMC OBEX Interface;C:\Windows\System32\drivers\s0016obex.sys [2008-5-16 136744]
S3 s0016unic;Sony Ericsson Device 0016 USB Ethernet Emulation SEMC0016 (WDM);C:\Windows\System32\drivers\s0016unic.sys [2008-5-16 151592]
S3 sbwtis;sbwtis;C:\Windows\System32\drivers\sbwtis.sys [2012-4-13 85248]
S3 Sony PC Companion;Sony PC Companion;C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-8-28 155320]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-2-24 59392]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-1-28 1255736]
S4 NNSPIHSW;NNSPIHSW;C:\Windows\System32\drivers\NNSPihsw.sys [2012-6-27 68648]
SUnknown PSKMAD;PSKMAD; [x]
.
=============== Created Last 30 ================
.
2012-11-08 15:17:06 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-11-08 15:17:06 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-27 09:52:34 -------- d-----r- C:\Program Files (x86)\Skype
2012-10-26 18:58:15 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-26 18:56:26 108008 ----a-w- C:\Windows\System32\WindowsAccessBridge-64.dll
2012-10-26 17:26:02 -------- d-----w- C:\Program Files\CCleaner
2012-10-11 16:02:21 -------- d-----w- C:\Windows\en
2012-10-11 15:41:53 5659096 ----a-w- C:\Program Files (x86)\Common Files\Windows Live\.cache\eea575241cda7c60a\skydrivesetup.exe
2012-10-10 20:00:00 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
.
==================== Find3M ====================
.
2012-10-26 18:57:46 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-10-26 18:57:46 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-10-26 18:55:54 916456 ----a-w- C:\Windows\System32\deployJava1.dll
2012-10-26 18:55:54 1034216 ----a-w- C:\Windows\System32\npDeployJava1.dll
2012-10-26 17:13:34 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-26 17:13:34 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-10-05 08:53:57 6080 ----a-w- C:\ProgramData\NanoRepository.bin
2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-09-12 15:07:44 58368 ----a-w- C:\Windows\SysWow64\sirenacm.dll
2012-09-12 14:57:44 322048 ----a-w- C:\Windows\WLXPGSS.SCR
2012-08-30 18:03:45 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-08-30 17:12:02 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12:02 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-08-15 16:52:50 4472832 ----a-w- C:\Windows\SysWow64\GPhotos.scr
2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
.
============= FINISH: 15:37:13.13 ===============


Results of screen317's Security Check version 0.99.54
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Panda Cloud Antivirus
ZoneAlarm Antivirus
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Malwarebytes Anti-Malware version 1.65.1.1000
JavaFX 2.1.1
Java 7 Update 9
Adobe Flash Player 11.4.402.287
Mozilla Firefox (16.0.2)
Google Chrome 21.0.1180.83
Google Chrome 21.0.1180.89
Google Chrome 22.0.1229.79
Google Chrome 22.0.1229.92
Google Chrome 22.0.1229.94
````````Process Check: objlist.exe by Laurent````````
Panda Security Panda Cloud Antivirus PSANHost.exe
Panda Security Panda Cloud Antivirus PSUAService.exe
Panda Security Panda Cloud Antivirus PSUAMain.exe
CheckPoint ZoneAlarm zatray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: 2%
````````````````````End of Log``````````````````````

#3 Painted_Lady

Painted_Lady

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 08 November 2012 - 02:02 PM

ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2e824ad3bf096d459e02000dbc278149
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-09-07 02:10:22
# local_time=2012-09-07 03:10:22 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1538 16774142 20 0 757285 757285 0 0
# compatibility_mode=5893 16776574 100 94 2075543 99484341 0 0
# compatibility_mode=8192 67108863 100 0 1696 1696 0 0
# compatibility_mode=9217 16776894 75 4 2079631 2079631 0 0
# scanned=108969
# found=0
# cleaned=0
# scan_time=7731
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2e824ad3bf096d459e02000dbc278149
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-10-18 06:40:51
# local_time=2012-10-18 07:40:51 (+0000, GMT Daylight Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1538 16774142 20 0 4313108 4313108 0 0
# compatibility_mode=5893 16776574 100 94 5631366 103040164 0 0
# compatibility_mode=8192 67108863 100 0 3557519 3557519 0 0
# compatibility_mode=9217 16776894 75 4 5635454 5635454 0 0
# scanned=200973
# found=8
# cleaned=8
# scan_time=10536
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\ProgramData\Tarma Installer\{C049526F-B3EB-4151-9B11-B11F00F53A96}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Carla\AppData\Local\Temp\YontooFFClient.xpi Win32/Adware.Yontoo application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Carla\AppData\Local\Temp\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Carla\AppData\Local\Temp\YontooLayers.crx Win32/Adware.Yontoo.C application (deleted - quarantined) 00000000000000000000000000000000 C
C:\Users\Carla\AppData\Local\Temp\YontooSetup-Silent.exe Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Carla\AppData\Local\Temp\YontooLayers\background.html Win32/Adware.Yontoo.C application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\szi8mod3.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2e824ad3bf096d459e02000dbc278149
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2012-11-08 06:43:38
# local_time=2012-11-08 06:43:38 (+0000, GMT Standard Time)
# country="United Kingdom"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1538 16774142 20 0 6130109 6130109 0 0
# compatibility_mode=5893 16776574 100 94 7448367 104857165 0 0
# compatibility_mode=8192 67108863 100 0 5374520 5374520 0 0
# compatibility_mode=9217 16776894 75 4 7452455 7452455 0 0
# scanned=110844
# found=1
# cleaned=1
# scan_time=8103
C:\Users\Carla\Downloads\cbsidlm-tr1_7-Mobipocket_Creator-75451639.exe Win32/DownloadAdmin.D application (cleaned by deleting - quarantined) 00000000000000000000000000000000 C

#4 Painted_Lady

Painted_Lady

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 08 November 2012 - 02:41 PM

Panda active scan result


Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[SHOWSUPERHIDDEN] to be changed to: 1

Suspicious Policy. POLICY: HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\ADVANCED[HIDEFILEEXT] to be changed to: 0

#5 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Boot Camp Mod
  • PipPipPipPipPip
  • 6,209 posts

Posted 08 November 2012 - 10:13 PM

Hello Painted_Lady. Welcome back.

I notice you have two security programs on the machine. Panda Cloud and Zone Alarm.
This is very dangerous, as multiple antivirus/anti-spyware programs can interfere with one another and actually allow more viruses to get through.
It is important that only one antivirus/anti-spyware program is running real time protection.
I strongly suggest you either (1) uninstall one of the programs through Control Panel->Programs and Features,
OR (2) keep both programs, but leave one of them disabled most of the time.
You can still use it for scanning your computer.

Also, if you intend to keep either Panda Cloud or Zone alarm firewall active, then please disable Windows firewall.

You also need to disable Spybot's TeaTimer function.
So please disable TeaTimer by doing the following:
1) Run Spybot-S&D
2) Go to the Mode menu, and make sure "Advanced Mode" is selected
3) On the left hand side, choose Tools -> Resident
4) Uncheck "Resident TeaTimer" and OK any prompts

Please download AdwCleaner by Xplode onto your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Search.
  • A logfile will automatically open after the scan has finished.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[R1].txt as well.
How is the computer running now?
Any problems?


Rocket Grannie.

old%205.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#6 Painted_Lady

Painted_Lady

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 09 November 2012 - 07:23 AM

I'm a bit confused....no change there....the ZoneAlarm is the free firewall only, so I needed an antivirus and downloaded the Panda one.
Anyway, I have turned off Windows firewall, as I didn't realise it was on.

Log from AdwCleaner:-


# AdwCleaner v2.007 - Logfile created 11/09/2012 at 12:11:53
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Carla - CARLA-PC
# Boot Mode : Normal
# Running from : C:\Users\Carla\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\user.js
File Found : C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\szi8mod3.default\searchplugins\Conduit.xml
Folder Found : C:\ProgramData\Partner
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\Carla\AppData\LocalLow\Conduit
Folder Found : C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\szi8mod3.default\ConduitCommon

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Conduit
Key Found : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Found : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Found : HKLM\Software\Default Tab
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Found : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Found : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Found : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Found : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Found : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Found : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Found : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Found : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Found : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Found : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Found : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Found : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\szi8mod3.default\prefs.js

Found : user_pref("CT2645238..clientLogIsEnabled", true);
Found : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Found : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Found : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Found : user_pref("CT2645238.AppTrackingLastCheckTime", "Wed Mar 30 2011 11:50:40 GMT+0100 (GMT Daylight Tim[...]
Found : user_pref("CT2645238.CTID", "ct2645238");
Found : user_pref("CT2645238.CommunitiesChangesLastCheckTime", "0");
Found : user_pref("CT2645238.CurrentServerDate", "25-11-2011");
Found : user_pref("CT2645238.DialogsAlignMode", "LTR");
Found : user_pref("CT2645238.DialogsGetterLastCheckTime", "Mon Nov 21 2011 14:03:15 GMT+0000 (GMT Standard T[...]
Found : user_pref("CT2645238.DownloadReferralCookieData", "");
Found : user_pref("CT2645238.EMailNotifierCheckInterval", "10");
Found : user_pref("CT2645238.EMailNotifierPollDate", "Mon Nov 21 2011 14:33:12 GMT+0000 (GMT Standard Time)"[...]
Found : user_pref("CT2645238.EMailNotifierSound", "NONE");
Found : user_pref("CT2645238.EnableSearchSuggest", false);
Found : user_pref("CT2645238.FirstServerDate", "30-3-2011");
Found : user_pref("CT2645238.FirstTime", true);
Found : user_pref("CT2645238.FirstTimeFF3", true);
Found : user_pref("CT2645238.FixPageNotFoundErrors", true);
Found : user_pref("CT2645238.GroupingServerCheckInterval", 1440);
Found : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Found : user_pref("CT2645238.HasUserGlobalKeys", true);
Found : user_pref("CT2645238.Initialize", true);
Found : user_pref("CT2645238.InitializeCommonPrefs", true);
Found : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3);
Found : user_pref("CT2645238.InstallationType", "UnknownIntegration");
Found : user_pref("CT2645238.InstalledDate", "Wed Mar 30 2011 11:50:29 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2645238.IsAlertDBUpdated", true);
Found : user_pref("CT2645238.IsGrouping", false);
Found : user_pref("CT2645238.IsMulticommunity", false);
Found : user_pref("CT2645238.IsOpenThankYouPage", false);
Found : user_pref("CT2645238.IsOpenUninstallPage", false);
Found : user_pref("CT2645238.LanguagePackLastCheckTime", "Wed Mar 30 2011 11:50:32 GMT+0100 (GMT Daylight Ti[...]
Found : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);
Found : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Found : user_pref("CT2645238.LastLogin_3.3.3.2", "Tue Jun 21 2011 18:20:23 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2645238.LastLogin_3.5.0.12", "Mon Aug 15 2011 17:37:14 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2645238.LastLogin_3.6.0.10", "Sat Oct 01 2011 19:39:17 GMT+0100 (GMT Daylight Time)");
Found : user_pref("CT2645238.LastLogin_3.7.0.6", "Mon Nov 21 2011 14:03:14 GMT+0000 (GMT Standard Time)");
Found : user_pref("CT2645238.LastLogin_3.8.0.8", "Fri Nov 25 2011 10:37:48 GMT+0000 (GMT Standard Time)");
Found : user_pref("CT2645238.LatestVersion", "3.8.0.8");
Found : user_pref("CT2645238.Locale", "en");
Found : user_pref("CT2645238.MCDetectTooltipHeight", "83");
Found : user_pref("CT2645238.MCDetectTooltipShow", false);
Found : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Found : user_pref("CT2645238.MCDetectTooltipWidth", "295");
Found : user_pref("CT2645238.MyStuffEnabledAtInstallation", true);
Found : user_pref("CT2645238.SHRINK_TOOLBAR", 1);
Found : user_pref("CT2645238.SavedHomepage", "resource:/browserconfig.properties");
Found : user_pref("CT2645238.SearchBoxWidth", 611);
Found : user_pref("CT2645238.SearchFromAddressBarIsInit", true);
Found : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...]
Found : user_pref("CT2645238.SearchInNewTabEnabled", true);
Found : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);
Found : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Wed Mar 30 2011 11:50:32 GMT+0100 (GMT Daylight [...]
Found : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Found : user_pref("CT2645238.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Found : user_pref("CT2645238.SearchInNewTabUserEnabled", false);
Found : user_pref("CT2645238.ServiceMapLastCheckTime", "Fri Nov 25 2011 11:26:33 GMT+0000 (GMT Standard Time[...]
Found : user_pref("CT2645238.SettingsLastCheckTime", "Wed Mar 30 2011 11:50:29 GMT+0100 (GMT Daylight Time)"[...]
Found : user_pref("CT2645238.SettingsLastUpdate", "1300825706");
Found : user_pref("CT2645238.ThirdPartyComponentsInterval", 504);
Found : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Wed Mar 30 2011 11:50:28 GMT+0100 (GMT Dayligh[...]
Found : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1246790578");
Found : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238");
Found : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Found : user_pref("CT2645238.UserID", "UN71361532905922794");
Found : user_pref("CT2645238.ValidationData_Search", 2);
Found : user_pref("CT2645238.ValidationData_Toolbar", 0);
Found : user_pref("CT2645238.alertChannelId", "1037922");
Found : user_pref("CT2645238.ct2645238.AppTrackingLastCheckTime", "Sat Oct 01 2011 19:39:13 GMT+0100 (GMT Da[...]
Found : user_pref("CT2645238.ct2645238.DialogsAlignMode", "LTR");
Found : user_pref("CT2645238.ct2645238.GroupingInvalidateCache", false);
Found : user_pref("CT2645238.ct2645238.GroupingLastCheckTime", "0");
Found : user_pref("CT2645238.ct2645238.GroupingLastServerUpdateTime", "0");
Found : user_pref("CT2645238.ct2645238.InvalidateCache", false);
Found : user_pref("CT2645238.ct2645238.LanguagePackLastCheckTime", "Fri Nov 25 2011 12:00:27 GMT+0000 (GMT S[...]
Found : user_pref("CT2645238.ct2645238.Locale", "en");
Found : user_pref("CT2645238.ct2645238.RadioLastCheckTime", "0");
Found : user_pref("CT2645238.ct2645238.RadioLastUpdateIPServer", "0");
Found : user_pref("CT2645238.ct2645238.RadioLastUpdateServer", "0");
Found : user_pref("CT2645238.ct2645238.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Found : user_pref("CT2645238.ct2645238.SearchInNewTabLastCheckTime", "Mon Nov 21 2011 14:03:13 GMT+0000 (GMT[...]
Found : user_pref("CT2645238.ct2645238.SettingsLastCheckTime", "Fri Nov 25 2011 13:54:51 GMT+0000 (GMT Stand[...]
Found : user_pref("CT2645238.ct2645238.SettingsLastUpdate", "1321973042");
Found : user_pref("CT2645238.ct2645238.ThirdPartyComponentsLastCheck", "Mon Nov 21 2011 14:03:12 GMT+0000 (G[...]
Found : user_pref("CT2645238.ct2645238.ThirdPartyComponentsLastUpdate", "1312887586");
Found : user_pref("CT2645238.ct2645238.components.129194820424786794", false);
Found : user_pref("CT2645238.ct2645238.components.129452956653744126", false);
Found : user_pref("CT2645238.ct2645238.components.129452956654525378", false);
Found : user_pref("CT2645238.ct2645238.globalFirstTimeInfoLastCheckTime", "Mon Nov 21 2011 14:03:14 GMT+0000[...]
Found : user_pref("CT2645238.ct2645238.toolbarAppMetaDataLastCheckTime", "Mon Nov 21 2011 14:03:13 GMT+0000 [...]
Found : user_pref("CT2645238.ct2645238.toolbarContextMenuLastCheckTime", "Mon Nov 21 2011 14:03:13 GMT+0000 [...]
Found : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Found : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Wed Mar 30 2011 11:50:30 GMT+0100 (GMT Dayl[...]
Found : user_pref("CT2645238.homepageProtectorEnableByLogin", true);
Found : user_pref("CT2645238.initDone", true);
Found : user_pref("CT2645238.isAppTrackingManagerOn", true);
Found : user_pref("CT2645238.myStuffEnabled", true);
Found : user_pref("CT2645238.myStuffPublihserMinWidth", 400);
Found : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Found : user_pref("CT2645238.myStuffServiceIntervalMM", 1440);
Found : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Found : user_pref("CT2645238.oldAppsList", "129194820424161790,129194820424318041,111,129194820424474292,129[...]
Found : user_pref("CT2645238.revertSettingsEnabled", true);
Found : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10);
Found : user_pref("CT2645238.searchProtectorEnableByLogin", true);
Found : user_pref("CT2645238.testingCtid", "");
Found : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Wed Mar 30 2011 11:50:30 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Wed Mar 30 2011 11:50:35 GMT+0100 (GMT Dayli[...]
Found : user_pref("CT2645238.usageEnabled", false);
Found : user_pref("CT2645238.usagesFlag", 2);
Found : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2645238");
Found : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/UK", "\"0\"[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2645238", [...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2645238&octid=[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2645238/CT2645238[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/6340849608501725[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Found : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Found : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Carla\\AppData\\Roaming\\Mozilla\\F[...]
Found : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Found : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Found : user_pref("CommunityToolbar.ToolbarsList", "CT2645238");
Found : user_pref("CommunityToolbar.ToolbarsList2", "CT2645238");
Found : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Apr 21 2011 19:28:17 GMT+01[...]
Found : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Found : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 16:43:55 GMT+0100 (GMT D[...]
Found : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.alert.locale", "en");
Found : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 16:43:47 GMT+0100 (GMT Dayli[...]
Found : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Found : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Found : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.alert.userId", "7aca8739-557c-4568-8802-efda0a065b65");
Found : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Nov 21 2011 14:03:13 GMT+0000 (GMT[...]
Found : user_pref("CommunityToolbar.globalUserId", "7d9d03ba-cde4-4f1c-8d3c-bef16d6090f6");
Found : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Found : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2645238");
Found : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Nov 20 2011 07:59:1[...]
Found : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Found : user_pref("CommunityToolbar.notifications.locale", "en");
Found : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Found : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Nov 25 2011 11:26:33 GMT+0000 (G[...]
Found : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Found : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Found : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Found : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Found : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Found : user_pref("CommunityToolbar.notifications.userId", "0da42200-9f91-4634-b61c-e4fdc9249fe0");
Found : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm Security Customized Web Search");
Found : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&Sea[...]

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Carla\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [20811 octets] - [09/11/2012 12:11:53]

########## EOF - C:\AdwCleaner[R1].txt - [20872 octets] ##########

#7 Painted_Lady

Painted_Lady

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 09 November 2012 - 07:26 AM

Still cannot uninstall Yontoo, but not flicking back to previous page when opening a new one, so good news there :thumbup:

#8 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Boot Camp Mod
  • PipPipPipPipPip
  • 6,209 posts

Posted 10 November 2012 - 01:36 AM

Hello Painted_Lady.

I'm a bit confused....no change there....the ZoneAlarm is the free firewall only,

This is what is showing in your logs. AV stands for anti-virus - SP stands for antispyware - FW stands for firewall.

AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Spybot - Search and Destroy *Enabled/Updated* {1EAF1D03-5480-F3B2-EB14-11F0F5EE2699}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}


Now back to cleaning the computer.

To backup your Registry
First of all create a new folder on the Desktop and give it a name you will remember such as Registry backup.
  • Click Start
  • Type run
  • Click Run (at top)
  • Type Regedit in the box
  • Click OK
    A new Window will open.
  • Click File
  • Click Export
    Find the folder you just created and click Save.

Next:
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Everything that was found will be deleted.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
If Yontoo is still installed then please follow the instructions below.

Posted Image Please download Junkware Removal Tool to your Desktop.
  • Please close your security software to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete, depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
  • Please post the contents of JRT.txt into your reply.

If Yontoo is still on the computer, then please run a full scan with SpyBot. You do not have to post its log.

Please let me know how you get on.
Any problems?


Rocket Grannie

old%205.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#9 Painted_Lady

Painted_Lady

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 10 November 2012 - 07:18 AM

Could I just go back to the firewall/antivirus thing for one moment please. I know you are all kept very busy and I am in no hurry so can wait until you have more time, I'll just keep popping back, it's no problem :)

I know in the past I have tried a 'trial' of the Zone alarm, all singing, all dancing, product which has a firewall, antivirus, antispyware, toolbar, etc etc, and when the trial finished I was left with just the firewall, which I presumed was all I had now. When the Zonealarm box comes up telling me my laptop is safe it actually says on there that the antivirus is not installed.

I uninstalled ALL the Zonealarm/Clientpoint stuff I could find but still this came up when I did another scan with DDS


AV: Panda Cloud Antivirus *Enabled/Updated* {3456760B-FDAA-FFFD-06C2-7BB528D2066C}
AV: ZoneAlarm Antivirus *Disabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
SP: Panda Cloud Antivirus *Enabled/Updated* {8F3797EF-DB90-F073-3C72-40C753554CD1}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Disabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
FW: Cloud Antivirus Firewall *Disabled* {0C6DF72E-B7C5-FEA5-2D9D-D280D6014117}
FW: ZoneAlarm Firewall *Disabled* {E6380B7E-D4B2-19F1-083E-56486607704B}


I have searched my computer and cannot find it?!

#10 Painted_Lady

Painted_Lady

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 10 November 2012 - 07:38 AM

# AdwCleaner v2.007 - Logfile created 11/10/2012 at 12:25:36
# Updated 06/11/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (64 bits)
# User : Carla - CARLA-PC
# Boot Mode : Normal
# Running from : C:\Users\Carla\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\user.js
File Deleted : C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\szi8mod3.default\searchplugins\Conduit.xml
Folder Deleted : C:\ProgramData\Partner
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\Carla\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\szi8mod3.default\ConduitCommon

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Key Deleted : HKLM\Software\Default Tab
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16421

[OK] Registry is clean.

-\\ Mozilla Firefox v16.0.2 (en-US)

Profile name : default
File : C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\szi8mod3.default\prefs.js

C:\Users\Carla\AppData\Roaming\Mozilla\Firefox\Profiles\szi8mod3.default\user.js ... Deleted !

Deleted : user_pref("CT2645238..clientLogIsEnabled", true);
Deleted : user_pref("CT2645238..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT2645238..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT2645238.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT2645238.AppTrackingLastCheckTime", "Wed Mar 30 2011 11:50:40 GMT+0100 (GMT Daylight Tim[...]
Deleted : user_pref("CT2645238.CTID", "ct2645238");
Deleted : user_pref("CT2645238.CommunitiesChangesLastCheckTime", "0");
Deleted : user_pref("CT2645238.CurrentServerDate", "25-11-2011");
Deleted : user_pref("CT2645238.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2645238.DialogsGetterLastCheckTime", "Mon Nov 21 2011 14:03:15 GMT+0000 (GMT Standard T[...]
Deleted : user_pref("CT2645238.DownloadReferralCookieData", "");
Deleted : user_pref("CT2645238.EMailNotifierCheckInterval", "10");
Deleted : user_pref("CT2645238.EMailNotifierPollDate", "Mon Nov 21 2011 14:33:12 GMT+0000 (GMT Standard Time)"[...]
Deleted : user_pref("CT2645238.EMailNotifierSound", "NONE");
Deleted : user_pref("CT2645238.EnableSearchSuggest", false);
Deleted : user_pref("CT2645238.FirstServerDate", "30-3-2011");
Deleted : user_pref("CT2645238.FirstTime", true);
Deleted : user_pref("CT2645238.FirstTimeFF3", true);
Deleted : user_pref("CT2645238.FixPageNotFoundErrors", true);
Deleted : user_pref("CT2645238.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT2645238.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT2645238.HasUserGlobalKeys", true);
Deleted : user_pref("CT2645238.Initialize", true);
Deleted : user_pref("CT2645238.InitializeCommonPrefs", true);
Deleted : user_pref("CT2645238.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT2645238.InstallationType", "UnknownIntegration");
Deleted : user_pref("CT2645238.InstalledDate", "Wed Mar 30 2011 11:50:29 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2645238.IsAlertDBUpdated", true);
Deleted : user_pref("CT2645238.IsGrouping", false);
Deleted : user_pref("CT2645238.IsMulticommunity", false);
Deleted : user_pref("CT2645238.IsOpenThankYouPage", false);
Deleted : user_pref("CT2645238.IsOpenUninstallPage", false);
Deleted : user_pref("CT2645238.LanguagePackLastCheckTime", "Wed Mar 30 2011 11:50:32 GMT+0100 (GMT Daylight Ti[...]
Deleted : user_pref("CT2645238.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT2645238.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT2645238.LastLogin_3.3.3.2", "Tue Jun 21 2011 18:20:23 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2645238.LastLogin_3.5.0.12", "Mon Aug 15 2011 17:37:14 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2645238.LastLogin_3.6.0.10", "Sat Oct 01 2011 19:39:17 GMT+0100 (GMT Daylight Time)");
Deleted : user_pref("CT2645238.LastLogin_3.7.0.6", "Mon Nov 21 2011 14:03:14 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2645238.LastLogin_3.8.0.8", "Fri Nov 25 2011 10:37:48 GMT+0000 (GMT Standard Time)");
Deleted : user_pref("CT2645238.LatestVersion", "3.8.0.8");
Deleted : user_pref("CT2645238.Locale", "en");
Deleted : user_pref("CT2645238.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT2645238.MCDetectTooltipShow", false);
Deleted : user_pref("CT2645238.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT2645238.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT2645238.MyStuffEnabledAtInstallation", true);
Deleted : user_pref("CT2645238.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT2645238.SavedHomepage", "resource:/browserconfig.properties");
Deleted : user_pref("CT2645238.SearchBoxWidth", 611);
Deleted : user_pref("CT2645238.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT2645238.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT264[...]
Deleted : user_pref("CT2645238.SearchInNewTabEnabled", true);
Deleted : user_pref("CT2645238.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT2645238.SearchInNewTabLastCheckTime", "Wed Mar 30 2011 11:50:32 GMT+0100 (GMT Daylight [...]
Deleted : user_pref("CT2645238.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT2645238.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT2645238.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT2645238.ServiceMapLastCheckTime", "Fri Nov 25 2011 11:26:33 GMT+0000 (GMT Standard Time[...]
Deleted : user_pref("CT2645238.SettingsLastCheckTime", "Wed Mar 30 2011 11:50:29 GMT+0100 (GMT Daylight Time)"[...]
Deleted : user_pref("CT2645238.SettingsLastUpdate", "1300825706");
Deleted : user_pref("CT2645238.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT2645238.ThirdPartyComponentsLastCheck", "Wed Mar 30 2011 11:50:28 GMT+0100 (GMT Dayligh[...]
Deleted : user_pref("CT2645238.ThirdPartyComponentsLastUpdate", "1246790578");
Deleted : user_pref("CT2645238.TrusteLinkUrl", "hxxp://trust.conduit.com/CT2645238");
Deleted : user_pref("CT2645238.TrustedApiDomains", "conduit.com,conduit-hosting.com,conduit-services.com,clien[...]
Deleted : user_pref("CT2645238.UserID", "UN71361532905922794");
Deleted : user_pref("CT2645238.ValidationData_Search", 2);
Deleted : user_pref("CT2645238.ValidationData_Toolbar", 0);
Deleted : user_pref("CT2645238.alertChannelId", "1037922");
Deleted : user_pref("CT2645238.ct2645238.AppTrackingLastCheckTime", "Sat Oct 01 2011 19:39:13 GMT+0100 (GMT Da[...]
Deleted : user_pref("CT2645238.ct2645238.DialogsAlignMode", "LTR");
Deleted : user_pref("CT2645238.ct2645238.GroupingInvalidateCache", false);
Deleted : user_pref("CT2645238.ct2645238.GroupingLastCheckTime", "0");
Deleted : user_pref("CT2645238.ct2645238.GroupingLastServerUpdateTime", "0");
Deleted : user_pref("CT2645238.ct2645238.InvalidateCache", false);
Deleted : user_pref("CT2645238.ct2645238.LanguagePackLastCheckTime", "Fri Nov 25 2011 12:00:27 GMT+0000 (GMT S[...]
Deleted : user_pref("CT2645238.ct2645238.Locale", "en");
Deleted : user_pref("CT2645238.ct2645238.RadioLastCheckTime", "0");
Deleted : user_pref("CT2645238.ct2645238.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT2645238.ct2645238.RadioLastUpdateServer", "0");
Deleted : user_pref("CT2645238.ct2645238.SearchEngine", "Search||hxxp://search.conduit.com/Results.aspx?q=UCM_[...]
Deleted : user_pref("CT2645238.ct2645238.SearchInNewTabLastCheckTime", "Mon Nov 21 2011 14:03:13 GMT+0000 (GMT[...]
Deleted : user_pref("CT2645238.ct2645238.SettingsLastCheckTime", "Fri Nov 25 2011 13:54:51 GMT+0000 (GMT Stand[...]
Deleted : user_pref("CT2645238.ct2645238.SettingsLastUpdate", "1321973042");
Deleted : user_pref("CT2645238.ct2645238.ThirdPartyComponentsLastCheck", "Mon Nov 21 2011 14:03:12 GMT+0000 (G[...]
Deleted : user_pref("CT2645238.ct2645238.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT2645238.ct2645238.components.129194820424786794", false);
Deleted : user_pref("CT2645238.ct2645238.components.129452956653744126", false);
Deleted : user_pref("CT2645238.ct2645238.components.129452956654525378", false);
Deleted : user_pref("CT2645238.ct2645238.globalFirstTimeInfoLastCheckTime", "Mon Nov 21 2011 14:03:14 GMT+0000[...]
Deleted : user_pref("CT2645238.ct2645238.toolbarAppMetaDataLastCheckTime", "Mon Nov 21 2011 14:03:13 GMT+0000 [...]
Deleted : user_pref("CT2645238.ct2645238.toolbarContextMenuLastCheckTime", "Mon Nov 21 2011 14:03:13 GMT+0000 [...]
Deleted : user_pref("CT2645238.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT2645238.globalFirstTimeInfoLastCheckTime", "Wed Mar 30 2011 11:50:30 GMT+0100 (GMT Dayl[...]
Deleted : user_pref("CT2645238.homepageProtectorEnableByLogin", true);
Deleted : user_pref("CT2645238.initDone", true);
Deleted : user_pref("CT2645238.isAppTrackingManagerOn", true);
Deleted : user_pref("CT2645238.myStuffEnabled", true);
Deleted : user_pref("CT2645238.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT2645238.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT2645238.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT2645238.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT2645238.oldAppsList", "129194820424161790,129194820424318041,111,129194820424474292,129[...]
Deleted : user_pref("CT2645238.revertSettingsEnabled", true);
Deleted : user_pref("CT2645238.searchProtectorDialogDelayInSec", 10);
Deleted : user_pref("CT2645238.searchProtectorEnableByLogin", true);
Deleted : user_pref("CT2645238.testingCtid", "");
Deleted : user_pref("CT2645238.toolbarAppMetaDataLastCheckTime", "Wed Mar 30 2011 11:50:30 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2645238.toolbarContextMenuLastCheckTime", "Wed Mar 30 2011 11:50:35 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CT2645238.usageEnabled", false);
Deleted : user_pref("CT2645238.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.CantToolbarBeEngineOwner", "CT2645238");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/1037922/1033633/UK", "\"0\"[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT2645238", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=ct2645238", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.5.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.6.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.7.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT2645238",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=ct2645238&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT2645238/CT2645238[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/ct2645238/CT2645238[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/38/264/CT2645238/Images/6340849608501725[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=EB_LOCALE",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en", "\"1d8[...]
Deleted : user_pref("CommunityToolbar.LatestLibsPath", "file:///C:\\Users\\Carla\\AppData\\Roaming\\Mozilla\\F[...]
Deleted : user_pref("CommunityToolbar.LatestToolbarVersionInstalled", "3.8.0.8");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "CT2645238");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT2645238");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Thu Apr 21 2011 19:28:17 GMT+01[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 1440);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Tue Jun 21 2011 16:43:55 GMT+0100 (GMT D[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Tue Jun 21 2011 16:43:47 GMT+0100 (GMT Dayli[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1305622559");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "7aca8739-557c-4568-8802-efda0a065b65");
Deleted : user_pref("CommunityToolbar.facebook.settingsLastCheckTime", "Mon Nov 21 2011 14:03:13 GMT+0000 (GMT[...]
Deleted : user_pref("CommunityToolbar.globalUserId", "7d9d03ba-cde4-4f1c-8d3c-bef16d6090f6");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.keywordURLSelectedCTID", "CT2645238");
Deleted : user_pref("CommunityToolbar.notifications.alertDialogsGetterLastCheckTime", "Sun Nov 20 2011 07:59:1[...]
Deleted : user_pref("CommunityToolbar.notifications.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.locale", "en");
Deleted : user_pref("CommunityToolbar.notifications.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.notifications.loginLastCheckTime", "Fri Nov 25 2011 11:26:33 GMT+0000 (G[...]
Deleted : user_pref("CommunityToolbar.notifications.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.notifications.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.notifications.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.notifications.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.notifications.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.notifications.userId", "0da42200-9f91-4634-b61c-e4fdc9249fe0");
Deleted : user_pref("browser.search.defaultthis.engineName", "ZoneAlarm Security Customized Web Search");
Deleted : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&Sea[...]

-\\ Google Chrome v23.0.1271.64

File : C:\Users\Carla\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [20906 octets] - [09/11/2012 12:11:53]
AdwCleaner[R2].txt - [18048 octets] - [10/11/2012 11:36:12]
AdwCleaner[S1].txt - [18482 octets] - [10/11/2012 12:25:36]

########## EOF - C:\AdwCleaner[S1].txt - [18543 octets] ##########



Yontoo has left the building :thumbup:

Thank you.

#11 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Boot Camp Mod
  • PipPipPipPipPip
  • 6,209 posts

Posted 10 November 2012 - 08:27 AM

Hello Painted_Lady.

Yontoo has left the building

Yay! :clapping:

ZoneAlarm
If you are interested, after your computer is clean, you can run a tool that will show all the files - folders and Registry entries that are still on the computer belonging to ZoneAlarm.

You would be surprised at how much rubbish some programs leave on the computer after they have been uninstalled.

Now some housekeeping.

Old Restore Points may contain infected files and need to be deleted.

To Delete All but the Most Recent System Restore Points

Click Start type cleanmgr into the search box and press Enter

Disk Cleanup will open
Select the drive that you want to clean up (usually C) and click OK
NOTE: You will only see this window if you have more than one drive or partition on your computer.
A window will open and calculate how much space you can save.
When it is finished another window will open.
Click the More Options tab.
Click Clean up under the System Restore and Shadow Copies section.
Click Delete to confirm the deletion.
A window will ask for confirmation.
Click Delete Files
The files will be deleted and Disk Cleanup will close.

Please delete the Security Check folder on the Desktop.
Please delete the DDS logs on the Desktop.

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with yes
Are there any further problems.


Rocket Grannie.

old%205.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#12 Painted_Lady

Painted_Lady

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 11 November 2012 - 07:35 AM

Yes I would be interested in the tool to get rid of all the stuff that is left behind, thank you :)

All seems well now, thank you very much for your help and time :db:

#13 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Boot Camp Mod
  • PipPipPipPipPip
  • 6,209 posts

Posted 11 November 2012 - 06:53 PM

Hello Painted_Lady.

Note: This scan will take a long time to complete.

Please download SystemLook from one of the links below and save it to your Desktop.

Download Mirror #1---32bit.
Download Mirror #2---64bit.

  • Double-click SystemLook.exe to run it.
  • Copy the content of the following codebox into the main textfield:
    
:filefind
*zonealarm*
*checkpoint*

:folderfind
*zonealarm*
*checkpoint*

:regfind
*zonealarm*
*checkpoint*
  • Click the Look button to start the scan.
  • When finished, a Notepad window will open with the results of the scan.
This lists all the ZoneAlarm entries that are on the system.

To completely remove a program from the computer I recommend that you use Revo Uninstaller (Freeware). You can download it from here.

To run Revo Uninstaller, open Revo by double clicking it, and select the name of the program you want to remove from the menu.

Then please click Uninstall icon

Please choose Advanced and follow the prompts.

Then click Select all (1.) and Delete (2.) to delete all registry items, folders and files listed by Revo and reboot your computer when the Revo Uninstaller is finished.

Now:

Which antivirus do you want to keep?
Which anti-spyware do you want to keep?
Which firewall do you want to keep?
Please note: The windows firewall is as good as the other two.

To completely uninstall ZoneAlarm
You can either run the uninstaller from here.
or use Revo.

The Zone Alarm firewall can be downloaded from here


Rocket Grannie.

old%205.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#14 Painted_Lady

Painted_Lady

    Member

  • Full Member
  • Pip
  • 25 posts

Posted 13 November 2012 - 06:15 AM

Ran SystemLook for Zonealarm and a few others I don't want on the laptop, all good!

When I was told to run Revo, the last time I was here with problems, there was a 'Forced Uninstall' on the product so if the software didn't come up in the list you could type it in manually, it's not there anymore?! Makes things more difficult if the item doesn't appear in the list.

So to finish - staying with - Windows firewall, Panda antivirus and Malwarebytes anti spyware.

Laptop running well, thank you very much :)

#15 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Boot Camp Mod
  • PipPipPipPipPip
  • 6,209 posts

Posted 13 November 2012 - 06:48 AM

Hello Painted_Lady.

Revo. manual input.
That option is only available in the paid for version.

So to finish - staying with - Windows firewall, Panda antivirus and Malwarebytes anti spyware.

Great!!
MBAM has real time protection in the paid for version.

Laptop running well, thank you very much

You are welcome.

Please delete the SystemLook folder from the Desktop.

Below I have included a number of recommendations for how to protect your computer in order to prevent future malware infections.
Please take these recommendations seriously; these few simple steps can stave off the vast majority of spyware problems.
As happy as we at SWI are to help you, for your sake we would rather not have repeat customers.

Note: All of the programs I am suggesting are either free or have free versions.

Please make sure to run your antivirus software regularly, and to keep it up-to-date. Most programs have an automatic update feature.

A tutorial on understanding and using firewalls may be found here

SpywareBlaster
A tutorial on using SpywareBlaster to prevent spyware from ever installing on your computer may be found here

Please make sure to keep these programs up-to-date and to run them regularly, as this can prevent a great deal of spyware from being installed.
Please set your anti-virus and anti-spyware programs to check for updates automatically. If the programs are not able to update automatically, then I suggest you manually check for updates every few days.

Windows needs to be kept up-to-date.

Windows Updates are available from here

IMPORTANT: Please either enable Automatic Updates under Start -> Control Panel -> Automatic Updates, or get into the habit of checking for Windows updates regularly. I cannot stress enough how important this is.

Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:

http://www.spywarewarrior.com/rogue_anti-spyware.htm

Please consider using an alternate browser. Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScripts, can make it even more secure. Chrome is another good option.

If you are interested, Firefox may be downloaded from here
Chrome is available here

PLEASE NOTE:

A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall and scanning anti-spyware program at a time. Passive protectors, like SpywareBlaster.

Please also read Tony Klein's excellent article: How I got Infected in the First Place

Hopefully this should take care of your problems!

Safe Surfing:

Rocket Grannie.

old%205.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

#16 Rocket Grannie

Rocket Grannie

    SWI Australian Rebel

  • Boot Camp Mod
  • PipPipPipPipPip
  • 6,209 posts

Posted 20 November 2012 - 09:27 PM

Since the issue appears to be resolved this Topic is closed.

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

old%205.gif
 
My help is free, but if you wish to help keep these forums running please consider a donation, see here for details.

Back to Resolved or inactive Malware Removal


1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

  1. SpywareInfo Forum
  2. Spyware, thiefware, browser hijackers, and other advertising parasites
  3. Resolved or inactive Malware Removal
  4. Privacy Policy
Member of ASAP and UNITE
Support SpywareInfo Forum - click the button