Jump to content


Photo

Search redirection/Snap.do


  • This topic is locked This topic is locked
6 replies to this topic

#1 rowdymom81

rowdymom81

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 07 January 2013 - 11:51 AM

It appears I have picked up a hijacker virus that is redirecting any address bar searches through Snap.do. I updated and ran Malware Bytes but nothing showed up.  Here is that log:

 

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Database version: v2013.01.06.04

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Default :: OURHOME [administrator]

1/6/2013 2:08:02 PM
mbam-log-2013-01-06 (14-08-02).txt

Scan type: Full scan (C:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 370437
Time elapsed: 2 hour(s), 3 minute(s), 35 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

________________________________________________________

 

DDS.txt

 

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.6001.18702  BrowserJavaVersion: 10.9.2
Run by Default at 11:40:54 on 2013-01-07
Microsoft Windows XP Home Edition  5.1.2600.3.1252.1.1033.18.2037.951 [GMT -5:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
============== Running Processes ================
.
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Common Files\Nuance\dgnsvc.exe
C:\WINDOWS\system32\FsUsbExService.Exe
C:\Program Files\Java\jre7\bin\jqs.exe
C:\Documents and Settings\All Users\Application Data\Skype\Toolbars\Skype C2C Service\c2c_service.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\Program Files\Common Files\AOL\1243886711\ee\AOLSoftware.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Samsung\Samsung New PC Studio\NPSAgent.exe
C:\Documents and Settings\Default\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Documents and Settings\All Users\Application Data\FLEXnet\Connect\11\ISUSPM.exe
C:\Program Files\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files\Logitech\Vid HD\Vid.exe
C:\Program Files\CMS Products\BounceBack Express\BBLauncher.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Documents and Settings\Default\Local Settings\Application Data\Akamai\netsession_win.exe
C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\Mozilla Thunderbird\thunderbird.exe
C:\WINDOWS\system32\freecell.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Program Files\AOL Desktop 9.7\waol.exe
C:\Program Files\AOL Desktop 9.7\shellmon.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k Akamai
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=hp
uSearch Bar = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms}
uSearch Page = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms}
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms}
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
TB: <No Name>: {ae07101b-46d4-4a98-af68-0333ea26e113} - LocalServer32 - <no file>
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [AutoStartNPSAgent] c:\program files\samsung\samsung new pc studio\NPSAgent.exe
uRun: [AdobeBridge] <no file>
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [nwiz] nwiz.exe /install
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HDAudDeck] c:\program files\via\viaudioi\hdadeck\HDeck.exe 1
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb10.exe
mRun: [HP Component Manager] "c:\program files\hp\hpcoretech\hpcmpmgr.exe"
mRun: [HostManager] c:\program files\common files\aol\1243886711\ee\AOLSoftware.exe
mRun: [ISUSPM Startup] c:\progra~1\common~1\instal~1\update~1\ISUSPM.exe -startup
mRun: [ISUSScheduler] "c:\program files\common files\installshield\updateservice\issch.exe" -start
mRun: [RoxWatchTray] "c:\program files\common files\roxio shared\9.0\sharedcom\RoxWatchTray9.exe"
mRun: [PDVDDXSrv] "c:\program files\cyberlink\powerdvd dx\PDVDDXSrv.exe"
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [NPSStartup] <no file>
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\docume~1\default\startm~1\programs\startup\bounce~1.lnk - c:\program files\cms products\bounceback express\BBLauncher.exe
StartupFolder: c:\docume~1\default\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append Link Target to Existing PDF - c:\program files\common files\adobe\acrobat\activex\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} - hxxp://aolsvc.aol.com/onlinegames/popzuma/popcaploader_v10.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.1.1
TCP: Interfaces\{81E1311A-59B1-4827-8D0F-4912C275B04B} : DHCPNameServer = 24.25.5.60 24.25.5.61
TCP: Interfaces\{D11DAD85-9E52-4927-8C5B-CD6B223F37FF} : DHCPNameServer = 192.168.1.1
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\default\application data\mozilla\firefox\profiles\m5hug9io.default\
FF - prefs.js: browser.startup.homepage - hxxp://lists.topica.com/my/
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q=
FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\m5hug9io.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}\components\RadioWMPCoreGecko19.dll
FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\m5hug9io.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}\platform\winnt_x86-msvc\components\WeaveCrypto.dll
FF - component: c:\documents and settings\default\application data\mozilla\firefox\profiles\m5hug9io.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\firefoxextension\components\TmFFEx6.dll
FF - component: c:\program files\trend micro\amsp\module\20004\1.5.1504\6.6.1088\firefoxextension\components\TmFFExt.dll
FF - component: c:\program files\trend micro\titanium\uiframework\toolbar\firefoxextension\components\ToolbarFFHelper.dll
FF - component: c:\program files\trend micro\titanium\uiframework\toolbar\firefoxextension\components\ToolbarFFHelper6.dll
FF - component: c:\program files\trend micro\titanium\uiframework\toolbar\firefoxextension\components\ToolbarFFHelper7.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\picasa3\npPicasa3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\photodex presenter\npPxPlay.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npptools.dll
FF - ExtSQL: 2012-12-22 11:33; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\documents and settings\default\application data\mozilla\firefox\profiles\m5hug9io.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
---- FIREFOX POLICIES ----
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true);user_pref(network.protocol-handler.warn-external.dnupdate, false
FF - user.js: browser.sessionstore.resume_from_crash - false
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2011-4-18 193552]
R2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2008-4-14 14336]
R2 DragonSvc;Dragon Service;c:\program files\common files\nuance\dgnsvc.exe [2011-6-5 296808]
R2 FsUsbExService;FsUsbExService;c:\windows\system32\FsUsbExService.Exe [2009-10-10 233472]
R2 Skype C2C Service;Skype C2C Service;c:\documents and settings\all users\application data\skype\toolbars\skype c2c service\c2c_service.exe [2012-8-13 3064000]
R2 UMVPFSrv;UMVPFSrv;c:\program files\common files\logishrd\lvmvfm\UMVPFSrv.exe [2012-1-18 450848]
R3 FsUsbExDisk;FsUsbExDisk;c:\windows\system32\FsUsbExDisk.Sys [2009-10-10 36608]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 FlyUsb;FLY Fusion;c:\windows\system32\drivers\FlyUsb.sys [2010-12-25 18560]
S3 SwitchBoard;Adobe SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-3-30 845184]
.
=============== Created Last 30 ================
.
2013-01-07 15:01:24    6812136    ----a-w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{9fb49b2a-fc97-4405-8719-1424b3b787d9}\mpengine.dll
2013-01-05 21:54:15    6812136    ------w-    c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
.
==================== Find3M  ====================
.
2012-12-16 12:23:59    290560    ----a-w-    c:\windows\system32\atmfd.dll
2012-12-14 21:49:28    21104    ----a-w-    c:\windows\system32\drivers\mbam.sys
2012-12-12 03:19:37    697272    ----a-w-    c:\windows\system32\FlashPlayerApp.exe
2012-12-12 03:19:36    73656    ----a-w-    c:\windows\system32\FlashPlayerCPLApp.cpl
2012-11-13 01:25:12    1866368    ----a-w-    c:\windows\system32\win32k.sys
2012-11-02 02:02:42    375296    ----a-w-    c:\windows\system32\dpnet.dll
2012-11-01 12:17:54    916992    ----a-w-    c:\windows\system32\wininet.dll
2012-11-01 12:17:54    43520    ----a-w-    c:\windows\system32\licmgr10.dll
2012-11-01 12:17:54    1469440    ------w-    c:\windows\system32\inetcpl.cpl
2012-11-01 00:35:34    385024    ----a-w-    c:\windows\system32\html.iec
2012-10-27 14:10:33    93672    ----a-w-    c:\windows\system32\WindowsAccessBridge.dll
2012-10-27 14:10:30    143872    ----a-w-    c:\windows\system32\javacpl.cpl
2012-10-27 14:10:29    821736    ----a-w-    c:\windows\system32\npDeployJava1.dll
2012-10-27 14:10:28    746984    ----a-w-    c:\windows\system32\deployJava1.dll
.
============= FINISH: 11:41:26.18 ===============

 

_____________________________________________________________________________

 

Security Check

 

 Results of screen317's Security Check version 0.99.56  
 Windows XP Service Pack 3 x86   
 Internet Explorer 8  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
 Microsoft Security Essentials    
`````````Anti-malware/Other Utilities Check:`````````
 Malwarebytes Anti-Malware version 1.70.0.1100  
 Java 7 Update 9  
 Adobe Flash Player     11.5.502.135  
 Adobe Reader 9 Adobe Reader out of Date!
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (17.0.1)
 Mozilla Thunderbird (17.0.)
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe
 Microsoft Security Essentials msseces.exe
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:: 9%
````````````````````End of Log``````````````````````

 

 

Thanks for any help you might give me to get my pc back in order.

 



#2 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,227 posts

Posted 07 January 2013 - 01:58 PM

Hello rowdymom81. You have been saddled with a lot of undesirable toolbars in addition to the redirection.

Please create a Restore point. Give it a description like "Before AdwCleaner". How to create Restore Point.

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Delete.
  • Follow the prompts to reboot the computer. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

After that:
Please scan your machine with ESET OnlineScan
  • Hold down Control and click on this link to open ESET OnlineScan in a new window.
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer. Save it to your desktop.
    • Double click on the esetsmartinstaller_enu.png
      icon on your desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under scan settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in another reply.
  • Click the Back button.
  • Click the Finish button.
Let me know if any problems remain.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#3 rowdymom81

rowdymom81

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 07 January 2013 - 09:47 PM

AswCleaner run with no issues.  Log follows:

 

# AdwCleaner v2.104 - Logfile created 01/07/2013 at 15:27:00
# Updated 29/12/2012 by Xplode
# Operating system : Microsoft Windows XP Service Pack 3 (32 bits)
# User : Default - OURHOME
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Default\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****


***** [Files / Folders] *****

File Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\searchplugins\Web Search.xml
File Deleted : C:\Documents and Settings\Default\Start Menu\eBay.lnk
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnu.xpt
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll
File Deleted : C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.xpt
Folder Deleted : C:\Documents and Settings\All Users\Application Data\FreeRIP
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Trymedia
Folder Deleted : C:\Documents and Settings\All Users\Application Data\Viewpoint
Folder Deleted : C:\Documents and Settings\All Users\Start Menu\Programs\FreeRIP3
Folder Deleted : C:\Documents and Settings\Default\Application Data\Desktopicon
Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\Conduit
Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\ConduitEngine
Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\CT1060933
Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\extensions\{1392b8d2-5c05-419f-a8f6-b9f15a596612}
Folder Deleted : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\extensions\engine@conduit.com
Folder Deleted : C:\Program Files\Common Files\Software Update Utility
Folder Deleted : C:\Program Files\FreeRIP3
Folder Deleted : C:\Program Files\Viewpoint

***** [Registry] *****

Key Deleted : HKCU\Software\alot
Key Deleted : HKCU\Software\Ask&Record
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKCU\Software\Zugo
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{6C259840-5BA8-46E6-8ED1-EF3BA47D8BA1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\dnu.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Key Deleted : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E15A9BFD-D16D-496D-8222-44CADF316E70}
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdate
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUIBrowser.1
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController
Key Deleted : HKLM\SOFTWARE\Classes\dnUpdater.DownloadUpdController.1
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{660E6F4F-840D-436D-B668-433D9591BAC5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E7435878-65B9-44D1-A443-81754E5DFC90}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{92380354-381A-471F-BE2E-DD9ACD9777EA}
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\MetaStream
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7B089B94-D1DC-4C6B-87E1-8156E22C1D96}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\719dba21aadbc5b8efd10b0ce0c290a1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SoftwareUpdUtility
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Key Deleted : HKLM\Software\Viewpoint
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]

***** [Internet Browsers] *****

-\\ Internet Explorer v8.0.6001.18702

Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=hp --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} --> hxxp://www.google.com
Replaced : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&userid=9acfb603-9b2f-411b-baa4-a4906a912fea&searchtype=ds&q={searchTerms} --> hxxp://www.google.com

-\\ Mozilla Firefox v17.0.1 (en-US)

File : C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\prefs.js

C:\Documents and Settings\Default\Application Data\Mozilla\Firefox\Profiles\m5hug9io.default\user.js ... Deleted !

Deleted : user_pref("CT1060933..clientLogIsEnabled", true);
Deleted : user_pref("CT1060933..clientLogServiceUrl", "hxxp://clientlog.users.conduit.com/ClientDiagnostics.as[...]
Deleted : user_pref("CT1060933..uninstallLogServiceUrl", "hxxp://uninstall.users.conduit.com/Uninstall.asmx/Re[...]
Deleted : user_pref("CT1060933.AboutPrivacyUrl", "hxxp://www.conduit.com/privacy/Default.aspx");
Deleted : user_pref("CT1060933.AppTrackingLastCheckTime", "Wed Nov 09 2011 14:31:41 GMT-0500 (Eastern Standard[...]
Deleted : user_pref("CT1060933.CTID", "CT1060933");
Deleted : user_pref("CT1060933.CommunitiesChangesLastCheckTime", "Wed Nov 09 2011 17:04:35 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT1060933.CommunityChanged", true);
Deleted : user_pref("CT1060933.CurrentServerDate", "9-11-2011");
Deleted : user_pref("CT1060933.DialogsAlignMode", "LTR");
Deleted : user_pref("CT1060933.DialogsGetterLastCheckTime", "Fri Oct 14 2011 07:36:46 GMT-0400 (Eastern Daylig[...]
Deleted : user_pref("CT1060933.DownloadDomainsCheckInterval", "168");
Deleted : user_pref("CT1060933.DownloadDomainsListLastCheckTime", "Mon Nov 07 2011 19:35:47 GMT-0500 (Eastern [...]
Deleted : user_pref("CT1060933.DownloadDomainsListLastServerUpdateTime", "1201069983");
Deleted : user_pref("CT1060933.DownloadReferralCookieData", "");
Deleted : user_pref("CT1060933.EnableClickToSearchBox", false);
Deleted : user_pref("CT1060933.EnableSearchHistory", false);
Deleted : user_pref("CT1060933.EnableSearchSuggest", false);
Deleted : user_pref("CT1060933.FirstServerDate", "23-2-2011");
Deleted : user_pref("CT1060933.FirstTime", true);
Deleted : user_pref("CT1060933.FirstTimeFF3", true);
Deleted : user_pref("CT1060933.FixPageNotFoundErrors", false);
Deleted : user_pref("CT1060933.GroupingServerCheckInterval", 1440);
Deleted : user_pref("CT1060933.GroupingServiceUrl", "hxxp://grouping.services.conduit.com/");
Deleted : user_pref("CT1060933.HasUserGlobalKeys", true);
Deleted : user_pref("CT1060933.Initialize", true);
Deleted : user_pref("CT1060933.InitializeCommonPrefs", true);
Deleted : user_pref("CT1060933.InstallationAndCookieDataSentCount", 3);
Deleted : user_pref("CT1060933.InstalledDate", "Wed Feb 23 2011 09:20:22 GMT-0500 (Eastern Standard Time)");
Deleted : user_pref("CT1060933.InvalidateCache", false);
Deleted : user_pref("CT1060933.IsGrouping", false);
Deleted : user_pref("CT1060933.IsMulticommunity", true);
Deleted : user_pref("CT1060933.IsOpenThankYouPage", true);
Deleted : user_pref("CT1060933.IsOpenUninstallPage", true);
Deleted : user_pref("CT1060933.LanguagePackLastCheckTime", "Wed Nov 09 2011 16:23:25 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("CT1060933.LanguagePackReloadIntervalMM", 1440);
Deleted : user_pref("CT1060933.LanguagePackServiceUrl", "hxxp://translation.users.conduit.com/Translation.ashx[...]
Deleted : user_pref("CT1060933.LastLogin_3.2.1.3", "Sat Mar 05 2011 07:07:40 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT1060933.LastLogin_3.3.2.1", "Sat Mar 26 2011 18:03:52 GMT-0400 (Eastern Daylight Time)"[...]
Deleted : user_pref("CT1060933.LastLogin_3.3.3.2", "Wed Nov 09 2011 16:23:39 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("CT1060933.LatestVersion", "3.8.0.8");
Deleted : user_pref("CT1060933.Locale", "en-us");
Deleted : user_pref("CT1060933.MCDetectTooltipHeight", "83");
Deleted : user_pref("CT1060933.MCDetectTooltipShow", false);
Deleted : user_pref("CT1060933.MCDetectTooltipUrl", "hxxp://@EB_INSTALL_LINK@/rank/tooltip/?version=1");
Deleted : user_pref("CT1060933.MCDetectTooltipWidth", "295");
Deleted : user_pref("CT1060933.RadioIsPodcast", false);
Deleted : user_pref("CT1060933.RadioLastCheckTime", "Wed Sep 07 2011 17:42:29 GMT-0400 (Eastern Daylight Time)[...]
Deleted : user_pref("CT1060933.RadioLastUpdateIPServer", "0");
Deleted : user_pref("CT1060933.RadioLastUpdateServer", "129326918102570000");
Deleted : user_pref("CT1060933.RadioMediaID", "21504193");
Deleted : user_pref("CT1060933.RadioMediaType", "Media Player");
Deleted : user_pref("CT1060933.RadioMenuSelectedID", "EBRadioMenu_CT1060933_RECENT21504193");
Deleted : user_pref("CT1060933.RadioStationName", "Blues%20HiFi");
Deleted : user_pref("CT1060933.RadioStationURL", "hxxp://www.radioindy.com/jamroom/play.php?mode=radio&id=463"[...]
Deleted : user_pref("CT1060933.SHRINK_TOOLBAR", 1);
Deleted : user_pref("CT1060933.SearchBackToDefaultEngine", false);
Deleted : user_pref("CT1060933.SearchFromAddressBarIsInit", true);
Deleted : user_pref("CT1060933.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT106[...]
Deleted : user_pref("CT1060933.SearchInNewTabEnabled", true);
Deleted : user_pref("CT1060933.SearchInNewTabIntervalMM", 1440);
Deleted : user_pref("CT1060933.SearchInNewTabLastCheckTime", "Wed Nov 09 2011 16:23:31 GMT-0500 (Eastern Stand[...]
Deleted : user_pref("CT1060933.SearchInNewTabServiceUrl", "hxxp://newtab.conduit-hosting.com/newtab/?ctid=EB_T[...]
Deleted : user_pref("CT1060933.SearchInNewTabUsageUrl", "hxxp://usage.hosting.toolbar.conduit-services.com/usa[...]
Deleted : user_pref("CT1060933.SearchInNewTabUserEnabled", false);
Deleted : user_pref("CT1060933.ServiceMapLastCheckTime", "Wed Nov 09 2011 16:23:37 GMT-0500 (Eastern Standard [...]
Deleted : user_pref("CT1060933.SettingsLastCheckTime", "Wed Nov 09 2011 17:04:35 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("CT1060933.SettingsLastUpdate", "1320839841");
Deleted : user_pref("CT1060933.ThirdPartyComponentsInterval", 504);
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastCheck", "Sun Oct 23 2011 11:31:41 GMT-0400 (Eastern Day[...]
Deleted : user_pref("CT1060933.ThirdPartyComponentsLastUpdate", "1312887586");
Deleted : user_pref("CT1060933.TrusteLinkUrl", "hxxp://trust.conduit.com/CT1060933");
Deleted : user_pref("CT1060933.UserID", "UN42635493654570567");
Deleted : user_pref("CT1060933.ValidationData_Search", 2);
Deleted : user_pref("CT1060933.ValidationData_Toolbar", 2);
Deleted : user_pref("CT1060933.alertChannelId", "15651");
Deleted : user_pref("CT1060933.backendstorage./9b+7e+x305", "247E27413334363379453A3D2A722C797A7E7A3128333B4D4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e,x305", "247E28412F3F3E3779453A3D2A722C797B787D3128333C474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e-x305", "247E2936303C363679453A3D2A722C797A207B3128333D462[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e.:2z527", "2423");
Deleted : user_pref("CT1060933.backendstorage./9b+7e.x305", "247E2A4137374434337A463B3E2B732D7A7D7C213229343F5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e/x305", "247E2B413536327844393C29712B787C7B773027323E4C434[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el8:", "6E6D6F726B726E6F7275");
Deleted : user_pref("CT1060933.backendstorage./9b+7e06cg5el;8i:k", "247E2D2F226A7473757871787475787B242F4B4947[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e0x305", "247E2C403A407743383B28702A777C757D2F26313E4129554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e1x305", "247E2D41313D403279453A3D2A722C7A77797E31283341473[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e2x305", "247E2E3542313D3D393A7B473C3F2C742E79207D322934435[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj3b:hj\"mbe", "247E61393F236B256F7770772A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj6bibi;cp??oc)til", "247E61393F236B256F6F74762A212C6E4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cj?<da;\"mbe", "247E61393F236B25757073742A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjc<=fbj#ncf", "247E61393F236B25757677712A212C6E414F444[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjeik4!lad", "247E61393F236B25767179732A212C6E414F444D3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cjg9kdg<dh??'fdp", "247E61393F236B256E747229202B6D404E4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji=edi<dh??'rgj", "247E61393F236B256E7479722A212C6E414[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e31;cji>k3?a#ncf", "247E61393F236B257678287E2A6C3F4D424B307[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e3x305", "247E2F413F3B36333F47463F7D493E412E76307E222421352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e4x305", "247E302C407642373A276F29777B74762E2530413E4F494A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e5x305", "247E3136422B7743383B28702A79757A772F2631434B3D495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e6x305", "247E322C3E32323238453E7C483D402D752F7E7B2424342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e7x305", "247E333D2C3F3E3F79453A3D2A722C7B7A797A31283347474[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e8x305", "247E343D3F3B35373B3F367C47472C742E7E7823322934495[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e9x305", "247E35332C3F327844393C29712B7B757979302732484C4F4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e:x305", "247E36333B38327844393C29712B7B76797A3027324948554[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e;x305", "247E373F333F3738422F7B473C3F2C742E7E7A7A22332A354[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e<x305", "247E38343030442F463644377D493E412E7630217D2426352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e=x305", "247E3933363F41413739357C483D402D752F207E2022342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e>x305", "247E3A41363F323238387B473C3F2C742E7E20217C332A355[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e?x305", "247E3B2D2F2F334134403A3A7D494C2D752F2023207E342B3[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7e@x305", "247E3C40422B7743383B28702A7B767E782F26314E52543D2[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7eax305", "247E3D3D37387743383B28702A7B7A757E2F26314F4F544A5[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebe3g=;d9n9=d", "372C2D326975762E3A3C7B3A39434A494841434B26[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ebx305", "247E3E393141303D33454036327E4A3F422F77317B7D23352[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7ecx305", "247E3F3D303043312E7A463B3E2B732D7B207E31283353515[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7edx305", "247E4035422A363879453A3D2A722C7D202F26315247543C4[...]
Deleted : user_pref("CT1060933.backendstorage./9b+7etx305", "247E6E2F2E3B323342357B44392B732D7A7B7B7C322934215[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g>d", "3D6A3B3C723E6D437A44437274207A77794C254F52237E2A25[...]
Deleted : user_pref("CT1060933.backendstorage./9b-0?3g@6:5;", "");
Deleted : user_pref("CT1060933.backendstorage./9b-0?3gfa7ef", "2B2E2C3D");
Deleted : user_pref("CT1060933.backendstorage./9b-3=3eccja=f>", "247E333D2C452F4135276F292A212C393D44307832332[...]
Deleted : user_pref("CT1060933.backendstorage./9b/>01=9a6k6<im;krie@pdawm", "6A696B7273747576");
Deleted : user_pref("CT1060933.backendstorage./9b3=>@44i48?", "372C2D326975763342363341484775213F3E484F4E4D464[...]
Deleted : user_pref("CT1060933.backendstorage./9b5ba==9cjag", "6E3B683C727141707A467178457B79774B7C4B7A51");
Deleted : user_pref("CT1060933.backendstorage./9b6b11g4c56b>f;p;anr@p", "6E6D6F726B726E6F736F787179");
Deleted : user_pref("CT1060933.backendstorage./9b9643g3/9e", "6A");
Deleted : user_pref("CT1060933.backendstorage./9b<:222h64<", "393F352F3E");
Deleted : user_pref("CT1060933.backendstorage./9b=+03eh8h8j?:", "4443");
Deleted : user_pref("CT1060933.backendstorage./9b?+e2a52d8", "372C2D326975762E3A3C7B3A39434A494841434B26514649[...]
Deleted : user_pref("CT1060933.backendstorage./9b?b0d:8aj62<h", "6D");
Deleted : user_pref("CT1060933.backendstorage./9ba@0<0bi6a7gn:6@l?", "6E6B");
Deleted : user_pref("CT1060933.components.1000082", false);
Deleted : user_pref("CT1060933.components.1001", true);
Deleted : user_pref("CT1060933.components.1003", true);
Deleted : user_pref("CT1060933.components.1004", true);
Deleted : user_pref("CT1060933.components.129272674122038321", false);
Deleted : user_pref("CT1060933.generalConfigFromLogin", "{\"ApiMaxAlerts\":\"12\",\"SocialDomains\":\"social.c[...]
Deleted : user_pref("CT1060933.globalFirstTimeInfoLastCheckTime", "Wed Nov 09 2011 16:23:43 GMT-0500 (Eastern [...]
Deleted : user_pref("CT1060933.isAppTrackingManagerOn", true);
Deleted : user_pref("CT1060933.myStuffEnabled", true);
Deleted : user_pref("CT1060933.myStuffPublihserMinWidth", 400);
Deleted : user_pref("CT1060933.myStuffSearchUrl", "hxxp://Apps.conduit.com/search?q=SEARCH_TERM&SearchSourceOr[...]
Deleted : user_pref("CT1060933.myStuffServiceIntervalMM", 1440);
Deleted : user_pref("CT1060933.myStuffServiceUrl", "hxxp://mystuff.conduit-services.com/MyStuffService.ashx?Co[...]
Deleted : user_pref("CT1060933.oldAppsList", "200,128346981843587669,128280995260143876,129272674122038321,129[...]
Deleted : user_pref("CT1060933.testingCtid", "");
Deleted : user_pref("CT1060933.toolbarAppMetaDataLastCheckTime", "Wed Nov 09 2011 16:23:37 GMT-0500 (Eastern S[...]
Deleted : user_pref("CT1060933.toolbarContextMenuLastCheckTime", "Sat Aug 20 2011 23:22:10 GMT-0400 (Eastern D[...]
Deleted : user_pref("CT1060933.usageEnabled", false);
Deleted : user_pref("CT1060933.usagesFlag", 2);
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/15651/15317/US", "\"0\"");
Deleted : user_pref("CommunityToolbar.ETag.hxxp://alerts.conduit-services.com/root/909619/905414/US", "\"0\"")[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://appsmetadata.toolbar.conduit-services.com/?ctid=CT1060933", [...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=GottenApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=OtherApps&loc[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=SharedApps&lo[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://contextmenu.toolbar.conduit-services.com/?name=Toolbar&local[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.alert.conduit-services.com/alert/dlg.pkg", "\[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.2[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.engine.conduit-services.com/DLG.pkg?ver=3.3.3[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://dynamicdialogs.toolbar.conduit-services.com/DLG.pkg?ver=3.3.[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/Toolbar/?ownerId=CT1060933",[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://servicemap.conduit-services.com/toolbar/", "\"63433363123173[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=0", "63[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=2/22/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.engine.conduit-services.com/?browser=FF&lut=3/13/20[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.conduit-services.com/?ctid=CT1060933&octid=[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://settings.toolbar.search.conduit.com/root/CT1060933/CT1060933[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/equaliz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/minimiz[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/play.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/stop.gi[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://storage.conduit.com/BankImages/RadioSkins/Cornflower/vol.gif[...]
Deleted : user_pref("CommunityToolbar.ETag.hxxp://translation.toolbar.conduit-services.com/?locale=en-us", "\"[...]
Deleted : user_pref("CommunityToolbar.EngineOwner", "CT1060933");
Deleted : user_pref("CommunityToolbar.EngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.EngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.IsEngineShown", true);
Deleted : user_pref("CommunityToolbar.IsMyStuffImportedToEngine", true);
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetPosition.hxxp://www.applian.com/freecorder-gadget/loader.[...]
Deleted : user_pref("CommunityToolbar.MiniIPageGadgetSize.hxxp://pgcff.pricegong.com/agreement/agree.html#pg_e[...]
Deleted : user_pref("CommunityToolbar.OriginalEngineOwner", "CT1060933");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerGuid", "{1392b8d2-5c05-419f-a8f6-b9f15a596612}");
Deleted : user_pref("CommunityToolbar.OriginalEngineOwnerToolbarId", "freecorder");
Deleted : user_pref("CommunityToolbar.SearchFromAddressBarSavedUrl", "chrome://browser-region/locale/region.pr[...]
Deleted : user_pref("CommunityToolbar.ToolbarsList", "ConduitEngine,CT1060933");
Deleted : user_pref("CommunityToolbar.ToolbarsList2", "CT1060933");
Deleted : user_pref("CommunityToolbar.alert.alertDialogsGetterLastCheckTime", "Sat Nov 05 2011 21:58:19 GMT-04[...]
Deleted : user_pref("CommunityToolbar.alert.alertInfoInterval", 60);
Deleted : user_pref("CommunityToolbar.alert.alertInfoLastCheckTime", "Wed Nov 09 2011 16:23:46 GMT-0500 (Easte[...]
Deleted : user_pref("CommunityToolbar.alert.clientsServerUrl", "hxxp://alert.client.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.locale", "en");
Deleted : user_pref("CommunityToolbar.alert.loginIntervalMin", 1440);
Deleted : user_pref("CommunityToolbar.alert.loginLastCheckTime", "Wed Nov 09 2011 17:04:35 GMT-0500 (Eastern S[...]
Deleted : user_pref("CommunityToolbar.alert.loginLastUpdateTime", "1313487611");
Deleted : user_pref("CommunityToolbar.alert.messageShowTimeSec", 20);
Deleted : user_pref("CommunityToolbar.alert.servicesServerUrl", "hxxp://alert.services.conduit.com");
Deleted : user_pref("CommunityToolbar.alert.showTrayIcon", false);
Deleted : user_pref("CommunityToolbar.alert.userCloseIntervalMin", 300);
Deleted : user_pref("CommunityToolbar.alert.userId", "2051ec53-a5c3-4e05-80c4-80f0db17c9e8");
Deleted : user_pref("CommunityToolbar.globalUserId", "64a97a98-6f93-437d-9a15-8729277a7134");
Deleted : user_pref("CommunityToolbar.isAlertUrlAddedToFeedItemTable", true);
Deleted : user_pref("CommunityToolbar.isClickActionAddedToFeedItemTable", true);
Deleted : user_pref("ConduitEngine.AppTrackingLastCheckTime", "Sat Nov 05 2011 17:23:25 GMT-0400 (Eastern Dayl[...]
Deleted : user_pref("ConduitEngine.DialogsGetterLastCheckTime", "Tue Nov 08 2011 16:23:44 GMT-0500 (Eastern St[...]
Deleted : user_pref("ConduitEngine.FirstServerDate", "02/23/2011 17");
Deleted : user_pref("ConduitEngine.FirstTime", true);
Deleted : user_pref("ConduitEngine.FirstTimeFF3", true);
Deleted : user_pref("ConduitEngine.HasUserGlobalKeys", true);
Deleted : user_pref("ConduitEngine.HideEngineAfterRestart", true);
Deleted : user_pref("ConduitEngine.Initialize", true);
Deleted : user_pref("ConduitEngine.InitializeCommonPrefs", true);
Deleted : user_pref("ConduitEngine.InstalledDate", "Wed Feb 23 2011 09:20:14 GMT-0500 (Eastern Standard Time)"[...]
Deleted : user_pref("ConduitEngine.IsMulticommunity", false);
Deleted : user_pref("ConduitEngine.IsOpenThankYouPage", false);
Deleted : user_pref("ConduitEngine.IsOpenUninstallPage", true);
Deleted : user_pref("ConduitEngine.LanguagePackLastCheckTime", "Wed Nov 09 2011 16:23:42 GMT-0500 (Eastern Sta[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.2.1.3", "Wed Feb 23 2011 09:20:12 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.2.1", "Sat Mar 26 2011 19:04:14 GMT-0400 (Eastern Daylight Ti[...]
Deleted : user_pref("ConduitEngine.LastLogin_3.3.3.2", "Wed Nov 09 2011 16:24:25 GMT-0500 (Eastern Standard Ti[...]
Deleted : user_pref("ConduitEngine.PublisherContainerWidth", 0);
Deleted : user_pref("ConduitEngine.SearchFromAddressBarIsInit", true);
Deleted : user_pref("ConduitEngine.SettingsLastCheckTime", "Wed Nov 09 2011 16:24:25 GMT-0500 (Eastern Standar[...]
Deleted : user_pref("ConduitEngine.UserID", "UN48603294733998403");
Deleted : user_pref("ConduitEngine.engineLocale", "en-US");
Deleted : user_pref("ConduitEngine.enngineContextMenuLastCheckTime", "Wed Nov 09 2011 16:23:42 GMT-0500 (Easte[...]
Deleted : user_pref("ConduitEngine.globalFirstTimeInfoLastCheckTime", "Wed Nov 09 2011 16:23:47 GMT-0500 (East[...]
Deleted : user_pref("ConduitEngine.initDone", true);
Deleted : user_pref("ConduitEngine.isAppTrackingManagerOn", true);
Deleted : user_pref("extensions.engine@conduit.com.install-event-fired", true);
Deleted : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=VertiTechnology&dpid=VertiTechnology&co=US&[...]
Deleted : user_pref("socialfixer.696858125/typeahead_new", "for (;;);{\"__ar\":1,\"payload\":{\"entries\":[{\"[...]

*************************

AdwCleaner[S1].txt - [28137 octets] - [07/01/2013 15:27:00]

########## EOF - C:\AdwCleaner[S1].txt - [28198 octets] ##########

 

 

I had to run EsetOnline scanner twice because I missed changing the Advanced Settings the first time.  Here are thw 2 threat lists produced:

 

C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\6.0\18\3fe0e952-5bfe5b05    a variant of Java/Exploit.CVE-2010-0094.O trojan    deleted - quarantined
C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\6.0\29\1387dbdd-380e0248    a variant of Java/Exploit.CVE-2010-0094.O trojan    deleted - quarantined
C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\6.0\56\556722b8-32cd7317    a variant of Java/Exploit.CVE-2010-0094.O trojan    deleted - quarantined
C:\Documents and Settings\Default\Application Data\Sun\Java\Deployment\cache\6.0\8\6b4be448-3177bdde    a variant of Java/Exploit.CVE-2010-0094.O trojan    deleted - quarantined
C:\Documents and Settings\Default\Local Settings\Temp\plugtmp-34\plugin-ChangeLog.pdf    JS/Exploit.Pdfka.NUS trojan    cleaned by deleting - quarantined
 

 

C:\Documents and Settings\Default\Desktop\Old icons\FCTBSetup.exe    Win32/OpenCandy application    cleaned by deleting - quarantined
C:\Documents and Settings\Default\Local Settings\Temp\afDGGfqp.exe.part    a variant of Win32/InstallIQ application    cleaned by deleting - quarantined
C:\Documents and Settings\Default\My Documents\My Pictures\Threadhead Records\New MSR Website\Nine Lives Project\Nine Lives Vol 1\freeripmp3-setup.exe    Win32/Toolbar.Zugo application    cleaned by deleting - quarantined
C:\Program Files\RealArcade\Installer\bin\OCSetupHlp.dll    Win32/OpenCandy application    cleaned by deleting - quarantined
 

The search redirection appears to be gone.  Is there anything else I need to do?

 


 



#4 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,227 posts

Posted 07 January 2013 - 10:20 PM

Nice work, well done!  That was really a  lot of junk you were infested with.
 

Adobe Reader out of Date!
Update Adobe Reader (uncheck the option box for McAfee scan)

 

 

Clean up our tools
Uninstall AdwCleaner  

  • Double click on AdwCleaner.exe to run the tool.
  • Click on Uninstall
  • Confirm with yes

Delete the DDS files and Security Check from your Desktop 


Reset your Restore Points

System Restore maintains a backup of your programs and may also backup infections, so please reset it to make a clean Restore Point.

Please do this: On the Desktop, right-click My Computer > click Properties > click the System Restore tab.

Check Turn off System Restore. Click Apply > a window will pop up and ask if you really want to turn it off > click Yes.

Please wait a few moments to let it clear. Now please remove the check from Turn off System Restore. Click Apply, and then click OK. System Restore will be working again and will have a new Restore Point.

 

 

Your disk is somewhat heavily fragmented.  Defragging will take a while but you can do other things while it runs

  1. Open My Computer.
  2. Right-click the local disk volume that you want to defragment, and then click Properties.
  3. On the Tools tab, click Defragment Now.
  4. Click Defragment.

Any remaining problems?


Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#5 rowdymom81

rowdymom81

    Member

  • Full Member
  • Pip
  • 21 posts

Posted 07 January 2013 - 10:53 PM

Tools have been cleaned up and a new restore point set.  I'll get the Adobe Reader updated and work on defraging the disk.

 

Everything appears to be working correctly.  Thank you so much for your help.  I am thankful for a place to go for help when this stuff shows up. 



#6 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,227 posts

Posted 07 January 2013 - 10:59 PM

Advice for malware prevention:
 
Configure Windows to do automatic updates or get into the habit of checking Windows Update regularly.  They usually have security updates every month.  You can set Windows to notify you of Updates so that you can choose, but only do this if you believe you are able to understand which ones are needed.   This is a crucial security measure.
 
Keep MalwareBytes Anti-Malware updated and run it whenever you suspect a problem.
 
The free FileHippo Update Checker makes it easy to keep all your programs up to date - run it every few weeks.
 
Note that there are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs.  If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately.  It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information.  Ask in a security forum that you trust if you are not sure.  If you are unsure and looking for anti-spyware programs, you may be able to find out if it is a rogue here:
 
 
A similar category of programs is now called "scareware."  Scareware programs are active infections that will pop-up on your computer and tell you that you are infected.  If you look closely, it will usually have a name that looks like it might be legitimate, but it is NOT one of the programs you installed.  It tells you to click and install it right away.  If you click on any part of it, including the 'X' to close it, you may actually help it infect your computer further.  Keeping protection updated and running resident protection can help prevent these infections.  If it happens anyway, get offline as quickly as you can.  Pull the internet connection cable or shut down the computer if you have to.  Contact someone to help by using another computer if possible.  These programs are also sometimes called 'rogues', but they are different from the rogues mentioned above.
 
For much more old but still useful information, read Tony Klein's excellent article: How did I get infected in the first place

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE


#7 cnm

cnm

    Mother Lion of SWI

  • Administrators
  • PipPipPipPipPip
  • 25,227 posts

Posted 08 January 2013 - 09:51 PM

Glad we could help. :)

If you need this topic reopened, please tell the moderating team by replying here with the address of the thread. This applies only to the original topic starter. Everyone else please begin a New Topic.

Microsoft MVP Windows Security 2005-2006
How camest thou in this pickle? -- William Shakespeare:(1564-1616)
The various helper groups here
UNITE





1 user(s) are reading this topic

0 members, 1 guests, 0 anonymous users

Member of ASAP and UNITE
Support SpywareInfo Forum - click the button